Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
function mo_login_validate() { if (!(!empty($_REQUEST["\157\160\x74\x69\157\x6e"])..
Decoded Output download
<?
function mo_login_validate()
{
if (!(!empty($_REQUEST["option"]) && $_REQUEST["option"] == "mosaml_metadata")) {
goto LXY;
}
miniorange_generate_metadata();
LXY:
if (!mo_saml_is_customer_license_verified()) {
goto VMW;
}
if (!(!empty($_REQUEST["option"]) && ($_REQUEST["option"] == "saml_user_login" || $_REQUEST["option"] == "testConfig" || $_REQUEST["option"] == "getsamlrequest" || $_REQUEST["option"] == "getsamlresponse"))) {
goto duY;
}
if (mo_saml_is_sp_configured()) {
goto j4A;
}
if (!is_user_logged_in()) {
goto wMG;
}
if (empty($_REQUEST["redirect_to"])) {
goto rVa;
}
$PX = htmlspecialchars($_REQUEST["redirect_to"]);
wp_safe_redirect($PX);
exit;
rVa:
wMG:
goto oiC;
j4A:
if (!(is_user_logged_in() and $_REQUEST["option"] == "saml_user_login")) {
goto RIg;
}
if (empty($_REQUEST["redirect_to"])) {
goto FaL;
}
$PX = htmlspecialchars($_REQUEST["redirect_to"]);
wp_safe_redirect($PX);
exit;
FaL:
return;
RIg:
$Eq = get_site_option("mo_saml_sp_base_url");
if (!empty($Eq)) {
goto VRy;
}
$Eq = get_network_site_url();
VRy:
$wa = get_site_option("saml_sso_settings");
$Qu = get_current_blog_id();
$oR = Utilities::get_active_sites();
if (Utilities::mo_saml_in_array($Qu, $oR)) {
goto gDf;
}
return;
gDf:
if (!(empty($wa[$Qu]) && !empty($wa["DEFAULT"]))) {
goto Ova;
}
$wa[$Qu] = $wa["DEFAULT"];
Ova:
if ($_REQUEST["option"] == "testConfig" and array_key_exists("newcert", $_REQUEST)) {
goto NwI;
}
if ($_REQUEST["option"] == "testConfig") {
goto TOo;
}
if ($_REQUEST["option"] == "getsamlrequest") {
goto b5B;
}
if ($_REQUEST["option"] == "getsamlresponse") {
goto E79;
}
if (!empty($wa[$Qu]["mo_saml_relay_state"])) {
goto tYJ;
}
if (!empty($_REQUEST["redirect_to"])) {
goto tLN;
}
$u2 = saml_get_current_page_url();
goto xiK;
tLN:
$u2 = $_REQUEST["redirect_to"];
xiK:
goto SEp;
tYJ:
$u2 = $wa[$Qu]["mo_saml_relay_state"];
SEp:
goto I85;
E79:
$u2 = "displaySAMLResponse";
I85:
goto Lwi;
b5B:
$u2 = "displaySAMLRequest";
Lwi:
goto yjU;
TOo:
$u2 = "testValidate";
yjU:
goto fl8;
NwI:
$u2 = "testNewCertificate";
fl8:
$Yr = get_site_option("saml_login_url");
$rj = !empty(get_site_option("saml_login_binding_type")) ? get_site_option("saml_login_binding_type") : "HttpPost";
$wa = get_site_option("saml_sso_settings");
$Qu = get_current_blog_id();
$oR = Utilities::get_active_sites();
if (Utilities::mo_saml_in_array($Qu, $oR)) {
goto P7Z;
}
return;
P7Z:
if (!(empty($wa[$Qu]) && !empty($wa["DEFAULT"]))) {
goto c1H;
}
$wa[$Qu] = $wa["DEFAULT"];
c1H:
$X5 = !empty($wa[$Qu]["mo_saml_force_authentication"]) ? $wa[$Qu]["mo_saml_force_authentication"] : '';
$F5 = $Eq . "/";
$yo = get_site_option("mo_saml_sp_entity_id");
$vl = get_site_option("saml_nameid_format");
if (!empty($vl)) {
goto ETJ;
}
$vl = "1.1:nameid-format:unspecified";
ETJ:
if (!empty($yo)) {
goto piB;
}
$yo = $Eq . "/wp-content/plugins/miniorange-saml-20-single-sign-on/";
piB:
$a_ = Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, $rj, $vl);
if (!($u2 == "displaySAMLRequest")) {
goto K10;
}
mo_saml_show_SAML_log(Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, "HttpPost", $vl), $u2);
K10:
$f2 = htmlspecialchars_decode($Yr);
if (strpos($Yr, "?") !== false) {
goto anx;
}
$f2 .= "?";
goto gjd;
anx:
$f2 .= "&";
gjd:
$u2 = mo_saml_relaystate_url($u2);
if ($rj == "HttpRedirect") {
goto Dsp;
}
if (!(get_site_option("saml_request_signed") == "unchecked")) {
goto So5;
}
$RL = base64_encode($a_);
Utilities::postSAMLRequest($Yr, $RL, $u2);
exit;
So5:
$pH = '';
$VG = '';
if ($_REQUEST["option"] == "testConfig" && array_key_exists("newcert", $_REQUEST)) {
goto iKY;
}
$RL = Utilities::signXML($a_, "NameIDPolicy");
goto PFA;
iKY:
$RL = Utilities::signXML($a_, "NameIDPolicy", true);
PFA:
Utilities::postSAMLRequest($Yr, $RL, $u2);
update_site_option("mo_saml_new_cert_test", true);
goto Wu3;
Dsp:
if (!(get_site_option("saml_request_signed") == "unchecked")) {
goto lbp;
}
$f2 .= "SAMLRequest=" . $a_ . "&RelayState=" . urlencode($u2);
header("Location: " . $f2);
exit;
lbp:
$a_ = "SAMLRequest=" . $a_ . "&RelayState=" . urlencode($u2) . "&SigAlg=" . urlencode(XMLSecurityKey::RSA_SHA256);
$Cv = array("type" => "private");
$tK = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $Cv);
if ($_REQUEST["option"] == "testConfig" && array_key_exists("newcert", $_REQUEST)) {
goto IDN;
}
$RZ = get_site_option("mo_saml_current_cert_private_key");
goto f7n;
IDN:
$RZ = file_get_contents(plugin_dir_path(__FILE__) . "resources" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key);
f7n:
$tK->loadKey($RZ, FALSE);
$vo = new XMLSecurityDSig();
$yP = $tK->signData($a_);
$yP = base64_encode($yP);
$f2 .= $a_ . "&Signature=" . urlencode($yP);
