Code Coverage for projects/packages/stats/src/class-tracking-pixel.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	74.79% covered (warning)	74.79%	89 / 119	44.44% covered (danger)	44.44%	4 / 9	CRAP	0.00% covered (danger)	0.00%	0 / 1
Tracking_Pixel	74.79% covered (warning)	74.79%	89 / 119	44.44% covered (danger)	44.44%	4 / 9	87.47	0.00% covered (danger)	0.00%	0 / 1
build_view_data	100.00% covered (success)	100.00%	50 / 50	100.00% covered (success)	100.00%	1 / 1	22
build_search_filters	95.45% covered (success)	95.45%	21 / 22	0.00% covered (danger)	0.00%	0 / 1	11
build_stats_details	100.00% covered (success)	100.00%	8 / 8	100.00% covered (success)	100.00%	1 / 1	1
enqueue_stats_script	0.00% covered (danger)	0.00%	0 / 20	0.00% covered (danger)	0.00%	0 / 1	6
get_amp_footer	100.00% covered (success)	100.00%	7 / 7	100.00% covered (success)	100.00%	1 / 1	2
add_amp_pixel	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	6
add_to_footer		n/a	0 / 0		n/a	0 / 0	1
get_footer_to_add		n/a	0 / 0		n/a	0 / 0	1
render_footer		n/a	0 / 0		n/a	0 / 0	1
render_amp_footer	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
stats_array_to_string	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	1
is_amp_request	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	20

1	<?php
2	/**
3	* Stats Tracking_Pixel
4	*
5	* @package automattic/jetpack-stats
6	*/
7
8	namespace Automattic\Jetpack\Stats;
9
10	use Jetpack_Options;
11	use WP_Post;
12
13	/**
14	* Stats Tracking_Pixel class.
15	*
16	* Responsible for embedding the Stats tracking pixel.
17	*
18	* @since 0.1.0
19	*/
20	class Tracking_Pixel {
21
22	/**
23	* Array name.
24	*
25	* @var string $array_name The 'stats' array name
26	*/
27	const STATS_ARRAY_TO_STRING_FILTER = 'stats_array';
28
29	const TRACKED_UTM_PARAMETERS = array(
30	'utm_id',
31	'utm_source',
32	'utm_medium',
33	'utm_campaign',
34	'utm_term',
35	'utm_content',
36	'utm_source_platform',
37	'utm_creative_format',
38	'utm_marketing_tactic',
39	);
40
41	/**
42	* Stats Build View Data.
43	*
44	* @access public
45	* @return array
46	*/
47	public static function build_view_data() {
48	global $wp_the_query;
49
50	$blog = Jetpack_Options::get_option( 'id' );
51	$tz = get_option( 'gmt_offset' );
52	$v = 'ext';
53	$blog_url = wp_parse_url( site_url() );
54	$srv = $blog_url['host'];
55	$is_not_post = false;
56	if ( $wp_the_query->is_single \|\| $wp_the_query->is_page \|\| $wp_the_query->is_posts_page ) {
57	// Store and reset the queried_object and queried_object_id
58	// Otherwise, redirect_canonical() will redirect to home_url( '/' ) for show_on_front = page sites where home_url() is not all lowercase.
59	// Repro:
60	// 1. Set home_url = https://ExamPle.com/
61	// 2. Set show_on_front = page
62	// 3. Set page_on_front = something
63	// 4. Visit https://example.com/ !
64	$queried_object = $wp_the_query->queried_object ?? null;
65	$queried_object_id = $wp_the_query->queried_object_id ?? null;
66	try {
67	$post_obj = $wp_the_query->get_queried_object();
68	$post = $post_obj instanceof WP_Post ? $post_obj->ID : '0';
69	} finally {
70	$wp_the_query->queried_object = $queried_object;
71	$wp_the_query->queried_object_id = $queried_object_id;
72	}
73	} else {
74	$post = '0';
75	$is_not_post = true;
76	}
77	$view_data = compact( 'v', 'blog', 'post', 'tz', 'srv' );
78	// Batcache removes some of the UTM params from $_GET, we need to extract them from uri directly instead.
79	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- We're sanitizing individual params in the loop.
