From 673145eeebb1bd6f722e18e44da7e8126d7be0be Mon Sep 17 00:00:00 2001 From: Omkar Bhagat Date: Sat, 5 Oct 2019 07:49:46 +0530 Subject: [PATCH 1/4] wp_remote_get now sends the site url as referer --- modules/widgets/contact-info.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/widgets/contact-info.php b/modules/widgets/contact-info.php index 4be69ef066201..d7997100694d8 100644 --- a/modules/widgets/contact-info.php +++ b/modules/widgets/contact-info.php @@ -414,7 +414,10 @@ function has_good_map( $instance ) { ), 'https://www.google.com/maps/embed/v1/place' ); - $response = wp_remote_get( esc_url_raw( $path ) ); + $wp_remote_get_args = array( + 'headers' => array( 'Referer' => site_url() ) + ); + $response = wp_remote_get( esc_url_raw( $path ), $wp_remote_get_args ); if ( 200 === wp_remote_retrieve_response_code( $response ) ) { return true; From 1b8460b9acfb1cfe777cda4588f03e4cdd04cece Mon Sep 17 00:00:00 2001 From: Omkar Bhagat Date: Sat, 5 Oct 2019 08:05:04 +0530 Subject: [PATCH 2/4] fixed indentation --- modules/widgets/contact-info.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/widgets/contact-info.php b/modules/widgets/contact-info.php index d7997100694d8..b1fd0b56103d8 100644 --- a/modules/widgets/contact-info.php +++ b/modules/widgets/contact-info.php @@ -415,9 +415,9 @@ function has_good_map( $instance ) { 'https://www.google.com/maps/embed/v1/place' ); $wp_remote_get_args = array( - 'headers' => array( 'Referer' => site_url() ) - ); - $response = wp_remote_get( esc_url_raw( $path ), $wp_remote_get_args ); + 'headers' => array( 'Referer' => site_url() ) + ); + $response = wp_remote_get( esc_url_raw( $path ), $wp_remote_get_args ); if ( 200 === wp_remote_retrieve_response_code( $response ) ) { return true; From fd3c20d7185c323b7151fdcb0d97f5b056315d15 Mon Sep 17 00:00:00 2001 From: Jeremy Herve Date: Mon, 7 Oct 2019 10:13:53 +0200 Subject: [PATCH 3/4] Fix all PHPCS warnings and add to whitelist --- bin/phpcs-whitelist.js | 1 + modules/widgets/contact-info.php | 103 +++++++++++++++++++------------ 2 files changed, 66 insertions(+), 38 deletions(-) diff --git a/bin/phpcs-whitelist.js b/bin/phpcs-whitelist.js index 9f550fdc61d4e..0977cf06137ad 100644 --- a/bin/phpcs-whitelist.js +++ b/bin/phpcs-whitelist.js @@ -24,6 +24,7 @@ module.exports = [ 'modules/sitemaps/sitemaps.php', 'modules/theme-tools/social-menu/', 'modules/verification-tools.php', + 'modules/widgets/contact-info.php', 'modules/widgets/social-icons.php', 'modules/wpcom-block-editor/class-jetpack-wpcom-block-editor.php', 'packages', diff --git a/modules/widgets/contact-info.php b/modules/widgets/contact-info.php index b1fd0b56103d8..ecc389e03d9d0 100644 --- a/modules/widgets/contact-info.php +++ b/modules/widgets/contact-info.php @@ -1,10 +1,12 @@ -defaults() ); - echo $args['before_widget']; + echo $args['before_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped - if ( '' != $instance['title'] ) { - echo $args['before_title'] . $instance['title'] . $args['after_title']; + if ( '' !== $instance['title'] ) { + echo $args['before_title'] . esc_html( $instance['title'] ) . $args['after_title']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } /** @@ -107,7 +109,7 @@ function widget( $args, $instance ) { echo '
