Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
function mo_login_validate() { if (!(isset($_REQUEST["\157\160\x74\151\157\156"]) &&..
Decoded Output download
<? function mo_login_validate()
{
if (!(isset($_REQUEST["option"]) && $_REQUEST["option"] == "mosaml_metadata")) {
goto kL;
}
miniorange_generate_metadata();
kL:
if (!(isset($_REQUEST["option"]) && $_REQUEST["option"] == "export_configuration" and check_admin_referer("export_Configuration"))) {
goto ch;
}
if (!current_user_can("manage_options")) {
goto QJ;
}
miniorange_import_export(true);
QJ:
exit;
ch:
$Xl = get_option("saml_identity_providers");
$Xl = maybe_unserialize($Xl);
if (is_array($Xl)) {
goto F1;
}
$Yp = array();
goto SE;
F1:
$Yp = array_change_key_case($Xl, CASE_LOWER);
SE:
if (isset($_REQUEST["idp"])) {
goto jJ;
}
if (!empty(get_option("saml_default_idp"))) {
goto Gm;
}
goto x7;
jJ:
$eC = strtolower($_REQUEST["idp"]);
goto x7;
Gm:
$eC = strtolower(get_option("saml_default_idp"));
x7:
if (!(!empty($Xl) && (isset($_REQUEST["option"]) && $_REQUEST["option"] == "saml_user_login" || isset($_REQUEST["option"]) && $_REQUEST["option"] == "testConfig") && (!empty($eC) && array_key_exists($eC, $Yp) || isset($_REQUEST["entityID"])))) {
goto wI;
}
if (!(is_user_logged_in() && $_REQUEST["option"] != "testConfig")) {
goto To;
}
return;
To:
if (!mo_saml_is_sp_configured()) {
goto Zd;
}
$g0 = get_option("mo_saml_sp_base_url");
if (empty($eC)) {
goto NT;
}
$zq = $Yp[$eC];
NT:
if (!isset($_REQUEST["entityID"])) {
goto h7;
}
$rG = getIdpNameFromEntityId($Xl, $_REQUEST["entityID"]);
if ($rG) {
goto WL;
}
wp_die("We could not sign you in. Please contact your administrator", "Error: No such Identity Provider is counfigured at your SP");
WL:
$zq = $Xl[$rG];
h7:
if (array_key_exists("enable_idp", $zq)) {
goto Bf;
}
$zq["enable_idp"] = false;
Bf:
if ($zq["enable_idp"]) {
goto Jf;
}
wp_die("We could not sign you in. Please contact your administrator", "Error: IDP not enabled");
Jf:
if (!empty($g0)) {
goto vi;
}
$g0 = home_url();
vi:
if ($_REQUEST["option"] == "testConfig" and array_key_exists("newcert", $_REQUEST)) {
goto pc;
}
if ($_REQUEST["option"] == "testConfig") {
goto Wm;
}
if (get_option("mo_saml_relay_state") && get_option("mo_saml_relay_state") != '') {
goto CG;
}
if (isset($_REQUEST["redirect_to"])) {
goto sY;
}
$TJ = saml_get_current_page_url();
goto Xv;
sY:
$TJ = $_REQUEST["redirect_to"];
Xv:
goto HR;
CG:
$TJ = get_option("mo_saml_relay_state");
HR:
goto Ct;
Wm:
$TJ = "testValidate";
Ct:
goto uR;
pc:
$TJ = "testNewCertificate";
uR:
$KW = parse_url($TJ, PHP_URL_PATH);
$KW = empty($KW) ? "/" : $KW;
$ua = parse_url($TJ, PHP_URL_QUERY);
if (!empty($ua)) {
goto n7;
}
$TJ = $KW;
goto p9;
n7:
$TJ = $KW . "?" . $ua;
p9:
$v1 = $zq["sso_url"];
$xw = $zq["request_signed"];
$W6 = $zq["sso_binding_type"];
$oQ = get_option("mo_saml_force_authentication");
$lc = $g0 . "/";
$Rd = get_option("mo_saml_sp_entity_id");
$EU = $zq["nameid_format"];
if (!empty($EU)) {
goto VC;
}
$EU = "1.1:nameid-format:unspecified";
VC:
if (!empty($Rd)) {
goto k9;
}
$Rd = $g0 . "/wp-content/plugins/miniorange-saml-20-single-sign-on/";
k9:
$Rd = isset($zq["saml_sp_entity_id"]) ? $zq["saml_sp_entity_id"] : $Rd;
$Pb = isset($_POST["uname_email"]) ? $_POST["uname_email"] : false;
if (!$Pb) {
goto Lh;
}
$Ge = email_exists($Pb);
if (!($Ge == false)) {
goto gr;
}
$Pb = false;
update_site_option("mo_saml_shortcode_message", "User does not Exits");
return;
gr:
Lh:
$vB = Utilities::createAuthnRequest($lc, $Rd, $v1, $zq, $oQ, $W6, $EU);
if (empty($W6) || $W6 == "HttpRedirect") {
goto Z8;
}
if (!($xw == "unchecked")) {
goto lF;
}
$hy = base64_encode($vB);
Utilities::postSAMLRequest($v1, $hy, $TJ, $Pb);
exit;
lF:
if ($_REQUEST["option"] == "testidpconfig" && $_REQUEST["newcert"] == true) {
goto DN;
}
$hy = Utilities::signXML($vB, $zq, "NameIDPolicy");
goto KB;
DN:
$hy = Utilities::signXML($vB, $zq, "NameIDPolicy", true);
KB:
Utilities::postSAMLRequest($v1, $hy, $TJ, $Pb);
goto MH;
Z8:
$qY = $v1;
if (strpos($v1, "?") !== false) {
goto WJ;
}
$qY .= "?";
goto L3;
WJ:
$qY .= "&";
L3:
if (!($xw == "unchecked")) {
goto Le;
}
$qY .= "SAMLRequest=" . $vB . "&RelayState=" . urlencode($TJ);
if (!$Pb) {
goto cM;
}
$qY .= "&Email=" . urlencode($Pb);
cM:
header("Location: " . $qY);
exit;
Le:
$vB = "SAMLRequest=" . $vB . "&RelayState=" . urlencode($TJ) . "&SigAlg=" . urlencode(XMLSecurityKey::RSA_SHA256);
$bc = array("type" => "private");
$Rc = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $bc);
if ($_REQUEST["option"] == "testidpconfig" && $_REQUEST["newcert"] == true) {
goto dF;
}
$Vr = mo_saml_get_sp_private_key_for_idp($zq);
goto b7;
dF:
$Vr = file_get_contents(plugin_dir_path(__FILE__) . "resources" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_PRIVATE_KEY_FILE_NAME);
b7:
$Rc->loadKey($Vr, FALSE);
$dR = new XMLSecurityDSig();
$kF = $Rc->signData($vB);
$kF = base64_encode($kF);
$qY .= $vB . "&Signature=" . urlencode($kF);
if (!$Pb) {
goto zO;
}
$qY .= "&Email=" . urlencode($Pb);
zO:
header("Location: " . $qY);
exit;
MH:
Zd:
wI:
if (!(array_key_exists("SAMLResponse", $_REQUEST) && !empty($_REQUEST["SAMLResponse"]))) {
goto iE;
}
$g0 = get_option("mo_saml_sp_base_url");
if (!empty($g0)) {
goto Hl;
}
$g0 = home_url();
Hl:
$tr = $_REQUEST["SAMLResponse"];
$tr = base64_decode($tr);
if (!(array_key_exists("SAMLResponse", $_GET) && !empty($_GET["SAMLResponse"]))) {
goto V4;
}
$tr = gzinflate($tr);
V4:
$cf = new DOMDocument();
$cf->loadXML($tr);
$Hc = $cf->firstChild;
$Yy = $cf->documentElement;
$He = new DOMXpath($cf);
$He->registerNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
$He->registerNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
if ($Hc->localName == "LogoutResponse") {
goto xz;
}
$vH = $He->query("/samlp:Response/samlp:Status/samlp:StatusCode", $Yy);
$rz = isset($vH) ? $vH->item(0)->getAttribute("Value") : '';
$UF = explode(":", $rz);
if (!array_key_exists(7, $UF)) {
goto U0;
}
$vH = $UF[7];
U0:
$Fr = $He->query("/samlp:Response/samlp:Status/samlp:StatusMessage", $Yy);
$MM = isset($Fr) ? $Fr->item(0) : '';
if (empty($MM)) {
goto nw;
}
$MM = $MM->nodeValue;
nw:
$Yp = get_option("saml_identity_providers");
$Yp = maybe_unserialize($Yp);
if (array_key_exists("RelayState", $_POST) && !empty($_POST["RelayState"]) && $_POST["RelayState"] != "/") {
goto Jr;
}
$Ez = saml_get_current_page_url();
goto xe;
Jr:
$Ez = $_POST["RelayState"];
xe:
if (!($vH != "Success")) {
goto av;
}
show_status_error($vH, $Ez, $MM);
av:
$dw = array("saml_response" => base64_encode($tr));
$tr = new SAML2_Response($Hc);
$k4 = $tr->getIssuer();
$Q8 = NULL;
foreach ($Yp as $Rc => $X8) {
if (!($X8["idp_entity_id"] == $k4)) {
goto Xw;
}
$Q8 = $Yp[$Rc];
goto ew;
Xw:
S5:
}
ew:
$rG = '';
if ($Ez == "testNewCertificate") {
goto z_;
}
$dX = mo_saml_get_sp_private_key_for_idp($Q8);
goto rp;
z_:
$dX = file_get_contents(plugin_dir_path(__FILE__) . "resources" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_PRIVATE_KEY_FILE_NAME);
