Code Coverage for projects/plugins/jetpack/modules/widgets/gravatar-profile.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 271	0.00% covered (danger)	0.00%	0 / 11	CRAP	0.00% covered (danger)	0.00%	0 / 1
jetpack_gravatar_profile_widget_init	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
Jetpack_Gravatar_Profile_Widget	0.00% covered (danger)	0.00%	0 / 267	0.00% covered (danger)	0.00%	0 / 10	3782	0.00% covered (danger)	0.00%	0 / 1
__construct	0.00% covered (danger)	0.00%	0 / 13	0.00% covered (danger)	0.00%	0 / 1	12
widget	0.00% covered (danger)	0.00%	0 / 76	0.00% covered (danger)	0.00%	0 / 1	110
display_personal_links	0.00% covered (danger)	0.00%	0 / 24	0.00% covered (danger)	0.00%	0 / 1	30
display_accounts	0.00% covered (danger)	0.00%	0 / 29	0.00% covered (danger)	0.00%	0 / 1	30
enqueue_scripts	0.00% covered (danger)	0.00%	0 / 12	0.00% covered (danger)	0.00%	0 / 1	6
form	0.00% covered (danger)	0.00%	0 / 42	0.00% covered (danger)	0.00%	0 / 1	132
admin_script	0.00% covered (danger)	0.00%	0 / 13	0.00% covered (danger)	0.00%	0 / 1	2
update	0.00% covered (danger)	0.00%	0 / 13	0.00% covered (danger)	0.00%	0 / 1	56
get_profile	0.00% covered (danger)	0.00%	0 / 25	0.00% covered (danger)	0.00%	0 / 1	42
get_sanitized_service_name	0.00% covered (danger)	0.00%	0 / 20	0.00% covered (danger)	0.00%	0 / 1	132

1	<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2
3	if ( ! defined( 'ABSPATH' ) ) {
4	exit( 0 );
5	}
6
7	// phpcs:disable Universal.Files.SeparateFunctionsFromOO.Mixed -- TODO: Move classes to appropriately-named class files.
8
9	add_action( 'widgets_init', 'jetpack_gravatar_profile_widget_init' );
10	/**
11	* Register the widget for use in Appearance -> Widgets
12	*/
13	function jetpack_gravatar_profile_widget_init() {
14	register_widget( 'Jetpack_Gravatar_Profile_Widget' );
15	}
16
17	/**
18	* Display a widgetized version of your Gravatar Profile
19	* https://blog.gravatar.com/2010/03/26/gravatar-profiles/
20	*/
21	class Jetpack_Gravatar_Profile_Widget extends WP_Widget {
22	/**
23	* Jetpack_Gravatar_Profile_Widget constructor.
24	*/
25	public function __construct() {
26	parent::__construct(
27	'grofile',
28	/** This filter is documented in modules/widgets/facebook-likebox.php */
29	apply_filters( 'jetpack_widget_name', __( 'Gravatar Profile', 'jetpack' ) ),
30	array(
31	'classname' => 'widget-grofile grofile',
32	'description' => __( 'Display a mini version of your Gravatar Profile', 'jetpack' ),
33	'customize_selective_refresh' => true,
34	)
35	);
36
37	if ( is_admin() ) {
38	add_action( 'admin_footer-widgets.php', array( $this, 'admin_script' ) );
39	}
40
41	if ( is_customize_preview() ) {
42	add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
43	}
44	}
45
46	/**
47	* Display the Widget.
48	*
49	* @see WP_Widget::widget()
50	*
51	* @param array $args Display arguments.
52	* @param array $instance The settings for the particular instance of the widget.
53	*/
54	public function widget( $args, $instance ) {
55	/**
56	* Fires when an item is displayed on the front end.
57	*
58	* Can be used to track stats about the number of displays for a specific item
59	*
60	* @module widgets, shortcodes
61	*
62	* @since 1.6.0
63	*
64	* @param string widget_view Item type (e.g. widget, or embed).
65	* @param string grofile Item description (e.g. grofile, goodreads).