'; - if ( '' != $instance['address'] ) { + if ( '' !== $instance['address'] ) { $showmap = $instance['showmap']; $goodmap = isset( $instance['goodmap'] ) ? $instance['goodmap'] : $this->has_good_map( $instance ); @@ -121,7 +123,7 @@ function widget( $args, $instance ) { * @param string $api_key Google Maps API Key */ $api_key = apply_filters( 'jetpack_google_maps_api_key', $instance['apikey'] ); - echo $this->build_map( $instance['address'], $api_key ); + echo $this->build_map( $instance['address'], $api_key ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped } elseif ( $showmap && is_customize_preview() && true !== $goodmap ) { printf( '%s', @@ -131,10 +133,14 @@ function widget( $args, $instance ) { $map_link = $this->build_map_link( $instance['address'] ); - echo '
' . str_replace( "\n", '
', esc_html( $instance['address'] ) ) . '
'; + printf( + '
%2$s
', + esc_url( $map_link ), + str_replace( "\n", '
', esc_html( $instance['address'] ) ) // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ); } - if ( '' != $instance['phone'] ) { + if ( '' !== $instance['phone'] ) { if ( wp_is_mobile() ) { echo '
' . esc_html( $instance['phone'] ) . '
'; } else { @@ -149,8 +155,11 @@ function widget( $args, $instance ) { ); } - if ( '' != $instance['hours'] ) { - echo '
' . str_replace( "\n", '
', esc_html( $instance['hours'] ) ) . '
'; + if ( '' !== $instance['hours'] ) { + printf( + '
', + str_replace( "\n", '
', esc_html( $instance['hours'] ) ) // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ); } echo '
'; @@ -164,7 +173,7 @@ function widget( $args, $instance ) { */ do_action( 'jetpack_contact_info_widget_end' ); - echo $args['after_widget']; + echo $args['after_widget']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped /** This action is documented in modules/widgets/gravatar-profile.php */ do_action( 'jetpack_stats_extra', 'widget_view', 'contact_info' ); @@ -175,12 +184,12 @@ function widget( $args, $instance ) { * Deals with the settings when they are saved by the admin. Here is * where any validation should be dealt with. * - * @param array $new_instance New configuration values - * @param array $old_instance Old configuration values + * @param array $new_instance New configuration values. + * @param array $old_instance Old configuration values. * * @return array */ - function update( $new_instance, $old_instance ) { + public function update( $new_instance, $old_instance ) { $instance = array(); $instance['title'] = wp_kses( $new_instance['title'], array() ); @@ -209,7 +218,7 @@ function update( $new_instance, $old_instance ) { * * @return void */ - function form( $instance ) { + public function form( $instance ) { $instance = wp_parse_args( $instance, $this->defaults() ); /** This filter is documented in modules/widgets/contact-info.php */ $apikey = apply_filters( 'jetpack_google_maps_api_key', $instance['apikey'] ); @@ -221,7 +230,8 @@ function form( $instance ) { 'modules/widgets/contact-info/contact-info-admin.js' ), array( 'jquery' ), - 20160727 + 20160727, + false ); if ( is_customize_preview() ) { @@ -249,10 +259,25 @@ function form( $instance ) { @@ -295,7 +320,7 @@ function form( $instance ) { * * @return string */ - function build_map_link( $address ) { + private function build_map_link( $address ) { // Google map urls have lots of available params but zoom (z) and query (q) are enough. return 'https://maps.google.com/maps?z=16&q=' . $this->urlencode_address( $address ); } @@ -309,7 +334,7 @@ function build_map_link( $address ) { * * @return string HTML of the map. */ - function build_map( $address, $api_key = null ) { + private function build_map( $address, $api_key = null ) { $this->enqueue_scripts(); $src = add_query_arg( 'q', rawurlencode( $address ), 'https://www.google.com/maps/embed/v1/place' ); if ( ! empty( $api_key ) ) { @@ -348,16 +373,18 @@ function build_map( $address, $api_key = null ) { /** * Encode an URL * - * @param