rp:
$tr->parseAssertions($Hc, $dX);
$Cf = $tr->getSignatureData();
$eD = current($tr->getAssertions())->getSignatureData();
$sK = current($tr->getAssertions())->getIssuer();
if (is_null($Q8)) {
goto pO;
}
$rG = $Q8["idp_name"];
$Yp[$rG] = array_merge($Yp[$rG], $dw);
$Yp = array_filter($Yp, "filter_empty_values");
update_option("saml_identity_providers", $Yp);
pO:
if (!(empty($eD) && empty($Cf))) {
goto N9;
}
if ($Ez == "testValidate" or $Ez == "testNewCertificate") {
goto js;
}
wp_die("We could not sign you in. Please contact administrator", "Error: Invalid SAML Response");
goto Da;
js:
$l3 = mo_options_error_constants::Error_no_certificate;
$Qh = mo_options_error_constants::Cause_no_certificate;
echo "<div style="font-family:Calibri;padding:0 3%;">\xd\xa <div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
<div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error :" . $l3 . " </strong></p>
\xa \xd
<p><strong>Possible Cause: " . $Qh . "</strong></p>
\xa
\xa </div></div>";
mo_saml_download_logs($l3, $Qh, $rG);
exit;
Da:
N9:
if (!($Q8 === null)) {
goto X5;
}
$l3 = mo_options_error_constants::Error_issuer_not_verfied;
$Qh = mo_options_error_constants::Cause_issuer_not_verfied;
echo "<div style="font-family:Calibri;padding:0 3%;">";
echo "<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>\xd\xa\x9 <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Unable to find a IDP Entity ID matching the configured fingerprint.</p>
\x9 \x9<p>Please contact your administrator and report the following error:</p>
\xa \x9 <p><strong>Possible Cause: </strong>'IDP Entity ID' field in plugin does not match the one found in SAML Response.</p>\xd\xa\x9\x9\x9<p><strong>Entity ID found in SAML Response: </strong><font face="Courier New";font-size:10pt><br><br>" . $sK . "</p></font>\xd\xa <p><strong>Solution:</strong></p>\xd\xa <ol>
<li>Copy the Entity ID of SAML Response from above and paste it in Entity ID or Issuer field under Service Provider Setup tab.</li>
</ol> \xd
</div>
\x9\x9\x9<div style="margin:3%;display:block;text-align:center;">
\x9 <div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>";
mo_saml_download_logs($l3, $Qh);
exit;
X5:
$XU = maybe_unserialize($Q8["x509_certificate"]);
$lc = $g0 . "/";
if (is_array($XU)) {
goto eu;
}
$us = XMLSecurityKey::getRawThumbprint($XU);
$us = mo_saml_convert_to_windows_iconv($us, $Q8);
$us = preg_replace("/\s+/", '', $us);
if (empty($Cf)) {
goto t4;
}
$CV = Utilities::processResponse($lc, $us, $Cf, $tr, $XU, $Ez);
t4:
if (empty($eD)) {
goto Ed;
}
$CV = Utilities::processResponse($lc, $us, $eD, $tr, $XU, $Ez);
Ed:
goto jo;
eu:
foreach ($XU as $Gf => $PK) {
$us = XMLSecurityKey::getRawThumbprint(Utilities::sanitize_certificate($PK));
$us = mo_saml_convert_to_windows_iconv($us, $Q8);
$us = preg_replace("/\s+/", '', $us);
if (empty($Cf)) {
goto Ft;
}
$CV = Utilities::processResponse($lc, $us, $Cf, $tr, $PK, $Ez);
Ft:
if (empty($eD)) {
goto Oq;
}
$CV = Utilities::processResponse($lc, $us, $eD, $tr, $PK, $Ez);
Oq:
if (!$CV) {
goto H9;
}
goto vj;
H9:
rz:
}
vj:
jo:
if (!(empty($eD) && empty($Cf))) {
goto gL;
}
echo "No signature found in SAML Response or Assertion. Please sign at least one of them.";
exit;
gL:
if ($Cf) {
goto HP;
}
if ($eD) {
goto mL;
}
goto sg;
HP:
if (!(count($Cf["Certificates"]) > 0)) {
goto sa;
}
$n9 = $Cf["Certificates"][0];
sa:
goto sg;
mL:
if (!(count($eD["Certificates"]) > 0)) {
goto A2;
}
$n9 = $eD["Certificates"][0];
A2:
sg:
if ($CV) {
goto oc;
}
if ($Ez == "testValidate" or $Ez == "testNewCertificate") {
goto wv;
}
wp_die("We could not sign you in. Please contact administrator", "Error: Invalid SAML Response");
goto NB;
wv:
$l3 = mo_options_error_constants::Error_wrong_certificate;
$Qh = mo_options_error_constants::Cause_wrong_certificate;
$IL = "-----BEGIN CERTIFICATE-----<br>" . chunk_split($n9, 64) . "<br>-----END CERTIFICATE-----";
echo "<div style="font-family:Calibri;padding:0 3%;">";
echo "<div style="color: #a94442;background-color: #f2dede;padding: 15px;margin-bottom: 20px;text-align:center;border:1px solid #E6B3B2;font-size:18pt;"> ERROR</div>
\xa <div style="color: #a94442;font-size:14pt; margin-bottom:20px;"><p><strong>Error: </strong>Unable to find a certificate matching the configured fingerprint.</p>
\xa\x9 \x9<p>Please contact your administrator and report the following error:</p>
<p><strong>Possible Cause: </strong>'X.509 Certificate' field in plugin does not match the certificate found in SAML Response.</p>\xd\xa \x9 <p><strong>Certificate found in SAML Response: </strong><font face="Courier New";font-size:10pt><br><br>" . $IL . "</p></font>\xd
<p><strong>Solution: </strong></p>\xd\xa <ol>
\xa <li>Copy paste the certificate provided above in X509 Certificate under Service Provider Setup tab.</li>\xd\xa <li>If issue persists disable <b>Character encoding</b> under Service Provder Setup tab.</li>
</ol>
\xa </div>\xd
\x9 \x9<div style="margin:3%;display:block;text-align:center;">
\xa\x9\x9 <div style="margin:3%;display:block;text-align:center;"><input style="padding:1%;width:100px;background: #0091CD none repeat scroll 0% 0%;cursor: pointer;font-size:15px;border-width: 1px;border-style: solid;border-radius: 3px;white-space: nowrap;box-sizing: border-box;border-color: #0073AA;box-shadow: 0px 1px 0px rgba(120, 200, 230, 0.6) inset;color: #FFF;"type="button" value="Done" onClick="self.close();"></div>";
mo_saml_download_logs($l3, $Qh, $rG);
exit;
NB:
oc:
$Rd = get_option("mo_saml_sp_entity_id");
if (!empty($Rd)) {
goto aR;
}
$Rd = $g0 . "/wp-content/plugins/miniorange-saml-20-single-sign-on/";
aR:
$Rd = isset($Q8["saml_sp_entity_id"]) ? $Q8["saml_sp_entity_id"] : $Rd;
Utilities::validateIssuerAndAudience($tr, $Rd, $sK, $Ez, $rG);
$Y3 = current(current($tr->getAssertions())->getNameId());
$VT = current($tr->getAssertions())->getAttributes();
$VT["NameID"] = array("0" => $Y3);
$sE = current($tr->getAssertions())->getSessionIndex();
mo_saml_checkMapping($Q8, $VT, $Ez, $sE);
goto gI;
xz:
if (!isset($_REQUEST["RelayState"])) {
goto nE;
}
$oO = $_REQUEST["RelayState"];
nE:
wp_logout();
if (!empty($oO)) {
goto rA;
}
$oO = home_url();
rA:
header("Location: " . $oO);
exit;
gI:
iE:
if (!(array_key_exists("SAMLRequest", $_REQUEST) && !empty($_REQUEST["SAMLRequest"]))) {
goto Re;
}
$vB = $_REQUEST["SAMLRequest"];
$Ez = "/";
if (!array_key_exists("RelayState", $_REQUEST)) {
goto ey;
}
$Ez = $_REQUEST["RelayState"];
ey:
$vB = base64_decode($vB);
if (!(array_key_exists("SAMLRequest", $_GET) && !empty($_GET["SAMLRequest"]))) {
goto QV;
}
$vB = gzinflate($vB);
QV:
$cf = new DOMDocument();
$cf->loadXML($vB);
$HD = $cf->firstChild;
if (!($HD->localName == "LogoutRequest")) {
goto XT;
}
$Kw = new SAML2_LogoutRequest($HD);
if (!(!session_id() || session_id() == '' || !isset($_SESSION))) {
goto QD;
}
session_start();
QD:
$_SESSION["mo_saml_logout_request"] = $vB;
$_SESSION["mo_saml_logout_relay_state"] = $Ez;
wp_logout();
XT:
Re:
} ?>Did this file decode correctly?