66	*/
67	do_action( 'jetpack_stats_extra', 'widget_view', 'grofile' );
68
69	$instance = wp_parse_args(
70	$instance,
71	array(
72	'title' => '',
73	'email' => '',
74	)
75	);
76
77	/** This filter is documented in core/src/wp-includes/default-widgets.php */
78	$title = apply_filters( 'widget_title', $instance['title'] );
79
80	if ( ! $instance['email'] ) {
81	if ( current_user_can( 'edit_theme_options' ) ) {
82	echo $args['before_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
83	if ( ! empty( $title ) ) {
84	echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
85	}
86	echo '<p>' . wp_kses(
87	sprintf(
88	/* translators: %s is a link to the widget settings page. */
89	__( 'You need to select what to show in this <a href="%s">Gravatar Profile widget</a>.', 'jetpack' ),
90	admin_url( 'widgets.php' )
91	),
92	array(
93	'a' => array(
94	'href' => true,
95	),
96	)
97	) . '</p>';
98	echo $args['after_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
99	}
100	return;
101	}
102
103	echo $args['before_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
104	if ( ! empty( $title ) ) {
105	echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
106	}
107
108	$profile = $this->get_profile( $instance['email'] );
109
110	if ( ! empty( $profile ) ) {
111	$profile = wp_parse_args(
112	$profile,
113	array(
114	'thumbnailUrl' => '',
115	'profileUrl' => '',
116	'displayName' => '',
117	'aboutMe' => '',
118	'urls' => array(),
119	'accounts' => array(),
120	)
121	);
122	$base_width = 320;
123	$gravatar_url = add_query_arg( 's', $base_width, $profile['thumbnailUrl'] ); // The default grav returned by grofiles is super small.
124
125	// Generate a srcset with larger sizes for high DPI screens.
126	$srcset = '';
127	$multipliers = array( 1, 1.5, 2, 3, 4 );
128	$srcset_values = array();
129	foreach ( $multipliers as $multiplier ) {
130	$srcset_width = (int) ( $base_width * $multiplier );
131	$srcset_url = add_query_arg( 's', $srcset_width, $profile['thumbnailUrl'] );
132	$srcset_values[] = "{$srcset_url} {$multiplier}x";
133	}
134	$srcset = implode( ', ', $srcset_values );
135
136	// Enqueue front end assets.
137	$this->enqueue_scripts();
138
139	?>
140	<img
141	src="<?php echo esc_url( $gravatar_url ); ?>"
142	srcset="<?php echo esc_attr( $srcset ); ?>"
143	class="grofile-thumbnail no-grav"
144	alt="<?php echo esc_attr( $profile['displayName'] ); ?>"
145	loading="lazy" />
146	<div class="grofile-meta">
147	<h4><a href="<?php echo esc_url( $profile['profileUrl'] ); ?>"><?php echo esc_html( $profile['displayName'] ); ?></a></h4>
148	<p><?php echo wp_kses_post( $profile['aboutMe'] ); ?></p>
149	</div>
150
151	<?php
152
153	if ( $instance['show_personal_links'] ) {
154	$this->display_personal_links( (array) $profile['urls'] );
155	}
156
157	if ( $instance['show_account_links'] ) {
158	$this->display_accounts( (array) $profile['accounts'], $profile['displayName'] );
159	}
160
161	?>
162
163	<p><a href="<?php echo esc_url( $profile['profileUrl'] ); ?>" class="grofile-full-link">
164	<?php
165	echo esc_html(
166	/**
167	* Filter the Gravatar Profile widget's profile link title.
168	*
169	* @module widgets
170	*
171	* @since 2.8.0
172	*
173	* @param string $str Profile link title.
174	*/
175	apply_filters(
176	'jetpack_gravatar_full_profile_title',
177	__( 'View Full Profile →', 'jetpack' )
178	)
179	);
180	?>
181	</a></p>
182
183	<?php
184	} elseif ( current_user_can( 'edit_theme_options' ) ) {
185	echo '<p>' . esc_html__( 'Error loading profile', 'jetpack' ) . '</p>';
186	}
187
188	echo $args['after_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
189	}
190
191	/**
192	* Displays the "Personal Links" section.