80	$url_query = wp_parse_url( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ), PHP_URL_QUERY );
81	parse_str( (string) $url_query, $url_params );
82	foreach ( self::TRACKED_UTM_PARAMETERS as $utm_parameter ) {
83	// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- UTMs are standardized parameters coming from outside WordPress, adding nonce is not possible
84	if ( isset( $url_params[ $utm_parameter ] ) && is_scalar( $url_params[ $utm_parameter ] ) ) {
85	// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- UTMs are standardized parameters coming from outside WordPress, adding nonce is not possible
86	$view_data[ $utm_parameter ] = substr( sanitize_textarea_field( wp_unslash( $url_params[ $utm_parameter ] ) ), 0, 255 );
87	}
88	}
89
90	if ( $is_not_post ) {
91	if ( $wp_the_query->is_home() ) {
92	$view_data['arch_home'] = '1';
93	} elseif ( $wp_the_query->is_search() ) {
94	$search_term = $wp_the_query->query['s'] ?? $wp_the_query->query_vars['s'] ?? '';
95	$view_data['arch_search'] = sanitize_text_field( $search_term );
96	$view_data['arch_filters'] = sanitize_text_field( self::build_search_filters( $wp_the_query ) );
97	$view_data['arch_results'] = $wp_the_query->posts ? $wp_the_query->post_count : 0;
98	} elseif ( $wp_the_query->is_archive() ) {
99	if ( $wp_the_query->is_date ) {
100	$query = $wp_the_query->query;
101	$date_parts = array_filter( array( $query['year'] ?? null, $query['monthnum'] ?? null, $query['day'] ?? null ) );
102	$date = implode( '/', $date_parts );
103	$view_data['arch_date'] = $date;
104	}
105	if ( $wp_the_query->is_category ) {
106	$view_data['arch_cat'] = $wp_the_query->query['category_name'] ?? $wp_the_query->query_vars['category_name'] ?? '';
107	}
108	if ( $wp_the_query->is_tag ) {
109	$view_data['arch_tag'] = $wp_the_query->query['tag'] ?? $wp_the_query->query_vars['tag'] ?? '';
110	}
111	if ( $wp_the_query->is_author ) {
112	$view_data['arch_author'] = $wp_the_query->query['author_name'] ?? '';
113	}
114	if ( $wp_the_query->is_tax ) {
115	$query = $wp_the_query->query;
116	if ( is_array( $query ) && count( $query ) === 1 ) {
117	$view_data[ 'arch_tax_' . array_keys( $query )[0] ] = array_values( $query )[0];
118	}
119	}
120	$view_data['arch_results'] = $wp_the_query->posts ? $wp_the_query->post_count : 0;
121	} elseif ( $wp_the_query->is_404() ) {
122	$view_data['arch_err'] = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) );
123	} else {
124	$view_data['arch_other'] = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ?? '' ) );
125	}
126	}
127	return $view_data;
128	}
129
130	/**
131	* Collect the tracking data for a search page.
132	*
133	* @access private
134	* @param \WP_Query $query The WP_Query object to parse all the filters from.
135	* @return string The search filters in a URL query string format.
136	*/
137	private static function build_search_filters( $query ) {
138	$data = array(
139	'posts_per_page' => $query->get( 'posts_per_page' ),
140	'paged' => ( $query->get( 'paged' ) ) ? absint( $query->get( 'paged' ) ) : 1,
141	'orderby' => $query->get( 'orderby' ),
142	'order' => $query->get( 'order' ),
143	);
144
145	if ( $query->get( 'author_name' ) ) {
146	$data['author_name'] = $query->get( 'author_name' );
147	}
148	$filters = http_build_query( $data );
149
150	$the_tax_query = $query->tax_query;
151	$terms = array();
152	if ( ! empty( $the_tax_query->queried_terms ) && is_array( $the_tax_query->queried_terms ) ) {
153	foreach ( $the_tax_query->queries as $tax_query ) {
154	if ( ! is_array( $tax_query ) \|\| ! isset( $tax_query['taxonomy'] ) ) {
155	continue;
156	}
157	$taxonomy = $tax_query['taxonomy'];
158	if ( ! isset( $terms[ $taxonomy ] ) \|\| ! is_array( $terms[ $taxonomy ] ) ) {
159	$terms[ $taxonomy ] = array();
160	}
161	$terms[ $taxonomy ] = array_merge( $terms[ $taxonomy ], $tax_query['terms'] );
162	}
163	}
164	if ( ! empty( $terms ) ) {
165	$filters .= '&terms=' . wp_json_encode( $terms, JSON_UNESCAPED_SLASHES \| JSON_HEX_TAG \| JSON_HEX_AMP );
166	}
167	return $filters;
168	}
169
170	/**
171	* Build the Stats tracking details.
172	*
173	* @since 0.6.0
174	*
175	* @access private
176	* @param array $data Array of data for the AMP pixel tracker.
177	* @return string
178	*/
179	private static function build_stats_details( $data ) {
180	$data_stats_array = self::stats_array_to_string( $data );
181
182	return sprintf(
183	'_stq = window._stq \|\| [];
184	_stq.push([ "view", %1$s ]);
185	_stq.push([ "clickTrackerInit", "%2$s", "%3$s" ]);',
186	$data_stats_array,
187	$data['blog'],
188	$data['post']
189	);
190	}
191
192	/**
193	* Enqueue the Stats pixel.
194	* Do not use this function directly, it is hooked into `wp_enqueue_scripts`.
195	*
196	* @access public
197	* @return void
198	*/
199	public static function enqueue_stats_script() {
200	if ( self::is_amp_request() ) {
201	return;
202	}
203
204	wp_enqueue_script(
205	'jetpack-stats',
206	'https://stats.wp.com/e-' . gmdate( 'YW' ) . '.js',
207	array(),
208	null, // phpcs:ignore WordPress.WP.EnqueuedResourceParameters.MissingVersion -- The version is set in the URL.