header("Location: " . $f2);
exit;
Wu3:
oiC:
duY:
if (!(array_key_exists("SAMLResponse", $_REQUEST) && !empty($_REQUEST["SAMLResponse"]))) {
goto v1S;
}
if (array_key_exists("RelayState", $_POST) && !empty($_POST["RelayState"]) && $_POST["RelayState"] != "/") {
goto QlV;
}
$Na = '';
goto PN9;
QlV:
$Na = $_POST["RelayState"];
PN9:
$Na = mo_saml_parse_url($Na);
$Eq = get_site_option("mo_saml_sp_base_url");
if (!empty($Eq)) {
goto Rp0;
}
$Eq = get_network_site_url();
Rp0:
$k4 = $_REQUEST["SAMLResponse"];
$k4 = base64_decode($k4);
if (!($Na == "displaySAMLResponse")) {
goto qem;
}
mo_saml_show_SAML_log($k4, $Na);
qem:
if (!(array_key_exists("SAMLResponse", $_GET) && !empty($_GET["SAMLResponse"]))) {
goto CIV;
}
$k4 = gzinflate($k4);
CIV:
$Hr = new DOMDocument();
$Hr->loadXML($k4);
$mx = $Hr->firstChild;
$Wq = $Hr->documentElement;
$ek = new DOMXpath($Hr);
$ek->registerNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
$ek->registerNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
if ($mx->localName == "LogoutResponse") {
goto wYx;
}
$Ya = $ek->query("/samlp:Response/samlp:Status/samlp:StatusCode", $Wq);
$EG = !empty($Ya) ? $Ya->item(0)->getAttribute("Value") : '';
$RU = explode(":", $EG);
if (!array_key_exists(7, $RU)) {
goto oBB;
}
$Ya = $RU[7];
oBB:
$DX = $ek->query("/samlp:Response/samlp:Status/samlp:StatusMessage", $Wq);
$Y_ = !empty($DX) ? $DX->item(0) : '';
if (empty($Y_)) {
goto hGm;
}
$Y_ = $Y_->nodeValue;
hGm:
if (array_key_exists("RelayState", $_POST) && !empty($_POST["RelayState"]) && $_POST["RelayState"] != "/") {
goto tuE;
}
$Na = '';
goto mVo;
tuE:
$Na = $_POST["RelayState"];
$Na = mo_saml_parse_url($Na);
mVo:
if (!($Ya != "Success")) {
goto cck;
}
show_status_error($Ya, $Na, $Y_);
cck:
if (!($Na !== "testValidate" && $Na !== "testNewCertificate")) {
goto C17;
}
$is = parse_url($Na, PHP_URL_HOST);
$TT = parse_url($Eq, PHP_URL_HOST);
$iB = parse_url(get_current_base_url(), PHP_URL_HOST);
if (!empty($Na)) {
goto hrn;
}
$Na = "/";
goto k00;
hrn:
$Na = mo_saml_parse_url($Na);
k00:
if (!(!empty($is) && $is != $iB && !mo_saml_is_subdomain($is, $iB))) {
goto Dnh;
}
Utilities::postSAMLResponse($Na, $_REQUEST["SAMLResponse"], mo_saml_relaystate_url($Na));
Dnh:
C17:
$DL = maybe_unserialize(get_site_option("saml_x509_certificate"));
update_site_option("mo_saml_response", base64_encode($k4));
foreach ($DL as $tK => $Cd) {
if (@openssl_x509_read($Cd)) {
goto OOl;
}
unset($DL[$tK]);
OOl:
Jp9:
}
NBw:
$F5 = $Eq . "/";
if ($Na == "testNewCertificate") {
goto rOH;
}
$k4 = new SAML2_Response($mx, get_site_option("mo_saml_current_cert_private_key"));
goto JQn;
rOH:
$pu = file_get_contents(plugin_dir_path(__FILE__) . "resources" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key);
$k4 = new SAML2_Response($mx, $pu);
JQn:
$PB = $k4->getSignatureData();
$TD = current($k4->getAssertions())->getSignatureData();
if (!(empty($TD) && empty($PB))) {
goto DDE;
}
if ($Na == "testValidate" or $Na == "testNewCertificate") {
goto R8M;
}
wp_die("We could not sign you in. Please contact administrator", "Error: Invalid SAML Response");
goto vSp;
R8M:
$I7 = mo_options_error_constants::Error_no_certificate;
$xa = mo_options_error_constants::Cause_no_certificate;
echo "<div style="font-family:Calibri;padding:0 3%;">\xd\xa \x9 <div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
<div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error :" . esc_html($I7) . " </strong></p>\xd
\x9\x9\x9 \x9\xd\xa \x9\x9 <p><strong>Possible Cause: " . esc_html($xa) . "</strong></p>\xd
\x9\xd\xa \x9\x9\x9\x9</div></div>";
mo_saml_download_logs($I7, $xa);
exit;
vSp:
DDE:
$fw = '';
if (is_array($DL)) {
goto XdW;
}
$e4 = XMLSecurityKey::getRawThumbprint($DL);
$e4 = mo_saml_convert_to_windows_iconv($e4);
$e4 = preg_replace("/\s+/", '', $e4);
if (empty($PB)) {
goto NRK;
}
$fw = Utilities::processResponse($F5, $e4, $PB, $k4, 0, $Na);
NRK:
if (empty($TD)) {
goto S05;
}
$fw = Utilities::processResponse($F5, $e4, $TD, $k4, 0, $Na);
S05:
goto EbW;
XdW:
foreach ($DL as $tK => $Cd) {
$e4 = XMLSecurityKey::getRawThumbprint($Cd);
$e4 = mo_saml_convert_to_windows_iconv($e4);
$e4 = preg_replace("/\s+/", '', $e4);
if (empty($PB)) {
goto jqp;
}
$fw = Utilities::processResponse($F5, $e4, $PB, $k4, $tK, $Na);
jqp:
if (empty($TD)) {
goto bKG;
}
$fw = Utilities::processResponse($F5, $e4, $TD, $k4, $tK, $Na);
bKG:
if (!$fw) {
goto Aoz;
}
goto ZWy;
Aoz:
ySz:
}
ZWy:
EbW:
if (empty($PB)) {
goto XgQ;
}
$AK = $PB["Certificates"][0];
goto bny;
XgQ:
$AK = $TD["Certificates"][0];
bny:
if ($fw) {
goto DxZ;
}
if ($Na == "testValidate" or $Na == "testNewCertificate") {
goto vKz;
}
wp_die("We could not sign you in. Please contact your Administrator", "Error :Certificate not found");
goto ubY;
vKz:
$I7 = mo_options_error_constants::Error_wrong_certificate;
