Changeset 3444723

modular-connector/trunk/init.php

-                      r3441222
+                      r3444723
  * Plugin URI: https://modulards.com/herramienta-gestion-webs/
  * Description: Connect and manage all your WordPress websites in an easier and more efficient way. Backups, bulk updates, Uptime Monitor, statistics, security, performance, client reports and much more.
  * Version: 2.6.0
+ * Version: 2.6.1
  * License: GPL v3.0
  * License URI: https://www.gnu.org/licenses/gpl.html
 …
 define('MODULAR_CONNECTOR_BASENAME', sprintf('%s/%s', basename(dirname(__FILE__)), basename(__FILE__)));
 define('MODULAR_CONNECTOR_MU_BASENAME', sprintf('0-%s.php', dirname(MODULAR_CONNECTOR_BASENAME)));
 define('MODULAR_CONNECTOR_VERSION', '2.6.0');
+define('MODULAR_CONNECTOR_VERSION', '2.6.1');
 define('MODULAR_ARES_SCHEDULE_HOOK', 'modular_connector_run_schedule');
 define('MODULAR_CONNECTOR_STORAGE_PATH', untrailingslashit(WP_CONTENT_DIR) . DIRECTORY_SEPARATOR . 'modular_storage');

modular-connector/trunk/modular-php/src/ModularClient.php

-                      r3441222
+                      r3444723
         $this->oauthToken = $config['oauth_token'];
+        // Only disable for local/staging development
+        $isDevEnvironment = in_array($config['env'] ?? 'production', ['local', 'stg', 'dev', 'testing'], true);
         $this->client = new Client([
             'verify' => false,
+            'verify' => !$isDevEnvironment,
             'base_uri' => rtrim($config['base_uri'], '/'),
             'headers' => [

modular-connector/trunk/readme.txt

-                      r3441222
+                      r3444723
 Requires at least: 6.0
 Tested up to: 6.9
 Stable tag: 2.6.0
+Stable tag: 2.6.1
 Requires PHP: 7.4
 License: GPLv3
 …
 == Changelog ==
+= v2.6.1 =
+Release date: 2026-01-22
+* Extra security measures added to validate JWT tokens
+* FIXED: Error executing WordPress pseudo cron
 = v2.6.0 =
 Release date: 2026-01-16

modular-connector/trunk/src/app/Http/Controllers/AuthController.php

-                      r3427955
+                      r3444723
+{
     /**
+     * Get code from request (header XOR query, never both).
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return string|null
+     */
+    private function getCodeFromRequest($request): ?string
+    {
+        $hasQuery = $request->has('code');
+        $hasHeader = $request->hasHeader('x-mo-code');
+        if ($hasQuery) {
+            return $request->get('code');
+        }
+        if ($hasHeader) {
+            return $request->header('x-mo-code');
+        }
+        return null;
+    }
+    /**
      * Confirm OAuth from Modular
+     *
 …
+    {
         $client = OauthClient::getClient();
+        $code = $request->header('x-mo-code') ?: $request->get('xcode') ?: $request->get('code');
+        // code: XOR - query or header, never both (already validated in isDirectRequest)
+        $code = $this->getCodeFromRequest($request);
         try {

modular-connector/trunk/src/app/Http/Middleware/AuthenticateLoopback.php

-                      r3441222
+                      r3444723
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Log;
 use function Modular\ConnectorDependencies\abort;
-use function Modular\ConnectorDependencies\app;
 class AuthenticateLoopback
+{
     /**
      * Handle an incoming request.
+     *
+     * Authentication methods (mutually exclusive - one or the other):
+     * - x-mo-authentication header with JWT (for loopback/oauth)
+     * - sig query parameter with JWT (for type=request from API)
+     *
      * @param Request $request
 …
     public function handle($request, \Closure $next)
+    {
+        $action = app()->getScheduleHook();
+        // Check for x-mo-Authentication header or sig parameter (API authentication with client_secret)
+        if ($request->hasHeader('x-mo-authentication') || $request->has('sig')) {
+            $token = $request->hasHeader('x-mo-authentication')
+                ? $request->header('x-mo-authentication', '')
+                : $request->get('sig');
+            $source = $request->hasHeader('x-mo-authentication') ? 'header' : 'parameter';
+            // Verify JWT with client_secret
+            if (!$this->verifyApiAuthentication($request, $token, $source)) {
+                abort(404);
+            }
+            Log::debug("API authentication verified successfully via {$source}");
+        } elseif ($request->hasHeader('Authentication')) {
+            // Legacy Authentication header (uses default hashing key)
+            $authHeader = $request->header('Authentication', '');
+            if (!JWT::verify($authHeader, $action)) {
+                Log::debug('Invalid JWT for schedule hook', [
+                    'hook' => $action,
+                    'header' => $authHeader,
+                ]);
+                abort(404);
+            }
+        } else {
+            // Fallback to nonce validation
+            $isValid = check_ajax_referer($action, 'nonce', false);
+            if (!$isValid) {
+                Log::debug('Invalid nonce for schedule hook', [
+                    'hook' => $action,
+                    'nonce' => $request->input('nonce'),
+                ]);
+                abort(404);
+            }
+        }
+        Log::debug('Valid authentication for loopback request');
+        $hasAuthHeader = $request->hasHeader('x-mo-authentication');
+        $hasSigParam = $request->has('sig');
+        // Must have one authentication method
+        if (!$hasAuthHeader && !$hasSigParam) {
+            Log::debug('Authentication: No auth method provided', [
+                'ip' => $request->ip(),
+                'uri' => $request->fullUrl(),
+            ]);
+            abort(404);
+        }
+        // Cannot have both (mutual exclusivity - already validated in isDirectRequest)
+        if ($hasAuthHeader && $hasSigParam) {
+            Log::debug('Authentication: Both auth methods provided', [
+                'ip' => $request->ip(),
+            ]);
+            abort(404);
+        }
+        // Get token from header or query
+        $token = $hasAuthHeader
+            ? $request->header('x-mo-authentication')
+            : $request->get('sig');
+        if (!$this->verifyAuthentication($request, $token)) {
+            abort(404);
+        }
+        Log::debug('Authentication verified successfully', [
+            'method' => $hasAuthHeader ? 'x-mo-authentication' : 'sig',
+        ]);
         return $next($request);
 …
     /**
      * Verify API authentication with client_secret.
+     * Verify JWT authentication with client_secret.
+     *
      * @param Request $request
+     * @param string $token JWT token from header or parameter
+     * @param string $source 'header' or 'parameter'
+     * @param string $token JWT token from header
      * @return bool
      */
     private function verifyApiAuthentication($request, $token, $source)
+    private function verifyAuthentication(Request $request, string $token): bool
+    {
-        // Verify token is not empty
         if (empty($token)) {
             Log::debug("API auth ({$source}): Token is empty");
+            Log::debug('x-mo-authentication: Token is empty');
             return false;
+        }
 …
         $clientSecret = OauthClient::getClient()->getClientSecret();
-        // If client_secret is empty, authentication is invalid
         if (empty($clientSecret)) {
+            Log::debug("API auth ({$source}): client_secret is empty");
+            return false;
+        }
+        // Get request data based on route
+            Log::debug('x-mo-authentication: client_secret is empty - site not connected');
+            return false;
+        }
+        // Get request data based on route for validation
         $requestData = $this->getRequestData($request);
         if ($requestData === null) {
+            Log::debug("API auth ({$source}): Unable to get request data");
+            return false;
+        }
+        // Verify JWT using client_secret with request data
+        if (!$this->verifyJwtWithData($token, $clientSecret, $requestData)) {
+            Log::debug("API auth ({$source}): Invalid JWT");
+            return false;
+            Log::debug('x-mo-authentication: Unable to get request data');
+            return false;
+        }
+        // Verify JWT signature and claims
+        $jwtPayload = $this->verifyJwt($token, $clientSecret);
+        if ($jwtPayload === null) {
+            Log::debug('x-mo-authentication: JWT verification failed');
+            return false;
+        }
+        // Verify client_id matches (site-specific token binding)
+        $siteClientId = OauthClient::getClient()->getClientId();
+        $jwtClientId = $jwtPayload->client_id ?? null;
+        if (empty($siteClientId) || empty($jwtClientId)) {
+            Log::debug('x-mo-authentication: client_id missing', [
+                'site_client_id' => $siteClientId ? 'present' : 'missing',
+                'jwt_client_id' => $jwtClientId ? 'present' : 'missing',
+            ]);
+            return false;
+        }
+        if (!hash_equals($siteClientId, $jwtClientId)) {
+            Log::debug('x-mo-authentication: client_id mismatch');
+            return false;
+        }
+        Log::debug('x-mo-authentication: client_id verified');
+        // For loopback requests, verify lbn (loopback nonce) matches
+        if (isset($requestData->type) && $requestData->type === 'loopback') {
+            $queryLbn = $requestData->lbn ?? null;
+            $jwtLbn = $jwtPayload->lbn ?? null;
+            if (empty($queryLbn) || empty($jwtLbn)) {
+                Log::debug('x-mo-authentication: Loopback nonce missing', [
+                    'query_lbn' => $queryLbn ? 'present' : 'missing',
+                    'jwt_lbn' => $jwtLbn ? 'present' : 'missing',
+                ]);
+                return false;
+            }
+            if (!hash_equals($jwtLbn, $queryLbn)) {
+                Log::debug('x-mo-authentication: Loopback nonce mismatch');
+                return false;
+            }
+            Log::debug('x-mo-authentication: Loopback nonce verified');
+        }
 …
      * @return object|array|null
      */
     private function getRequestData($request)
+    private function getRequestData(Request $request)
+    {
         $routeName = $request->route()->getName();
 …
         // Special handling for OAuth route
         if ($routeName === 'modular-connector.oauth') {
+            // code: XOR - query or header, never both (already validated in isDirectRequest)
+            $code = $request->has('code')
+                ? $request->get('code')
+                : $request->header('x-mo-code');
             return (object)[
                 'code' => $request->get('code'),
+                'code' => $code,
                 'state' => $request->get('state'),
             ];
+        }
+        // For other routes, get modularRequest from cache
+        // Special handling for schedule.run route (loopback)
+        if ($routeName === 'schedule.run') {
+            return (object)[
+                'type' => 'loopback',
+                'lbn' => $request->get('lbn'), // Loopback nonce from query string
+            ];
+        }
+        // For other routes, get modularRequest from route parameter
         $modularRequest = $request->route()->parameter('modular_request');
         if (!$modularRequest) {
             Log::debug('x-mo-Authentication: modularRequest not found in cache', [
+            Log::debug('x-mo-authentication: modularRequest not found', [
                 'route' => $routeName,
             ]);
             return null;
+        }
 …
         foreach ($requiredKeys as $key) {
             if (!array_key_exists($key, $modularRequest->attributesToArray())) {
                 Log::debug('x-mo-Authentication: modularRequest missing required key', [
+                Log::debug('x-mo-authentication: modularRequest missing required key', [
                     'missing_key' => $key,
                     'route' => $routeName,
 …
+        }
-        // Return the entire modularRequest object for hashing
         return $modularRequest;
+    }
     /**
+     * Verify JWT signature and integrity.
+     *
+     * Decodes the JWT, regenerates the signature with the same payload and client_secret,
+     * and compares. If signatures match, the JWT is authentic and unmodified.
+     * Verify JWT signature, structure, and temporal claims.
+     *
      * @param string $token
      * @param string $clientSecret
+     * @param object|array $requestData
+     * @return bool
+     * @return object|null Returns payload on success, null on failure
      */
     private function verifyJwtWithData($token, $clientSecret, $requestData)
+    private function verifyJwt(string $token, string $clientSecret): ?object
+    {
         // Remove Bearer prefix
+        // Remove Bearer prefix if present
         $token = str_replace('Bearer ', '', $token);
         $jwtParts = explode('.', $token);
         if (count($jwtParts) !== 3) {
             Log::debug('x-mo-Authentication: Invalid JWT structure');
             return false;
+            Log::debug('x-mo-authentication: Invalid JWT structure - expected 3 parts');
+            return null;
+        }
         [$base64UrlHeader, $base64UrlPayload, $base64UrlSignature] = $jwtParts;
         // Decode header and payload to inspect them
         $header = json_decode(JWT::base64UrlDecode($base64UrlHeader));
         $payload = json_decode(JWT::base64UrlDecode($base64UrlPayload));
+        if (!$header || !$payload) {
             Log::debug('x-mo-Authentication: Failed to decode JWT', [
                 'header_valid' => is_object($header),
                 'payload_valid' => is_object($payload),
             ]);
+            return false;
+        }
+        Log::debug('x-mo-Authentication: JWT payload decoded', [
             'client_id' => $payload->client_id ?? null,
             'exp' => $payload->exp ?? null,
+            'iat' => $payload->iat ?? null,
         ]);
+        // Regenerate signature with the exact same payload
         // If this matches the received signature, the payload is authentic and unmodified
         $signatureInput = "$base64UrlHeader.$base64UrlPayload";
+        // Decode header and payload with strict JSON parsing
+        try {
+            $headerJson = JWT::base64UrlDecode($base64UrlHeader);
+            $payloadJson = JWT::base64UrlDecode($base64UrlPayload);
+            $header = json_decode($headerJson, false, 512, JSON_THROW_ON_ERROR);
+            $payload = json_decode($payloadJson, false, 512, JSON_THROW_ON_ERROR);
+        } catch (\JsonException $e) {
+            Log::debug('x-mo-authentication: JSON decode failed', ['error' => $e->getMessage()]);
+            return null;
+        }
+        if ($header->alg !== 'HS256') {
+            Log::debug('x-mo-authentication: Invalid algorithm', ['alg' => $header->alg]);
+            return null;
+        }
+        // Verify signature using timing-safe comparison
+        $signatureInput = "{$base64UrlHeader}.{$base64UrlPayload}";
         $expectedSignature = hash_hmac('sha256', $signatureInput, $clientSecret, true);
         $receivedSignature = JWT::base64UrlDecode($base64UrlSignature);
         if (!hash_equals($expectedSignature, $receivedSignature)) {
+            Log::debug('x-mo-Authentication: JWT signature mismatch - token tampered or wrong secret');
+            return false;
+        }
+        Log::debug('x-mo-Authentication: JWT signature valid');
+        // Verify expiration
+            Log::debug('x-mo-authentication: JWT signature mismatch');
+            return null;
+        }
+        // Verify temporal claims
         $currentTime = time();
+        if ($currentTime > ($payload->exp ?? 0)) {
+            Log::debug('x-mo-Authentication: JWT expired', [
+        // Check expiration (exp)
+        if (isset($payload->exp) && $currentTime > $payload->exp) {
+            Log::debug('x-mo-authentication: JWT expired', [
                 'exp' => $payload->exp,
                 'now' => $currentTime,
+            ]);
+            return false;
+        }
+        // Verify issued at
+        if ($currentTime < ($payload->iat ?? 0)) {
+            Log::debug('x-mo-Authentication: JWT not yet valid', [
+                'expired_ago' => $currentTime - $payload->exp,
+            ]);
+            return null;
+        }
+        // Check not before (iat - issued at)
+        if (isset($payload->iat) && $currentTime < $payload->iat) {
+            Log::debug('x-mo-authentication: JWT not yet valid', [
                 'iat' => $payload->iat,
                 'now' => $currentTime,
             ]);
+            return false;
+        }
+        return true;
+            return null;
+        }
+        Log::debug('x-mo-authentication: JWT verified successfully', [
+            'client_id' => $payload->client_id ?? 'not set',
+            'type' => $payload->type ?? 'not set',
+        ]);
+        return $payload;
+    }
+}