209	array(
210	'in_footer' => true,
211	'strategy' => 'defer',
212	)
213	);
214
215	$data = self::build_view_data();
216
217	/**
218	* Filter the parameters added to the JavaScript stats tracking code.
219	*
220	* @module stats
221	*
222	* @since-jetpack 10.9
223	*
224	* @param array $data Array of options about the site and page you're on.
225	*/
226	$data = (array) apply_filters( 'jetpack_stats_footer_js_data', $data );
227
228	$triggers = self::build_stats_details( $data );
229	wp_add_inline_script(
230	'jetpack-stats',
231	$triggers,
232	'before'
233	);
234	}
235
236	/**
237	* Gets the stats footer for AMP output.
238	*
239	* @access private
240	* @param array $data Array of data for the AMP pixel tracker.
241	* @return string Returns the footer to add for the Stats tracker in an AMP scenario.
242	*/
243	private static function get_amp_footer( $data ) {
244	/**
245	* Filter the parameters added to the AMP pixel tracking code.
246	*
247	* @module stats
248	*
249	* @since-jetpack 10.9
250	*
251	* @param array $data Array of options about the site and page you're on.
252	*/
253	$data = (array) apply_filters( 'jetpack_stats_footer_amp_data', $data );
254
255	$data['host'] = isset( $_SERVER['HTTP_HOST'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_HOST'] ) ) : ''; // input var ok.
256	$data['rand'] = 'RANDOM'; // AMP placeholder.
257	$data['ref'] = 'DOCUMENT_REFERRER'; // AMP placeholder.
258	$data = array_map( 'rawurlencode', $data );
259	$pixel_url = add_query_arg( $data, 'https://pixel.wp.com/g.gif' );
260	return '<amp-pixel src="' . esc_url( $pixel_url ) . '"></amp-pixel>';
261	}
262
263	/**
264	* Build an AMP pixel.
265	* Do not use this function directly, it is hooked into `wp_footer`.
266	*
267	* @access public
268	* @return void
269	*/
270	public static function add_amp_pixel() {
271	$data = self::build_view_data();
272	if ( ! self::is_amp_request() ) {
273	return;
274	}
275
276	$pixel = self::get_amp_footer( $data );
277	echo $pixel; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
278	}
279
280	/**
281	* Stats Footer.
282	*
283	* @deprecated 0.6.0
284	*
285	* @access public
286	* @return void
287	*/
288	public static function add_to_footer() {
289	_deprecated_function( __METHOD__, '0.6.0' );
290	}
291
292	/**
293	* Gets the footer to add for the Stats tracker.
294	*
295	* @deprecated 0.6.0
296	*
297	* @access public
298	* @param array $data Array of data for the JS stats tracker.
299	* @return void
300	*/
301	public static function get_footer_to_add( $data ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
302	_deprecated_function( __METHOD__, '0.6.0' );
303	}
304
305	/**
306	* Render the stats footer. Kept for backward compatibility on legacy AMF views.
307	*
308	* @deprecated 0.6.0
309	*
310	* @access public
311	* @param array $data Array of data for the JS stats tracker.
312	*/
313	public static function render_footer( $data ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
314	_deprecated_function( __METHOD__, '0.6.0' );
315	}
316
317	/**
318	* Render the stats footer for AMP output. Kept for backward compatibility.
319	*
320	* @access public
321	* @param array $data Array of data for the AMP pixel tracker.
322	*/
323	public static function render_amp_footer( $data ) {
324	print self::get_amp_footer( $data ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
325	}
326
327	/**
328	* Creates the "array" string used as part of the JS tracker.
329	*
330	* @access private
331	* @param array $kvs Array of options about the site and page you're on.
332	* @return string
333	*/
334	private static function stats_array_to_string( $kvs ) {
335	/**
336	* Filters the options added to the JavaScript Stats tracking code.
337	*
338	* @since-jetpack 1.1.0
339	*
340	* @param array $kvs Array of options about the site and page you're on.
341	*/
342	$kvs = (array) apply_filters( self::STATS_ARRAY_TO_STRING_FILTER, $kvs );
343	$kvs = array_map( 'strval', $kvs );
344
345	// Encode into JSON object for direct use in JS.
346	return wp_json_encode( $kvs, JSON_UNESCAPED_SLASHES \| JSON_HEX_TAG \| JSON_HEX_AMP );
347	}
348
349	/**
350	* Does the page return AMP content.
351	*
352	* @return bool $is_amp_request Are we on AMP view.
353	*/
354	private static function is_amp_request() {
355	$is_amp_request = ( function_exists( 'amp_is_request' ) && amp_is_request() );
356	$is_amp_request = $is_amp_request \|\| ( function_exists( 'ampforwp_is_amp_endpoint' ) && ampforwp_is_amp_endpoint() );
357
358	/**
359	* Returns true if the current request should return valid AMP content.
360	*
361	* @since 6.2.0
362	*
363	* @param boolean $is_amp_request Is this request supposed to return valid AMP content?
364	*/
365	return apply_filters( 'jetpack_is_amp_request', $is_amp_request );
366	}
367	}