$xa = mo_options_error_constants::Cause_wrong_certificate;
$BZ = "-----BEGIN CERTIFICATE-----<br>" . chunk_split($AK, 64) . "<br>-----END CERTIFICATE-----";
echo "<div style="font-family:Calibri;padding:0 3%;">";
echo "<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>\xd\xa <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Unable to find a certificate matching the configured fingerprint.</p>\xd
<p>Please contact your administrator and report the following error:</p>\xd\xa <p><strong>Possible Cause: </strong>'X.509 Certificate' field in plugin does not match the certificate found in SAML Response.</p>\xd
<p><strong>Certificate found in SAML Response: </strong><font face="Courier New"><br><br>" . $BZ . "</p></font>
<p><strong>Solution: </strong></p>\xd\xa <ol>\xd
<li>Copy paste the certificate provided above in X509 Certificate under Service Provider Setup tab.</li>
<li>If issue persists disable <b>Character encoding</b> under Service Provder Setup tab.</li>\xd\xa </ol>
</div>\xd\xa <div style="margin:3%;display:block;text-align:center;">\xd\xa <div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>";
mo_saml_download_logs($I7, $xa);
exit;
ubY:
DxZ:
$V4 = get_site_option("saml_issuer");
$yo = get_site_option("mo_saml_sp_entity_id");
if (!empty($yo)) {
goto AOE;
}
$yo = $Eq . "/wp-content/plugins/miniorange-saml-20-single-sign-on/";
AOE:
Utilities::validateIssuerAndAudience($k4, $yo, $V4, $Na);
$aw = current(current($k4->getAssertions())->getNameId());
$jG = current($k4->getAssertions())->getAttributes();
$jG["NameID"] = array("0" => $aw);
$fC = current($k4->getAssertions())->getSessionIndex();
mo_saml_checkMapping($jG, $Na, $fC);
goto PKX;
wYx:
if (empty($_REQUEST["RelayState"])) {
goto c8D;
}
$Xn = $_REQUEST["RelayState"];
c8D:
if (!is_user_logged_in()) {
goto BN0;
}
wp_destroy_current_session();
wp_clear_auth_cookie();
wp_set_current_user(0);
BN0:
if (empty($Xn)) {
goto sQJ;
}
$Xn = mo_saml_parse_url($Xn);
goto w3I;
sQJ:
$Xn = $Eq;
w3I:
do_action("mo_saml_sp_initiated_slo_pre_redirect", $Xn);
header("Location:" . $Xn);
exit;
PKX:
v1S:
if (!(array_key_exists("SAMLRequest", $_REQUEST) && !empty($_REQUEST["SAMLRequest"]))) {
goto hF2;
}
$a_ = $_REQUEST["SAMLRequest"];
$Na = "/";
if (!array_key_exists("RelayState", $_REQUEST)) {
goto o47;
}
$Na = $_REQUEST["RelayState"];
o47:
$a_ = base64_decode($a_);
if (!(array_key_exists("SAMLRequest", $_GET) && !empty($_GET["SAMLRequest"]))) {
goto AEu;
}
$a_ = gzinflate($a_);
AEu:
$Hr = new DOMDocument();
$Hr->loadXML($a_);
$GM = $Hr->firstChild;
if (!($GM->localName == "LogoutRequest")) {
goto U8k;
}
$LO = new SAML2_LogoutRequest($GM);
if (!(!session_id() || session_id() == '' || empty($_SESSION))) {
goto rio;
}
session_start();
rio:
$_SESSION["mo_saml_logout_request"] = $a_;
$_SESSION["mo_saml_logout_relay_state"] = $Na;
wp_redirect(htmlspecialchars_decode(wp_logout_url()));
exit;
U8k:
hF2:
VMW:
} ?>
Did this file decode correctly?
Original Code
function mo_login_validate()
{
if (!(!empty($_REQUEST["\157\160\x74\x69\157\x6e"]) && $_REQUEST["\157\x70\x74\x69\157\x6e"] == "\155\157\163\x61\155\x6c\137\155\145\164\141\x64\x61\x74\x61")) {
goto LXY;
}
miniorange_generate_metadata();
LXY:
if (!mo_saml_is_customer_license_verified()) {
goto VMW;
}
if (!(!empty($_REQUEST["\x6f\x70\x74\x69\x6f\x6e"]) && ($_REQUEST["\x6f\x70\164\151\x6f\x6e"] == "\x73\141\155\x6c\x5f\x75\x73\x65\162\137\154\157\x67\151\x6e" || $_REQUEST["\x6f\x70\x74\x69\x6f\x6e"] == "\164\x65\163\164\x43\157\x6e\146\x69\147" || $_REQUEST["\157\160\x74\x69\157\x6e"] == "\147\145\x74\163\x61\155\x6c\x72\145\161\165\x65\x73\x74" || $_REQUEST["\x6f\160\164\x69\157\x6e"] == "\x67\145\x74\163\141\x6d\154\162\x65\x73\160\x6f\156\x73\x65"))) {
goto duY;
}
if (mo_saml_is_sp_configured()) {
goto j4A;
}
if (!is_user_logged_in()) {
goto wMG;
}
if (empty($_REQUEST["\x72\145\x64\151\x72\145\143\x74\137\164\x6f"])) {
goto rVa;
}
$PX = htmlspecialchars($_REQUEST["\162\145\144\151\x72\145\x63\x74\137\164\x6f"]);
wp_safe_redirect($PX);
exit;
rVa:
wMG:
goto oiC;
j4A:
if (!(is_user_logged_in() and $_REQUEST["\x6f\160\x74\151\x6f\156"] == "\x73\x61\155\x6c\137\165\163\145\x72\x5f\154\x6f\x67\x69\x6e")) {
goto RIg;
}
if (empty($_REQUEST["\162\x65\144\x69\x72\145\x63\164\x5f\x74\x6f"])) {
goto FaL;
}
$PX = htmlspecialchars($_REQUEST["\162\x65\x64\x69\162\x65\x63\x74\x5f\164\157"]);
wp_safe_redirect($PX);
exit;
FaL:
return;
RIg:
$Eq = get_site_option("\x6d\x6f\x5f\x73\141\155\154\137\163\160\137\142\141\x73\x65\x5f\x75\162\154");
if (!empty($Eq)) {
goto VRy;
}
$Eq = get_network_site_url();
VRy:
$wa = get_site_option("\163\141\155\154\137\163\x73\157\137\x73\145\x74\164\x69\x6e\147\163");
$Qu = get_current_blog_id();
$oR = Utilities::get_active_sites();
if (Utilities::mo_saml_in_array($Qu, $oR)) {
goto gDf;
}
