New build

changelog.txt

@@ -2,6 +2,14 @@
 
 **This is a list detailing changes for all Jetpack releases.**
 
+= 9.0.1 =
+
+* Release date: October 6, 2020
+
+**Bug fixes**
+
+* General: remove a database optimization task that could potentially cause database issues.
+
 = 9.0 =
 
 * Release date: October 6, 2020

class.jetpack.php

@@ -4,7 +4,6 @@
 use Automattic\Jetpack\Config;
 use Automattic\Jetpack\Connection\Client;
 use Automattic\Jetpack\Connection\Manager as Connection_Manager;
-use Automattic\Jetpack\Connection\Nonce_Handler;
 use Automattic\Jetpack\Connection\Utils as Connection_Utils;
 use Automattic\Jetpack\Connection\Plugin_Storage as Connection_Plugin_Storage;
 use Automattic\Jetpack\Connection\Rest_Authentication as Connection_Rest_Authentication;
@@ -507,9 +506,6 @@ function plugin_upgrade() {
 						array( __CLASS__, 'upgrade_on_load' )
 					);
 				}
-
-				// Upgrade to Jetpack 9.0.0, cleaning up nonces during runtime.
-				wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
 			}
 		}
 	}
@@ -3306,13 +3302,10 @@ public static function plugin_deactivation() {
 	 * @static
 	 */
 	public static function disconnect( $update_activated_state = true ) {
-		// The hook is not being set since Jetpack 9.0.0,
-		// but we're removing it just in case it wasn't properly cleaned up after the plugin update.
 		wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
 
-		Nonce_Handler::clean_all();
-
 		$connection = self::connection();
+		$connection->clean_nonces( true );
 
 		// If the site is in an IDC because sync is not allowed,
 		// let's make sure to not disconnect the production site.
@@ -6028,7 +6021,7 @@ function verify_json_api_authorization_request( $environment = null ) {
 			$this->connection_manager = new Connection_Manager();
 		}
 
-		if ( ! Nonce_Handler::add( $timestamp, $nonce ) ) {
+		if ( ! $this->connection_manager->add_nonce( $timestamp, $nonce ) ) {
 			// De-nonce the nonce, at least for 5 minutes.
 			// We have to reuse this nonce at least once (used the first time when the initial request is made, used a second time when the login form is POSTed)
 			$old_nonce_time = get_option( "jetpack_nonce_{$timestamp}_{$nonce}" );

jetpack.php

@@ -4,7 +4,7 @@
  * Plugin URI: https://jetpack.com
  * Description: Bring the power of the WordPress.com cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a WordPress.com account to use the powerful features normally only available to WordPress.com users.
  * Author: Automattic
- * Version: 9.0
+ * Version: 9.0.1
  * Author URI: https://jetpack.com
  * License: GPL2+
  * Text Domain: jetpack
@@ -16,7 +16,7 @@
 
 define( 'JETPACK__MINIMUM_WP_VERSION', '5.4' );
 define( 'JETPACK__MINIMUM_PHP_VERSION', '5.6' );
-define( 'JETPACK__VERSION', '9.0' );
+define( 'JETPACK__VERSION', '9.0.1' );
 
 /**
  * Constant used to fetch the connection owner token

readme.txt

@@ -1,7 +1,7 @@
 === Jetpack - WP Security, Backup, Speed, & Growth ===
 Contributors: automattic, adamkheckler, aduth, akirk, allendav, alternatekev, andy, annezazu, apeatling, azaozz, batmoo, barry, beaulebens, biskobe, blobaugh, brbrr, cainm, cena, cfinke, chaselivingston, chellycat, clickysteve, csonnek, danielbachhuber, davoraltman, daniloercoli, delawski, designsimply, dllh, drawmyface, dsmart, dzver, ebinnion, egregor, eliorivero, enej, eoigal, erania-pinnera, ethitter, fgiannar, gcorne, georgestephanis, gibrown, goldsounds, hew, hugobaeta, hypertextranch, iammattthomas, iandunn, jblz, jasmussen, jeffgolenski, jeherve, jenhooks, jenia, jessefriedman, jgs, jkudish, jmdodd, joanrho, johnjamesjacoby, jshreve, kbrownkd, keoshi, koke, kraftbj, lancewillett, leogermani, lschuyler, macmanx, martinremy, matt, matveb, mattwiebe, maverick3x6, mcsf, mdawaffe, mdbitz, MichaelArestad, migueluy, mikeyarce, mkaz, nancythanki, nickmomrik, obenland, oskosk, pento, professor44, rachelsquirrel, rdcoll, ryancowles, richardmuscat, richardmtl, robertbpugh, roccotripaldi, samhotchkiss, scarstocea, scottsweb, sdquirk, sermitr, simison, stephdau, tmoorewp, tyxla, Viper007Bond, westi, yoavf, zinigor
 Tags: WP, backup, social, AMP, WooCommerce, malware, scan, spam, CDN, social
-Stable tag: 9.0
+Stable tag: 9.0.1
 Requires at least: 5.4
 Requires PHP: 5.6
 Tested up to: 5.5
@@ -243,6 +243,14 @@ Our Cookie and Consent Banner can help you comply with GDPR. The European Union
 
 == Changelog ==
 
+= 9.0.1 =
+
+* Release date: October 6, 2020
+
+**Bug fixes**
+
+* General: remove a database optimization task that could potentially cause database issues.
+
 = 9.0 =
 