193	*
194	* @param array $personal_links Array of links.
195	*/
196	public function display_personal_links( $personal_links = array() ) {
197	if ( empty( $personal_links ) ) {
198	return;
199	}
200	?>
201
202	<h4>
203	<?php
204	echo esc_html(
205	apply_filters(
206	/**
207	* Filter the Gravatar Profile widget's "Personal Links" section title.
208	*
209	* @module widgets
210	*
211	* @since 2.8.0
212	*
213	* @param string $str "Personal Links" section title.
214	*/
215	'jetpack_gravatar_personal_links_title',
216	__( 'Personal Links', 'jetpack' )
217	)
218	);
219	?>
220	</h4>
221	<ul class="grofile-urls grofile-links">
222
223	<?php foreach ( $personal_links as $personal_link ) : ?>
224	<?php if ( is_array( $personal_link ) ) : ?>
225	<li>
226	<a href="<?php echo esc_url( $personal_link['value'] ); ?>">
227	<?php
228	$link_title = ( ! empty( $personal_link['title'] ) ) ? $personal_link['title'] : $personal_link['value'];
229	echo esc_html( $link_title );
230	?>
231	</a>
232	</li>
233	<?php endif; ?>
234	<?php endforeach; ?>
235	</ul>
236
237	<?php
238	}
239
240	/**
241	* Displays the "Verified Services" accounts.
242	*
243	* @param array $accounts Array of social accounts.
244	* @param string $display_name Gravatar display name of the user.
245	*/
246	public function display_accounts( $accounts = array(), $display_name = '' ) {
247	if ( empty( $accounts ) ) {
248	return;
249	}
250	?>
251
252	<h4>
253	<?php
254	echo esc_html(
255	/**
256	* Filter the Gravatar Profile widget's "Verified Services" section title.
257	*
258	* @module widgets
259	*
260	* @since 2.8.0
261	*
262	* @param string $str "Verified Services" section title.
263	*/
264	apply_filters(
265	'jetpack_gravatar_verified_services_title',
266	__( 'Verified Services', 'jetpack' )
267	)
268	);
269	?>
270	</h4>
271	<ul class="grofile-urls grofile-accounts">
272
273	<?php
274	foreach ( $accounts as $account ) :
275	$is_hidden = $account['is_hidden'] ?? false;
276	if ( true !== $account['verified'] \|\| $is_hidden ) {
277	continue;
278	}
279
280	$sanitized_service_name = $this->get_sanitized_service_name( $account['shortname'] );
281	$link_title = sprintf(
282	/* translators: %1$s: account display name. %2$s: service name ( Facebook, Twitter, etc.) */
283	_x( '%1$s on %2$s', '1: User Name, 2: Service Name (Facebook, Twitter, ...)', 'jetpack' ),
284	esc_html( $display_name ),
285	esc_html( $sanitized_service_name )
286	);
287	?>
288
289	<li>
290	<a href="<?php echo esc_url( $account['url'] ); ?>" title="<?php echo esc_html( $link_title ); ?>">
291	<span
292	class="grofile-accounts-logo grofile-accounts-<?php echo esc_attr( $account['shortname'] ); ?> accounts_<?php echo esc_attr( $account['shortname'] ); ?>"
293	style="background-image: url('<?php echo esc_attr( $account['iconUrl'] ); ?>')"
294	></span>
295	</a>
296	</li>
297
298	<?php endforeach; ?>
299	</ul>
300
301	<?php
302	}
303
304	/**
305	* Enqueue CSS and JavaScript.
306	*
307	* @since 4.0.0
308	*/
309	public function enqueue_scripts() {
310	wp_enqueue_style(
311	'gravatar-profile-widget',
312	plugins_url( 'gravatar-profile.css', __FILE__ ),
313	array(),
314	'20120711'
315	);
316
317	wp_enqueue_style(
318	'gravatar-card-services',
319	'https://secure.gravatar.com/css/services.css',
320	array(),
321	defined( 'GROFILES__CACHE_BUSTER' ) ? GROFILES__CACHE_BUSTER : gmdate( 'YW' )
322	);
323	}
324
325	/**
326	* Outputs the widget settings form.