modular-connector/trunk/src/app/Jobs/ManagerInstallJob.php

-                      r3386550
+                      r3444723
 use Modular\Connector\Services\Manager\ManagerPlugin;
 use Modular\Connector\Services\Manager\ManagerTheme;
+use Modular\ConnectorDependencies\Ares\Framework\Foundation\ScreenSimulation;
 use Modular\ConnectorDependencies\Illuminate\Bus\Queueable;
 use Modular\ConnectorDependencies\Illuminate\Contracts\Queue\ShouldQueue;
 …
     public function handle(): void
+    {
+        ScreenSimulation::simulateAdmin();
         $payload = $this->payload;

modular-connector/trunk/src/app/Jobs/ManagerManageItemJob.php

-                      r3386550
+                      r3444723
 use Modular\Connector\Services\Manager\ManagerTheme;
 use Modular\ConnectorDependencies\Ares\Framework\Foundation\Http\HttpUtils;
+use Modular\ConnectorDependencies\Ares\Framework\Foundation\ScreenSimulation;
 use Modular\ConnectorDependencies\Illuminate\Bus\Queueable;
 use Modular\ConnectorDependencies\Illuminate\Contracts\Queue\ShouldBeUniqueUntilProcessing;
 …
     public function handle(): void
+    {
+        ScreenSimulation::simulateAdmin();
         $payload = $this->payload;
         $action = $this->action;

modular-connector/trunk/src/app/Jobs/ManagerUpdateJob.php

-                      r3316585
+                      r3444723
 use Modular\Connector\Events\ManagerItemsUpdated;
 use Modular\Connector\Facades\Manager;
+use Modular\ConnectorDependencies\Ares\Framework\Foundation\ScreenSimulation;
 use Modular\ConnectorDependencies\Illuminate\Bus\Queueable;
 use Modular\ConnectorDependencies\Illuminate\Contracts\Queue\ShouldQueue;
 …
     public function handle(): void
+    {
+        ScreenSimulation::simulateAdmin();
         $items = Manager::update();

modular-connector/trunk/src/app/Providers/ModularConnectorServiceProvider.php

-                      r3421301
+                      r3444723
 use Modular\Connector\Facades\Manager as ManagerFacade;
 use Modular\Connector\Facades\WhiteLabel;
+use Modular\Connector\Helper\OauthClient;
 use Modular\Connector\Services\Manager;
 use Modular\Connector\Services\Manager\ManagerSafeUpgrade;
 …
             $url = apply_filters(sprintf('%s_query_url', $hook), site_url('wp-load.php'));
+            // Generate random control parameter for this specific request
+            $lbNonce = bin2hex(random_bytes(16));
             $query = apply_filters(
                 sprintf('%s_query_args', $hook),
 …
                     'origin' => 'mo',
                     'type' => 'lb',
                     'nonce' => wp_create_nonce($hook),
+                    'lbn' => $lbNonce, // Loopback nonce - must match JWT payload
+                ]
             );
 …
                 'sslverify' => false,
                 'blocking' => $debugSchedule,
+                'headers' => [],
+                'headers' => [
+                    'User-Agent' => 'ModularConnector/' . MODULAR_CONNECTOR_VERSION . ' (Linux)',
+                ],
             ];
+            // Generate JWT with client_secret for x-mo-authentication
             try {
+                $token = JWT::generate($hook);
+                $args['headers']['Authentication'] = 'Bearer ' . $token;
+                $client = OauthClient::getClient();
+                $clientSecret = $client->getClientSecret();
+                $clientId = $client->getClientId();
+                if (!empty($clientSecret) && !empty($clientId)) {
+                    $token = $this->generateLoopbackJwt($clientSecret, $clientId, $lbNonce);
+                    $args['headers']['x-mo-authentication'] = 'Bearer ' . $token;
+                } else {
+                    Log::warning('Loopback: client_secret or client_id not available, skipping dispatch');
+                    return;
+                }
             } catch (\Throwable $e) {
                 // Silence is golden
                 Log::debug($e);
+                Log::debug('Loopback: Failed to generate JWT', ['error' => $e->getMessage()]);
+                return;
+            }
 …
     /**
+     * Generate a JWT for loopback requests using client_secret.
+     *
+     * @param string $clientSecret
+     * @param string $clientId
+     * @param string $lbNonce Random nonce that must match the query string parameter
+     * @return string
+     */
+    private function generateLoopbackJwt(string $clientSecret, string $clientId, string $lbNonce): string
+    {
+        $header = [
+            'typ' => 'JWT',
+            'alg' => 'HS256',
+        ];
+        $payload = [
+            'iat' => time(),
+            'exp' => time() + 300, // 5 minutes expiration
+            'type' => 'loopback',
+            'client_id' => $clientId, // Site-specific verification
+            'lbn' => $lbNonce, // Must match query string lbn parameter
+        ];
+        $base64UrlHeader = JWT::base64UrlEncode(
+            json_encode($header, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_THROW_ON_ERROR)
+        );
+        $base64UrlPayload = JWT::base64UrlEncode(
+            json_encode($payload, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_THROW_ON_ERROR)
+        );
+        $signature = hash_hmac('sha256', "{$base64UrlHeader}.{$base64UrlPayload}", $clientSecret, true);
+        $base64UrlSignature = JWT::base64UrlEncode($signature);
+        return "{$base64UrlHeader}.{$base64UrlPayload}.{$base64UrlSignature}";
+    }
+    /**
      * @return void
      */

