Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 15 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 1 |
| Image_Guide_Proxy | |
0.00% |
0 / 15 |
|
0.00% |
0 / 2 |
72 | |
0.00% |
0 / 1 |
| init | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| handle_proxy | |
0.00% |
0 / 14 |
|
0.00% |
0 / 1 |
56 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace Automattic\Jetpack_Boost\Modules\Image_Guide; |
| 4 | |
| 5 | use Automattic\Jetpack\Image_CDN\Image_CDN_Core; |
| 6 | |
| 7 | /** |
| 8 | * Add an ajax endpoint to proxy external CSS files. |
| 9 | */ |
| 10 | class Image_Guide_Proxy { |
| 11 | const NONCE_ACTION = 'jb-ig-proxy-nonce'; |
| 12 | |
| 13 | public static function init() { |
| 14 | add_action( 'wp_ajax_boost_proxy_ig', array( __CLASS__, 'handle_proxy' ) ); |
| 15 | } |
| 16 | |
| 17 | /** |
| 18 | * AJAX handler to handle proxying of external image resources. |
| 19 | * |
| 20 | * @return never |
| 21 | */ |
| 22 | public static function handle_proxy() { |
| 23 | // Verify valid nonce. |
| 24 | if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), self::NONCE_ACTION ) ) { |
| 25 | wp_send_json_error( 'bad nonce', 400, JSON_UNESCAPED_SLASHES ); |
| 26 | } |
| 27 | |
| 28 | // Make sure currently logged in as admin. |
| 29 | if ( ! current_user_can( 'manage_options' ) ) { |
| 30 | wp_send_json_error( 'not admin', 400, JSON_UNESCAPED_SLASHES ); |
| 31 | } |
| 32 | |
| 33 | // Validate URL and fetch. |
| 34 | $proxy_url = filter_var( wp_unslash( $_POST['proxy_url'] ?? '' ), FILTER_VALIDATE_URL ); |
| 35 | if ( ! wp_http_validate_url( $proxy_url ) ) { |
| 36 | wp_send_json_error( 'Invalid URL', 400, JSON_UNESCAPED_SLASHES ); |
| 37 | } |
| 38 | |
| 39 | $photon_url = Image_CDN_Core::cdn_url( $proxy_url ); |
| 40 | if ( ! Image_CDN_Core::is_cdn_url( $proxy_url ) ) { |
| 41 | wp_send_json_error( 'Failed to proxy the image.', 400, JSON_UNESCAPED_SLASHES ); |
| 42 | } |
| 43 | |
| 44 | $response = wp_safe_remote_get( $photon_url ); |
| 45 | if ( is_wp_error( $response ) ) { |
| 46 | wp_send_json_error( 'error', 400, JSON_UNESCAPED_SLASHES ); |
| 47 | } |
| 48 | |
| 49 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 50 | wp_send_json_success( iterator_to_array( wp_remote_retrieve_headers( $response ) ), null, JSON_UNESCAPED_SLASHES ); |
| 51 | } |
| 52 | } |