return;
gDf:
if (!(empty($wa[$Qu]) && !empty($wa["\104\x45\106\x41\125\114\124"]))) {
goto Ova;
}
$wa[$Qu] = $wa["\104\105\x46\101\x55\114\124"];
Ova:
if ($_REQUEST["\x6f\x70\164\151\157\x6e"] == "\164\x65\163\x74\103\157\x6e\x66\x69\147" and array_key_exists("\x6e\145\167\143\145\162\164", $_REQUEST)) {
goto NwI;
}
if ($_REQUEST["\x6f\160\x74\x69\x6f\x6e"] == "\x74\x65\163\164\x43\157\156\x66\x69\x67") {
goto TOo;
}
if ($_REQUEST["\x6f\160\x74\151\157\156"] == "\x67\x65\164\163\141\155\154\x72\x65\x71\165\x65\163\164") {
goto b5B;
}
if ($_REQUEST["\x6f\x70\164\x69\x6f\156"] == "\x67\x65\164\x73\141\x6d\x6c\162\145\163\x70\157\156\x73\x65") {
goto E79;
}
if (!empty($wa[$Qu]["\x6d\x6f\x5f\x73\141\155\154\137\x72\145\x6c\x61\171\x5f\x73\x74\x61\x74\145"])) {
goto tYJ;
}
if (!empty($_REQUEST["\x72\145\144\x69\162\145\143\x74\x5f\164\x6f"])) {
goto tLN;
}
$u2 = saml_get_current_page_url();
goto xiK;
tLN:
$u2 = $_REQUEST["\x72\145\144\x69\x72\145\x63\x74\x5f\x74\x6f"];
xiK:
goto SEp;
tYJ:
$u2 = $wa[$Qu]["\155\157\x5f\x73\141\155\x6c\x5f\x72\x65\x6c\x61\x79\x5f\x73\164\141\x74\145"];
SEp:
goto I85;
E79:
$u2 = "\144\x69\163\x70\154\141\x79\x53\101\x4d\x4c\x52\x65\163\x70\x6f\156\163\x65";
I85:
goto Lwi;
b5B:
$u2 = "\144\151\163\x70\x6c\x61\171\x53\101\115\x4c\x52\x65\x71\165\x65\x73\164";
Lwi:
goto yjU;
TOo:
$u2 = "\164\145\x73\x74\x56\141\154\151\x64\x61\164\x65";
yjU:
goto fl8;
NwI:
$u2 = "\x74\x65\x73\164\116\145\x77\x43\x65\x72\x74\151\146\151\143\141\164\145";
fl8:
$Yr = get_site_option("\163\x61\155\x6c\137\x6c\157\147\151\156\137\165\162\x6c");
$rj = !empty(get_site_option("\x73\141\x6d\154\137\x6c\x6f\x67\151\156\137\x62\x69\156\144\x69\156\x67\x5f\x74\171\160\145")) ? get_site_option("\x73\x61\155\x6c\x5f\154\x6f\x67\151\x6e\x5f\142\151\156\x64\151\156\147\x5f\x74\x79\x70\145") : "\x48\164\x74\x70\120\x6f\163\164";
$wa = get_site_option("\163\x61\155\154\137\163\163\x6f\137\163\145\164\x74\x69\156\x67\x73");
$Qu = get_current_blog_id();
$oR = Utilities::get_active_sites();
if (Utilities::mo_saml_in_array($Qu, $oR)) {
goto P7Z;
}
return;
P7Z:
if (!(empty($wa[$Qu]) && !empty($wa["\x44\105\x46\x41\125\114\124"]))) {
goto c1H;
}
$wa[$Qu] = $wa["\104\x45\x46\101\125\x4c\x54"];
c1H:
$X5 = !empty($wa[$Qu]["\155\x6f\x5f\163\x61\x6d\x6c\137\146\x6f\x72\143\145\x5f\141\165\164\x68\x65\156\x74\x69\143\141\x74\151\157\156"]) ? $wa[$Qu]["\155\x6f\x5f\x73\x61\155\x6c\x5f\146\x6f\x72\x63\x65\137\141\165\164\x68\x65\x6e\x74\x69\143\x61\164\151\157\156"] : '';
$F5 = $Eq . "\x2f";
$yo = get_site_option("\x6d\x6f\137\x73\141\155\154\137\x73\x70\137\145\x6e\x74\x69\x74\x79\137\x69\144");
$vl = get_site_option("\x73\141\155\x6c\137\x6e\141\x6d\145\x69\x64\137\146\157\162\155\x61\164");
if (!empty($vl)) {
goto ETJ;
}
$vl = "\61\x2e\x31\72\156\141\x6d\x65\151\x64\x2d\x66\x6f\162\x6d\141\x74\x3a\165\x6e\163\160\145\143\x69\146\x69\145\x64";
ETJ:
if (!empty($yo)) {
goto piB;
}
$yo = $Eq . "\57\167\x70\x2d\x63\x6f\x6e\164\x65\156\164\x2f\x70\x6c\165\x67\151\x6e\x73\x2f\x6d\151\156\151\157\162\141\156\x67\145\55\x73\141\155\x6c\x2d\62\60\55\x73\x69\156\x67\x6c\x65\55\x73\151\x67\156\55\x6f\x6e\57";
piB:
$a_ = Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, $rj, $vl);
if (!($u2 == "\144\x69\163\x70\154\x61\x79\x53\x41\115\x4c\122\x65\x71\x75\x65\x73\164")) {
goto K10;
}
mo_saml_show_SAML_log(Utilities::createAuthnRequest($F5, $yo, $Yr, $X5, "\110\164\x74\x70\120\x6f\163\164", $vl), $u2);
K10:
$f2 = htmlspecialchars_decode($Yr);
if (strpos($Yr, "\x3f") !== false) {
goto anx;
}
$f2 .= "\77";
goto gjd;
anx:
$f2 .= "\46";
gjd:
$u2 = mo_saml_relaystate_url($u2);
if ($rj == "\x48\x74\164\x70\122\x65\x64\151\x72\x65\143\164") {
goto Dsp;
}
if (!(get_site_option("\x73\141\155\x6c\x5f\x72\145\161\x75\x65\x73\x74\137\x73\x69\147\x6e\145\144") == "\165\156\x63\150\x65\x63\x6b\145\x64")) {
goto So5;
}
$RL = base64_encode($a_);
Utilities::postSAMLRequest($Yr, $RL, $u2);
exit;
So5:
$pH = '';
$VG = '';
if ($_REQUEST["\x6f\x70\164\151\157\156"] == "\x74\x65\163\x74\103\157\x6e\x66\151\147" && array_key_exists("\156\x65\167\x63\x65\x72\164", $_REQUEST)) {
goto iKY;
}
$RL = Utilities::signXML($a_, "\x4e\141\x6d\145\x49\x44\120\x6f\x6c\151\143\x79");
goto PFA;
iKY:
$RL = Utilities::signXML($a_, "\116\141\155\x65\x49\104\120\157\154\151\x63\171", true);
PFA:
Utilities::postSAMLRequest($Yr, $RL, $u2);
update_site_option("\x6d\157\x5f\x73\x61\x6d\x6c\x5f\156\145\167\137\143\x65\x72\x74\x5f\x74\145\163\x74", true);
goto Wu3;
Dsp:
if (!(get_site_option("\163\141\155\x6c\x5f\162\145\x71\x75\x65\x73\x74\x5f\163\151\x67\x6e\x65\144") == "\x75\156\x63\x68\x65\143\153\145\144")) {
goto lbp;
}
$f2 .= "\x53\101\x4d\114\x52\145\161\165\x65\163\x74\x3d" . $a_ . "\x26\x52\145\x6c\x61\171\123\x74\x61\x74\145\x3d" . urlencode($u2);