modular-connector/trunk/src/app/Providers/RouteServiceProvider.php

-                      r3441222
+                      r3444723
 use Modular\ConnectorDependencies\Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Cache;
+use Modular\ConnectorDependencies\Illuminate\Support\Facades\Log;
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Route;
+use Modular\ConnectorDependencies\Illuminate\Support\Str;
 use Modular\ConnectorDependencies\Symfony\Component\HttpKernel\Exception\HttpException;
 use function Modular\ConnectorDependencies\app;
 …
     /**
+     * Get type from request (header XOR query, never both).
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return string|null
+     */
+    private function getTypeFromRequest($request): ?string
+    {
+        $hasQuery = $request->has('type');
+        $hasHeader = $request->hasHeader('x-mo-type');
+        // XOR: one or the other, never both (already validated in isDirectRequest)
+        if ($hasQuery) {
+            return $request->get('type');
+        }
+        if ($hasHeader) {
+            return $request->header('x-mo-type');
+        }
+        return null;
+    }
+    /**
+     * Get mrid from request (header XOR query, never both).
+     *
+     * @param \Illuminate\Http\Request $request
+     * @return string|null
+     */
+    private function getMridFromRequest($request): ?string
+    {
+        $hasQuery = $request->has('mrid');
+        $hasHeader = $request->hasHeader('x-mo-mrid');
+        if ($hasQuery) {
+            return $request->get('mrid');
+        }
+        if ($hasHeader) {
+            return $request->header('x-mo-mrid');
+        }
+        return null;
+    }
+    /**
      * @param $route
      * @param $removeQuery
 …
         $request = request();
         $type = $request->header('x-mo-type', $request->get('type'));
+        $type = $this->getTypeFromRequest($request);
         if ($type === 'request') {
+            $mrid = $request->header('x-mo-mrid', $request->get('mrid'));
+            $mrid = $this->getMridFromRequest($request);
+            // Defense in depth: validate mrid is UUID (already validated in isDirectRequest)
+            if (!$mrid || !Str::isUuid($mrid)) {
+                Log::warning('bindOldRoutes: Invalid mrid format', ['mrid' => $mrid]);
+                return $route;
+            }
             $modularRequest = Cache::driver('array')->get('modularRequest') ?: $this->getModularRequest($mrid);
 …
+            }
+            $type = $modularRequest->type;
+            /**
+             * @var \Illuminate\Routing\Route $route
+             */
+            $routeByName = $routes->getByName($type);
+            $routeType = $modularRequest->type;
+            /** @var \Illuminate\Routing\Route $routeByName */
+            $routeByName = $routes->getByName($routeType);
             if (!$routeByName) {
+                Log::warning('bindOldRoutes: Route not found', ['route_type' => $routeType]);
                 return $route;
+            }
 …
                 $route->setParameter('modular_request', $modularRequest);
+            }
         } else if ($type === 'oauth') {
+        } elseif ($type === 'oauth') {
             /**
              * @var \Illuminate\Routing\Route $route
 …
                 $request->query->remove('origin');
                 $request->query->remove('type');
+                $request->query->remove('state');
+            }
             $route = $route->bind($request);
         } else if ($type === 'lb') {
+        } elseif ($type === 'lb') {
             /**
              * @var \Illuminate\Routing\Route $route
 …
             $route = $route->bind($request);
+        }
+        if ($request->hasHeader('authorization')) {
+            $authorization = $request->header('Authorization');
+            Cache::driver('wordpress')->forever('header.authorization', $authorization);
+        } elseif (Cache::driver('wordpress')->has('header.authorization')) {
+            Cache::driver('wordpress')->forget('header.authorization');
+        } else {
+            // Unknown type - should never reach here if isDirectRequest() works correctly
+            Log::warning('bindOldRoutes: Unknown type after isDirectRequest passed', ['type' => $type]);
+            return $route;
+        }

modular-connector/trunk/src/app/WordPress/Settings.php

-                      r3421301
+                      r3444723
     /**
+     * Allowed queue connection names for clear operations.
+     */
+    private const ALLOWED_QUEUE_CONNECTIONS = ['sync', 'wordpress', 'database'];
+    /**
+     * Allowed cache store names for clear operations.
+     */
+    private const ALLOWED_CACHE_STORES = ['file', 'database'];
+    /**
      * The function used to clear the cache
+     *
 …
             $connection = $request->get('driver');
+            // Validate connection is in allowed list
+            if (!in_array($connection, self::ALLOWED_QUEUE_CONNECTIONS, true)) {
+                wp_die(esc_html__('Invalid queue connection.', 'modular-connector'));
+            }
             $queue = app('queue')->connection($connection);
 …
         } elseif ($request->get('action') === 'cache') {
             $driver = $request->get('driver');
+            // Validate driver is in allowed list
+            if (!in_array($driver, self::ALLOWED_CACHE_STORES, true)) {
+                wp_die(esc_html__('Invalid cache driver.', 'modular-connector'));
+            }
             app('cache')->driver($driver)->flush();

modular-connector/trunk/src/config/app.php

-                      r3318767
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/auth.php

-                      r3214910
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/backup.php

-                      r3421301
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/cache.php

-                      r3266504
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/database.php

-                      r3421301
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 global $wpdb;

modular-connector/trunk/src/config/filesystems.php

-                      r3371802
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/hashing.php

-                      r3249268
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
+/**
+ * Get or generate a unique JWT signing key for this installation.
+ *
+ * SECURITY: This replaces the use of SECURE_AUTH_KEY which can be leaked
+ * through various vectors (LFI, backups, phpinfo, etc.).
+ *
+ * The key is stored in the database and is unique per installation.
+ *
+ * @return string
+ */
+function modular_get_jwt_secret_key(): string
+{
+    $optionName = '_modular_jwt_secret_key';
+    $key = get_option($optionName);
+    if (empty($key)) {
+        // Generate a cryptographically secure random key
+        if (function_exists('wp_generate_password')) {
+            $key = wp_generate_password(64, true, true);
+        } else {
+            $key = bin2hex(random_bytes(32));
+        }
+        // Store it in the database
+        update_option($optionName, $key, false); // false = don't autoload
+    }
+    return $key;
+}
 return [
 …
     |--------------------------------------------------------------------------
+    |
+    | This is the default key used to sign the generated JWT tokens.
+    | If not set or specified on the generate function,
+    | an insecure one will be generated.
+    | SECURITY: This key is now unique per installation and stored in the
+    | database. It is NOT derived from SECURE_AUTH_KEY to prevent attacks
+    | if wp-config.php is leaked.
+    |
+    | The key is automatically generated on first use.
+    |
     */
     'default_key' => defined('SECURE_AUTH_KEY') ? SECURE_AUTH_KEY : null,
+    'default_key' => function_exists('get_option') ? modular_get_jwt_secret_key() : null,
     /*

modular-connector/trunk/src/config/logging.php

-                      r3214910
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/queue.php

-                      r3266504
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/config/view.php

-                      r3218772
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 return [

modular-connector/trunk/src/routes/api.php

-                      r3441222
+                      r3444723
 <?php
+if (!defined('ABSPATH')) {
+    exit;
+}
 use Modular\Connector\Http\Controllers\AuthController;
 …
 use Modular\Connector\Http\Controllers\WooCommerceController;
 use Modular\Connector\Http\Middleware\AuthenticateLoopback;
+use Modular\ConnectorDependencies\Ares\Framework\Foundation\Http\HttpUtils;
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Route;
 use function Modular\ConnectorDependencies\abort;
 …
     });
+Route::get('default/{modular_request}', function () {
+    abort(404);
+Route::get('default', function () {
+    if (!HttpUtils::isCron()) {
+        abort(404);
+    }
+    while (ob_get_level()) {
+        ob_end_clean();
+    }
 })->name('default');

modular-connector/trunk/vendor/ares/framework/src/Foundation/Auth/JWT.php

r3441222	r3444723
48	48	* @return string The Base64Url encoded string.
49	49	*/
50		p~~rivate~~ static function base64UrlEncode($input)
	50	public static function base64UrlEncode($input)
51	51	{
52	52	return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($input));