Original Code
function mo_login_validate()
{
if (!(isset($_REQUEST["\157\160\x74\151\157\156"]) && $_REQUEST["\157\160\x74\151\x6f\x6e"] == "\x6d\157\x73\141\155\x6c\x5f\155\145\x74\141\144\x61\x74\141")) {
goto kL;
}
miniorange_generate_metadata();
kL:
if (!(isset($_REQUEST["\157\x70\x74\x69\157\x6e"]) && $_REQUEST["\157\160\164\x69\157\156"] == "\145\170\x70\x6f\162\164\137\x63\157\156\146\151\x67\165\x72\141\x74\x69\x6f\156" and check_admin_referer("\x65\x78\x70\157\x72\164\137\x43\157\156\146\x69\x67\x75\x72\141\x74\151\x6f\x6e"))) {
goto ch;
}
if (!current_user_can("\155\x61\x6e\141\147\145\x5f\x6f\160\x74\151\157\156\163")) {
goto QJ;
}
miniorange_import_export(true);
QJ:
exit;
ch:
$Xl = get_option("\x73\x61\x6d\154\x5f\x69\144\145\x6e\x74\x69\164\171\x5f\x70\x72\157\166\x69\x64\x65\162\163");
$Xl = maybe_unserialize($Xl);
if (is_array($Xl)) {
goto F1;
}
$Yp = array();
goto SE;
F1:
$Yp = array_change_key_case($Xl, CASE_LOWER);
SE:
if (isset($_REQUEST["\x69\x64\x70"])) {
goto jJ;
}
if (!empty(get_option("\163\x61\x6d\x6c\x5f\x64\145\146\x61\165\x6c\x74\x5f\x69\144\160"))) {
goto Gm;
}
goto x7;
jJ:
$eC = strtolower($_REQUEST["\151\144\x70"]);
goto x7;
Gm:
$eC = strtolower(get_option("\163\x61\x6d\x6c\137\144\145\x66\x61\165\x6c\x74\x5f\151\144\x70"));
x7:
if (!(!empty($Xl) && (isset($_REQUEST["\157\x70\x74\151\x6f\156"]) && $_REQUEST["\x6f\x70\x74\151\x6f\x6e"] == "\x73\141\155\154\x5f\x75\x73\x65\162\137\154\x6f\x67\x69\x6e" || isset($_REQUEST["\x6f\160\164\x69\157\156"]) && $_REQUEST["\157\x70\164\151\157\156"] == "\x74\145\163\164\x43\x6f\x6e\x66\x69\x67") && (!empty($eC) && array_key_exists($eC, $Yp) || isset($_REQUEST["\x65\x6e\x74\x69\x74\x79\111\x44"])))) {
goto wI;
}
if (!(is_user_logged_in() && $_REQUEST["\157\160\x74\151\x6f\x6e"] != "\x74\145\x73\164\103\x6f\x6e\146\x69\147")) {
goto To;
}
return;
To:
if (!mo_saml_is_sp_configured()) {
goto Zd;
}
$g0 = get_option("\x6d\x6f\137\x73\x61\x6d\154\x5f\x73\160\137\142\x61\163\145\x5f\x75\162\154");
if (empty($eC)) {
goto NT;
}
$zq = $Yp[$eC];
NT:
if (!isset($_REQUEST["\145\x6e\x74\x69\164\x79\111\104"])) {
goto h7;
}
$rG = getIdpNameFromEntityId($Xl, $_REQUEST["\145\156\164\x69\x74\x79\111\x44"]);
if ($rG) {
goto WL;
}
wp_die("\127\145\x20\x63\x6f\x75\154\x64\40\x6e\x6f\164\40\x73\x69\x67\x6e\40\x79\157\165\40\151\x6e\56\40\120\x6c\x65\141\163\145\40\x63\x6f\156\164\x61\143\x74\40\171\157\165\162\x20\141\x64\x6d\151\156\x69\163\164\162\x61\164\x6f\162", "\105\x72\x72\157\x72\x3a\x20\x4e\157\x20\x73\165\x63\x68\x20\111\144\145\x6e\164\x69\x74\171\40\120\162\x6f\166\x69\x64\x65\x72\x20\x69\163\40\x63\157\165\x6e\146\x69\147\165\x72\x65\x64\40\141\164\x20\171\157\165\162\40\123\x50");
WL:
$zq = $Xl[$rG];
h7:
if (array_key_exists("\x65\156\141\142\154\x65\137\x69\144\160", $zq)) {
goto Bf;
}
$zq["\145\156\141\x62\x6c\x65\137\x69\144\160"] = false;
Bf:
if ($zq["\x65\156\x61\x62\x6c\x65\137\x69\x64\160"]) {
goto Jf;
}
wp_die("\x57\x65\x20\x63\x6f\165\154\144\x20\156\157\x74\x20\163\x69\x67\x6e\x20\171\157\165\x20\x69\x6e\x2e\40\x50\x6c\145\x61\x73\145\40\143\x6f\156\164\141\143\x74\x20\171\157\165\x72\x20\141\x64\155\x69\x6e\151\x73\164\x72\141\164\x6f\x72", "\105\x72\x72\157\162\72\40\111\x44\x50\x20\x6e\157\x74\x20\x65\x6e\141\x62\154\145\x64");
Jf:
if (!empty($g0)) {
goto vi;
}
$g0 = home_url();
vi:
if ($_REQUEST["\157\x70\x74\151\157\x6e"] == "\x74\x65\163\x74\103\157\156\146\151\x67" and array_key_exists("\x6e\145\167\143\x65\x72\164", $_REQUEST)) {
goto pc;
}
if ($_REQUEST["\157\x70\x74\151\x6f\156"] == "\x74\x65\163\164\x43\157\156\146\151\x67") {
goto Wm;
}
if (get_option("\x6d\157\x5f\x73\x61\155\154\137\162\145\154\141\171\137\163\x74\x61\164\x65") && get_option("\155\157\137\163\x61\x6d\154\x5f\162\x65\154\141\171\137\x73\x74\x61\x74\x65") != '') {
goto CG;
}
if (isset($_REQUEST["\162\145\144\151\x72\145\143\x74\x5f\x74\157"])) {
goto sY;
}
$TJ = saml_get_current_page_url();
goto Xv;
sY:
$TJ = $_REQUEST["\x72\145\144\151\162\x65\143\164\x5f\164\157"];
Xv:
goto HR;
CG:
$TJ = get_option("\x6d\157\x5f\163\x61\155\x6c\x5f\x72\145\x6c\x61\x79\137\163\164\141\x74\145");
HR:
goto Ct;
Wm:
$TJ = "\164\145\x73\x74\126\x61\154\x69\x64\x61\x74\x65";
Ct:
goto uR;
pc:
$TJ = "\x74\145\163\x74\116\x65\x77\x43\x65\x72\x74\x69\146\151\143\x61\x74\x65";
uR:
$KW = parse_url($TJ, PHP_URL_PATH);
$KW = empty($KW) ? "\57" : $KW;
$ua = parse_url($TJ, PHP_URL_QUERY);
if (!empty($ua)) {
goto n7;
}
$TJ = $KW;
goto p9;
n7:
$TJ = $KW . "\77" . $ua;
p9:
$v1 = $zq["\163\x73\157\x5f\165\x72\154"];
$xw = $zq["\x72\x65\161\165\x65\163\x74\x5f\x73\151\147\x6e\145\x64"];
$W6 = $zq["\163\x73\157\137\142\x69\156\x64\x69\x6e\147\137\x74\x79\x70\145"];
$oQ = get_option("\x6d\x6f\x5f\163\x61\x6d\x6c\137\146\x6f\162\143\x65\x5f\x61\165\x74\x68\145\156\x74\x69\143\141\x74\151\157\x6e");
$lc = $g0 . "\57";
$Rd = get_option("\x6d\x6f\137\x73\x61\x6d\154\137\x73\x70\137\x65\x6e\164\151\164\x79\137\x69\x64");
$EU = $zq["\x6e\x61\x6d\x65\151\144\137\x66\157\x72\x6d\141\x74"];
if (!empty($EU)) {
goto VC;
}
$EU = "\61\56\61\72\156\x61\x6d\145\151\x64\x2d\x66\157\162\x6d\x61\164\72\165\x6e\163\x70\145\x63\151\146\151\x65\x64";
VC:
if (!empty($Rd)) {
goto k9;
}