header("\114\x6f\x63\141\x74\151\157\156\x3a\x20" . $f2);
exit;
lbp:
$a_ = "\x53\x41\115\114\122\145\161\165\x65\163\164\x3d" . $a_ . "\x26\122\x65\x6c\141\171\123\164\141\x74\145\x3d" . urlencode($u2) . "\x26\x53\x69\x67\101\x6c\x67\75" . urlencode(XMLSecurityKey::RSA_SHA256);
$Cv = array("\x74\171\x70\145" => "\x70\x72\151\x76\x61\164\145");
$tK = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $Cv);
if ($_REQUEST["\157\160\x74\151\x6f\x6e"] == "\164\x65\163\164\x43\x6f\156\x66\x69\x67" && array_key_exists("\x6e\x65\167\x63\145\162\x74", $_REQUEST)) {
goto IDN;
}
$RZ = get_site_option("\x6d\157\137\163\141\x6d\x6c\x5f\x63\165\162\x72\x65\x6e\x74\x5f\x63\x65\x72\x74\x5f\160\162\x69\x76\141\x74\145\137\x6b\145\171");
goto f7n;
IDN:
$RZ = file_get_contents(plugin_dir_path(__FILE__) . "\x72\145\x73\157\x75\x72\x63\x65\163" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key);
f7n:
$tK->loadKey($RZ, FALSE);
$vo = new XMLSecurityDSig();
$yP = $tK->signData($a_);
$yP = base64_encode($yP);
$f2 .= $a_ . "\x26\123\151\x67\156\x61\x74\x75\162\x65\x3d" . urlencode($yP);
header("\114\157\143\141\164\151\x6f\x6e\x3a\x20" . $f2);
exit;
Wu3:
oiC:
duY:
if (!(array_key_exists("\123\x41\x4d\x4c\122\x65\163\160\x6f\x6e\x73\145", $_REQUEST) && !empty($_REQUEST["\x53\101\115\x4c\x52\x65\x73\160\x6f\156\x73\x65"]))) {
goto v1S;
}
if (array_key_exists("\x52\145\154\141\x79\x53\164\x61\164\x65", $_POST) && !empty($_POST["\x52\145\x6c\x61\x79\123\164\141\164\x65"]) && $_POST["\x52\145\x6c\x61\171\123\x74\x61\x74\x65"] != "\x2f") {
goto QlV;
}
$Na = '';
goto PN9;
QlV:
$Na = $_POST["\122\145\x6c\141\x79\x53\164\x61\164\x65"];
PN9:
$Na = mo_saml_parse_url($Na);
$Eq = get_site_option("\x6d\157\x5f\163\x61\x6d\154\137\163\x70\x5f\x62\141\x73\x65\137\x75\x72\x6c");
if (!empty($Eq)) {
goto Rp0;
}
$Eq = get_network_site_url();
Rp0:
$k4 = $_REQUEST["\123\x41\115\114\122\x65\163\160\157\156\163\x65"];
$k4 = base64_decode($k4);
if (!($Na == "\144\151\163\x70\154\x61\x79\x53\101\115\114\x52\145\x73\x70\x6f\156\x73\x65")) {
goto qem;
}
mo_saml_show_SAML_log($k4, $Na);
qem:
if (!(array_key_exists("\x53\x41\x4d\114\122\145\x73\160\157\156\163\145", $_GET) && !empty($_GET["\x53\x41\x4d\x4c\x52\x65\163\160\x6f\156\x73\145"]))) {
goto CIV;
}
$k4 = gzinflate($k4);
CIV:
$Hr = new DOMDocument();
$Hr->loadXML($k4);
$mx = $Hr->firstChild;
$Wq = $Hr->documentElement;
$ek = new DOMXpath($Hr);
$ek->registerNamespace("\163\141\155\x6c\x70", "\165\162\156\x3a\157\141\163\x69\x73\x3a\x6e\x61\x6d\x65\x73\72\164\x63\72\x53\x41\115\114\72\62\56\60\x3a\x70\x72\x6f\x74\157\x63\x6f\154");
$ek->registerNamespace("\x73\141\x6d\154", "\x75\x72\156\72\x6f\141\163\x69\x73\x3a\x6e\141\x6d\x65\x73\72\x74\143\x3a\x53\101\115\114\72\62\56\x30\72\141\x73\163\x65\162\x74\x69\x6f\156");
if ($mx->localName == "\x4c\x6f\x67\x6f\x75\164\122\145\163\160\x6f\156\163\x65") {
goto wYx;
}
$Ya = $ek->query("\x2f\x73\141\155\x6c\160\72\x52\x65\163\x70\x6f\x6e\163\145\57\163\x61\155\154\x70\72\123\x74\x61\x74\x75\x73\x2f\163\141\155\x6c\160\72\x53\164\x61\164\165\x73\103\x6f\144\145", $Wq);
$EG = !empty($Ya) ? $Ya->item(0)->getAttribute("\126\141\154\165\145") : '';
$RU = explode("\72", $EG);
if (!array_key_exists(7, $RU)) {
goto oBB;
}
$Ya = $RU[7];
oBB:
$DX = $ek->query("\x2f\x73\141\x6d\x6c\x70\72\x52\x65\163\160\157\x6e\163\145\x2f\x73\141\x6d\x6c\x70\x3a\123\164\x61\x74\x75\163\57\163\x61\x6d\154\160\x3a\x53\x74\141\x74\165\163\x4d\145\163\x73\x61\147\x65", $Wq);
$Y_ = !empty($DX) ? $DX->item(0) : '';
if (empty($Y_)) {
goto hGm;
}
$Y_ = $Y_->nodeValue;
hGm:
if (array_key_exists("\x52\x65\x6c\x61\171\123\x74\141\164\145", $_POST) && !empty($_POST["\122\145\x6c\x61\x79\x53\x74\141\x74\x65"]) && $_POST["\x52\145\154\141\x79\x53\164\x61\164\x65"] != "\x2f") {
goto tuE;
}
$Na = '';
goto mVo;
tuE:
$Na = $_POST["\122\145\x6c\x61\x79\x53\164\141\x74\145"];
$Na = mo_saml_parse_url($Na);
mVo:
if (!($Ya != "\123\165\x63\x63\x65\163\163")) {
goto cck;
}
show_status_error($Ya, $Na, $Y_);
cck:
if (!($Na !== "\x74\x65\163\164\126\x61\x6c\x69\144\x61\x74\x65" && $Na !== "\164\145\163\164\116\145\x77\103\145\x72\164\x69\x66\151\x63\141\x74\x65")) {
goto C17;
}
$is = parse_url($Na, PHP_URL_HOST);
$TT = parse_url($Eq, PHP_URL_HOST);
$iB = parse_url(get_current_base_url(), PHP_URL_HOST);
if (!empty($Na)) {
goto hrn;
}
$Na = "\x2f";
goto k00;
hrn:
$Na = mo_saml_parse_url($Na);
k00:
if (!(!empty($is) && $is != $iB && !mo_saml_is_subdomain($is, $iB))) {
goto Dnh;
}
Utilities::postSAMLResponse($Na, $_REQUEST["\123\101\x4d\114\122\145\x73\x70\x6f\156\163\x65"], mo_saml_relaystate_url($Na));
Dnh:
C17:
$DL = maybe_unserialize(get_site_option("\x73\x61\155\154\137\x78\65\x30\x39\x5f\143\x65\x72\x74\x69\146\x69\143\141\164\145"));
update_site_option("\x6d\x6f\137\x73\x61\155\154\137\x72\145\163\160\x6f\156\x73\145", base64_encode($k4));