modular-connector/trunk/vendor/ares/framework/src/Foundation/Bootloader.php

-                      r3441222
+                      r3444723
 namespace Modular\ConnectorDependencies\Ares\Framework\Foundation;
+use Modular\ConnectorDependencies\Ares\Framework\Foundation\Compatibilities\LoginCompatibilities;
 use Modular\ConnectorDependencies\Ares\Framework\Foundation\Http\HttpUtils;
 use Modular\ConnectorDependencies\Ares\Framework\Foundation\Routing\Router;
 …
 use Modular\ConnectorDependencies\Illuminate\Http\Request;
 use Modular\ConnectorDependencies\Illuminate\Http\Response;
-use Modular\ConnectorDependencies\Illuminate\Support\Collection;
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Facade;
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Log;
-use Modular\ConnectorDependencies\Illuminate\Support\Str;
 /**
  * Class Bootloader inspired by Roots (Acorn).
 …
+    }
     /**
-     * @param Request $request
-     * @return bool
-     */
-    protected function getPath(Request $request)
+    {
-        return rtrim($request->getBaseUrl() . $request->getPathInfo(), '/');
+    }
-    /**
-     * @param string $path
-     * @return bool
-     */
-    protected function isWpLoad(string $path)
+    {
-        return Str::endsWith($path, 'wp-load.php');
+    }
-    /**
-     * @param Request $request
-     * @return bool
-     */
-    protected function isExcluded(Request $request)
+    {
-        $except = Collection::make([admin_url(), wp_login_url(), wp_registration_url()])->map(fn($url) => parse_url($url, \PHP_URL_PATH))->unique()->filter();
-        $path = $this->getPath($request);
-        return !$this->isWpLoad($path) && (Str::startsWith($path, $except->all()) || Str::endsWith($path, '.php'));
+    }
-    /**
      * Initialize and retrieve the Application instance.
      */
 …
             @ini_set('display_errors', \false);
+        }
-        // We're just before the WordPress bootstrap, so we can load the admin files.
-        ScreenSimulation::getInstance()->boot();
+    }
-    /**
-     * Register the default WordPress route to avoid Not Found errors.
+     *
-     * @return void
-     * @throws \Illuminate\Contracts\Container\BindingResolutionException
-     */
-    protected function registerDefaultRoute(): void
+    {
-        $this->app->make('router')->any('{any?}', fn() => \Modular\ConnectorDependencies\tap(\Modular\ConnectorDependencies\response(''), function (Response $response) {
-            foreach (headers_list() as $header) {
-                [$header, $value] = explode(': ', $header, 2);
-                if (!headers_sent()) {
-                    header_remove($header);
+                }
-                $response->header($header, $value, $header !== 'Set-Cookie');
+            }
-            if ($this->app->hasDebugModeEnabled()) {
-                $response->header('X-Powered-By', $this->app->version());
+            }
-            $content = '';
-            $levels = ob_get_level();
-            for ($i = 0; $i < $levels; $i++) {
-                $content .= ob_get_clean();
+            }
-            $response->setContent($content);
-        }))->where('any', '.*')->name('wordpress');
+    }
     /**
 …
     protected function registerRequestHandler(IlluminateHttpKernel $kernel, Request $request): void
+    {
+        $path = $this->getPath($request);
+        $isWpLoad = $this->isWpLoad($path);
+        $isDirectRequest = HttpUtils::isDirectRequest();
         // Handle the request if the route exists
         $hook = $isWpLoad ? 'wp_loaded' : 'parse_request';
+        $hook = $isDirectRequest ? 'wp_loaded' : 'parse_request';
         add_action($hook, fn() => $this->handleRequest($kernel, $request));
+    }
+    /**
+     * Disable WordPress automatic actions during direct requests.
+     *
+     * Prevents WordPress from:
+     * - Redirecting (we use Laravel Response for redirects)
+     * - Running auto-updates during our operations
+     * - Running wp_cron during our requests
+     */
+    protected function disableWordPressAutoActions(): void
+    {
+        // Prevent WordPress redirects (we use Laravel Response)
+        add_filter('wp_redirect', '__return_false');
+        // Disable auto updates during our operations
+        add_filter('auto_update_core', '__return_false', \PHP_INT_MAX);
+        add_filter('auto_update_translation', '__return_false', \PHP_INT_MAX);
+        add_filter('auto_update_theme', '__return_false', \PHP_INT_MAX);
+        add_filter('auto_update_plugin', '__return_false', \PHP_INT_MAX);
+        add_filter('automatic_updater_disabled', '__return_true');
+        // Prevent wp_cron from running during our requests
+        remove_action('init', 'wp_cron');
+    }
     /**
 …
      * Boot the Application for HTTP requests.
+     *
+     * Only two entry points are allowed:
+     * - wp-cron.php with DOING_CRON (cron requests)
+     * - wp-load.php with valid params (direct requests)
+     *
      * @param IlluminateHttpKernel $kernel
      * @param Request $request
 …
     protected function bootHttp(IlluminateHttpKernel $kernel, Request $request): void
+    {
+        if (!HttpUtils::isCron() && ($this->isExcluded($request) || !HttpUtils::isDirectRequest())) {
+        $isCron = HttpUtils::isCron();
+        $isDirectRequest = HttpUtils::isDirectRequest();
+        // Only process cron (wp-cron.php) or direct request (wp-load.php)
+        if (!$isCron && !$isDirectRequest) {
             return;
+        }
         Log::debug('Booting the Application for HTTP requests', ['is_direct_request' => HttpUtils::isDirectRequest(), 'is_cron' => HttpUtils::isCron(), 'uri' => $request->fullUrl()]);
+        Log::debug('Bootloader: Processing request', ['is_cron' => $isCron, 'is_direct_request' => $isDirectRequest]);
         $this->configRequest();
+        $this->registerDefaultRoute();
+        add_action('plugins_loaded', function () use ($kernel, $request) {
+        // Apply login compatibility fixes early (before plugins_loaded)
+        // so they can register their own plugins_loaded actions
+        if ($isDirectRequest) {
+            $this->disableWordPressAutoActions();
+            LoginCompatibilities::beforeLogin();
+        }
+        add_action('plugins_loaded', function () use ($kernel, $request, $isCron, $isDirectRequest) {
             try {
-                // First, we need to search for the route to confirm if it exists and check if the modular request is valid.
                 $route = apply_filters('ares/routes/match', \false);
+                if (HttpUtils::isDirectRequest()) {
+                    if ($route->getName() === 'wordpress') {
+                        // If the route is not found, return false.
+                if ($isDirectRequest) {
+                    if ($route->getName() === 'default') {
                         \Modular\ConnectorDependencies\abort(404);
+                    }
                     add_action('after_setup_theme', fn() => $this->registerRequestHandler($kernel, $request), 0);
                 } elseif (HttpUtils::isCron()) {
+                } elseif ($isCron) {
                     $this->bootCron($kernel, $request);
+                }

modular-connector/trunk/vendor/ares/framework/src/Foundation/Compatibilities/Compatibilities.php

-                      r3343003
+                      r3444723
 class Compatibilities
+{
+    /**
+     * Get general compatibility fixes.
+     *
+     * Note: Login-specific fixes (WpSimpleFirewall, WPEngine, Wp2Fa,
+     * ShieldUserManagementICWP, LoginLockdown, AllInOneSecurity, DuoFactor)
+     * have been moved to LoginCompatibilities and are only applied during login.
+     *
+     * @return array
+     */
     public static function getCompatibilityFixes()
+    {
         return [WPForms::class, AllInOneSecurity::class, WpSimpleFirewall::class, DuoFactor::class, ShieldUserManagementICWP::class, SidekickPlugin::class, SpamShield::class, WPO365Login::class, JetPlugins::class, WPEngine::class, LoginLockdown::class, Office365forPostSMTPExtension::class, ConstantContactForms::class, Wp2Fa::class, ShieldSecurity::class, Translatepress::class];
+        return [WPForms::class, SidekickPlugin::class, SpamShield::class, JetPlugins::class, ShieldSecurity::class, Translatepress::class];
+    }
     /**

