Deploying version 1.6.4

README.md

@@ -5,7 +5,7 @@
 **Requires at least:** 5.3 \
 **Tested up to:** 6.2 \
 **Requires PHP:** 7.2 \
-**Stable tag:** 1.6.3
+**Stable tag:** 1.6.4
 
 Fix your email delivery problems by sending your WordPress emails through Amazon SES's powerful email sending infrastructure.
 
@@ -191,6 +191,11 @@ Please double check the credentials match up with the credentials you received w
 
 ## Changelog
 
+### 1.6.4 - 2023-05-18
+
+* Bug fix: WP Offload SES now works with PHP 8.2
+* Security: Updated AWS SDK to address a vulnerability in `guzzlehttp/psr7` as reported in [CVE-2023-29197](https://nvd.nist.gov/vuln/detail/CVE-2023-29197)
+
 ### 1.6.3 - 2023-04-12
 
 * Bug fix: WP Offload SES is once again compatible with sites using PHP 7 and WordPress 5.3–5.8

includes/compat.php

@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * Conditional polyfills for functions added in PHP 8.0. The below polyfills are also part of
+ * WordPress 5.9 and later. So only users on PHP < 8.0 AND WordPress < 5.9 will get these
+ * functions defined here.
+ *
+ * Note, the functions are copied exactly as is from the WordPress 6.2 source.
+ */
+
+if ( ! function_exists( 'str_contains' ) ) {
+	/**
+	 * Polyfill for `str_contains()` function added in PHP 8.0.
+	 *
+	 * Performs a case-sensitive check indicating if needle is
+	 * contained in haystack.
+	 *
+	 * @since 5.9.0
+	 *
+	 * @param string $haystack The string to search in.
+	 * @param string $needle   The substring to search for in the haystack.
+	 * @return bool True if `$needle` is in `$haystack`, otherwise false.
+	 */
+	function str_contains( $haystack, $needle ) {
+		return ( '' === $needle || false !== strpos( $haystack, $needle ) );
+	}
+}
+
+if ( ! function_exists( 'str_starts_with' ) ) {
+	/**
+	 * Polyfill for `str_starts_with()` function added in PHP 8.0.
+	 *
+	 * Performs a case-sensitive check indicating if
+	 * the haystack begins with needle.
+	 *
+	 * @since 5.9.0
+	 *
+	 * @param string $haystack The string to search in.
+	 * @param string $needle   The substring to search for in the `$haystack`.
+	 * @return bool True if `$haystack` starts with `$needle`, otherwise false.
+	 */
+	function str_starts_with( $haystack, $needle ) {
+		if ( '' === $needle ) {
+			return true;
+		}
+
+		return 0 === strpos( $haystack, $needle );
+	}
+}
+
+if ( ! function_exists( 'str_ends_with' ) ) {
+	/**
+	 * Polyfill for `str_ends_with()` function added in PHP 8.0.
+	 *
+	 * Performs a case-sensitive check indicating if
+	 * the haystack ends with needle.
+	 *
+	 * @since 5.9.0
+	 *
+	 * @param string $haystack The string to search in.
+	 * @param string $needle   The substring to search for in the `$haystack`.
+	 * @return bool True if `$haystack` ends with `$needle`, otherwise false.
+	 */
+	function str_ends_with( $haystack, $needle ) {
+		if ( '' === $haystack && '' !== $needle ) {
+			return false;
+		}
+
+		$len = strlen( $needle );
+
+		return 0 === substr_compare( $haystack, $needle, -$len, $len );
+	}
+}

languages/wp-ses-en.pot

@@ -2,14 +2,14 @@
 # This file is distributed under the same license as the WP Offload SES Lite plugin.
 msgid ""
 msgstr ""
-"Project-Id-Version: WP Offload SES Lite 1.6.3\n"
+"Project-Id-Version: WP Offload SES Lite 1.6.4\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-ses\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2023-04-12T14:56:23+00:00\n"
+"POT-Creation-Date: 2023-05-18T09:06:59+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.7.1\n"
 "X-Domain: wp-offload-ses\n"

readme.txt

@@ -4,7 +4,7 @@ Tags: amazon ses,smtp,email delivery,gmail smtp,newsletter
 Requires at least: 5.3
 Tested up to: 6.2
 Requires PHP: 7.2
-Stable tag: 1.6.3
+Stable tag: 1.6.4
 
 Fix your email delivery problems by sending your WordPress emails through Amazon SES's powerful email sending infrastructure.
 