foreach ($DL as $tK => $Cd) {
if (@openssl_x509_read($Cd)) {
goto OOl;
}
unset($DL[$tK]);
OOl:
Jp9:
}
NBw:
$F5 = $Eq . "\57";
if ($Na == "\164\x65\163\164\x4e\145\167\x43\145\x72\x74\151\x66\151\x63\141\x74\145") {
goto rOH;
}
$k4 = new SAML2_Response($mx, get_site_option("\155\157\x5f\163\141\155\x6c\137\143\165\162\x72\x65\x6e\x74\x5f\x63\x65\x72\x74\x5f\x70\x72\151\166\141\164\x65\x5f\x6b\145\x79"));
goto JQn;
rOH:
$pu = file_get_contents(plugin_dir_path(__FILE__) . "\x72\145\163\x6f\165\162\143\145\x73" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_Private_Key);
$k4 = new SAML2_Response($mx, $pu);
JQn:
$PB = $k4->getSignatureData();
$TD = current($k4->getAssertions())->getSignatureData();
if (!(empty($TD) && empty($PB))) {
goto DDE;
}
if ($Na == "\x74\145\163\x74\126\x61\x6c\x69\x64\141\164\145" or $Na == "\164\x65\163\x74\x4e\x65\167\103\x65\x72\x74\151\146\x69\143\x61\164\x65") {
goto R8M;
}
wp_die("\x57\145\x20\x63\157\165\154\144\x20\156\x6f\164\x20\163\x69\x67\x6e\x20\171\x6f\x75\40\151\156\x2e\x20\x50\x6c\x65\x61\x73\145\x20\143\x6f\x6e\164\x61\x63\x74\x20\x61\x64\x6d\x69\156\151\163\x74\x72\141\164\157\162", "\105\162\x72\x6f\162\72\x20\111\x6e\166\x61\154\x69\144\x20\123\x41\115\x4c\x20\122\x65\x73\160\x6f\x6e\x73\x65");
goto vSp;
R8M:
$I7 = mo_options_error_constants::Error_no_certificate;
$xa = mo_options_error_constants::Cause_no_certificate;
echo "\x3c\x64\151\166\40\163\164\171\x6c\x65\x3d\x22\x66\157\156\164\x2d\146\x61\155\151\154\171\x3a\103\x61\x6c\151\142\x72\151\x3b\x70\141\x64\x64\x69\156\147\72\60\x20\x33\x25\73\42\x3e\xd\xa\11\11\x9\11\11\11\x3c\x64\x69\x76\x20\163\x74\x79\x6c\x65\75\42\143\x6f\154\x6f\x72\72\40\43\x61\x39\64\x34\x34\62\x3b\142\x61\x63\x6b\x67\162\x6f\x75\x6e\x64\55\143\157\x6c\157\x72\x3a\x20\43\146\62\x64\x65\144\145\x3b\160\141\144\x64\x69\x6e\x67\x3a\x20\61\65\x70\170\x3b\x6d\x61\162\147\151\x6e\x2d\142\x6f\164\164\x6f\155\x3a\40\62\x30\160\170\73\x74\145\x78\164\55\x61\x6c\x69\x67\x6e\72\x63\145\x6e\x74\145\x72\x3b\x62\x6f\x72\x64\x65\162\x3a\61\x70\x78\40\x73\x6f\x6c\x69\x64\x20\x23\x45\66\102\x33\102\x32\x3b\x66\157\156\x74\55\x73\x69\x7a\x65\x3a\61\70\x70\164\73\42\76\x20\105\x52\x52\117\122\74\57\144\151\166\x3e\15\12\11\11\11\11\11\11\74\x64\x69\166\x20\163\164\171\154\x65\75\x22\143\x6f\x6c\x6f\162\x3a\40\x23\x61\x39\x34\64\64\62\73\x66\x6f\x6e\164\55\x73\151\172\145\x3a\x31\x34\x70\164\x3b\40\155\141\x72\147\x69\156\x2d\x62\157\164\x74\157\155\x3a\62\60\x70\170\73\42\x3e\x3c\160\x3e\x3c\x73\x74\x72\157\x6e\147\76\105\162\x72\157\162\x20\x20\x3a" . esc_html($I7) . "\40\x3c\57\163\x74\x72\157\x6e\x67\x3e\x3c\x2f\x70\76\xd\12\x9\x9\x9\11\11\x9\xd\xa\11\11\11\x9\x9\11\74\160\x3e\74\x73\164\x72\x6f\x6e\147\76\x50\x6f\x73\163\151\142\154\145\x20\103\141\165\163\x65\72\40" . esc_html($xa) . "\74\57\163\x74\162\x6f\156\x67\x3e\x3c\x2f\160\76\xd\12\11\11\11\11\11\x9\xd\xa\11\11\x9\x9\x9\x9\x3c\x2f\144\x69\166\76\74\x2f\144\x69\x76\x3e";
mo_saml_download_logs($I7, $xa);
exit;
vSp:
DDE:
$fw = '';
if (is_array($DL)) {
goto XdW;
}
$e4 = XMLSecurityKey::getRawThumbprint($DL);
$e4 = mo_saml_convert_to_windows_iconv($e4);
$e4 = preg_replace("\x2f\x5c\x73\53\57", '', $e4);
if (empty($PB)) {
goto NRK;
}
$fw = Utilities::processResponse($F5, $e4, $PB, $k4, 0, $Na);
NRK:
if (empty($TD)) {
goto S05;
}
$fw = Utilities::processResponse($F5, $e4, $TD, $k4, 0, $Na);
S05:
goto EbW;
XdW:
foreach ($DL as $tK => $Cd) {
$e4 = XMLSecurityKey::getRawThumbprint($Cd);
$e4 = mo_saml_convert_to_windows_iconv($e4);
$e4 = preg_replace("\x2f\x5c\x73\x2b\x2f", '', $e4);
if (empty($PB)) {
goto jqp;
}
$fw = Utilities::processResponse($F5, $e4, $PB, $k4, $tK, $Na);
jqp:
if (empty($TD)) {
goto bKG;
}
$fw = Utilities::processResponse($F5, $e4, $TD, $k4, $tK, $Na);
bKG:
if (!$fw) {
goto Aoz;
}
goto ZWy;
Aoz:
ySz:
}
ZWy:
EbW:
if (empty($PB)) {
goto XgQ;
}
$AK = $PB["\103\x65\x72\164\151\146\x69\143\141\164\x65\163"][0];
goto bny;
XgQ:
$AK = $TD["\103\x65\x72\164\x69\146\x69\143\x61\x74\x65\163"][0];
bny:
if ($fw) {
goto DxZ;
}
if ($Na == "\164\145\163\164\126\141\154\151\x64\141\x74\145" or $Na == "\164\145\163\x74\x4e\145\x77\103\x65\162\164\151\x66\x69\x63\x61\164\x65") {
goto vKz;
}
wp_die("\x57\145\40\143\x6f\165\x6c\x64\x20\156\157\164\40\x73\x69\147\156\40\x79\x6f\x75\x20\x69\156\x2e\x20\x50\154\x65\141\x73\145\40\x63\157\156\x74\x61\x63\x74\x20\x79\157\165\162\40\x41\x64\155\151\156\x69\163\x74\162\x61\164\x6f\162", "\105\x72\162\x6f\162\40\72\x43\145\x72\x74\151\146\x69\x63\x61\164\x65\40\x6e\157\x74\x20\146\x6f\165\x6e\x64");
goto ubY;
vKz:
$I7 = mo_options_error_constants::Error_wrong_certificate;
$xa = mo_options_error_constants::Cause_wrong_certificate;