modular-connector/trunk/vendor/ares/framework/src/Foundation/Http/HttpUtils.php

-                      r3441222
+                      r3444723
+    }
     /**
+     * @return bool
+     * @deprecated Use isCron() & isAjax() instead.
+     */
+    public static function isAjax(): bool
+    {
+        $request = \Modular\ConnectorDependencies\app('request');
+        return defined('DOING_AJAX') && \DOING_AJAX && Str::startsWith($request->get('action'), 'modular_');
+    }
+    /**
+     * Check if this is a valid cron request.
+     * Must be from wp-cron.php AND have DOING_CRON defined.
+     *
      * @return bool
      */
     public static function isCron(): bool
+    {
+        return defined('DOING_CRON') && \DOING_CRON;
+        if (!defined('DOING_CRON') || !\DOING_CRON) {
+            return \false;
+        }
+        $request = \Modular\ConnectorDependencies\app('request');
+        $scriptName = $request->server('SCRIPT_NAME', $request->server('PHP_SELF', ''));
+        return Str::endsWith($scriptName, 'wp-cron.php');
+    }
+    /**
+     * Validate that the request comes from wp-load.php only.
+     *
+     * @return bool
+     */
+    public static function isValidEntryPoint(): bool
+    {
+        $request = \Modular\ConnectorDependencies\app('request');
+        $scriptName = $request->server('SCRIPT_NAME', $request->server('PHP_SELF', ''));
+        if (!Str::endsWith($scriptName, 'wp-load.php')) {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - invalid entry point', ['script_name' => $scriptName, 'expected' => 'wp-load.php']);
+            return \false;
+        }
+        return \true;
+    }
+    /**
+     * Validate User-Agent header matches expected pattern.
+     *
+     * @return bool
+     */
+    public static function isValidUserAgent(): bool
+    {
+        $request = \Modular\ConnectorDependencies\app('request');
+        $userAgent = $request->userAgent() ?? '';
+        if (!Str::is('ModularConnector/* (Linux)', $userAgent)) {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - invalid User-Agent', ['user_agent' => $userAgent, 'expected_pattern' => 'ModularConnector/* (Linux)']);
+            return \false;
+        }
+        return \true;
+    }
     /**
 …
+    {
         $request = \Modular\ConnectorDependencies\app('request');
+        // Validate that the request method is GET
+        if (!$request->isMethod('GET')) {
+            return \false;
+        }
+        $originQuery = $request->has('origin') && $request->get('origin') === 'mo';
+        if (!$originQuery) {
+            return \false;
+        }
+        $isFromQuery = $originQuery && $request->has('type');
+        // When is wp-load.php request
+        if ($isFromQuery) {
+            // Validate allowed parameters based on type
+            $type = $request->get('type');
+            $origin = $request->get('origin');
+            $allParams = array_keys($request->query->all());
+            // Validate that type only contains allowed values
+            $allowedTypes = ['lb', 'request', 'oauth'];
+            if (!in_array($type, $allowedTypes, \true)) {
+                return \false;
+            }
+            // Validate that origin is exactly 'mo'
+            if ($origin !== 'mo') {
+                return \false;
+            }
+            switch ($type) {
+                case 'request':
+                    $allowedParams = ['origin', 'type', 'mrid', 'sig'];
+                    break;
+                case 'lb':
+                    $allowedParams = ['origin', 'type', 'nonce'];
+                    break;
+                case 'oauth':
+                    $allowedParams = ['origin', 'code', 'type', 'state'];
+                    break;
+                default:
+                    return \false;
+            }
+            // Check if all parameters are allowed
+            foreach ($allParams as $param) {
+                if (!in_array($param, $allowedParams, \true)) {
+                    return \false;
+        // Validate entry point is wp-load.php only (prevents wp-cron.php, /wp-json/, etc.)
+        if (!self::isValidEntryPoint()) {
+            return \false;
+        }
+        // Validate REAL HTTP method is GET (prevents X-HTTP-Method-Override)
+        if ($request->getRealMethod() !== 'GET') {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - invalid HTTP method', ['real_method' => $request->getRealMethod(), 'spoofed_method' => $request->method()]);
+            return \false;
+        }
+        // Must have origin=mo (fast check, most requests will fail here)
+        if ($request->get('origin') !== 'mo') {
+            return \false;
+        }
+        // Type: must be in query OR header, but not both
+        $hasTypeQuery = $request->has('type');
+        $hasTypeHeader = $request->hasHeader('x-mo-type');
+        if (!$hasTypeQuery && !$hasTypeHeader) {
+            return \false;
+        }
+        if ($hasTypeQuery && $hasTypeHeader) {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - type in both query and header');
+            return \false;
+        }
+        $type = $hasTypeQuery ? $request->get('type') : $request->header('x-mo-type');
+        // Validate that type only contains allowed values
+        $allowedTypes = ['lb', 'request', 'oauth'];
+        if (!in_array($type, $allowedTypes, \true)) {
+            return \false;
+        }
+        $allParams = array_keys($request->query->all());
+        // Validate all query parameters are strings (prevents array ?type[]=x)
+        foreach ($allParams as $param) {
+            $value = $request->get($param);
+            if (!is_string($value)) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - parameter is not a string', ['param' => $param, 'type' => gettype($value)]);
+                return \false;
+            }
+        }
+        $hasAuthHeader = $request->hasHeader('x-mo-authentication');
+        $hasSigParam = $request->has('sig');
+        // Mutual exclusivity: cannot have both header and sig
+        if ($hasAuthHeader && $hasSigParam) {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - cannot use both x-mo-authentication and sig');
+            return \false;
+        }
+        // User-Agent validation only when sig is NOT present (internal loopback requests)
+        if (!$hasSigParam && !self::isValidUserAgent()) {
+            return \false;
+        }
+        if ($type === 'request') {
+            // type=request: requires either x-mo-authentication header OR sig parameter (not both)
+            if (!$hasAuthHeader && !$hasSigParam) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - authentication required (header or sig)', ['type' => $type]);
+                return \false;
+            }
+        } else if (!$hasAuthHeader) {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - x-mo-authentication header required', ['type' => $type]);
+            return \false;
+        }
+        // mrid: can be in query OR header, but not both (only for type=request)
+        $hasMridQuery = $request->has('mrid');
+        $hasMridHeader = $request->hasHeader('x-mo-mrid');
+        if ($hasMridQuery && $hasMridHeader) {
+            \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - mrid in both query and header');
+            return \false;
+        }
+        // For type=request, mrid is required (in query OR header) and must be UUID
+        if ($type === 'request') {
+            if (!$hasMridQuery && !$hasMridHeader) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - mrid required for type=request');
+                return \false;
+            }
+            $mrid = $hasMridQuery ? $request->get('mrid') : $request->header('x-mo-mrid');
+            if (!Str::isUuid($mrid)) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - mrid must be a valid UUID', ['mrid' => $mrid]);
+                return \false;
+            }
+        }
+        // code validation (only for type=oauth)
+        $hasCodeQuery = \false;
+        if ($type === 'oauth') {
+            $hasCodeQuery = $request->has('code');
+            $hasCodeHeader = $request->hasHeader('x-mo-code');
+            // code: can be in query OR header, but not both
+            if ($hasCodeQuery && $hasCodeHeader) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - code in both query and header');
+                return \false;
+            }
+            // code is required (in query OR header)
+            if (!$hasCodeQuery && !$hasCodeHeader) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - code required for type=oauth');
+                return \false;
+            }
+        }
+        // Define allowed query parameters per type (exclude params that come via header)
+        $baseParams = ['origin'];
+        if ($hasTypeQuery) {
+            $baseParams[] = 'type';
+        }
+        switch ($type) {
+            case 'request':
+                $allowedParams = $baseParams;
+                if ($hasMridQuery) {
+                    $allowedParams[] = 'mrid';
+                }
+            }
+            // Validate that parameters are not empty (except state)
+            foreach ($allParams as $param) {
+                if ($param === 'state') {
+                    continue;
+                if ($hasSigParam) {
+                    $allowedParams[] = 'sig';
+                }
+                $value = $request->get($param);
+                if ($value === null || $value === '') {
+                    return \false;
+                break;
+            case 'lb':
+                $allowedParams = array_merge($baseParams, ['lbn']);
+                break;
+            case 'oauth':
+                $allowedParams = $baseParams;
+                if ($hasCodeQuery) {
+                    $allowedParams[] = 'code';
+                }
+            }
+            // Validate that sig parameter and x-mo-Authentication header are mutually exclusive
+            $hasSigParam = $request->has('sig');
+            $hasAuthHeader = $request->hasHeader('x-mo-authentication');
+            if ($hasSigParam && $hasAuthHeader) {
+                return \false;
+            }
+            // Validate required headers for oauth type
+            if ($type === 'oauth') {
+                if (!$request->hasHeader('x-mo-authentication')) {
+                    return \false;
+                }
+            }
+            // Validate required header or parameter for lb type
+            if ($type === 'lb') {
+                $hasAuthHeader = $request->hasHeader('Authentication');
+                $hasNonceParam = $request->has('nonce');
+                if (!$hasAuthHeader && !$hasNonceParam) {
+                    return \false;
+                }
+            }
+            return \true;
+        }
+        return \false;
+                $allowedParams[] = 'state';
+                break;
+            default:
+                return \false;
+        }
+        // Validate all parameters: must be allowed and not empty (except 'state')
+        foreach ($allParams as $param) {
+            if (!in_array($param, $allowedParams, \true)) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - unexpected parameter', ['param' => $param, 'allowed' => $allowedParams]);
+                return \false;
+            }
+            // 'state' can be empty
+            if ($param === 'state') {
+                continue;
+            }
+            $value = $request->get($param);
+            if ($value === null || $value === '') {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - empty required parameter', ['param' => $param]);
+                return \false;
+            }
+        }
+        // Validate lbn format for loopback requests (32 hex chars)
+        if ($type === 'lb') {
+            $lbn = $request->get('lbn');
+            if (!preg_match('/^[a-f0-9]{32}$/i', $lbn)) {
+                \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Rejected - invalid lbn format', ['lbn' => $lbn, 'expected' => '32 hex characters']);
+                return \false;
+            }
+        }
+        \Modular\ConnectorDependencies\app('log')->debug('isDirectRequest: Request validated successfully', ['type' => $type]);
+        return \true;
+    }
     /**
 …
+    {
         Cache::forever('illuminate:queue:restart', $timestamp);
         Log::info('Broadcasting queue restart signal.');
+        \Modular\ConnectorDependencies\app('log')->info('Broadcasting queue restart signal.');
+    }
+}

modular-connector/trunk/vendor/ares/framework/src/Foundation/ScreenSimulation.php