327	*
328	* @param array $instance Current settings.
329	* @return string\|void
330	*/
331	public function form( $instance ) {
332	$title = isset( $instance['title'] ) ? $instance['title'] : '';
333	$email = isset( $instance['email'] ) ? $instance['email'] : '';
334	$email_user = isset( $instance['email_user'] ) ? $instance['email_user'] : get_current_user_id();
335	$show_personal_links = isset( $instance['show_personal_links'] ) ? (bool) $instance['show_personal_links'] : '';
336	$show_account_links = isset( $instance['show_account_links'] ) ? (bool) $instance['show_account_links'] : '';
337	$profile_url = 'https://gravatar.com/profile/edit';
338
339	if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
340	$profile_url = admin_url( 'profile.php' );
341
342	if ( isset( $_REQUEST['calypso'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
343	$profile_url = 'https://wordpress.com/me';
344	}
345	}
346	?>
347	<p>
348	<label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>">
349	<?php esc_html_e( 'Title', 'jetpack' ); ?> <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />
350	</label>
351	</p>
352
353	<p>
354	<label for="<?php echo esc_attr( $this->get_field_id( 'email_user' ) ); ?>">
355	<?php esc_html_e( 'Select a user or pick "custom" and enter a custom email address.', 'jetpack' ); ?>
356	<br />
357
358	<?php
359	wp_dropdown_users(
360	array(
361	'show_option_none' => __( 'Custom', 'jetpack' ),
362	'selected' => $email_user,
363	'name' => $this->get_field_name( 'email_user' ),
364	'id' => $this->get_field_id( 'email_user' ),
365	'class' => 'gravatar-profile-user-select',
366	)
367	);
368	?>
369	</label>
370	</p>
371
372	<p class="gprofile-email-container <?php echo empty( $email_user ) \|\| -1 === (int) $email_user ? '' : 'hidden'; ?>">
373	<label for="<?php echo esc_attr( $this->get_field_id( 'email' ) ); ?>"><?php esc_html_e( 'Custom Email Address', 'jetpack' ); ?>
374	<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'email' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'email' ) ); ?>" type="text" value="<?php echo esc_attr( $email ); ?>" />
375	</label>
376	</p>
377
378	<p>
379	<label for="<?php echo esc_attr( $this->get_field_id( 'show_personal_links' ) ); ?>">
380	<input type="checkbox" name="<?php echo esc_attr( $this->get_field_name( 'show_personal_links' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'show_personal_links' ) ); ?>" <?php checked( $show_personal_links ); ?> />
381	<?php esc_html_e( 'Show Personal Links', 'jetpack' ); ?>
382	<br />
383	<small><?php esc_html_e( 'Links to your websites, blogs, or any other sites that help describe who you are.', 'jetpack' ); ?></small>
384	</label>
385	</p>
386
387	<p>
388	<label for="<?php echo esc_attr( $this->get_field_id( 'show_account_links' ) ); ?>">
389	<input type="checkbox" name="<?php echo esc_attr( $this->get_field_name( 'show_account_links' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'show_account_links' ) ); ?>" <?php checked( $show_account_links ); ?> />
390	<?php esc_html_e( 'Show Account Links', 'jetpack' ); ?>
391	<br />
392	<small><?php esc_html_e( 'Links to services that you use across the web.', 'jetpack' ); ?></small>
393	</label>
394	</p>
395
396	<p><a href="<?php echo esc_url( $profile_url ); ?>" target="_blank" title="<?php esc_attr_e( 'Opens in new window', 'jetpack' ); ?>"><?php esc_html_e( 'Edit Your Profile', 'jetpack' ); ?></a> \| <a href="https://gravatar.com" target="_blank" title="<?php esc_attr_e( 'Opens in new window', 'jetpack' ); ?>"><?php esc_html_e( "What's a Gravatar?", 'jetpack' ); ?></a></p>
397
398	<?php
399	}
400
401	/**
402	* Inline admin script.