$BZ = "\x2d\55\55\55\x2d\x42\x45\107\x49\116\40\x43\x45\122\124\111\x46\x49\103\x41\x54\105\55\55\55\x2d\x2d\74\142\162\76" . chunk_split($AK, 64) . "\74\x62\162\x3e\55\55\x2d\55\55\x45\116\x44\40\x43\105\122\124\x49\x46\x49\x43\x41\x54\105\x2d\x2d\55\x2d\55";
echo "\74\144\151\x76\40\x73\164\171\x6c\145\75\x22\x66\157\x6e\x74\x2d\x66\x61\155\151\154\171\x3a\103\x61\154\151\142\162\x69\73\x70\141\x64\x64\x69\156\147\72\x30\x20\x33\45\73\42\76";
echo "\x3c\144\151\166\40\163\x74\171\x6c\145\75\42\143\x6f\154\x6f\162\72\x20\43\x61\x39\x34\x34\x34\62\x3b\142\141\x63\x6b\147\162\x6f\x75\x6e\144\x2d\x63\157\154\157\x72\x3a\x20\x23\146\62\x64\x65\144\x65\x3b\x70\141\x64\x64\151\156\147\72\40\x31\x35\x70\170\x3b\x6d\141\162\147\151\156\x2d\142\x6f\164\164\157\x6d\72\x20\62\x30\160\x78\x3b\x74\145\170\164\x2d\x61\x6c\151\147\156\72\x63\x65\x6e\164\x65\x72\x3b\142\157\x72\x64\145\162\72\61\160\170\40\x73\157\x6c\151\144\x20\43\105\66\x42\63\102\x32\x3b\x66\x6f\156\x74\55\x73\x69\x7a\145\72\61\70\160\164\73\x22\x3e\x20\x45\122\122\x4f\122\74\57\x64\x69\166\x3e\xd\xa\40\x20\x20\40\40\x20\x20\x20\x20\x20\40\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\40\40\74\144\151\x76\x20\163\164\x79\154\145\75\42\x63\157\154\x6f\x72\x3a\x20\43\x61\x39\x34\64\64\62\x3b\x66\x6f\156\x74\55\163\x69\172\x65\x3a\61\x34\x70\164\x3b\x20\x6d\141\x72\x67\151\156\55\142\157\164\x74\x6f\155\x3a\62\x30\x70\170\x3b\x22\76\74\160\76\x3c\163\164\x72\x6f\x6e\x67\x3e\105\162\162\x6f\162\72\x20\x3c\x2f\163\x74\x72\157\x6e\x67\76\125\156\141\142\x6c\145\x20\164\x6f\40\146\151\156\x64\40\141\40\143\145\162\164\x69\146\151\x63\141\164\145\x20\155\141\164\143\150\151\x6e\x67\x20\x74\x68\x65\x20\x63\x6f\156\x66\151\x67\x75\x72\145\144\40\x66\x69\x6e\x67\145\x72\x70\162\x69\x6e\x74\x2e\x3c\57\x70\x3e\xd\12\40\x20\40\40\x20\x20\x20\40\40\x20\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\x20\x20\40\x20\40\40\x3c\x70\76\x50\x6c\145\x61\x73\145\40\x63\157\156\164\x61\x63\164\40\x79\157\165\162\x20\141\x64\x6d\151\156\151\163\164\162\x61\164\157\x72\40\x61\156\144\40\x72\145\x70\x6f\162\164\x20\x74\x68\145\x20\146\157\x6c\x6c\157\x77\x69\156\x67\x20\x65\162\x72\157\162\x3a\74\x2f\160\76\xd\xa\40\40\40\x20\40\x20\40\x20\40\40\x20\40\40\x20\x20\x20\x20\40\x20\40\x20\x20\x20\40\40\x20\40\x20\x3c\x70\76\x3c\163\x74\x72\x6f\156\x67\x3e\x50\157\163\x73\151\142\x6c\x65\x20\x43\x61\x75\x73\145\72\x20\74\57\x73\x74\x72\157\x6e\x67\x3e\47\130\56\65\x30\x39\40\103\x65\162\164\151\146\x69\143\141\164\x65\47\40\146\151\x65\x6c\144\40\x69\156\x20\160\154\x75\x67\151\x6e\40\x64\x6f\145\163\x20\156\x6f\x74\40\155\141\x74\x63\150\x20\x74\150\x65\x20\x63\145\x72\164\151\x66\x69\x63\x61\x74\x65\x20\146\157\x75\x6e\x64\x20\x69\156\40\x53\101\115\x4c\40\122\145\x73\x70\x6f\x6e\163\145\x2e\74\x2f\x70\76\xd\12\x20\40\40\x20\40\40\40\40\40\x20\x20\40\40\40\40\40\x20\x20\40\x20\40\40\40\40\x20\40\40\40\74\160\x3e\74\x73\164\x72\x6f\156\147\x3e\103\x65\x72\164\x69\x66\x69\x63\141\164\x65\x20\146\x6f\x75\156\144\x20\151\x6e\40\123\101\115\114\40\x52\x65\163\160\157\x6e\163\x65\72\40\x3c\57\x73\164\162\157\156\147\x3e\x3c\146\157\156\164\40\146\x61\143\x65\75\42\x43\157\165\x72\x69\x65\x72\x20\116\145\167\42\x3e\x3c\x62\x72\76\x3c\x62\x72\x3e" . $BZ . "\x3c\x2f\x70\76\x3c\57\x66\x6f\x6e\x74\x3e\15\12\40\x20\40\40\40\x20\x20\40\40\40\40\x20\40\40\x20\40\x20\40\x20\x20\40\x20\x20\x20\40\40\40\x20\74\160\x3e\74\x73\x74\162\x6f\x6e\147\76\123\x6f\154\165\x74\151\157\156\72\40\x3c\x2f\x73\164\162\x6f\x6e\147\76\x3c\57\160\76\xd\xa\x20\x20\x20\40\x20\40\x20\40\x20\40\x20\x20\x20\x20\40\x20\40\40\40\40\40\x20\x20\x20\x20\40\x20\40\74\157\x6c\76\xd\12\40\x20\40\40\x20\40\40\x20\40\40\x20\x20\40\40\40\40\40\x20\40\40\40\40\x20\40\40\40\40\40\x20\40\40\x3c\x6c\151\x3e\x43\157\x70\171\40\x70\141\x73\164\145\40\x74\x68\x65\40\x63\x65\x72\164\x69\x66\x69\x63\141\164\x65\40\x70\x72\x6f\166\151\x64\x65\144\40\x61\142\x6f\166\145\x20\x69\x6e\40\x58\x35\x30\71\x20\x43\145\162\164\x69\146\151\143\141\x74\145\40\x75\x6e\144\x65\x72\x20\123\x65\162\166\x69\143\145\x20\120\x72\x6f\x76\151\144\145\x72\40\123\145\164\165\160\x20\164\x61\142\56\74\57\154\151\x3e\15\12\40\40\x20\x20\x20\40\40\40\x20\40\x20\40\40\40\x20\x20\40\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\74\154\151\x3e\x49\x66\x20\x69\x73\163\x75\x65\x20\x70\145\162\x73\151\163\164\163\x20\x64\x69\x73\141\142\154\x65\x20\74\142\x3e\x43\150\141\162\x61\143\x74\145\162\40\145\x6e\x63\x6f\144\x69\156\x67\74\57\x62\76\40\x75\x6e\144\145\x72\x20\123\145\x72\x76\x69\x63\145\40\x50\162\157\x76\144\x65\162\40\123\145\x74\165\x70\x20\x74\x61\142\x2e\74\57\154\151\76\xd\xa\40\x20\x20\x20\40\40\x20\x20\40\40\40\40\x20\40\40\x20\40\40\40\x20\x20\x20\x20\40\40\x20\x20\40\74\x2f\157\154\76\15\12\x20\x20\x20\40\40\x20\x20\x20\40\x20\40\40\40\x20\40\x20\x20\x20\40\40\x20\40\x20\x20\40\40\40\40\x3c\x2f\144\151\