if(!defined('COOKIEADMIN_VERSION') || !defined('ABSPATH')){
static $urls_to_scan = [];
static $visited_urls = [];
static $raw_redirect_headers = [];
static $found_cookies = [];
static function start_scan(){
self::$home_url = get_home_url();
self::$urls_to_scan[] = self::$home_url;
while (! empty(self::$urls_to_scan) && count(self::$visited_urls) < self::$scan_limit){
$url = array_shift(self::$urls_to_scan); // Get the next URL from the queue
if (in_array($url, self::$visited_urls, true)){
self::scan_single_url($url);
return self::$found_cookies;
static function scan_single_url($url){
self::$visited_urls[] = $url;
$response = wp_remote_get($url, [
if (is_wp_error($response)) return;
if (! empty($response['cookies'])){
$all_headers = wp_remote_retrieve_headers($response);
$raw_cookie_headers = isset($all_headers['set-cookie']) ? $all_headers['set-cookie'] : [];
self::process_and_store_cookies($response['cookies'], $raw_cookie_headers);
$body = wp_remote_retrieve_body($response);
if (empty($body)) return;
$dom = new \DOMDocument();
@$dom->loadHTML($body, LIBXML_NOERROR | LIBXML_NOWARNING);
self::find_and_queue_links($dom);
self::scan_forms_on_page($url, $dom);
static function scan_forms_on_page($page_url, $dom){
$forms = $dom->getElementsByTagName('form');
foreach ($forms as $form){
$method = strtolower($form->getAttribute('method'));
self::$raw_redirect_headers = [];
$action_url = $form->getAttribute('action');
if (empty($action_url) || $action_url[0] === '#'){
} elseif ($action_url[0] === '/'){
$action_url = self::$home_url . $action_url;
$inputs = $form->getElementsByTagName('input');
foreach ($inputs as $input){
$name = $input->getAttribute('name');
$type = strtolower($input->getAttribute('type'));
$value = $input->getAttribute('value');
// If the value is empty, provide dummy data. Otherwise, use the existing value.
if($type === 'email') $post_data[$name] = 'scanner@cookieadmin.net';
elseif($type === 'url') $post_data[$name] = 'https://cookieadmin.net';
else $post_data[$name] = 'Scanner Tester - '.uniqid();
$post_data[$name] = $value;
$post_data[$name] = $value;
if (empty($value)) $post_data[$name] = true;
$post_data[$name] = $value;
$textareas = $form->getElementsByTagName('textarea');
foreach ($textareas as $textarea){
$name = $textarea->getAttribute('name');
if(!empty($name) && !isset($post_data[$name])){
$post_data[$name] = 'This is a test comment from the scanner. - '.uniqid();
add_action('requests-before_redirect_check', [self::class, 'capture_redirect_headers'], 10, 1);
$post_response = wp_remote_post($action_url, [
remove_action('requests-before_redirect_check', [self::class, 'capture_redirect_headers'], 10);
$final_headers = wp_remote_retrieve_headers($post_response);
$final_cookie_headers = isset($final_headers['set-cookie']) ? $final_headers['set-cookie'] : [];
if (!is_array($final_cookie_headers)) $final_cookie_headers = [$final_cookie_headers];
$all_raw_cookie_headers = array_merge(self::$raw_redirect_headers, $final_cookie_headers);
if (!is_wp_error($post_response) && !empty($post_response['cookies'])){
self::process_and_store_cookies($post_response['cookies'], $all_raw_cookie_headers);
static function process_and_store_cookies($cookie_objects, $all_raw_headers){
if(!is_array($all_raw_headers)){
$all_raw_headers = [$all_raw_headers];
foreach ($cookie_objects as $cookie){
if (! isset(self::$found_cookies[$cookie->name])){
foreach ($all_raw_headers as $header_string){
if (!empty($header_string) && strpos(trim($header_string), $cookie->name . '=') === 0){
$is_secure = preg_match('/\bsecure\b/i', $header_string) === 1;
$is_httponly = preg_match('/\bhttponly\b/i', $header_string) === 1;
if (preg_match('/;\s*Max-Age\s*=\s*([0-9]+)/i', $header_string, $matches)){
$max_age = (int) $matches[1];
if (preg_match('/;\s*SameSite\s*=\s*(Strict|Lax|None)/i', $header_string, $matches)){
$samesite = ucfirst(strtolower($matches[1]));
self::$found_cookies[$cookie->name] = [
'cookie_name' => $cookie->name,
'expires' => $cookie->expires,
'domain' => $cookie->domain,
'httponly' => $is_httponly,
static function find_and_queue_links($dom){
$links = $dom->getElementsByTagName('a');
foreach ($links as $link){
$href = $link->getAttribute('href');
if (strpos($href, self::$home_url) === 0 || preg_match('/^\/(?!\/)/', $href)){
$href = self::$home_url . $href;
if (! in_array($href, self::$visited_urls) && ! in_array($href, self::$urls_to_scan)){
self::$urls_to_scan[] = $href;
static function capture_redirect_headers($response){
if (is_object($response) && isset($response->headers['set-cookie'])){
$cookies = $response->headers['set-cookie'];
if (! is_array($cookies)){
self::$raw_redirect_headers = array_merge(self::$raw_redirect_headers, $cookies);
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
