function verify_xml_rpc_signature()
{
if ($this->xmlrpc_verification) {
return $this->xmlrpc_verification;
}
// It's not for us
if (!isset($_GET['token']) || empty($_GET['signature'])) {
return false;
}
@(list($token_key, $version, $user_id) = explode(':', $_GET['token']));
if (empty($token_key) || empty($version) || strval(JETPACK__API_VERSION) !== $version) {
return false;
}
if ('0' === $user_id) {
$token_type = 'blog';
$user_id = 0;
} else {
$token_type = 'user';
if (empty($user_id) || !ctype_digit($user_id)) {
return false;
}
$user_id = (int) $user_id;
$user = new WP_User($user_id);
if (!$user || !$user->exists()) {
return false;
}
}
$token = Jetpack_Data::get_access_token($user_id);
if (!$token) {
return false;
}
$token_check = "{$token_key}.";
if (!hash_equals(substr($token->secret, 0, strlen($token_check)), $token_check)) {
return false;
}
require_once JETPACK__PLUGIN_DIR . 'class.jetpack-signature.php';
$jetpack_signature = new Jetpack_Signature($token->secret, (int) Jetpack_Options::get_option('time_diff'));
if (isset($_POST['_jetpack_is_multipart'])) {
$post_data = $_POST;
$file_hashes = array();
foreach ($post_data as $post_data_key => $post_data_value) {
if (0 !== strpos($post_data_key, '_jetpack_file_hmac_')) {
continue;
}
$post_data_key = substr($post_data_key, strlen('_jetpack_file_hmac_'));
$file_hashes[$post_data_key] = $post_data_value;
}
foreach ($file_hashes as $post_data_key => $post_data_value) {
unset($post_data["_jetpack_file_hmac_{$post_data_key}"]);
$post_data[$post_data_key] = $post_data_value;
}
ksort($post_data);
$body = http_build_query(stripslashes_deep($post_data));
} elseif (is_null($this->HTTP_RAW_POST_DATA)) {
$body = file_get_contents('php://input');
} else {
$body = null;
}
$signature = $jetpack_signature->sign_current_request(array('body' => is_null($body) ? $this->HTTP_RAW_POST_DATA : $body));
if (!$signature) {
return false;
} else {
if (is_wp_error($signature)) {
return $signature;
} else {
if (!hash_equals($signature, $_GET['signature'])) {
return false;
}
}
}
$timestamp = (int) $_GET['timestamp'];
$nonce = stripslashes((string) $_GET['nonce']);
if (!$this->add_nonce($timestamp, $nonce)) {
return false;
}
$this->xmlrpc_verification = array('type' => $token_type, 'user_id' => $token->external_user_id);
return $this->xmlrpc_verification;
}