Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 15
0.00% covered (danger)
0.00%
0 / 2
CRAP
0.00% covered (danger)
0.00%
0 / 1
Image_Guide_Proxy
0.00% covered (danger)
0.00%
0 / 15
0.00% covered (danger)
0.00%
0 / 2
72
0.00% covered (danger)
0.00%
0 / 1
 init
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 handle_proxy
0.00% covered (danger)
0.00%
0 / 14
0.00% covered (danger)
0.00%
0 / 1
56
1<?php
2
3namespace Automattic\Jetpack_Boost\Modules\Image_Guide;
4
5use Automattic\Jetpack\Image_CDN\Image_CDN_Core;
6
7/**
8 * Add an ajax endpoint to proxy external CSS files.
9 */
10class Image_Guide_Proxy {
11    const NONCE_ACTION = 'jb-ig-proxy-nonce';
12
13    public static function init() {
14        add_action( 'wp_ajax_boost_proxy_ig', array( __CLASS__, 'handle_proxy' ) );
15    }
16
17    /**
18     * AJAX handler to handle proxying of external image resources.
19     *
20     * @return never
21     */
22    public static function handle_proxy() {
23        // Verify valid nonce.
24        if ( empty( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), self::NONCE_ACTION ) ) {
25            wp_send_json_error( 'bad nonce', 400, JSON_UNESCAPED_SLASHES );
26        }
27
28        // Make sure currently logged in as admin.
29        if ( ! current_user_can( 'manage_options' ) ) {
30            wp_send_json_error( 'not admin', 400, JSON_UNESCAPED_SLASHES );
31        }
32
33        // Validate URL and fetch.
34        $proxy_url = filter_var( wp_unslash( $_POST['proxy_url'] ?? '' ), FILTER_VALIDATE_URL );
35        if ( ! wp_http_validate_url( $proxy_url ) ) {
36            wp_send_json_error( 'Invalid URL', 400, JSON_UNESCAPED_SLASHES );
37        }
38
39        $photon_url = Image_CDN_Core::cdn_url( $proxy_url );
40        if ( ! Image_CDN_Core::is_cdn_url( $proxy_url ) ) {
41            wp_send_json_error( 'Failed to proxy the image.', 400, JSON_UNESCAPED_SLASHES );
42        }
43
44        $response = wp_safe_remote_get( $photon_url );
45        if ( is_wp_error( $response ) ) {
46            wp_send_json_error( 'error', 400, JSON_UNESCAPED_SLASHES );
47        }
48
49        // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int.
50        wp_send_json_success( iterator_to_array( wp_remote_retrieve_headers( $response ) ), null, JSON_UNESCAPED_SLASHES );
51    }
52}