$Rd = $g0 . "\x2f\167\160\x2d\x63\x6f\156\x74\145\156\x74\x2f\160\x6c\165\147\151\156\x73\x2f\x6d\x69\156\151\x6f\162\x61\156\147\x65\55\x73\141\x6d\x6c\x2d\62\x30\55\x73\151\156\147\x6c\x65\x2d\x73\x69\x67\156\x2d\157\x6e\57";
k9:
$Rd = isset($zq["\163\141\155\x6c\x5f\x73\160\137\145\x6e\x74\x69\164\x79\137\x69\144"]) ? $zq["\x73\x61\x6d\154\x5f\163\160\137\145\156\x74\151\x74\171\x5f\x69\144"] : $Rd;
$Pb = isset($_POST["\x75\156\x61\x6d\x65\x5f\145\x6d\141\151\154"]) ? $_POST["\165\156\141\x6d\x65\x5f\145\155\141\x69\154"] : false;
if (!$Pb) {
goto Lh;
}
$Ge = email_exists($Pb);
if (!($Ge == false)) {
goto gr;
}
$Pb = false;
update_site_option("\155\157\137\163\x61\155\x6c\x5f\x73\x68\x6f\162\x74\x63\x6f\x64\145\x5f\155\145\x73\163\x61\x67\145", "\125\x73\145\x72\40\x64\157\x65\x73\x20\x6e\x6f\x74\40\105\x78\151\164\163");
return;
gr:
Lh:
$vB = Utilities::createAuthnRequest($lc, $Rd, $v1, $zq, $oQ, $W6, $EU);
if (empty($W6) || $W6 == "\x48\x74\164\160\x52\x65\x64\x69\x72\145\143\164") {
goto Z8;
}
if (!($xw == "\165\x6e\x63\150\145\x63\x6b\x65\x64")) {
goto lF;
}
$hy = base64_encode($vB);
Utilities::postSAMLRequest($v1, $hy, $TJ, $Pb);
exit;
lF:
if ($_REQUEST["\157\x70\x74\151\157\156"] == "\x74\145\163\164\151\x64\160\x63\x6f\156\x66\x69\x67" && $_REQUEST["\x6e\x65\x77\x63\145\x72\x74"] == true) {
goto DN;
}
$hy = Utilities::signXML($vB, $zq, "\x4e\x61\155\145\x49\x44\120\157\x6c\x69\x63\171");
goto KB;
DN:
$hy = Utilities::signXML($vB, $zq, "\x4e\x61\155\145\111\x44\120\157\x6c\x69\143\x79", true);
KB:
Utilities::postSAMLRequest($v1, $hy, $TJ, $Pb);
goto MH;
Z8:
$qY = $v1;
if (strpos($v1, "\x3f") !== false) {
goto WJ;
}
$qY .= "\x3f";
goto L3;
WJ:
$qY .= "\46";
L3:
if (!($xw == "\165\156\143\150\145\x63\153\145\x64")) {
goto Le;
}
$qY .= "\x53\101\x4d\x4c\122\145\x71\165\145\163\164\x3d" . $vB . "\46\122\x65\x6c\141\x79\x53\164\x61\164\x65\75" . urlencode($TJ);
if (!$Pb) {
goto cM;
}
$qY .= "\x26\105\155\x61\151\x6c\x3d" . urlencode($Pb);
cM:
header("\x4c\x6f\143\141\x74\151\x6f\x6e\x3a\40" . $qY);
exit;
Le:
$vB = "\123\101\115\114\122\x65\x71\x75\145\x73\164\75" . $vB . "\46\x52\x65\154\x61\171\x53\x74\x61\164\145\x3d" . urlencode($TJ) . "\x26\123\151\x67\101\x6c\147\x3d" . urlencode(XMLSecurityKey::RSA_SHA256);
$bc = array("\164\x79\x70\x65" => "\x70\162\151\166\141\x74\145");
$Rc = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, $bc);
if ($_REQUEST["\157\x70\164\151\x6f\x6e"] == "\x74\145\x73\164\151\144\x70\x63\157\x6e\x66\151\147" && $_REQUEST["\156\145\x77\143\145\162\164"] == true) {
goto dF;
}
$Vr = mo_saml_get_sp_private_key_for_idp($zq);
goto b7;
dF:
$Vr = file_get_contents(plugin_dir_path(__FILE__) . "\x72\x65\163\x6f\165\x72\143\x65\163" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_PRIVATE_KEY_FILE_NAME);
b7:
$Rc->loadKey($Vr, FALSE);
$dR = new XMLSecurityDSig();
$kF = $Rc->signData($vB);
$kF = base64_encode($kF);
$qY .= $vB . "\x26\123\x69\x67\x6e\141\x74\x75\x72\x65\75" . urlencode($kF);
if (!$Pb) {
goto zO;
}
$qY .= "\46\x45\155\x61\151\154\75" . urlencode($Pb);
zO:
header("\x4c\157\143\141\x74\151\157\156\x3a\40" . $qY);
exit;
MH:
Zd:
wI:
if (!(array_key_exists("\123\101\115\x4c\x52\x65\163\x70\157\156\x73\145", $_REQUEST) && !empty($_REQUEST["\123\x41\115\114\122\x65\163\160\x6f\156\163\x65"]))) {
goto iE;
}
$g0 = get_option("\155\157\x5f\x73\x61\155\x6c\137\163\x70\x5f\x62\141\x73\x65\x5f\x75\x72\x6c");
if (!empty($g0)) {
goto Hl;
}
$g0 = home_url();
Hl:
$tr = $_REQUEST["\123\101\115\114\122\145\x73\160\157\156\163\145"];
$tr = base64_decode($tr);
if (!(array_key_exists("\123\101\x4d\x4c\x52\145\163\x70\157\x6e\163\x65", $_GET) && !empty($_GET["\x53\x41\115\114\x52\145\163\160\157\x6e\163\145"]))) {
goto V4;
}
$tr = gzinflate($tr);
V4:
$cf = new DOMDocument();
$cf->loadXML($tr);
$Hc = $cf->firstChild;
$Yy = $cf->documentElement;
$He = new DOMXpath($cf);
$He->registerNamespace("\x73\141\155\154\x70", "\x75\162\156\x3a\x6f\141\163\151\163\x3a\156\141\x6d\x65\163\72\164\x63\x3a\x53\x41\x4d\x4c\72\62\x2e\60\x3a\x70\x72\157\164\x6f\143\x6f\154");
$He->registerNamespace("\x73\x61\x6d\x6c", "\165\x72\156\72\157\141\163\151\163\72\156\x61\x6d\x65\x73\x3a\x74\x63\72\123\x41\115\x4c\x3a\x32\56\60\72\141\x73\163\145\x72\164\x69\157\x6e");
if ($Hc->localName == "\x4c\x6f\x67\157\x75\164\x52\145\163\160\x6f\156\163\x65") {
goto xz;
}
$vH = $He->query("\57\x73\141\155\154\x70\x3a\x52\x65\x73\160\x6f\x6e\x73\x65\57\x73\x61\x6d\154\x70\72\x53\164\141\x74\165\x73\x2f\163\141\155\x6c\160\72\123\x74\141\164\x75\x73\103\x6f\x64\x65", $Yy);
$rz = isset($vH) ? $vH->item(0)->getAttribute("\126\x61\154\165\x65") : '';
$UF = explode("\72", $rz);
if (!array_key_exists(7, $UF)) {
goto U0;
}
$vH = $UF[7];
U0:
$Fr = $He->query("\57\x73\x61\x6d\154\x70\x3a\x52\145\163\160\157\156\x73\145\57\x73\141\x6d\154\160\x3a\x53\x74\141\164\x75\x73\x2f\163\141\155\x6c\160\72\123\x74\141\164\x75\163\x4d\x65\x73\163\x61\x67\145", $Yy);
$MM = isset($Fr) ? $Fr->item(0) : '';
if (empty($MM)) {
goto nw;
}
$MM = $MM->nodeValue;
nw:
$Yp = get_option("\163\141\155\x6c\x5f\151\144\145\x6e\164\151\164\x79\x5f\x70\162\157\x76\151\144\145\x72\x73");
$Yp = maybe_unserialize($Yp);