@@ -178,6 +178,10 @@ Please double check the credentials match up with the credentials you received w
 
 == Changelog ==
 
+= 1.6.4 - 2023-05-18 =
+* Bug fix: WP Offload SES now works with PHP 8.2
+* Security: Updated AWS SDK to address a vulnerability in `guzzlehttp/psr7` as reported in [CVE-2023-29197](https://nvd.nist.gov/vuln/detail/CVE-2023-29197)
+
 = 1.6.3 - 2023-04-12 =
 * Bug fix: WP Offload SES is once again compatible with sites using PHP 7 and WordPress 5.3–5.8
 

vendor/Aws3/Aws/Api/ErrorParser/JsonParserTrait.php

@@ -14,7 +14,7 @@ trait JsonParserTrait
     private function genericHandler(ResponseInterface $response)
     {
         $code = (string) $response->getStatusCode();
-        if ($this->api && $this->api->getMetadata('awsQueryCompatible') && $response->getHeaderLine('x-amzn-query-error')) {
+        if ($this->api && !\is_null($this->api->getMetadata('awsQueryCompatible')) && $response->getHeaderLine('x-amzn-query-error')) {
             $queryError = $response->getHeaderLine('x-amzn-query-error');
             $parts = \explode(';', $queryError);
             if (isset($parts) && \count($parts) == 2 && $parts[0] && $parts[1]) {

vendor/Aws3/Aws/Api/TimestampShape.php

@@ -24,7 +24,7 @@ public function __construct(array $definition, ShapeMap $shapeMap)
      */
     public static function format($value, $format)
     {
-        if ($value instanceof \DateTime) {
+        if ($value instanceof \DateTimeInterface) {
             $value = $value->getTimestamp();
         } elseif (\is_string($value)) {
             $value = \strtotime($value);

vendor/Aws3/Aws/AwsClient.php

@@ -223,6 +223,9 @@ public function __construct(array $args)
         $this->addStreamRequestPayload();
         $this->addRecursionDetection();
         $this->addRequestBuilder();
+        if (!$config['suppress_php_deprecation_warning']) {
+            $this->emitDeprecationWarning();
+        }
         if (isset($args['with_resolved'])) {
             $args['with_resolved']($config);
         }
@@ -489,6 +492,14 @@ protected function isUseEndpointV2()
     {
         return $this->endpointProvider instanceof EndpointProviderV2;
     }
+    public static function emitDeprecationWarning()
+    {
+        $phpVersion = \PHP_VERSION_ID;
+        if ($phpVersion < 70205) {
+            $phpVersionString = \phpversion();
+            @\trigger_error("This installation of the SDK is using PHP version" . " {$phpVersionString}, which will be deprecated on August" . " 15th, 2023.  Please upgrade your PHP version to a minimum of" . " 7.2.5 before then to continue receiving updates to the AWS" . " SDK for PHP.  To disable this warning, set" . " suppress_php_deprecation_warning to true on the client constructor" . " or set the environment variable AWS_SUPPRESS_PHP_DEPRECATION_WARNING" . " to true.", \E_USER_DEPRECATED);
+        }
+    }
     /**
      * Returns a service model and doc model with any necessary changes
      * applied.