-                      r3441222
+                      r3444723
 use Modular\ConnectorDependencies\Ares\Framework\Foundation\Compatibilities\Compatibilities;
-use Modular\ConnectorDependencies\Ares\Framework\Foundation\Http\HttpUtils;
 use Modular\ConnectorDependencies\Illuminate\Support\Facades\Log;
+/**
+ * Simulates WordPress admin environment for plugin/theme management operations.
+ *
+ * This class is used by Manager jobs (ManagerInstallJob, ManagerUpdateJob, ManagerManageItemJob)
+ * to simulate the wp-admin environment needed for WordPress upgrader operations.
+ *
+ * Usage:
+ *   ScreenSimulation::simulateAdmin();  // Call at start of job handle()
+ *   ScreenSimulation::includeUpgrader(); // Called by Manager services as needed
+ *
+ * @see \Modular\Connector\Jobs\ManagerInstallJob
+ * @see \Modular\Connector\Jobs\ManagerUpdateJob
+ * @see \Modular\Connector\Jobs\ManagerManageItemJob
+ */
 class ScreenSimulation
+{
     /**
+     * Indicates if the screen has "booted".
+     * Indicates if the admin environment has been simulated.
+     */
+    private static bool $adminSimulated = \false;
+    /**
+     * Simulate WordPress admin environment for plugin/theme management.
+     *
+     * @var bool
+     * Call this at the start of Manager jobs that need to install, update,
+     * activate, or delete plugins/themes.
+     *
+     * @param string $path The admin page to simulate (default: update-core.php)
      */
+    protected $booted = \false;
+    /**
+     * Indicates if the screen has "loaded".
+     *
+     * @var bool
+     */
+    protected $loaded = \false;
+    /**
+     * The Bootloader instance.
+     */
+    protected static $instance;
+    /**
+     * @var mixed
+     */
+    protected $callResponse;
+    /**
+     * @var mixed
+     */
+    protected $callBody;
+    /**
+     * Get the Bootloader instance.
+     */
+    public static function getInstance(): self
+    public static function simulateAdmin(string $path = 'update-core.php'): void
+    {
+        return static::$instance ??= new static();
+    }
+    /**
+     * Determine if the screen has booted.
+     *
+     * @return bool
+     */
+    public function isBooted()
+    {
+        return $this->booted;
+    }
+    /**
+     * Determine if the screen has booted.
+     *
+     * @return bool
+     */
+    public function isLoaded()
+    {
+        return $this->loaded;
+    }
+    /**
+     * Boot the screen's service providers.
+     *
+     * @return void
+     */
+    public function boot(string $path = 'update-core.php')
+    {
+        if ($this->isBooted()) {
+        if (self::$adminSimulated) {
             return;
+        }
+        // A lot of sites have issues with the updater, so we need to tell WordPress that we are in the update-core.php file.
+        self::$adminSimulated = \true;
+        Log::debug('ScreenSimulation: Simulating admin environment', ['path' => $path]);
+        // Simulate being in wp-admin
         $_SERVER['PHP_SELF'] = '/wp-admin/' . $path;
-        $_COOKIE['redirect_count'] = '10';
         if (defined('FORCE_SSL_ADMIN') && \FORCE_SSL_ADMIN) {
             $_SERVER['HTTPS'] = 'on';
 …
             $GLOBALS['pagenow'] = $path;
+        }
+        // We use Laravel Response to make our redirections.
+        add_filter('wp_redirect', '__return_false');
+        if (HttpUtils::isDirectRequest()) {
+            if (!defined('DOING_AJAX')) {
+                define('DOING_AJAX', \true);
+            }
+            // When it's a modular request, we need to avoid the cron execution.
+            remove_action('init', 'wp_cron');
+            // Disable auto updates for core, themes, plugins and translations.
+            add_filter('auto_update_core', '__return_false', \PHP_INT_MAX);
+            add_filter('auto_update_translation', '__return_false', \PHP_INT_MAX);
+            add_filter('auto_update_theme', '__return_false', \PHP_INT_MAX);
+            add_filter('auto_update_plugin', '__return_false', \PHP_INT_MAX);
+            // Disable Automatic updates.
+            add_filter('automatic_updater_disabled', '__return_true');
+        if (!isset($GLOBALS['hook_suffix'])) {
+            $GLOBALS['hook_suffix'] = '';
+        }
+        // Include WordPress screen classes
         if (!class_exists('WP_Screen')) {
             require_once \ABSPATH . 'wp-admin/includes/class-wp-screen.php';
 …
             require_once \ABSPATH . 'wp-admin/includes/template.php';
+        }
+        if (!isset($GLOBALS['hook_suffix'])) {
+            $GLOBALS['hook_suffix'] = '';
+        }
+        $this->forceCompability();
+        if (HttpUtils::isMuPlugin()) {
+            $this->loadAdmin();
+        }
+        // Apply general compatibility fixes for plugins that interfere with updates
+        self::applyCompatibilityFixes();
+        // Logout user when request terminates
         \Modular\ConnectorDependencies\app()->terminating(function () {
             ServerSetup::logout();
         });
-        $this->booted = \true;
+    }
     /**
      * Makes the necessary WordPress upgrader includes
      * to handle plugin and themes functionality.
+     *
-     * @return void
      */
     public static function includeUpgrader(): void
 …
+    }
     /**
+     * @param $response
+     * @param $args
+     * @param $url
+     * @return mixed
+     * Apply general compatibility fixes for plugins that interfere with updates.
      */
     public function interceptUpdateCall($response, $args, $url)
+    private static function applyCompatibilityFixes(): void
+    {
-        if ($url !== 'https://api.wordpress.org/plugins/update-check/1.1/') {
-            return $response;
+        }
-        $this->callResponse = $response;
-        $this->callBody = $args['body'];
-        return $response;
+    }
-    /**
-     * @param $response
-     * @param $args
-     * @param $url
-     * @return mixed
-     */
-    public function interceptUpdateCache($response, $args, $url)
+    {
-        if ($url !== 'https://api.wordpress.org/plugins/update-check/1.1/') {
-            return $response;
+        }
-        if ($this->callResponse === null) {
-            return $response;
+        }
-        if ($this->callBody !== http_build_query($args['body'])) {
-            return $response;
+        }
-        return $this->callResponse;
+    }
-    /**
-     * @return void
-     */
-    private function loadAdmin()
+    {
-        #region Simulate admin mode
-        /**
-         * Only we want to simulate the admin if we are in a MU Plugin.
-         */
-        if (!defined('WP_ADMIN')) {
-            define('WP_ADMIN', \true);
+        }
-        if (!defined('WP_NETWORK_ADMIN')) {
-            define('WP_NETWORK_ADMIN', HttpUtils::isMultisite());
+        }
-        if (!defined('WP_BLOG_ADMIN')) {
-            define('WP_BLOG_ADMIN', \true);
+        }
-        if (!defined('WP_USER_ADMIN')) {
-            define('WP_USER_ADMIN', \false);
+        }
-        #endregion
-        add_action('wp_loaded', function () {
-            // When we're in Direct Request (wp-load.php) or wp-cron.php, we need to load the main admin files.
-            if (HttpUtils::isDirectRequest() || HttpUtils::isCron()) {
-                // Initialize ob_start to avoid any content that has already been sent.
-                @ob_start();
-                try {
-                    require_once \ABSPATH . 'wp-admin/includes/admin.php';
-                    do_action('admin_init');
-                } catch (\Throwable $e) {
-                    // Handle any exceptions that might occur during the loading process.
-                    Log::error($e, ['message' => 'Error loading admin files in ScreenSimulation']);
+                }
-                @ob_end_flush();
-                if (@ob_get_length() > 0) {
-                    @ob_end_clean();
+                }
+            }
-            set_current_screen();
-        }, \PHP_INT_MAX);
+    }
-    /**
-     * @return void
-     */
-    private function forceCompability()
+    {
-        add_filter('http_response', [$this, 'interceptUpdateCall'], \PHP_INT_MAX, 3);
-        add_filter('pre_http_request', [$this, 'interceptUpdateCache'], \PHP_INT_MAX, 3);
         $compatibilityFixes = Compatibilities::getCompatibilityFixes();
         array_walk($compatibilityFixes, fn($compatibility) => $compatibility::fix());

modular-connector/trunk/vendor/ares/framework/src/Foundation/ServerSetup.php

-                      r3290091
+                      r3444723
 namespace Modular\ConnectorDependencies\Ares\Framework\Foundation;
+use Modular\ConnectorDependencies\Ares\Framework\Foundation\Compatibilities\LoginCompatibilities;
 use Modular\ConnectorDependencies\Ares\Framework\Foundation\Database\Models\User;
 use Modular\ConnectorDependencies\Illuminate\Support\Collection;
 …
      * @param null $user
      * @param bool $withCookies
      * @return void
+     * @return array
      */
     public static function loginAs($user = null, bool $withCookies = \false)
 …
+        }
         if (!$withCookies && is_user_logged_in()) {
             return;
+            return [];
+        }
         if (!$user) {
 …
+        }
         if (!$user) {
             return;
+            return [];
+        }
+        Log::debug('Login as user', ['user' => $user->ID, 'login' => $user->user_login]);
+        $id = intval(\Modular\ConnectorDependencies\data_get($user, 'ID'));
+        Log::debug('Login as user', ['user' => $id, 'login' => $user->user_login]);
         // Authenticated user
         wp_cookie_constants();
-        $id = intval(\Modular\ConnectorDependencies\data_get($user, 'ID'));
         // Log in with the new user
         wp_set_current_user($id, \Modular\ConnectorDependencies\data_get($user, 'user_login'));
+        // Apply post-login fixes AFTER user is set
+        if ($withCookies) {
+            LoginCompatibilities::afterLogin($id);
+        }
         if ($withCookies) {
             try {
 …
+            }
+        }
         return apply_filters('ares/login/match', [], $id, is_ssl());
+        return $withCookies ? LoginCompatibilities::getLoginCookies($id, is_ssl()) : [];
+    }
     /**

modular-connector/trunk/vendor/autoload.php

r3371802	r3444723
20	20	require_once __DIR__ . '/composer/autoload_real.php';
21	21
22		return ComposerAutoloaderInit~~20dc4b5b6916718faedab6064b350e72~~::getLoader();
	22	return ComposerAutoloaderInit117d74cb38cf02066bc2c9688a2868a1::getLoader();

modular-connector/trunk/vendor/composer/autoload_classmap.php

-                      r3441222
+                      r3444723
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Cache\\WordPressStore' => $vendorDir . '/ares/framework/src/Foundation/Cache/WordPressStore.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Cache\\WordPressStoreRepository' => $vendorDir . '/ares/framework/src/Foundation/Cache/WordPressStoreRepository.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\AllInOneSecurity' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/AllInOneSecurity.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Compatibilities' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/Compatibilities.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\ConstantContactForms' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/ConstantContactForms.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\DuoFactor' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/DuoFactor.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\JetPlugins' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/JetPlugins.php',
+    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\LoginLockdown' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/LoginLockdown.php',
+    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Office365forPostSMTPExtension' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/Office365forPostSMTPExtension.php',
+    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\LoginCompatibilities' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/LoginCompatibilities.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\ShieldSecurity' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/ShieldSecurity.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\ShieldUserManagementICWP' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/ShieldUserManagementICWP.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\SidekickPlugin' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/SidekickPlugin.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\SpamShield' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/SpamShield.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Translatepress' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/Translatepress.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WPEngine' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/WPEngine.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WPForms' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/WPForms.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WPO365Login' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/WPO365Login.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Wp2Fa' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/Wp2Fa.php',
-    'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WpSimpleFirewall' => $vendorDir . '/ares/framework/src/Foundation/Compatibilities/WpSimpleFirewall.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Console\\Command' => $vendorDir . '/ares/framework/src/Foundation/Console/Command.php',
     'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Console\\Scheduling\\Event' => $vendorDir . '/ares/framework/src/Foundation/Console/Scheduling/Event.php',