166\76\xd\xa\x20\x20\40\x20\x20\x20\x20\40\x20\x20\40\40\x20\40\40\x20\x20\40\x20\40\x20\40\x20\x20\74\144\x69\166\40\x73\x74\171\154\x65\75\x22\155\x61\x72\x67\x69\x6e\x3a\63\45\73\x64\x69\x73\160\x6c\141\171\x3a\142\x6c\x6f\143\x6b\73\x74\145\x78\164\55\141\154\151\147\156\x3a\143\x65\x6e\x74\x65\x72\x3b\42\x3e\xd\xa\40\40\x20\x20\x20\40\x20\x20\40\40\40\x20\x20\x20\x20\x20\x20\x20\x20\40\x20\40\40\40\x20\x20\x20\x20\40\x20\40\40\74\x64\x69\166\x20\163\164\171\x6c\x65\75\42\x6d\x61\162\x67\x69\x6e\x3a\63\x25\x3b\x64\151\x73\x70\x6c\x61\x79\x3a\142\154\x6f\143\153\73\x74\145\170\x74\55\x61\154\151\x67\156\72\143\145\x6e\164\x65\x72\x3b\42\x3e\74\151\156\160\x75\x74\x20\163\164\x79\154\x65\75\x22\160\x61\144\x64\x69\156\x67\72\61\x25\x3b\x77\x69\x64\164\150\x3a\x31\60\60\x70\x78\x3b\142\141\143\x6b\x67\162\x6f\165\x6e\144\x3a\x20\43\x30\x30\x39\x31\103\104\40\156\157\156\x65\40\162\x65\x70\x65\141\x74\40\x73\143\x72\157\x6c\x6c\x20\x30\45\40\x30\x25\x3b\x63\165\162\x73\x6f\162\x3a\40\x70\x6f\151\x6e\x74\145\162\x3b\146\157\156\164\x2d\x73\151\x7a\x65\72\61\x35\160\170\x3b\142\157\162\x64\x65\x72\x2d\167\x69\144\x74\150\72\40\61\160\170\73\142\157\162\x64\x65\x72\55\x73\x74\x79\x6c\145\72\40\x73\x6f\x6c\x69\x64\x3b\142\157\162\144\x65\x72\55\x72\141\144\x69\x75\x73\72\40\x33\160\170\73\x77\x68\151\164\145\x2d\163\x70\141\x63\145\72\x20\x6e\x6f\167\x72\141\x70\73\x62\157\170\x2d\x73\x69\172\x69\x6e\x67\72\40\142\157\162\x64\x65\x72\55\142\x6f\170\x3b\x62\157\x72\144\145\x72\55\x63\157\x6c\x6f\x72\72\x20\43\60\60\x37\x33\101\x41\73\x62\157\x78\x2d\x73\x68\141\144\x6f\167\x3a\x20\60\x70\x78\x20\x31\160\x78\x20\60\160\170\40\x72\x67\142\141\50\x31\62\60\54\x20\x32\60\60\54\x20\x32\x33\60\54\40\60\x2e\66\51\40\151\156\163\x65\164\73\143\157\x6c\157\162\x3a\x20\x23\x46\x46\x46\x3b\42\164\171\160\145\x3d\x22\142\165\164\164\x6f\x6e\42\40\166\141\x6c\x75\145\x3d\x22\x44\x6f\x6e\145\42\40\157\x6e\x43\x6c\151\143\x6b\x3d\x22\x73\145\x6c\146\x2e\x63\x6c\x6f\x73\145\x28\x29\x3b\42\x3e\74\57\x64\x69\x76\76";
mo_saml_download_logs($I7, $xa);
exit;
ubY:
DxZ:
$V4 = get_site_option("\163\141\x6d\154\137\151\163\163\x75\x65\x72");
$yo = get_site_option("\x6d\x6f\x5f\x73\141\155\x6c\x5f\163\x70\137\145\156\x74\151\x74\x79\x5f\151\x64");
if (!empty($yo)) {
goto AOE;
}
$yo = $Eq . "\x2f\x77\160\x2d\x63\157\x6e\x74\x65\156\164\x2f\x70\154\x75\147\x69\x6e\x73\x2f\155\151\x6e\151\x6f\162\x61\x6e\x67\x65\55\163\141\155\x6c\55\x32\60\55\x73\x69\x6e\147\x6c\x65\55\163\x69\147\x6e\55\157\x6e\x2f";
AOE:
Utilities::validateIssuerAndAudience($k4, $yo, $V4, $Na);
$aw = current(current($k4->getAssertions())->getNameId());
$jG = current($k4->getAssertions())->getAttributes();
$jG["\x4e\x61\155\x65\x49\104"] = array("\x30" => $aw);
$fC = current($k4->getAssertions())->getSessionIndex();
mo_saml_checkMapping($jG, $Na, $fC);
goto PKX;
wYx:
if (empty($_REQUEST["\x52\x65\154\141\171\x53\164\141\164\145"])) {
goto c8D;
}
$Xn = $_REQUEST["\x52\145\x6c\x61\x79\x53\x74\x61\x74\x65"];
c8D:
if (!is_user_logged_in()) {
goto BN0;
}
wp_destroy_current_session();
wp_clear_auth_cookie();
wp_set_current_user(0);
BN0:
if (empty($Xn)) {
goto sQJ;
}
$Xn = mo_saml_parse_url($Xn);
goto w3I;
sQJ:
$Xn = $Eq;
w3I:
do_action("\155\157\x5f\x73\x61\155\154\x5f\x73\x70\x5f\151\156\x69\x74\151\x61\x74\145\x64\x5f\x73\154\157\x5f\x70\x72\x65\x5f\x72\x65\x64\151\162\145\143\x74", $Xn);
header("\114\157\x63\x61\x74\x69\157\156\x3a" . $Xn);
exit;
PKX:
v1S:
if (!(array_key_exists("\x53\x41\115\x4c\122\x65\161\x75\145\163\164", $_REQUEST) && !empty($_REQUEST["\x53\x41\115\x4c\122\x65\x71\x75\x65\163\164"]))) {
goto hF2;
}
$a_ = $_REQUEST["\123\101\115\114\x52\x65\x71\x75\x65\163\x74"];
$Na = "\57";
if (!array_key_exists("\122\x65\154\141\171\x53\x74\x61\164\145", $_REQUEST)) {
goto o47;
}
$Na = $_REQUEST["\x52\145\x6c\141\x79\x53\x74\141\164\145"];
o47:
$a_ = base64_decode($a_);
if (!(array_key_exists("\123\x41\115\114\122\145\x71\x75\x65\x73\x74", $_GET) && !empty($_GET["\123\101\x4d\114\x52\145\x71\x75\145\163\x74"]))) {
goto AEu;
}
$a_ = gzinflate($a_);
AEu:
$Hr = new DOMDocument();
$Hr->loadXML($a_);
$GM = $Hr->firstChild;
if (!($GM->localName == "\114\x6f\147\x6f\x75\164\x52\x65\161\165\145\163\x74")) {
goto U8k;
}
$LO = new SAML2_LogoutRequest($GM);
if (!(!session_id() || session_id() == '' || empty($_SESSION))) {
goto rio;
}
session_start();
rio:
$_SESSION["\155\x6f\x5f\x73\x61\155\154\x5f\x6c\157\x67\x6f\165\164\x5f\162\145\161\x75\x65\163\x74"] = $a_;
$_SESSION["\155\157\x5f\163\x61\x6d\154\x5f\x6c\x6f\x67\157\x75\164\137\162\145\x6c\x61\x79\137\x73\164\x61\164\145"] = $Na;
wp_redirect(htmlspecialchars_decode(wp_logout_url()));
exit;
U8k:
hF2:
VMW:
}
Function Calls
None |
Stats
MD5 | 4323080b87d0697e6493644c3a603d22 |
Eval Count | 0 |
Decode Time | 47 ms |