if (array_key_exists("\x52\x65\x6c\141\x79\x53\x74\141\x74\145", $_POST) && !empty($_POST["\x52\145\154\x61\171\x53\x74\141\x74\145"]) && $_POST["\x52\x65\x6c\x61\171\x53\164\141\x74\x65"] != "\x2f") {
goto Jr;
}
$Ez = saml_get_current_page_url();
goto xe;
Jr:
$Ez = $_POST["\x52\145\x6c\x61\171\x53\164\141\164\x65"];
xe:
if (!($vH != "\x53\x75\143\143\145\x73\x73")) {
goto av;
}
show_status_error($vH, $Ez, $MM);
av:
$dw = array("\163\141\x6d\x6c\137\x72\145\x73\x70\x6f\156\x73\145" => base64_encode($tr));
$tr = new SAML2_Response($Hc);
$k4 = $tr->getIssuer();
$Q8 = NULL;
foreach ($Yp as $Rc => $X8) {
if (!($X8["\151\144\160\x5f\x65\x6e\164\151\x74\171\x5f\151\144"] == $k4)) {
goto Xw;
}
$Q8 = $Yp[$Rc];
goto ew;
Xw:
S5:
}
ew:
$rG = '';
if ($Ez == "\x74\x65\163\x74\116\x65\167\103\x65\162\164\x69\x66\151\x63\x61\x74\x65") {
goto z_;
}
$dX = mo_saml_get_sp_private_key_for_idp($Q8);
goto rp;
z_:
$dX = file_get_contents(plugin_dir_path(__FILE__) . "\162\145\x73\x6f\x75\162\143\x65\163" . DIRECTORY_SEPARATOR . mo_options_enum_default_sp_certificate::SP_PRIVATE_KEY_FILE_NAME);
rp:
$tr->parseAssertions($Hc, $dX);
$Cf = $tr->getSignatureData();
$eD = current($tr->getAssertions())->getSignatureData();
$sK = current($tr->getAssertions())->getIssuer();
if (is_null($Q8)) {
goto pO;
}
$rG = $Q8["\x69\x64\160\x5f\156\x61\155\145"];
$Yp[$rG] = array_merge($Yp[$rG], $dw);
$Yp = array_filter($Yp, "\x66\x69\154\x74\x65\162\137\145\155\x70\164\x79\x5f\166\x61\x6c\165\x65\163");
update_option("\x73\x61\155\x6c\137\x69\144\x65\156\x74\151\164\171\137\x70\x72\x6f\166\x69\x64\145\x72\x73", $Yp);
pO:
if (!(empty($eD) && empty($Cf))) {
goto N9;
}
if ($Ez == "\164\x65\x73\x74\126\141\x6c\x69\144\x61\164\145" or $Ez == "\x74\145\163\164\116\145\x77\103\x65\162\164\x69\146\151\143\x61\164\145") {
goto js;
}
wp_die("\127\x65\40\143\x6f\x75\154\x64\40\x6e\x6f\x74\x20\x73\x69\147\x6e\x20\x79\157\x75\40\x69\156\x2e\40\x50\154\x65\141\x73\145\40\143\157\x6e\164\x61\143\164\40\x61\144\x6d\x69\x6e\x69\x73\164\162\141\x74\157\162", "\105\x72\x72\x6f\162\72\x20\x49\x6e\x76\141\154\x69\144\x20\123\x41\x4d\114\x20\122\x65\x73\160\157\156\x73\145");
goto Da;
js:
$l3 = mo_options_error_constants::Error_no_certificate;
$Qh = mo_options_error_constants::Cause_no_certificate;
echo "\x3c\144\151\x76\40\x73\164\171\x6c\x65\75\x22\x66\157\156\x74\55\146\x61\x6d\151\154\171\x3a\103\x61\154\151\x62\x72\x69\73\x70\x61\x64\144\x69\x6e\x67\72\60\x20\x33\45\73\x22\x3e\xd\xa\40\x20\40\x20\40\x20\40\x20\x20\x20\x20\x20\x20\x20\40\40\x20\x20\x20\x20\x3c\144\151\x76\40\x73\164\x79\x6c\x65\x3d\x22\143\157\154\x6f\x72\x3a\40\x23\141\x39\64\x34\x34\x32\73\142\141\143\153\x67\x72\157\165\156\144\x2d\143\157\x6c\x6f\x72\72\40\x23\x66\62\144\145\144\x65\x3b\160\141\x64\144\x69\156\x67\72\x20\x31\x35\160\x78\x3b\155\141\162\x67\x69\156\x2d\142\x6f\x74\164\157\x6d\72\40\62\60\x70\x78\73\x74\145\x78\164\55\x61\x6c\151\x67\156\72\x63\145\x6e\x74\x65\162\73\142\157\x72\144\145\x72\72\x31\160\x78\x20\x73\157\x6c\x69\144\x20\x23\x45\66\x42\63\x42\x32\73\x66\x6f\x6e\x74\x2d\163\151\172\145\72\x31\x38\x70\164\73\42\x3e\x20\x45\x52\x52\x4f\x52\x3c\57\x64\151\x76\x3e\15\12\40\40\40\40\40\40\x20\40\x20\40\x20\x20\40\40\x20\40\x20\40\x20\40\74\144\x69\166\40\x73\164\171\154\145\x3d\x22\x63\x6f\154\157\x72\72\40\43\141\x39\x34\64\64\x32\x3b\146\x6f\156\164\55\163\x69\x7a\145\72\61\x34\x70\x74\73\x20\155\x61\x72\147\151\x6e\55\x62\157\164\x74\157\155\72\62\60\160\170\73\x22\x3e\x3c\160\x3e\x3c\x73\164\x72\157\156\x67\x3e\105\x72\162\x6f\x72\40\x20\72" . $l3 . "\40\x3c\57\x73\x74\x72\157\x6e\147\x3e\74\57\x70\76\15\xa\x20\40\40\40\40\40\x20\40\x20\40\40\40\x20\x20\x20\40\40\40\x20\40\xd\12\40\40\40\40\40\x20\40\x20\40\x20\40\x20\x20\40\40\40\40\x20\x20\x20\x3c\160\76\x3c\163\164\x72\x6f\156\147\76\120\157\163\x73\x69\x62\154\145\40\103\x61\x75\163\145\72\x20" . $Qh . "\74\x2f\x73\x74\162\157\x6e\x67\x3e\74\x2f\x70\x3e\15\xa\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\40\40\x20\x20\x20\40\40\x20\x20\x20\15\xa\40\x20\40\40\40\x20\40\x20\40\40\x20\x20\x20\40\40\x20\40\40\40\40\x3c\x2f\x64\151\x76\76\74\57\144\x69\x76\x3e";
mo_saml_download_logs($l3, $Qh, $rG);
exit;
Da:
N9:
if (!($Q8 === null)) {
goto X5;
}
$l3 = mo_options_error_constants::Error_issuer_not_verfied;
$Qh = mo_options_error_constants::Cause_issuer_not_verfied;
echo "\74\144\151\166\40\x73\x74\x79\154\x65\x3d\42\146\157\156\x74\x2d\146\x61\155\151\154\x79\x3a\103\x61\154\x69\x62\162\x69\x3b\x70\141\144\x64\151\156\147\x3a\x30\x20\63\x25\73\x22\x3e";
