Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* WPSEO plugin file.

[2] Fix | Delete

[3] Fix | Delete

* @package WPSEO\Admin

[4] Fix | Delete

[5] Fix | Delete

[6] Fix | Delete

/**

[7] Fix | Delete

* Loads the MyYoast proxy.

[8] Fix | Delete

[9] Fix | Delete

* This class registers a proxy page on `admin.php`. Which is reached with the `page=PAGE_IDENTIFIER` parameter.

[10] Fix | Delete

* It will read external files and serves them like they are located locally.

[11] Fix | Delete

[12] Fix | Delete

class WPSEO_MyYoast_Proxy implements WPSEO_WordPress_Integration {

[13] Fix | Delete

[14] Fix | Delete

/**

[15] Fix | Delete

* The page identifier used in WordPress to register the MyYoast proxy page.

[16] Fix | Delete

[17] Fix | Delete

* @var string

[18] Fix | Delete

[19] Fix | Delete

public const PAGE_IDENTIFIER = 'wpseo_myyoast_proxy';

[20] Fix | Delete

[21] Fix | Delete

/**

[22] Fix | Delete

* The cache control's max age. Used in the header of a successful proxy response.

[23] Fix | Delete

[24] Fix | Delete

* @var int

[25] Fix | Delete

[26] Fix | Delete

public const CACHE_CONTROL_MAX_AGE = DAY_IN_SECONDS;

[27] Fix | Delete

[28] Fix | Delete

/**

[29] Fix | Delete

* Registers the hooks when the user is on the right page.

[30] Fix | Delete

[31] Fix | Delete

* @codeCoverageIgnore

[32] Fix | Delete

[33] Fix | Delete

* @return void

[34] Fix | Delete

[35] Fix | Delete

public function register_hooks() {

[36] Fix | Delete

if ( ! $this->is_proxy_page() ) {

[37] Fix | Delete

return;

[38] Fix | Delete

}

[39] Fix | Delete

[40] Fix | Delete

// Register the page for the proxy.

[41] Fix | Delete

add_action( 'admin_menu', [ $this, 'add_proxy_page' ] );

[42] Fix | Delete

add_action( 'admin_init', [ $this, 'handle_proxy_page' ] );

[43] Fix | Delete

}

[44] Fix | Delete

[45] Fix | Delete

/**

[46] Fix | Delete

* Registers the proxy page. It does not actually add a link to the dashboard.

[47] Fix | Delete

[48] Fix | Delete

* @codeCoverageIgnore

[49] Fix | Delete

[50] Fix | Delete

* @return void

[51] Fix | Delete

[52] Fix | Delete

public function add_proxy_page() {

[53] Fix | Delete

add_dashboard_page( '', '', 'read', self::PAGE_IDENTIFIER, '' );

[54] Fix | Delete

}

[55] Fix | Delete

[56] Fix | Delete

/**

[57] Fix | Delete

* Renders the requested proxy page and exits to prevent the WordPress UI from loading.

[58] Fix | Delete

[59] Fix | Delete

* @codeCoverageIgnore

[60] Fix | Delete

[61] Fix | Delete

* @return void

[62] Fix | Delete

[63] Fix | Delete

public function handle_proxy_page() {

[64] Fix | Delete

$this->render_proxy_page();

[65] Fix | Delete

[66] Fix | Delete

// Prevent the WordPress UI from loading.

[67] Fix | Delete

exit;

[68] Fix | Delete

}

[69] Fix | Delete

[70] Fix | Delete

/**

[71] Fix | Delete

* Renders the requested proxy page.

[72] Fix | Delete

[73] Fix | Delete

* This is separated from the exits to be able to test it.

[74] Fix | Delete

[75] Fix | Delete

* @return void

[76] Fix | Delete

[77] Fix | Delete

public function render_proxy_page() {

[78] Fix | Delete

$proxy_options = $this->determine_proxy_options();

[79] Fix | Delete

if ( $proxy_options === [] ) {

[80] Fix | Delete

// Do not accept any other file than implemented.

[81] Fix | Delete

$this->set_header( 'HTTP/1.0 501 Requested file not implemented' );

[82] Fix | Delete

return;

[83] Fix | Delete

}

[84] Fix | Delete

[85] Fix | Delete

// Set the headers before serving the remote file.

[86] Fix | Delete

$this->set_header( 'Content-Type: ' . $proxy_options['content_type'] );

[87] Fix | Delete

$this->set_header( 'Cache-Control: max-age=' . self::CACHE_CONTROL_MAX_AGE );

[88] Fix | Delete

[89] Fix | Delete

try {

[90] Fix | Delete

echo $this->get_remote_url_body( $proxy_options['url'] );

[91] Fix | Delete

}

[92] Fix | Delete

catch ( Exception $e ) {

[93] Fix | Delete

[94] Fix | Delete

* Reset the file headers because the loading failed.

[95] Fix | Delete

[96] Fix | Delete

* Note: Due to supporting PHP 5.2 `header_remove` can not be used here.

[97] Fix | Delete

* Overwrite the headers instead.

[98] Fix | Delete

[99] Fix | Delete

$this->set_header( 'Content-Type: text/plain' );

[100] Fix | Delete

$this->set_header( 'Cache-Control: max-age=0' );

[101] Fix | Delete

[102] Fix | Delete

$this->set_header( 'HTTP/1.0 500 ' . $e->getMessage() );

[103] Fix | Delete

}

[104] Fix | Delete

}

[105] Fix | Delete

[106] Fix | Delete

/**

[107] Fix | Delete

* Tries to load the given url via `wp_remote_get`.

[108] Fix | Delete

[109] Fix | Delete

* @codeCoverageIgnore

[110] Fix | Delete

[111] Fix | Delete

* @param string $url The url to load.

