HEX
Server: Apache
System: Linux vpshost0650.publiccloud.com.br 4.4.79-grsec-1.lc.x86_64 #1 SMP Wed Aug 2 14:18:21 -03 2017 x86_64
User: bandeirantesbomb3 (10068)
PHP: 8.0.7
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /home/goremar3/public_html/wp-content/plugins/getgenie/app/Api/
Upload Files
File: /home/goremar3/public_html/wp-content/plugins/getgenie/app/Api/LeaseToken.php
<?php

namespace GenieAi\App\Api;

use GenieAi\App\Auth\TokenManager;

class LeaseToken
{
    public function __construct() 
    {
        add_action("wp_ajax_lease_auth_token", [$this, 'callback']);
        add_action("wp_ajax_nopriv_lease_auth_token", [$this, 'callback']);
    }

    public function callback() 
    { 
        if ( !isset($_GET['_wpnonce']) || !wp_verify_nonce( $_GET['_wpnonce'], 'wp_rest' ) ) {
            return [
                'status'    => 'fail',
                'message'   => ['Nonce mismatch.']
            ];
        }

        if ( !is_user_logged_in() || !is_admin() || !current_user_can('publish_posts')) {
            return [
                'status'    => 'fail',
                'message'   => ['Access denied.']
            ];
        }
        
        $token = new TokenManager();
        $this->sendResponse($token->generate());
    }

    public function sendResponse($payload)
    {
        echo is_array($payload) ? json_encode($payload) : $payload;
        die();
    }
}
@ Telegram