string $address The URL to encode + * @param string $address The URL to encode. * * @return string The encoded URL */ - function urlencode_address( $address ) { + private function urlencode_address( $address ) { $address = strtolower( $address ); - $address = preg_replace( '/\s+/', ' ', trim( $address ) ); // Get rid of any unwanted whitespace - $address = str_ireplace( ' ', '+', $address ); // Use + not %20 - return urlencode( $address ); + // Get rid of any unwanted whitespace. + $address = preg_replace( '/\s+/', ' ', trim( $address ) ); + // Use + not %20. + $address = str_ireplace( ' ', '+', $address ); + return rawurlencode( $address ); } /** @@ -369,7 +396,7 @@ function urlencode_address( $address ) { * @return bool|string The instance's updated 'goodmap' value. The value is true if * $instance can display a good map. If not, returns an error message. */ - function update_goodmap( $old_instance, $instance ) { + private function update_goodmap( $old_instance, $instance ) { /* * If we have no address or don't want to show a map, * no need to check if the map is valid. @@ -403,11 +430,11 @@ function update_goodmap( $old_instance, $instance ) { * * @return bool|string Whether or not there is a valid map. If not, return an error message. */ - function has_good_map( $instance ) { + private function has_good_map( $instance ) { /** This filter is documented in modules/widgets/contact-info.php */ $api_key = apply_filters( 'jetpack_google_maps_api_key', $instance['apikey'] ); if ( ! empty( $api_key ) ) { - $path = add_query_arg( + $path = add_query_arg( array( 'q' => rawurlencode( $instance['address'] ), 'key' => $api_key, @@ -415,9 +442,9 @@ function has_good_map( $instance ) { 'https://www.google.com/maps/embed/v1/place' ); $wp_remote_get_args = array( - 'headers' => array( 'Referer' => site_url() ) + 'headers' => array( 'Referer' => site_url() ), ); - $response = wp_remote_get( esc_url_raw( $path ), $wp_remote_get_args ); + $response = wp_remote_get( esc_url_raw( $path ), $wp_remote_get_args ); if ( 200 === wp_remote_retrieve_response_code( $response ) ) { return true; @@ -433,11 +460,11 @@ function has_good_map( $instance ) { * Check the Google Maps API key after an Ajax call from the widget's admin form in * the Customizer preview. */ - function ajax_check_api_key() { + public function ajax_check_api_key() { if ( isset( $_POST['apikey'] ) ) { if ( check_ajax_referer( 'customize_contact_info_api_key' ) && current_user_can( 'customize' ) ) { - $apikey = wp_kses( $_POST['apikey'], array() ); - $default_instance = $this->defaults(); + $apikey = wp_kses( $_POST['apikey'], array() ); + $default_instance = $this->defaults(); $default_instance['apikey'] = $apikey; wp_send_json( array( 'result' => esc_html( $this->has_good_map( $default_instance ) ) ) ); } From 9524dceaaaa5cd35fe29a0301d089613fb210a68 Mon Sep 17 00:00:00 2001 From: Omkar Bhagat Date: Fri, 11 Oct 2019 23:38:20 +0530 Subject: [PATCH 4/4] changed site_url function to home_url Co-Authored-By: Jeremy Herve --- modules/widgets/contact-info.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/widgets/contact-info.php b/modules/widgets/contact-info.php index ecc389e03d9d0..120c4ce144404 100644 --- a/modules/widgets/contact-info.php +++ b/modules/widgets/contact-info.php @@ -442,7 +442,7 @@ private function has_good_map( $instance ) { 'https://www.google.com/maps/embed/v1/place' ); $wp_remote_get_args = array( - 'headers' => array( 'Referer' => site_url() ), + 'headers' => array( 'Referer' => home_url() ), ); $response = wp_remote_get( esc_url_raw( $path ), $wp_remote_get_args );