 * Release date: October 6, 2020

vendor/autoload.php

@@ -4,4 +4,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInita1222ec05002192634ff765055ba9433::getLoader();
+return ComposerAutoloaderInitacc00ebcd28ded2c94b94c169e27e56b::getLoader();

vendor/autoload_packages.php

@@ -5,7 +5,7 @@
  * @package automattic/jetpack-autoloader
  */
 
-namespace Automattic\Jetpack\Autoloader\jp32d782bf6284be1b4945964fb1ea5547;
+namespace Automattic\Jetpack\Autoloader\jp89a260721a4ce26bb1d7b8b19b6d4c6c;
 
  // phpcs:ignore
 

vendor/automattic/jetpack-connection/src/class-manager.php

@@ -113,6 +113,11 @@ public static function configure() {
 
 		add_action( 'rest_api_init', array( $manager, 'initialize_rest_api_registration_connector' ) );
 
+		add_action( 'jetpack_clean_nonces', array( $manager, 'clean_nonces' ) );
+		if ( ! wp_next_scheduled( 'jetpack_clean_nonces' ) ) {
+			wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
+		}
+
 		add_action( 'plugins_loaded', __NAMESPACE__ . '\Plugin_Storage::configure', 100 );
 
 		add_filter( 'map_meta_cap', array( $manager, 'jetpack_connection_custom_caps' ), 1, 4 );
@@ -464,7 +469,7 @@ private function internal_verify_xml_rpc_signature() {
 		// phpcs:enable WordPress.Security.NonceVerification.Recommended
 
 		// Use up the nonce regardless of whether the signature matches.
-		if ( ! Nonce_Handler::add( $timestamp, $nonce ) ) {
+		if ( ! $this->add_nonce( $timestamp, $nonce ) ) {
 			return new \WP_Error(
 				'invalid_nonce',
 				'Could not add nonce',
@@ -1038,28 +1043,73 @@ protected function validate_remote_register_response( $response ) {
 	 * @param int    $timestamp the current request timestamp.
 	 * @param string $nonce the nonce value.
 	 * @return bool whether the nonce is unique or not.
-	 *
-	 * @deprecated since 9.0.0
 	 */
 	public function add_nonce( $timestamp, $nonce ) {
-		_deprecated_function( __METHOD__, 'jetpack-9.0.0', 'Automattic\\Jetpack\\Connection\\Nonce_Handler::add' );
+		global $wpdb;
+		static $nonces_used_this_request = array();
+
+		if ( isset( $nonces_used_this_request[ "$timestamp:$nonce" ] ) ) {
+			return $nonces_used_this_request[ "$timestamp:$nonce" ];
+		}
+
+		// This should always have gone through Jetpack_Signature::sign_request() first to check $timestamp an $nonce.
+		$timestamp = (int) $timestamp;
+		$nonce     = esc_sql( $nonce );
+
+		// Raw query so we can avoid races: add_option will also update.
+		$show_errors = $wpdb->show_errors( false );
+
+		$old_nonce = $wpdb->get_row(
+			$wpdb->prepare( "SELECT * FROM `$wpdb->options` WHERE option_name = %s", "jetpack_nonce_{$timestamp}_{$nonce}" )
+		);
+
+		if ( is_null( $old_nonce ) ) {
+			$return = $wpdb->query(
+				$wpdb->prepare(
+					"INSERT INTO `$wpdb->options` (`option_name`, `option_value`, `autoload`) VALUES (%s, %s, %s)",
+					"jetpack_nonce_{$timestamp}_{$nonce}",
+					time(),
+					'no'
+				)
+			);
+		} else {
+			$return = false;
+		}
 
-		return Nonce_Handler::add( $timestamp, $nonce );
+		$wpdb->show_errors( $show_errors );
+
+		$nonces_used_this_request[ "$timestamp:$nonce" ] = $return;
+
+		return $return;
 	}
 
 	/**
 	 * Cleans nonces that were saved when calling ::add_nonce.
 	 *
-	 * @param bool $all whether to clean even non-expired nonces.
-	 *
-	 * @deprecated since 9.0.0
+	 * @todo Properly prepare the query before executing it.
 	 *
-	 * @see Nonce_Handler::clean_all()
+	 * @param bool $all whether to clean even non-expired nonces.
 	 */
 	public function clean_nonces( $all = false ) {
-		_deprecated_function( __METHOD__, 'jetpack-9.0.0', 'Automattic\\Jetpack\\Connection\\Nonce_Handler::clean_all' );
+		global $wpdb;
+
+		$sql      = "DELETE FROM `$wpdb->options` WHERE `option_name` LIKE %s";
+		$sql_args = array( $wpdb->esc_like( 'jetpack_nonce_' ) . '%' );
 
-		Nonce_Handler::clean_all( $all ? PHP_INT_MAX : time() - Nonce_Handler::LIFETIME );
+		if ( true !== $all ) {
+			$sql       .= ' AND CAST( `option_value` AS UNSIGNED ) < %d';
+			$sql_args[] = time() - 3600;
+		}
+
+		$sql .= ' ORDER BY `option_id` LIMIT 100';
+
+		$sql = $wpdb->prepare( $sql, $sql_args ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		for ( $i = 0; $i < 1000; $i++ ) {
+			if ( ! $wpdb->query( $sql ) ) { // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+				break;
+			}
+		}
 	}
 
 	/**