echo "\x3c\x64\x69\x76\x20\x73\x74\x79\x6c\145\x3d\x22\x63\x6f\x6c\157\x72\72\40\43\x61\x39\x34\64\x34\x32\73\x62\x61\x63\x6b\147\x72\157\165\156\x64\55\x63\157\x6c\x6f\x72\72\x20\43\146\x32\144\145\144\x65\x3b\160\x61\144\144\x69\156\147\x3a\x20\61\x35\x70\x78\73\155\141\x72\147\x69\156\x2d\x62\x6f\164\x74\157\155\x3a\40\x32\60\x70\170\73\164\x65\x78\x74\55\141\x6c\151\147\x6e\x3a\x63\145\156\164\145\162\73\x62\x6f\x72\x64\145\x72\x3a\x31\160\170\x20\163\x6f\x6c\151\144\40\x23\x45\66\x42\x33\102\62\x3b\x66\157\156\x74\x2d\x73\151\x7a\145\72\61\70\x70\x74\73\42\76\x20\x45\x52\x52\117\122\x3c\57\144\151\x76\76\xd\xa\x9\11\11\74\x64\151\x76\x20\x73\164\x79\x6c\x65\75\x22\x63\x6f\x6c\157\162\x3a\x20\43\141\71\64\64\x34\x32\73\146\157\x6e\x74\x2d\163\151\172\145\72\x31\64\x70\x74\x3b\40\155\141\162\147\x69\156\x2d\x62\x6f\x74\x74\157\x6d\x3a\x32\60\160\170\x3b\x22\x3e\74\x70\76\74\x73\x74\x72\157\156\147\76\x45\x72\162\x6f\x72\x3a\40\74\x2f\163\164\x72\157\156\147\76\125\x6e\x61\x62\154\x65\x20\164\x6f\x20\146\x69\x6e\144\x20\141\40\111\x44\120\x20\x45\156\x74\151\164\171\40\111\104\x20\155\141\164\x63\150\x69\156\x67\x20\164\x68\145\x20\143\x6f\156\146\x69\147\x75\162\x65\144\40\146\151\156\147\x65\x72\x70\162\x69\156\x74\x2e\74\57\160\x3e\15\12\x9\11\x9\74\x70\x3e\120\x6c\x65\x61\163\x65\x20\x63\x6f\x6e\164\141\x63\164\x20\171\157\165\x72\40\141\144\155\151\x6e\151\163\x74\x72\141\164\157\x72\x20\141\156\x64\40\x72\x65\160\x6f\162\164\x20\164\150\x65\x20\146\157\x6c\154\157\167\151\156\x67\40\x65\162\x72\x6f\162\x3a\74\57\x70\76\15\xa\11\x9\11\74\x70\x3e\x3c\x73\x74\x72\x6f\x6e\x67\76\120\157\163\x73\x69\142\154\145\40\x43\141\x75\x73\145\x3a\40\x3c\57\163\164\x72\x6f\x6e\147\x3e\47\111\104\x50\x20\x45\156\164\151\164\x79\x20\111\104\47\x20\x66\x69\145\154\144\40\151\x6e\x20\160\154\165\x67\151\156\40\x64\x6f\145\x73\40\156\157\x74\40\155\x61\x74\143\x68\40\164\150\145\40\x6f\156\x65\40\x66\157\x75\x6e\x64\40\151\x6e\40\123\x41\x4d\114\40\x52\x65\163\x70\157\x6e\163\145\x2e\x3c\x2f\160\76\xd\xa\x9\x9\x9\74\x70\76\x3c\x73\x74\162\x6f\x6e\x67\76\105\x6e\164\x69\164\x79\x20\111\104\40\x66\x6f\165\x6e\x64\x20\151\x6e\x20\123\101\115\x4c\x20\x52\145\163\160\x6f\156\x73\145\72\40\x3c\x2f\x73\164\x72\157\156\x67\76\x3c\x66\x6f\156\x74\x20\x66\141\x63\x65\75\42\x43\x6f\x75\x72\151\x65\x72\x20\116\x65\x77\x22\x3b\x66\x6f\x6e\x74\x2d\163\151\x7a\145\72\61\x30\x70\164\x3e\74\x62\162\76\x3c\142\x72\76" . $sK . "\x3c\57\160\76\x3c\57\x66\157\156\164\x3e\xd\xa\x20\x20\x20\40\x20\40\x20\x20\x20\x20\x20\40\x3c\x70\x3e\74\163\x74\162\157\156\x67\76\123\157\x6c\165\164\151\157\x6e\x3a\x3c\57\x73\x74\x72\x6f\x6e\x67\76\x3c\57\x70\76\xd\xa\x20\x20\x20\x20\40\x20\40\x20\40\40\x20\40\x3c\157\154\x3e\15\12\x20\40\x20\x20\40\x20\x20\40\40\x20\40\40\x20\x20\x20\x20\x3c\154\151\76\x43\157\160\x79\40\164\150\x65\40\x45\x6e\164\x69\x74\171\x20\x49\x44\40\157\146\40\x53\101\115\114\40\122\x65\x73\x70\157\156\x73\x65\40\x66\162\x6f\155\x20\141\142\157\x76\x65\x20\x61\156\144\x20\160\141\x73\164\145\x20\151\164\40\151\156\x20\x45\156\164\x69\164\x79\40\111\104\40\157\x72\40\x49\x73\163\x75\145\x72\x20\x66\x69\145\154\144\x20\165\x6e\x64\x65\x72\40\123\145\x72\166\151\143\145\40\x50\x72\157\166\151\x64\145\162\40\123\145\x74\x75\160\x20\164\x61\142\x2e\74\57\154\x69\76\15\12\x20\40\40\x20\40\x20\40\x20\x20\x20\40\40\x3c\57\x6f\x6c\76\x20\x20\x20\40\x20\x20\40\40\xd\12\x20\40\40\40\x20\40\40\x20\x20\x20\40\40\x3c\x2f\144\x69\x76\x3e\15\12\11\11\x9\x9\x9\74\x64\151\x76\40\163\x74\171\154\x65\x3d\42\155\141\162\x67\x69\156\72\63\45\x3b\x64\x69\x73\x70\154\x61\171\x3a\142\x6c\157\143\x6b\x3b\164\145\x78\164\x2d\x61\154\x69\147\156\x3a\143\145\156\164\x65\x72\73\x22\x3e\15\12\11\11\x9\11\11\74\144\x69\166\40\163\x74\x79\154\x65\x3d\42\155\x61\x72\147\x69\156\x3a\x33\45\73\144\x69\x73\x70\x6c\141\171\x3a\x62\154\x6f\x63\153\73\x74\x65\170\x74\x2d\x61\x6c\x69\x67\156\72\143\145\x6e\164\145\x72\73\42\76\x3c\151\156\x70\165\164\x20\163\x74\x79\x6c\145\75\42\x70\x61\144\x64\x69\x6e\147\x3a\61\45\x3b\167\x69\144\x74\x68\72\x31\60\60\x70\x78\73\142\141\x63\153\x67\x72\157\x75\x6e\144\x3a\x20\43\60\x30\71\x31\x43\104\x20\x6e\157\x6e\145\x20\162\x65\160\145\141\x74\x20\163\143\162\157\x6c\154\40\60\x25\40\60\x25\73\x63\x75\x72\x73\157\162\72\40\x70\157\x69\156\x74\x65\162\x3b\x66\157\x6e\x74\x2d\163\x69\x7a\x65\x3a\x31\65\160\x78\73\x62\157\x72\144\x65\162\55\167\151\x64\x74\x68\72\x20\61\x70\x78\73\x62\157\x72\144\x65\x72\55\163\164\171\x6c\x65\x3a\40\x73\x6f\x6c\151\144\x3b\x62\157\162\144\x65\x72\x2d\x72\x61\x64\x69\x75\163\72\x20\x33\160\170\x3b\x77\x68\x69\164\x65\x2d\163\160\141\143\145\72\x20\156\157\167\x72\x61\160\x3b\x62\157\x78\x2d\x73\151\x7a\x69\x6e\x67\72\40\x62\x6f\162\144\145\x72\x2d\x62\157\170\x3b\142\x6f\162\144\145\x72\x2d\143\157\154\x6f\x72\72\40\x23\60\x30\x37\x33\101\101\x3b\142\x6f\170\55\163\x68\141\144\157\x77\72\40\x30\160\x78\40\61\x70\x78\x20\x30\160\x78\x20\162\147\142\x61\x28\x31\62\x30\54\x20\x32\x30\x30\54\x20\x32\63\60\54\x20\60\56\x36\51\40\x69\x6e\163\145\164\x3b\143\x6f\x6c\x6f\162\x3a\x20\x23\106\x46\106\x3b\42\x74\x79\160\x65\x3d\42\x62\165\x74\x74\x6f\x6e\42\x20\166\141\x6c\165\145\x3d\42\x44\157\x6e\145\x22\40\157\156\103\x6c\151\x63\x6b\x3d\42\x73\145\154\146\x2e\x63\154\x6f\163\x65\50\x29\x3b\x22\x3e\x3c\57\x64\x69\x76\x3e";
mo_saml_download_logs($l3, $Qh);
exit;
X5:
$XU = maybe_unserialize($Q8["\170\65\x30\71\x5f\x63\x65\x72\x74\x69\146\151\x63\141\164\x65"]);
$lc = $g0 . "\x2f";
if (is_array($XU)) {
goto eu;
}
$us = XMLSecurityKey::getRawThumbprint($XU);
$us = mo_saml_convert_to_windows_iconv($us, $Q8);
$us = preg_replace("\57\x5c\163\x2b\57", '', $us);
if (empty($Cf)) {
goto t4;
}
$CV = Utilities::processResponse($lc, $us, $Cf, $tr, $XU, $Ez);
t4:
if (empty($eD)) {
goto Ed;
}
$CV = Utilities::processResponse($lc, $us, $eD, $tr, $XU, $Ez);
Ed:
goto jo;
eu:
foreach ($XU as $Gf => $PK) {
$us = XMLSecurityKey::getRawThumbprint(Utilities::sanitize_certificate($PK));