modular-connector/trunk/vendor/composer/autoload_files.php

-                      r3441222
+                      r3444723
 return array(
     'be0e863a0b7d410051e3679684b89d05' => $vendorDir . '/symfony/polyfill-php80/bootstrap.php',
     'cdccba37285717201be0cda22130b7c1' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php',
     '4da8a5f965edcd26473fcbf2be82d7d7' => $vendorDir . '/symfony/deprecation-contracts/function.php',
     '5d7599fb41d4880e3bb858d832901e9a' => $vendorDir . '/illuminate/collections/helpers.php',
     '91ee1bbb29b3989967f6f8639a6d635d' => $vendorDir . '/symfony/translation/Resources/functions.php',
     'b72b50162266450392ddd5c515a75818' => $vendorDir . '/illuminate/support/helpers.php',
     '9f49441cfe0691e56c9c67bd097c4350' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php',
     '2754c0fa2f40527b67501543ab0dae51' => $vendorDir . '/symfony/polyfill-php73/bootstrap.php',
     '67396cf9772d27504ccab5def06d1e52' => $vendorDir . '/symfony/polyfill-intl-normalizer/bootstrap.php',
     '49299b7cf704dda84b41286413c4d7e4' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
     '36a37457274e471b69dac0ebf51b90b3' => $vendorDir . '/symfony/polyfill-intl-grapheme/bootstrap.php',
     'e121a84a0c75bdd4c6e143812fa796a1' => $vendorDir . '/symfony/string/Resources/functions.php',
     'f758949f401dc2a1f6a702b8afe6dfe4' => $vendorDir . '/symfony/polyfill-intl-idn/bootstrap.php',
     '4b27ba2df9dd92700018e46af777f34f' => $vendorDir . '/symfony/polyfill-php81/bootstrap.php',
     '5004fdd59b9e9307e6cd434a40d345f8' => $vendorDir . '/illuminate/events/functions.php',
     '92149af1b8cbd5859e99da0ff318c72f' => $vendorDir . '/opis/closure/functions.php',
     '929e580c79e3d98067c7165de1418f14' => $vendorDir . '/ralouphie/getallheaders/src/getallheaders.php',
     '2720919b2893441fad9f879d73593754' => $vendorDir . '/ramsey/uuid/src/functions.php',
     'c0255d9fc9194fa59c7865314fa4fccd' => $vendorDir . '/ares/framework/src/helpers.php',
     'abffc1041942c7350c813eb59081cf24' => $vendorDir . '/ares/framework/illuminate/Foundation/helpers.php',
     '7cb02eee968935cda8344cc3dbfa9620' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
+    '8419c93626fe7598ccbef010564c3a4b' => $vendorDir . '/symfony/polyfill-php80/bootstrap.php',
+    '7bf789b8cc0d56c6855b298256ff6115' => $vendorDir . '/symfony/polyfill-mbstring/bootstrap.php',
+    '9e04c4aabe502bb16013b09736a2ddbd' => $vendorDir . '/symfony/deprecation-contracts/function.php',
+    '0ce5926b030d9c07cbd62c1b14d18006' => $vendorDir . '/illuminate/collections/helpers.php',
+    '7a3fd1ce6fda5c86e7fdfeb50092a4de' => $vendorDir . '/symfony/translation/Resources/functions.php',
+    '8bd8682b7413a305bfd18ab0b047b432' => $vendorDir . '/illuminate/support/helpers.php',
+    '7b9d7df53ffe0b69f28a3b6e0b3529a9' => $vendorDir . '/symfony/polyfill-ctype/bootstrap.php',
+    '7c3fa93b8961a4fe2cab57c63da2e84c' => $vendorDir . '/symfony/polyfill-php73/bootstrap.php',
+    '32b6f9e9af021004a341671cdaea72f5' => $vendorDir . '/symfony/polyfill-intl-normalizer/bootstrap.php',
+    '343adb70f1591f131423a9171703882c' => $vendorDir . '/symfony/var-dumper/Resources/functions/dump.php',
+    '77c294005b48468474622f6437ac536d' => $vendorDir . '/symfony/polyfill-intl-grapheme/bootstrap.php',
+    '76d345642e8cbc8b74f6a855ce27c3dd' => $vendorDir . '/symfony/string/Resources/functions.php',
+    '2f8283d81eee04908281bbf23212b9a2' => $vendorDir . '/symfony/polyfill-intl-idn/bootstrap.php',
+    '1e55f1386e412dbd32526655015b0a42' => $vendorDir . '/symfony/polyfill-php81/bootstrap.php',
+    '408f897df7b1881ca8d62de223242437' => $vendorDir . '/illuminate/events/functions.php',
+    '0dab8d3562207ef34a1f138bec21d376' => $vendorDir . '/opis/closure/functions.php',
+    '3d85a28d6d55084676a3a89ff2abc2c9' => $vendorDir . '/ralouphie/getallheaders/src/getallheaders.php',
+    '35962e3ca5a7baa6a36e18d1bb6e925a' => $vendorDir . '/ramsey/uuid/src/functions.php',
+    '66f6c64bea6c96c0f30a5bc81bd5d371' => $vendorDir . '/ares/framework/src/helpers.php',
+    'dc37a2ed37121e04227fa943fbc992e9' => $vendorDir . '/ares/framework/illuminate/Foundation/helpers.php',
+    '6533f4592bad35b0c0e9f64c67fd1c53' => $vendorDir . '/guzzlehttp/guzzle/src/functions_include.php',
 );

modular-connector/trunk/vendor/composer/autoload_real.php

-                      r3371802
+                      r3444723
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit20dc4b5b6916718faedab6064b350e72
+class ComposerAutoloaderInit117d74cb38cf02066bc2c9688a2868a1
+{
     private static $loader;
 …
+        }
         spl_autoload_register(array('ComposerAutoloaderInit20dc4b5b6916718faedab6064b350e72', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit117d74cb38cf02066bc2c9688a2868a1', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
         spl_autoload_unregister(array('ComposerAutoloaderInit20dc4b5b6916718faedab6064b350e72', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit117d74cb38cf02066bc2c9688a2868a1', 'loadClassLoader'));
         require __DIR__ . '/autoload_static.php';
         call_user_func(\Composer\Autoload\ComposerStaticInit20dc4b5b6916718faedab6064b350e72::getInitializer($loader));
+        call_user_func(\Composer\Autoload\ComposerStaticInit117d74cb38cf02066bc2c9688a2868a1::getInitializer($loader));
         $loader->setClassMapAuthoritative(true);
         $loader->register(true);
         $filesToLoad = \Composer\Autoload\ComposerStaticInit20dc4b5b6916718faedab6064b350e72::$files;
+        $filesToLoad = \Composer\Autoload\ComposerStaticInit117d74cb38cf02066bc2c9688a2868a1::$files;
         $requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
             if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {

modular-connector/trunk/vendor/composer/autoload_static.php

-                      r3441222
+                      r3444723
 namespace Composer\Autoload;
 class ComposerStaticInit20dc4b5b6916718faedab6064b350e72
+class ComposerStaticInit117d74cb38cf02066bc2c9688a2868a1
+{
     public static $files = array (
         'be0e863a0b7d410051e3679684b89d05' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
         'cdccba37285717201be0cda22130b7c1' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php',
         '4da8a5f965edcd26473fcbf2be82d7d7' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
         '5d7599fb41d4880e3bb858d832901e9a' => __DIR__ . '/..' . '/illuminate/collections/helpers.php',
         '91ee1bbb29b3989967f6f8639a6d635d' => __DIR__ . '/..' . '/symfony/translation/Resources/functions.php',
         'b72b50162266450392ddd5c515a75818' => __DIR__ . '/..' . '/illuminate/support/helpers.php',
         '9f49441cfe0691e56c9c67bd097c4350' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php',
         '2754c0fa2f40527b67501543ab0dae51' => __DIR__ . '/..' . '/symfony/polyfill-php73/bootstrap.php',
         '67396cf9772d27504ccab5def06d1e52' => __DIR__ . '/..' . '/symfony/polyfill-intl-normalizer/bootstrap.php',
         '49299b7cf704dda84b41286413c4d7e4' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
         '36a37457274e471b69dac0ebf51b90b3' => __DIR__ . '/..' . '/symfony/polyfill-intl-grapheme/bootstrap.php',
         'e121a84a0c75bdd4c6e143812fa796a1' => __DIR__ . '/..' . '/symfony/string/Resources/functions.php',
         'f758949f401dc2a1f6a702b8afe6dfe4' => __DIR__ . '/..' . '/symfony/polyfill-intl-idn/bootstrap.php',
         '4b27ba2df9dd92700018e46af777f34f' => __DIR__ . '/..' . '/symfony/polyfill-php81/bootstrap.php',
         '5004fdd59b9e9307e6cd434a40d345f8' => __DIR__ . '/..' . '/illuminate/events/functions.php',
         '92149af1b8cbd5859e99da0ff318c72f' => __DIR__ . '/..' . '/opis/closure/functions.php',
         '929e580c79e3d98067c7165de1418f14' => __DIR__ . '/..' . '/ralouphie/getallheaders/src/getallheaders.php',
         '2720919b2893441fad9f879d73593754' => __DIR__ . '/..' . '/ramsey/uuid/src/functions.php',
         'c0255d9fc9194fa59c7865314fa4fccd' => __DIR__ . '/..' . '/ares/framework/src/helpers.php',
         'abffc1041942c7350c813eb59081cf24' => __DIR__ . '/..' . '/ares/framework/illuminate/Foundation/helpers.php',
         '7cb02eee968935cda8344cc3dbfa9620' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
+        '8419c93626fe7598ccbef010564c3a4b' => __DIR__ . '/..' . '/symfony/polyfill-php80/bootstrap.php',
+        '7bf789b8cc0d56c6855b298256ff6115' => __DIR__ . '/..' . '/symfony/polyfill-mbstring/bootstrap.php',
+        '9e04c4aabe502bb16013b09736a2ddbd' => __DIR__ . '/..' . '/symfony/deprecation-contracts/function.php',
+        '0ce5926b030d9c07cbd62c1b14d18006' => __DIR__ . '/..' . '/illuminate/collections/helpers.php',
+        '7a3fd1ce6fda5c86e7fdfeb50092a4de' => __DIR__ . '/..' . '/symfony/translation/Resources/functions.php',
+        '8bd8682b7413a305bfd18ab0b047b432' => __DIR__ . '/..' . '/illuminate/support/helpers.php',
+        '7b9d7df53ffe0b69f28a3b6e0b3529a9' => __DIR__ . '/..' . '/symfony/polyfill-ctype/bootstrap.php',
+        '7c3fa93b8961a4fe2cab57c63da2e84c' => __DIR__ . '/..' . '/symfony/polyfill-php73/bootstrap.php',
+        '32b6f9e9af021004a341671cdaea72f5' => __DIR__ . '/..' . '/symfony/polyfill-intl-normalizer/bootstrap.php',
+        '343adb70f1591f131423a9171703882c' => __DIR__ . '/..' . '/symfony/var-dumper/Resources/functions/dump.php',
+        '77c294005b48468474622f6437ac536d' => __DIR__ . '/..' . '/symfony/polyfill-intl-grapheme/bootstrap.php',
+        '76d345642e8cbc8b74f6a855ce27c3dd' => __DIR__ . '/..' . '/symfony/string/Resources/functions.php',
+        '2f8283d81eee04908281bbf23212b9a2' => __DIR__ . '/..' . '/symfony/polyfill-intl-idn/bootstrap.php',
+        '1e55f1386e412dbd32526655015b0a42' => __DIR__ . '/..' . '/symfony/polyfill-php81/bootstrap.php',
+        '408f897df7b1881ca8d62de223242437' => __DIR__ . '/..' . '/illuminate/events/functions.php',
+        '0dab8d3562207ef34a1f138bec21d376' => __DIR__ . '/..' . '/opis/closure/functions.php',
+        '3d85a28d6d55084676a3a89ff2abc2c9' => __DIR__ . '/..' . '/ralouphie/getallheaders/src/getallheaders.php',
+        '35962e3ca5a7baa6a36e18d1bb6e925a' => __DIR__ . '/..' . '/ramsey/uuid/src/functions.php',
+        '66f6c64bea6c96c0f30a5bc81bd5d371' => __DIR__ . '/..' . '/ares/framework/src/helpers.php',
+        'dc37a2ed37121e04227fa943fbc992e9' => __DIR__ . '/..' . '/ares/framework/illuminate/Foundation/helpers.php',
+        '6533f4592bad35b0c0e9f64c67fd1c53' => __DIR__ . '/..' . '/guzzlehttp/guzzle/src/functions_include.php',
     );
 …
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Cache\\WordPressStore' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Cache/WordPressStore.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Cache\\WordPressStoreRepository' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Cache/WordPressStoreRepository.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\AllInOneSecurity' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/AllInOneSecurity.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Compatibilities' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/Compatibilities.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\ConstantContactForms' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/ConstantContactForms.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\DuoFactor' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/DuoFactor.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\JetPlugins' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/JetPlugins.php',
+        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\LoginLockdown' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/LoginLockdown.php',
+        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Office365forPostSMTPExtension' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/Office365forPostSMTPExtension.php',
+        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\LoginCompatibilities' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/LoginCompatibilities.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\ShieldSecurity' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/ShieldSecurity.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\ShieldUserManagementICWP' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/ShieldUserManagementICWP.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\SidekickPlugin' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/SidekickPlugin.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\SpamShield' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/SpamShield.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Translatepress' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/Translatepress.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WPEngine' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/WPEngine.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WPForms' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/WPForms.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WPO365Login' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/WPO365Login.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\Wp2Fa' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/Wp2Fa.php',
-        'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Compatibilities\\WpSimpleFirewall' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Compatibilities/WpSimpleFirewall.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Console\\Command' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Console/Command.php',
         'Modular\\ConnectorDependencies\\Ares\\Framework\\Foundation\\Console\\Scheduling\\Event' => __DIR__ . '/..' . '/ares/framework/src/Foundation/Console/Scheduling/Event.php',
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit20dc4b5b6916718faedab6064b350e72::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit20dc4b5b6916718faedab6064b350e72::$prefixDirsPsr4;
             $loader->classMap = ComposerStaticInit20dc4b5b6916718faedab6064b350e72::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit117d74cb38cf02066bc2c9688a2868a1::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit117d74cb38cf02066bc2c9688a2868a1::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInit117d74cb38cf02066bc2c9688a2868a1::$classMap;
         }, null, ClassLoader::class);