403	*/
404	public function admin_script() {
405	?>
406	<script>
407	jQuery( function( $ ) {
408	$( '.wrap' ).on( 'change', '.gravatar-profile-user-select', function() {
409	var $input = $(this).closest('.widget-inside').find('.gprofile-email-container');
410	if ( '-1' === this.value.toLowerCase() ) {
411	$input.show();
412	} else {
413	$input.hide();
414	}
415	});
416	} );
417	</script>
418	<?php
419	}
420
421	/**
422	* Update widget.
423	*
424	* @see WP_Widget::update()
425	*
426	* @param array $new_instance New widget instance data.
427	* @param array $old_instance Old widget instance data.
428	*/
429	public function update( $new_instance, $old_instance ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
430	$instance = array();
431
432	$instance['title'] = isset( $new_instance['title'] ) ? wp_kses( $new_instance['title'], array() ) : '';
433	$instance['email'] = isset( $new_instance['email'] ) ? wp_kses( $new_instance['email'], array() ) : '';
434	$instance['email_user'] = isset( $new_instance['email_user'] ) ? (int) $new_instance['email_user'] : -1;
435	$instance['show_personal_links'] = isset( $new_instance['show_personal_links'] ) ? (bool) $new_instance['show_personal_links'] : false;
436	$instance['show_account_links'] = isset( $new_instance['show_account_links'] ) ? (bool) $new_instance['show_account_links'] : false;
437
438	if ( $instance['email_user'] > 0 ) {
439	$user = get_userdata( $instance['email_user'] );
440	$instance['email'] = $user->user_email;
441	}
442
443	$hashed_email = md5( strtolower( trim( $instance['email'] ) ) );
444	$cache_key = 'grofile-' . $hashed_email;
445	delete_transient( $cache_key );
446
447	return $instance;
448	}
449
450	/**
451	* Get the Gravatar profile for a given email address.
452	*
453	* @param string $email Email address.
454	*/
455	private function get_profile( $email ) {
456	$hashed_email = md5( strtolower( trim( $email ) ) );
457	$cache_key = 'grofile-' . $hashed_email;
458	$profile = get_transient( $cache_key );
459
460	if ( ! $profile ) {
461	$profile_url = sprintf(
462	'https://secure.gravatar.com/%s.json',
463	$hashed_email
464	);
465
466	$expire = 300;
467	$response = wp_remote_get(
468	esc_url_raw( $profile_url ),
469	array( 'User-Agent' => 'WordPress.com Gravatar Profile Widget' )
470	);
471	$response_code = wp_remote_retrieve_response_code( $response );
472	if ( 200 === $response_code ) {
473	$profile = wp_remote_retrieve_body( $response );
474	$profile = json_decode( $profile, true );
475
476	if ( is_array( $profile ) && ! empty( $profile['entry'] ) && is_array( $profile['entry'] ) ) {
477	$expire = 900; // Cache for 15 minutes.
478	$profile = $profile['entry'][0];
479	} else {
480	// Something strange happened. Cache for 5 minutes.
481	$profile = array();
482	}
483	} else {
484	$expire = 900; // Cache for 15 minutes.
485	$profile = array();
486	}
487
488	set_transient( $cache_key, $profile, $expire );
489	}
490	return $profile;
491	}
492
493	/**
494	* Return properly capitalized service name.
495	*
496	* @param string $shortname The service.
497	*
498	* @return string
499	*/
500	private function get_sanitized_service_name( $shortname ) {
501	// Some services have stylized or mixed cap names cough WP cough.
502	switch ( $shortname ) {
503	case 'friendfeed':
504	return 'FriendFeed';
505	case 'linkedin':
506	return 'LinkedIn';
507	case 'yahoo':
508	return 'Yahoo!';
509	case 'youtube':
510	return 'YouTube';
511	// phpcs:ignore WordPress.WP.CapitalPDangit
512	case 'wordpress':
513	return 'WordPress';
514	case 'tripit':
515	return 'TripIt';
516	case 'myspace':
517	return 'MySpace';
518	case 'foursquare':
519	return 'foursquare';
520	case 'google':
521	return 'Google+';
522	default:
523	// Others don't.
524	$shortname = ucwords( $shortname );
525	}
526	return $shortname;
527	}
528	}