[112] Fix | Delete

[113] Fix | Delete

* @return string The body of the response.

[114] Fix | Delete

[115] Fix | Delete

* @throws Exception When `wp_remote_get` returned an error.

[116] Fix | Delete

* @throws Exception When the response code is not 200.

[117] Fix | Delete

[118] Fix | Delete

protected function get_remote_url_body( $url ) {

[119] Fix | Delete

$response = wp_remote_get( $url );

[120] Fix | Delete

[121] Fix | Delete

if ( $response instanceof WP_Error ) {

[122] Fix | Delete

throw new Exception( 'Unable to retrieve file from MyYoast' );

[123] Fix | Delete

}

[124] Fix | Delete

[125] Fix | Delete

if ( wp_remote_retrieve_response_code( $response ) !== 200 ) {

[126] Fix | Delete

throw new Exception( 'Received unexpected response from MyYoast' );

[127] Fix | Delete

}

[128] Fix | Delete

[129] Fix | Delete

return wp_remote_retrieve_body( $response );

[130] Fix | Delete

}

[131] Fix | Delete

[132] Fix | Delete

/**

[133] Fix | Delete

* Determines the proxy options based on the file and plugin version arguments.

[134] Fix | Delete

[135] Fix | Delete

* When the file is known it returns an array like this:

[136] Fix | Delete

* <code>

[137] Fix | Delete

* $array = array(

[138] Fix | Delete

* 'content_type' => 'the content type'

[139] Fix | Delete

* 'url' => 'the url, possibly with the plugin version'

[140] Fix | Delete

* )

[141] Fix | Delete

* </code>

[142] Fix | Delete

[143] Fix | Delete

* @return array Empty for an unknown file. See format above for known files.

[144] Fix | Delete

[145] Fix | Delete

protected function determine_proxy_options() {

[146] Fix | Delete

if ( $this->get_proxy_file() === 'research-webworker' ) {

[147] Fix | Delete

return [

[148] Fix | Delete

'content_type' => 'text/javascript; charset=UTF-8',

[149] Fix | Delete

'url' => 'https://my.yoast.com/api/downloads/file/analysis-worker?plugin_version=' . $this->get_plugin_version(),

[150] Fix | Delete

];

[151] Fix | Delete

}

[152] Fix | Delete

[153] Fix | Delete

return [];

[154] Fix | Delete

}

[155] Fix | Delete

[156] Fix | Delete

/**

[157] Fix | Delete

* Checks if the current page is the MyYoast proxy page.

[158] Fix | Delete

[159] Fix | Delete

* @codeCoverageIgnore

[160] Fix | Delete

[161] Fix | Delete

* @return bool True when the page request parameter equals the proxy page.

[162] Fix | Delete

[163] Fix | Delete

protected function is_proxy_page() {

[164] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: We are not processing form information.

[165] Fix | Delete

$page = isset( $_GET['page'] ) && is_string( $_GET['page'] ) ? sanitize_text_field( wp_unslash( $_GET['page'] ) ) : '';

[166] Fix | Delete

return $page === self::PAGE_IDENTIFIER;

[167] Fix | Delete

}

[168] Fix | Delete

[169] Fix | Delete

/**

[170] Fix | Delete

* Returns the proxy file from the HTTP request parameters.

[171] Fix | Delete

[172] Fix | Delete

* @codeCoverageIgnore

[173] Fix | Delete

[174] Fix | Delete

* @return string The sanitized file request parameter or an empty string if it does not exist.

[175] Fix | Delete

[176] Fix | Delete

protected function get_proxy_file() {

[177] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: We are not processing form information.

[178] Fix | Delete

if ( isset( $_GET['file'] ) && is_string( $_GET['file'] ) ) {

[179] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: We are not processing form information.

[180] Fix | Delete

return sanitize_text_field( wp_unslash( $_GET['file'] ) );

[181] Fix | Delete

}

[182] Fix | Delete

return '';

[183] Fix | Delete

}

[184] Fix | Delete

[185] Fix | Delete

/**

[186] Fix | Delete

* Returns the plugin version from the HTTP request parameters.

[187] Fix | Delete

[188] Fix | Delete

* @codeCoverageIgnore

[189] Fix | Delete

[190] Fix | Delete

* @return string The sanitized plugin_version request parameter or an empty string if it does not exist.

[191] Fix | Delete

[192] Fix | Delete

protected function get_plugin_version() {

[193] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: We are not processing form information.

[194] Fix | Delete

if ( isset( $_GET['plugin_version'] ) && is_string( $_GET['plugin_version'] ) ) {

[195] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: We are not processing form information.

[196] Fix | Delete

$plugin_version = sanitize_text_field( wp_unslash( $_GET['plugin_version'] ) );

[197] Fix | Delete

// Replace slashes to secure against requiring a file from another path.

[198] Fix | Delete

return str_replace( [ '/', '\\' ], '_', $plugin_version );

[199] Fix | Delete

}

[200] Fix | Delete

return '';

[201] Fix | Delete

}

[202] Fix | Delete

[203] Fix | Delete

/**

[204] Fix | Delete

* Sets the HTTP header.

[205] Fix | Delete

[206] Fix | Delete

* This is a tiny helper function to enable better testing.

[207] Fix | Delete

[208] Fix | Delete

* @codeCoverageIgnore

[209] Fix | Delete

[210] Fix | Delete

* @param string $header The header to set.

[211] Fix | Delete

[212] Fix | Delete

* @return void

[213] Fix | Delete

[214] Fix | Delete

protected function set_header( $header ) {

[215] Fix | Delete

header( $header );

[216] Fix | Delete

}

[217] Fix | Delete

}

[218] Fix | Delete

[219] Fix | Delete