$us = mo_saml_convert_to_windows_iconv($us, $Q8);
$us = preg_replace("\57\134\163\x2b\57", '', $us);
if (empty($Cf)) {
goto Ft;
}
$CV = Utilities::processResponse($lc, $us, $Cf, $tr, $PK, $Ez);
Ft:
if (empty($eD)) {
goto Oq;
}
$CV = Utilities::processResponse($lc, $us, $eD, $tr, $PK, $Ez);
Oq:
if (!$CV) {
goto H9;
}
goto vj;
H9:
rz:
}
vj:
jo:
if (!(empty($eD) && empty($Cf))) {
goto gL;
}
echo "\116\x6f\x20\x73\151\x67\156\x61\164\x75\162\145\x20\146\157\165\156\144\40\151\156\x20\x53\101\115\x4c\40\x52\x65\x73\x70\x6f\156\x73\x65\x20\157\x72\40\101\x73\x73\145\x72\x74\151\x6f\156\56\x20\120\x6c\x65\141\163\x65\x20\163\151\147\156\40\141\x74\40\154\x65\141\163\x74\x20\157\156\x65\x20\157\x66\x20\x74\150\145\155\x2e";
exit;
gL:
if ($Cf) {
goto HP;
}
if ($eD) {
goto mL;
}
goto sg;
HP:
if (!(count($Cf["\x43\x65\x72\164\151\x66\x69\143\x61\164\x65\x73"]) > 0)) {
goto sa;
}
$n9 = $Cf["\103\x65\162\164\x69\146\x69\x63\141\x74\x65\163"][0];
sa:
goto sg;
mL:
if (!(count($eD["\x43\x65\x72\x74\x69\146\151\143\141\x74\x65\x73"]) > 0)) {
goto A2;
}
$n9 = $eD["\x43\x65\x72\x74\151\146\x69\x63\x61\x74\x65\163"][0];
A2:
sg:
if ($CV) {
goto oc;
}
if ($Ez == "\164\x65\x73\x74\126\x61\x6c\x69\x64\141\x74\145" or $Ez == "\164\x65\x73\x74\116\x65\167\103\x65\162\x74\x69\x66\151\x63\x61\x74\145") {
goto wv;
}
wp_die("\x57\x65\x20\x63\x6f\165\x6c\144\40\156\x6f\x74\x20\163\x69\x67\x6e\x20\x79\157\x75\40\151\156\x2e\x20\x50\x6c\x65\141\x73\x65\x20\143\x6f\156\x74\x61\x63\164\x20\x61\x64\155\151\x6e\151\163\x74\x72\x61\164\157\x72", "\x45\x72\x72\157\x72\72\x20\x49\156\x76\141\x6c\x69\x64\40\x53\101\115\x4c\x20\x52\145\163\160\x6f\x6e\163\x65");
goto NB;
wv:
$l3 = mo_options_error_constants::Error_wrong_certificate;
$Qh = mo_options_error_constants::Cause_wrong_certificate;
$IL = "\55\x2d\55\x2d\55\102\x45\x47\111\116\x20\103\105\x52\124\111\106\x49\103\x41\x54\x45\55\55\x2d\55\55\x3c\142\162\76" . chunk_split($n9, 64) . "\x3c\x62\x72\76\55\55\x2d\55\55\x45\x4e\104\40\x43\x45\122\x54\111\x46\111\x43\x41\124\105\55\x2d\x2d\x2d\55";
echo "\74\144\x69\166\x20\163\164\171\154\x65\x3d\x22\x66\157\156\x74\55\146\141\x6d\151\154\171\72\103\x61\154\151\x62\162\151\x3b\160\141\144\x64\151\x6e\x67\x3a\60\x20\63\45\73\42\76";
echo "\x3c\x64\x69\166\x20\163\164\x79\x6c\145\x3d\42\x63\x6f\154\x6f\162\72\x20\x23\x61\x39\x34\64\64\62\73\142\x61\x63\x6b\x67\x72\x6f\165\156\x64\x2d\x63\x6f\x6c\157\x72\x3a\40\x23\146\x32\x64\x65\144\x65\x3b\x70\141\144\x64\x69\x6e\x67\72\40\x31\65\160\170\x3b\155\x61\162\147\151\156\55\x62\x6f\x74\x74\157\155\x3a\40\62\x30\x70\170\x3b\164\145\170\x74\x2d\x61\154\x69\147\x6e\72\143\145\156\x74\145\x72\73\142\x6f\162\144\145\x72\x3a\61\x70\170\40\163\157\154\151\144\x20\x23\105\66\102\63\102\x32\x3b\x66\x6f\156\164\x2d\163\x69\x7a\x65\x3a\x31\70\160\164\73\42\x3e\40\105\122\122\x4f\x52\74\x2f\x64\x69\x76\76\15\xa\11\11\11\74\x64\x69\x76\40\x73\x74\171\154\x65\75\42\143\157\154\x6f\162\72\40\43\x61\71\x34\64\64\x32\73\x66\157\x6e\164\x2d\163\x69\x7a\x65\x3a\61\x34\160\x74\x3b\x20\x6d\141\x72\147\x69\x6e\x2d\x62\x6f\x74\x74\x6f\x6d\72\62\60\160\x78\73\42\x3e\74\x70\76\x3c\x73\164\x72\x6f\x6e\x67\76\105\x72\162\157\x72\x3a\40\x3c\57\163\x74\162\x6f\156\147\x3e\125\x6e\141\142\x6c\145\40\x74\x6f\40\146\151\x6e\144\40\141\40\x63\145\162\164\x69\x66\151\143\141\x74\x65\40\155\x61\x74\143\150\151\156\147\x20\x74\150\x65\40\x63\157\x6e\146\x69\x67\165\162\145\x64\x20\x66\x69\156\x67\x65\x72\x70\162\151\156\164\56\74\57\160\x3e\15\xa\x9\11\x9\74\x70\x3e\x50\154\145\141\x73\x65\x20\143\157\x6e\164\x61\143\x74\40\171\x6f\165\162\40\x61\x64\155\151\x6e\151\163\x74\x72\141\164\157\x72\40\141\x6e\144\x20\162\145\160\157\162\x74\x20\x74\x68\145\40\x66\x6f\x6c\154\x6f\167\x69\156\x67\40\x65\162\x72\157\162\x3a\74\x2f\x70\x3e\15\12\11\11\11\74\x70\x3e\74\x73\x74\162\x6f\156\x67\x3e\x50\x6f\163\163\151\142\x6c\145\40\103\141\x75\163\x65\x3a\x20\74\57\163\x74\x72\x6f\156\147\x3e\x27\x58\56\65\x30\71\x20\103\x65\162\164\x69\x66\x69\143\x61\164\x65\x27\x20\x66\x69\x65\x6c\144\40\151\156\x20\x70\154\x75\x67\151\156\x20\144\157\x65\163\40\x6e\x6f\164\40\x6d\141\x74\143\150\x20\164\150\x65\x20\x63\x65\x72\x74\151\146\151\143\x61\164\145\x20\x66\157\165\x6e\144\x20\151\156\x20\123\101\115\114\40\x52\145\x73\x70\157\x6e\163\145\x2e\74\57\x70\76\xd\xa\11\x9\11\74\160\76\x3c\x73\164\x72\x6f\156\147\x3e\x43\145\x72\164\x69\146\x69\x63\141\164\x65\40\x66\x6f\165\x6e\144\x20\151\x6e\x20\123\101\x4d\114\40\122\x65\163\160\x6f\x6e\163\x65\x3a\40\74\57\163\164\162\x6f\x6e\147\x3e\74\x66\157\x6e\x74\x20\x66\141\143\145\75\42\x43\x6f\165\162\x69\145\162\40\116\145\167\x22\x3b\x66\x6f\156\164\55\x73\151\172\x65\72\61\60\x70\164\x3e\74\x62\162\x3e\x3c\142\x72\x3e" . $IL . "\x3c\57\160\x3e\x3c\x2f\x66\157\x6e\164\x3e\xd\12\x20\40\40\40\40\x20\40\x20\x20\40\x20\x20\74\x70\x3e\74\163\164\162\157\x6e\x67\76\123\157\x6c\165\x74\x69\157\156\x3a\x20\74\57\163\164\x72\157\x6e\147\76\x3c\x2f\x70\x3e\xd\xa\11\11\11\x20\74\157\x6c\76\15\xa\x20\40\x20\x20\x20\40\x20\x20\x20\x20\x20\40\40\40\x20\x20\74\x6c\151\76\x43\x6f\x70\x79\x20\160\x61\163\x74\x65\x20\164\150\145\40\143\x65\x72\x74\x69\146\x69\x63\141\164\x65\x20\x70\x72\157\x76\x69\x64\145\x64\40\141\142\x6f\x76\x65\x20\151\156\x20\130\65\x30\x39\40\x43\x65\x72\164\151\x66\x69\x63\x61\x74\145\40\165\x6e\144\145\162\40\x53\145\x72\x76\151\143\145\x20\x50\x72\157\x76\x69\x64\145\x72\x20\123\x65\164\x75\160\x20\164\x61\142\x2e\x3c\57\154\x69\76\xd\xa\x20\40\x20\40\x20\x20\40\x20\40\x20\40\x20\40\x20\40\40\74\154\151\76\111\146\x20\x69\163\163\165\145\40\160\x65\x72\x73\x69\x73\x74\163\40\x64\x69\x73\141\142\x6c\145\x20\x3c\142\76\103\x68\x61\162\x61\x63\164\145\162\40\x65\156\x63\x6f\144\151\x6e\147\74\x2f\x62\76\x20\x75\156\x64\x65\162\x20\123\x65\162\x76\x69\143\145\x20\120\162\157\x76\144\x65\162\x20\123\145\x74\x75\160\x20\x74\x61\142\x2e\74\x2f\x6c\x69\76\15\12\x20\40\40\40\x20\40\40\x20\40\x20\40\40\x20\74\x2f\x6f\154\76\40\x20\x20\40\40\40\40\x20\40\15\xa\x20\40\40\40\x20\x20\x20\40\40\40\40\x20\x3c\57\x64\x69\x76\76\xd\12\x9\11\11\11\x9\74\x64\x69\x76\x20\x73\164\171\154\x65\x3d\x22\155\141\162\147\x69\x6e\x3a\x33\45\x3b\x64\151\163\x70\x6c\x61\171\x3a\x62\x6c\157\x63\153\73\x74\145\x78\x74\55\141\x6c\151\x67\156\72\143\x65\x6e\x74\x65\x72\x3b\x22\76\15\xa\x9\x9\11\11\11\74\144\151\166\x20\x73\x74\171\154\x65\75\x22\x6d\141\x72\x67\151\x6e\72\63\x25\73\x64\x69\163\160\x6c\x61\x79\72\142\x6c\157\143\153\73\x74\x65\x78\164\x2d\x61\154\x69\147\156\x3a\143\145\x6e\x74\145\x72\73\42\x3e\x3c\x69\156\160\165\x74\x20\x73\164\x79\154\x65\75\42\160\x61\144\144\x69\156\147\72\x31\45\73\x77\x69\144\x74\150\x3a\x31\60\60\160\x78\x3b\142\x61\143\x6b\x67\162\x6f\165\156\x64\x3a\40\x23\60\x30\71\61\x43\104\x20\x6e\x6f\156\145\40\x72\x65\160\x65\141\x74\40\163\x63\162\x6f\154\x6c\x20\60\45\x20\60\x25\73\x63\x75\x72\163\x6f\162\x3a\40\x70\157\151\156\164\145\x72\x3b\146\x6f\x6e\x74\55\163\x69\172\x65\72\61\65\160\x78\73\142\x6f\x72\144\x65\x72\55\167\x69\144\x74\150\72\40\61\x70\170\x3b\142\x6f\162\144\145\162\55\163\164\171\x6c\x65\72\x20\x73\x6f\x6c\x69\x64\x3b\x62\x6f\162\x64\145\x72\55\162\x61\x64\151\x75\163\x3a\40\63\160\170\73\x77\150\x69\x74\x65\55\x73\160\141\x63\x65\72\x20\156\x6f\167\162\141\x70\73\x62\157\x78\x2d\163\151\172\151\156\147\72\40\142\157\162\144\145\x72\55\x62\x6f\170\x3b\x62\157\162\x64\145\162\x2d\x63\x6f\154\x6f\162\72\40\x23\60\60\67\63\101\101\73\142\x6f\x78\55\x73\150\141\x64\157\167\x3a\x20\x30\160\170\x20\x31\x70\170\x20\60\160\170\40\x72\147\142\x61\50\61\x32\x30\54\x20\x32\x30\60\x2c\40\62\63\60\x2c\40\60\x2e\x36\51\x20\151\156\163\x65\x74\x3b\x63\x6f\154\157\162\72\x20\43\x46\x46\106\73\42\164\x79\x70\145\75\x22\142\165\x74\164\157\156\42\40\x76\141\154\x75\x65\75\42\104\x6f\156\x65\x22\x20\x6f\156\x43\x6c\x69\143\x6b\x3d\42\x73\145\x6c\x66\56\143\154\157\x73\x65\50\51\x3b\x22\x3e\x3c\57\x64\x69\x76\x3e";
mo_saml_download_logs($l3, $Qh, $rG);
exit;
NB:
oc:
$Rd = get_option("\x6d\157\137\163\141\155\154\137\163\160\137\145\156\164\x69\x74\x79\x5f\151\x64");
if (!empty($Rd)) {
goto aR;
}
$Rd = $g0 . "\x2f\167\x70\55\143\x6f\x6e\x74\x65\x6e\x74\57\x70\154\165\147\151\x6e\163\57\x6d\151\156\x69\x6f\x72\x61\156\x67\145\55\x73\x61\x6d\x6c\x2d\x32\60\x2d\x73\x69\x6e\x67\x6c\x65\x2d\163\151\x67\156\x2d\157\x6e\57";
aR:
$Rd = isset($Q8["\163\141\x6d\154\137\x73\x70\137\x65\x6e\164\151\x74\x79\137\x69\144"]) ? $Q8["\163\141\155\154\137\163\160\137\145\156\x74\151\x74\x79\x5f\151\x64"] : $Rd;
Utilities::validateIssuerAndAudience($tr, $Rd, $sK, $Ez, $rG);
$Y3 = current(current($tr->getAssertions())->getNameId());
$VT = current($tr->getAssertions())->getAttributes();
$VT["\116\141\155\x65\111\x44"] = array("\x30" => $Y3);
$sE = current($tr->getAssertions())->getSessionIndex();
mo_saml_checkMapping($Q8, $VT, $Ez, $sE);
goto gI;
xz:
if (!isset($_REQUEST["\122\145\x6c\x61\x79\123\164\x61\x74\145"])) {
goto nE;
}
$oO = $_REQUEST["\x52\x65\154\141\171\x53\x74\x61\x74\145"];
nE:
wp_logout();
if (!empty($oO)) {
goto rA;
}
$oO = home_url();
rA:
header("\x4c\x6f\143\141\164\151\x6f\156\x3a\x20" . $oO);
exit;
gI:
iE:
if (!(array_key_exists("\x53\101\x4d\114\122\145\x71\x75\145\163\x74", $_REQUEST) && !empty($_REQUEST["\x53\101\115\114\x52\145\161\x75\x65\x73\x74"]))) {
goto Re;
}
$vB = $_REQUEST["\123\101\115\114\x52\x65\161\165\x65\x73\x74"];
$Ez = "\x2f";
if (!array_key_exists("\x52\145\x6c\141\171\x53\x74\x61\x74\x65", $_REQUEST)) {
goto ey;
}
$Ez = $_REQUEST["\x52\x65\x6c\x61\171\x53\164\141\x74\x65"];
ey:
$vB = base64_decode($vB);
if (!(array_key_exists("\x53\101\115\x4c\122\x65\x71\165\x65\x73\x74", $_GET) && !empty($_GET["\123\101\x4d\x4c\122\145\x71\165\145\x73\x74"]))) {
goto QV;
}
$vB = gzinflate($vB);
QV:
$cf = new DOMDocument();
$cf->loadXML($vB);
$HD = $cf->firstChild;
if (!($HD->localName == "\114\x6f\147\157\x75\164\122\145\161\165\145\x73\164")) {
goto XT;
}
$Kw = new SAML2_LogoutRequest($HD);
if (!(!session_id() || session_id() == '' || !isset($_SESSION))) {
goto QD;
}
session_start();
QD:
$_SESSION["\x6d\157\x5f\163\x61\155\x6c\x5f\154\157\147\x6f\x75\x74\137\x72\145\x71\x75\145\x73\164"] = $vB;
$_SESSION["\155\x6f\x5f\163\141\x6d\x6c\137\x6c\x6f\x67\x6f\x75\x74\x5f\162\x65\154\141\171\x5f\x73\x74\141\164\x65"] = $Ez;
wp_logout();
XT:
Re:
}Function Calls
| None |
Stats
| MD5 | 522695a26df218a4fc019dc0adf8a891 |
| Eval Count | 0 |
| Decode Time | 50 ms |