vendor/Aws3/Aws/Credentials/CredentialProvider.php

@@ -263,44 +263,10 @@ public static function sso($ssoProfileName = 'default', $filename = null, $confi
                 return self::reject("Profile {$ssoProfileName} does not exist in {$filename}.");
             }
             if (!empty($ssoProfile['sso_session'])) {
-                if (empty($config['ssoOidcClient'])) {
-                    $sessionName = $ssoProfile['sso_session'];
-                    if (empty($profiles['sso-session ' . $sessionName])) {
-                        return self::reject("Could not find sso-session {$sessionName} in {$filename}");
-                    }
-                    $ssoSession = $profiles['sso-session ' . $ssoProfile['sso_session']];
-                    $ssoOidcClient = new Aws\SSOOIDC\SSOOIDCClient(['region' => $ssoSession['sso_region'], 'version' => '2019-06-10', 'credentials' => \false]);
-                } else {
-                    $ssoOidcClient = $config['ssoClient'];
-                }
-                $tokenPromise = new Aws\Token\SsoTokenProvider($ssoProfileName, $filename, $ssoOidcClient);
-                $token = $tokenPromise()->wait();
-                $ssoCredentials = CredentialProvider::getCredentialsFromSsoService($ssoProfile, $token->getToken(), $config);
-                $expiration = $ssoCredentials['expiration'];
+                return CredentialProvider::getSsoCredentials($profiles, $ssoProfileName, $filename, $config);
             } else {
-                if (empty($ssoProfile['sso_start_url']) || empty($ssoProfile['sso_region']) || empty($ssoProfile['sso_account_id']) || empty($ssoProfile['sso_role_name'])) {
-                    return self::reject("Profile {$ssoProfileName} in {$filename} must contain the following keys: " . "sso_start_url, sso_region, sso_account_id, and sso_role_name.");
-                }
-                $tokenLocation = self::getHomeDir() . '/.aws/sso/cache/' . \sha1($ssoProfile['sso_start_url']) . ".json";
-                if (!@\is_readable($tokenLocation)) {
-                    return self::reject("Unable to read token file at {$tokenLocation}");
-                }
-                $tokenData = \json_decode(\file_get_contents($tokenLocation), \true);
-                if (empty($tokenData['accessToken']) || empty($tokenData['expiresAt'])) {
-                    return self::reject("Token file at {$tokenLocation} must contain an access token and an expiration");
-                }
-                try {
-                    $expiration = (new DateTimeResult($tokenData['expiresAt']))->getTimestamp();
-                } catch (\Exception $e) {
-                    return self::reject("Cached SSO credentials returned an invalid expiration");
-                }
-                $now = \time();
-                if ($expiration < $now) {
-                    return self::reject("Cached SSO credentials returned expired credentials");
-                }
-                $ssoCredentials = CredentialProvider::getCredentialsFromSsoService($ssoProfile, $tokenData['accessToken'], $config);
+                return CredentialProvider::getSsoCredentialsLegacy($profiles, $ssoProfileName, $filename, $config);
             }
-            return Promise\Create::promiseFor(new Credentials($ssoCredentials['accessKeyId'], $ssoCredentials['secretAccessKey'], $ssoCredentials['sessionToken'], $expiration));
         };
     }
     /**
@@ -649,16 +615,76 @@ public static function shouldUseEcs()
         //fall back to server for each as getenv is not thread-safe.
         return !empty(\getenv(EcsCredentialProvider::ENV_URI)) || !empty($_SERVER[EcsCredentialProvider::ENV_URI]) || !empty(\getenv(EcsCredentialProvider::ENV_FULL_URI)) || !empty($_SERVER[EcsCredentialProvider::ENV_FULL_URI]);
     }
+    /**
+     * @param $profiles
+     * @param $ssoProfileName
+     * @param $filename
+     * @param $config
+     * @return Promise\PromiseInterface
+     */
+    private static function getSsoCredentials($profiles, $ssoProfileName, $filename, $config)
+    {
+        if (empty($config['ssoOidcClient'])) {
+            $ssoProfile = $profiles[$ssoProfileName];
+            $sessionName = $ssoProfile['sso_session'];
+            if (empty($profiles['sso-session ' . $sessionName])) {
+                return self::reject("Could not find sso-session {$sessionName} in {$filename}");
+            }
+            $ssoSession = $profiles['sso-session ' . $ssoProfile['sso_session']];
+            $ssoOidcClient = new Aws\SSOOIDC\SSOOIDCClient(['region' => $ssoSession['sso_region'], 'version' => '2019-06-10', 'credentials' => \false]);
+        } else {
+            $ssoOidcClient = $config['ssoClient'];
+        }
+        $tokenPromise = new Aws\Token\SsoTokenProvider($ssoProfileName, $filename, $ssoOidcClient);
+        $token = $tokenPromise()->wait();
+        $ssoCredentials = CredentialProvider::getCredentialsFromSsoService($ssoProfile, $ssoSession['sso_region'], $token->getToken(), $config);
+        $expiration = $ssoCredentials['expiration'];
+        return Promise\Create::promiseFor(new Credentials($ssoCredentials['accessKeyId'], $ssoCredentials['secretAccessKey'], $ssoCredentials['sessionToken'], $expiration));
+    }
+    /**
+     * @param $profiles
+     * @param $ssoProfileName
+     * @param $filename
+     * @param $config
+     * @return Promise\PromiseInterface
+     */
+    private static function getSsoCredentialsLegacy($profiles, $ssoProfileName, $filename, $config)
+    {
+        $ssoProfile = $profiles[$ssoProfileName];
+        if (empty($ssoProfile['sso_start_url']) || empty($ssoProfile['sso_region']) || empty($ssoProfile['sso_account_id']) || empty($ssoProfile['sso_role_name'])) {
+            return self::reject("Profile {$ssoProfileName} in {$filename} must contain the following keys: " . "sso_start_url, sso_region, sso_account_id, and sso_role_name.");
+        }
+        $tokenLocation = self::getHomeDir() . '/.aws/sso/cache/' . \sha1($ssoProfile['sso_start_url']) . ".json";
+        if (!@\is_readable($tokenLocation)) {
+            return self::reject("Unable to read token file at {$tokenLocation}");
+        }
+        $tokenData = \json_decode(\file_get_contents($tokenLocation), \true);
+        if (empty($tokenData['accessToken']) || empty($tokenData['expiresAt'])) {
+            return self::reject("Token file at {$tokenLocation} must contain an access token and an expiration");
+        }
+        try {
+            $expiration = (new DateTimeResult($tokenData['expiresAt']))->getTimestamp();
+        } catch (\Exception $e) {
+            return self::reject("Cached SSO credentials returned an invalid expiration");
+        }
+        $now = \time();
+        if ($expiration < $now) {
+            return self::reject("Cached SSO credentials returned expired credentials");
+        }
+        $ssoCredentials = CredentialProvider::getCredentialsFromSsoService($ssoProfile, $ssoProfile['sso_region'], $tokenData['accessToken'], $config);
+        return Promise\Create::promiseFor(new Credentials($ssoCredentials['accessKeyId'], $ssoCredentials['secretAccessKey'], $ssoCredentials['sessionToken'], $expiration));
+    }
     /**
      * @param array $ssoProfile
+     * @param string $clientRegion
      * @param string $accessToken
      * @param array $config
      * @return array|null
      */
-    private static function getCredentialsFromSsoService($ssoProfile, $accessToken, $config)
+    private static function getCredentialsFromSsoService($ssoProfile, $clientRegion, $accessToken, $config)
     {
         if (empty($config['ssoClient'])) {
-            $ssoClient = new Aws\SSO\SSOClient(['region' => $ssoProfile['sso_region'], 'version' => '2019-06-10', 'credentials' => \false]);
+            $ssoClient = new Aws\SSO\SSOClient(['region' => $clientRegion, 'version' => '2019-06-10', 'credentials' => \false]);
         } else {
             $ssoClient = $config['ssoClient'];
         }

vendor/Aws3/Aws/Crypto/EncryptionTrait.php

@@ -97,7 +97,7 @@ protected function getEncryptingStream(Stream $plaintext, $cek, &$cipherOptions)
         switch ($cipherOptions['Cipher']) {
             case 'gcm':
                 $cipherOptions['TagLength'] = 16;
-                $cipherTextStream = new AesGcmEncryptingStream($plaintext, $cek, $cipherOptions['Iv'], $cipherOptions['Aad'] = isset($cipherOptions['Aad']) ? $cipherOptions['Aad'] : null, $cipherOptions['TagLength'], $cipherOptions['KeySize']);
+                $cipherTextStream = new AesGcmEncryptingStream($plaintext, $cek, $cipherOptions['Iv'], $cipherOptions['Aad'] = isset($cipherOptions['Aad']) ? $cipherOptions['Aad'] : '', $cipherOptions['TagLength'], $cipherOptions['KeySize']);
                 if (!empty($cipherOptions['Aad'])) {
                     \trigger_error("'Aad' has been supplied for content encryption" . " with " . $cipherTextStream->getAesName() . ". The" . " PHP SDK encryption client can decrypt an object" . " encrypted in this way, but other AWS SDKs may not be" . " able to.", \E_USER_WARNING);
                 }

vendor/Aws3/Aws/Endpoint/Partition.php

@@ -175,12 +175,18 @@ private function getVariant(array $options, array $data)
     {
         $variantTags = [];
         if (isset($options['use_fips_endpoint'])) {
-            if ($options['use_fips_endpoint']->isUseFipsEndpoint()) {
+            $useFips = $options['use_fips_endpoint'];
+            if (\is_bool($useFips)) {
+                $useFips && ($variantTags[] = 'fips');
+            } elseif ($useFips->isUseFipsEndpoint()) {
                 $variantTags[] = 'fips';
             }
         }
         if (isset($options['use_dual_stack_endpoint'])) {
-            if ($options['use_dual_stack_endpoint']->isUseDualStackEndpoint()) {
+            $useDualStack = $options['use_dual_stack_endpoint'];
+            if (\is_bool($useDualStack)) {
+                $useDualStack && ($variantTags[] = 'dualstack');
+            } elseif ($useDualStack->isUseDualStackEndpoint()) {
                 $variantTags[] = 'dualstack';
             }
         }

vendor/Aws3/Aws/HashingStream.php

@@ -10,6 +10,8 @@
 class HashingStream implements StreamInterface
 {
     use StreamDecoratorTrait;
+    /** @var StreamInterface */
+    private $stream;
     /** @var HashInterface */
     private $hash;
     /** @var callable|null */

vendor/Aws3/Aws/MockHandler.php

@@ -29,6 +29,7 @@ class MockHandler implements \Countable
      */
     public function __construct(array $resultOrQueue = [], callable $onFulfilled = null, callable $onRejected = null)
     {
+        $this->queue = [];
         $this->onFulfilled = $onFulfilled;
         $this->onRejected = $onRejected;
         if ($resultOrQueue) {