rdPress.com. * * @param int Jetpack Blog ID. * * @since 1.7.0 * @since-jetpack 4.2.0 */ do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) ); $tracking->record_user_event( 'jpc_client_authorize_success' ); } $fallback_redirect = apply_filters( 'jetpack_client_authorize_fallback_url', admin_url() ); $redirect = wp_validate_redirect( $redirect ) ? $redirect : $fallback_redirect; wp_safe_redirect( $redirect ); } /** * The authorhize_redirect webhook handler */ public function handle_authorize_redirect() { $authorize_redirect_handler = new Webhooks\Authorize_Redirect( $this->connection ); $authorize_redirect_handler->handle(); } /** * The `exit` is wrapped into a method so we could mock it. * * @return never */ protected function do_exit() { exit; } /** * Handle the `connect_url_redirect` action, * which is usually called to repeat an attempt for user to authorize the connection. * * @return void */ public function handle_connect_url_redirect() { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- no site changes. $from = ! empty( $_GET['from'] ) ? sanitize_text_field( wp_unslash( $_GET['from'] ) ) : 'iframe'; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- no site changes, sanitization happens in get_authorization_url() $redirect = ! empty( $_GET['redirect_after_auth'] ) ? wp_unslash( $_GET['redirect_after_auth'] ) : false; add_filter( 'allowed_redirect_hosts', array( Host::class, 'allow_wpcom_environments' ) ); if ( ! $this->connection->is_user_connected() ) { if ( ! $this->connection->is_connected() ) { $this->connection->register(); } $connect_url = add_query_arg( 'from', $from, $this->connection->get_authorization_url( null, $redirect ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- no site changes. if ( isset( $_GET['notes_iframe'] ) ) { $connect_url .= '¬es_iframe'; } wp_safe_redirect( $connect_url ); $this->do_exit(); } elseif ( ! isset( $_GET['calypso_env'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- no site changes. ( new CookieState() )->state( 'message', 'already_authorized' ); wp_safe_redirect( $redirect ); $this->do_exit(); } else { $connect_url = add_query_arg( array( 'from' => $from, 'already_authorized' => true, ), $this->connection->get_authorization_url() ); wp_safe_redirect( $connect_url ); $this->do_exit(); } } }