modular-connector/trunk/vendor/composer/installed.json

-                      r3441222
+                      r3444723
+        {
             "name": "ares/framework",
             "version": "3.6.17",
             "version_normalized": "3.6.17.0",
+            "version": "dev-master",
+            "version_normalized": "dev-master",
             "source": {
                 "type": "git",
                 "url": "[email protected]:modular/connector/ares.git",
                 "reference": "a912d44484836fec6ba90420f2bf2efa67084ec6"
             },
             "dist": {
                 "type": "zip",
                 "url": "https://gitlab.modulards.com/api/v4/projects/modular%2Fconnector%2Fares/repository/archive.zip?sha=a912d44484836fec6ba90420f2bf2efa67084ec6",
                 "reference": "a912d44484836fec6ba90420f2bf2efa67084ec6",
+                "reference": "3cb619269631ea6f37435da09c317b2bc6ec626d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://gitlab.modulards.com/api/v4/projects/modular%2Fconnector%2Fares/repository/archive.zip?sha=3cb619269631ea6f37435da09c317b2bc6ec626d",
+                "reference": "3cb619269631ea6f37435da09c317b2bc6ec626d",
                 "shasum": ""
             },
 …
                 "php": "^7.4|^8.0",
                 "symfony/http-kernel": "^5.4",
-                "symfony/var-dumper": "^5.1",
                 "vlucas/phpdotenv": "^5.2"
             },
             "require-dev": {
+                "filp/whoops": "^2.12"
+            },
+            "time": "2026-01-16T19:10:38+01:00",
+                "filp/whoops": "^2.12",
+                "symfony/var-dumper": "^5.1"
+            },
+            "time": "2026-01-21T20:45:12+01:00",
+            "default-branch": true,
             "type": "library",
             "installation-source": "dist",
 …
             ],
             "support": {
                 "source": "https://gitlab.modulards.com/modular/connector/ares/-/tree/3.6.17",
+                "source": "https://gitlab.modulards.com/modular/connector/ares/-/tree/3.7.0",
                 "issues": "https://gitlab.modulards.com/modular/connector/ares/-/issues"
             },

modular-connector/trunk/vendor/composer/installed.php

-                      r3441222
+                      r3444723
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
         'reference' => 'ff508e7a68350177872cefc7c0cf72cab74fe5a1',
+        'reference' => '2e631ebf6037a39cc86072b30ded5111b2e67810',
         'type' => 'wordpres-plugin',
         'install_path' => __DIR__ . '/../../',
 …
     'versions' => array(
         'ares/framework' => array(
             'pretty_version' => '3.6.17',
             'version' => '3.6.17.0',
             'reference' => 'a912d44484836fec6ba90420f2bf2efa67084ec6',
+            'pretty_version' => 'dev-master',
+            'version' => 'dev-master',
+            'reference' => '3cb619269631ea6f37435da09c317b2bc6ec626d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../ares/framework',
+            'aliases' => array(),
+            'aliases' => array(
+=> '9999999-dev',
+            ),
             'dev_requirement' => false,
         ),
 …
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
             'reference' => 'ff508e7a68350177872cefc7c0cf72cab74fe5a1',
+            'reference' => '2e631ebf6037a39cc86072b30ded5111b2e67810',
             'type' => 'wordpres-plugin',
             'install_path' => __DIR__ . '/../../',

modular-connector/trunk/vendor/scoper-autoload.php

-                      r3441222
+                      r3444723
     $GLOBALS['__composer_autoload_files'] = \array_merge(
         $existingComposerAutoloadFiles,
         \array_fill_keys(['9f49441cfe0691e56c9c67bd097c4350', '9eaa6b0f3f04e58e17ae5ecb754ea313', '36a37457274e471b69dac0ebf51b90b3', 'acbe0d033c55cd0a032b415e08d14f4c', 'f758949f401dc2a1f6a702b8afe6dfe4', 'b48cbeb76a71e226a23fa64ac2b94dc6', '67396cf9772d27504ccab5def06d1e52', '36dfd6ed9dd74e8062aa61f09caf8554', 'cdccba37285717201be0cda22130b7c1', '5928a00fa978807cf85d90ec3f4b0147', '2754c0fa2f40527b67501543ab0dae51', 'be0e863a0b7d410051e3679684b89d05', '4b27ba2df9dd92700018e46af777f34f', 'b178954ba4692b8876c08a4a97e6ce23', '28099935d0ea91a1b5e09408e356eacb', 'c5e5dfa7f2077b89dbc43523332b50aa', '674e404d8857dd99db32bc218bb5643a', '83cc8b953df9a6f7e51f674d84d57730', '9250916e8af80e0d1bb31401fd2e15a7', '99b27172349c9ec3abea78f62e2938bb', 'a875add15ea9a7df1a6c0c26cc9e4590', '1cbb53d50065225a14c2360be2ccbf6f', '54b9ab13bc86d8251a04a939888e357e', 'a89966141ddd51b9b7e868bc3b2f9bb0', '7bdb062931f6e7102434c3ad28423eb6', 'f49032536fdd06afd9df7191c3f21453', '18e965175c6bcd96deba6bc791a44373', '51421aa3e5e8003b70a289762d146a2a', '7edcabe1b67fbb38f4972a722bbbb429', '7b0b5d7b98f96ad751222ae5cc98cfcb', 'd1fb64fd99fc22e28e29a95cc0ea533a'], true)
+        \array_fill_keys(['7b9d7df53ffe0b69f28a3b6e0b3529a9', '9eaa6b0f3f04e58e17ae5ecb754ea313', '77c294005b48468474622f6437ac536d', 'acbe0d033c55cd0a032b415e08d14f4c', '2f8283d81eee04908281bbf23212b9a2', 'b48cbeb76a71e226a23fa64ac2b94dc6', '32b6f9e9af021004a341671cdaea72f5', '36dfd6ed9dd74e8062aa61f09caf8554', '7bf789b8cc0d56c6855b298256ff6115', '5928a00fa978807cf85d90ec3f4b0147', '7c3fa93b8961a4fe2cab57c63da2e84c', '8419c93626fe7598ccbef010564c3a4b', '1e55f1386e412dbd32526655015b0a42', 'b178954ba4692b8876c08a4a97e6ce23', '28099935d0ea91a1b5e09408e356eacb', 'c5e5dfa7f2077b89dbc43523332b50aa', '674e404d8857dd99db32bc218bb5643a', '83cc8b953df9a6f7e51f674d84d57730', '9250916e8af80e0d1bb31401fd2e15a7', '99b27172349c9ec3abea78f62e2938bb', 'a875add15ea9a7df1a6c0c26cc9e4590', '1cbb53d50065225a14c2360be2ccbf6f', '54b9ab13bc86d8251a04a939888e357e', 'a89966141ddd51b9b7e868bc3b2f9bb0', '7bdb062931f6e7102434c3ad28423eb6', 'f49032536fdd06afd9df7191c3f21453', '18e965175c6bcd96deba6bc791a44373', '51421aa3e5e8003b70a289762d146a2a', '7edcabe1b67fbb38f4972a722bbbb429', '7b0b5d7b98f96ad751222ae5cc98cfcb', 'd1fb64fd99fc22e28e29a95cc0ea533a'], true)
     );
 …
 humbug_phpscoper_expose_class('UnhandledMatchError', 'Modular\ConnectorDependencies\UnhandledMatchError');
 humbug_phpscoper_expose_class('JsonException', 'Modular\ConnectorDependencies\JsonException');
+humbug_phpscoper_expose_class('ICWP_WPSF_Processor_LoginProtect_TwoFactorAuth', 'Modular\ConnectorDependencies\ICWP_WPSF_Processor_LoginProtect_TwoFactorAuth');
 // Function aliases. For more information see:

Context Navigation

Legend:

Download in other formats: