-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
85ccd6b
commit 853d690
Showing
10 changed files
with
639 additions
and
194 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
<?php | ||
/** | ||
* Insecure Content Warning assets | ||
* | ||
* @package ICW | ||
*/ | ||
|
||
namespace ICW\Admin; | ||
|
||
if ( ! defined( 'ABSPATH' ) ) { | ||
exit; // Exit if accessed directly. | ||
} | ||
|
||
/** | ||
* Setup actions and filters | ||
*/ | ||
function setup() { | ||
add_action( 'admin_menu', __NAMESPACE__ . '\\admin_menu' ); | ||
} | ||
|
||
function admin_menu() { | ||
$hook = add_management_page( | ||
__( 'Insecure Content Warning Admin', 'insecure-content-warning' ), | ||
__( 'Insecure Content Warning', 'insecure-content-warning' ), | ||
'install_plugins', | ||
'insecure-content-warning', | ||
__NAMESPACE__ . '\\admin_page' | ||
); | ||
|
||
// add_action( "load-$hook", __NAMESPACE__ . '\\admin_page_load' ); | ||
|
||
add_action( 'admin_print_scripts-' . $hook, 'ICW\Assets\admin_scripts' ); | ||
} | ||
|
||
|
||
//function admin_page_load() { | ||
// echo 'test'; | ||
//} | ||
|
||
function admin_page() { | ||
require_once __DIR__ . '/partials/admin-page.php'; | ||
} | ||
|
||
|
||
function admin_js() { | ||
$asset = require_once $asset_file; | ||
wp_enqueue_script( | ||
'insecure-content-admin', | ||
INSECURE_CONTENT_URL . 'dist/js/admin.js', | ||
[], | ||
$asset['version'], | ||
true | ||
); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,276 @@ | ||
<?php | ||
|
||
namespace ICW\FIX; | ||
|
||
use WP_CLI; | ||
use WP_CLI\Utils; | ||
use WP_CLI_Command; | ||
|
||
class FixInsecureContent { | ||
|
||
/** | ||
* Is current run a dry run? | ||
* | ||
* @var bool | ||
*/ | ||
private $dry_run; | ||
|
||
/** | ||
* Total number of posts scanned for URLs. | ||
* | ||
* @var int | ||
*/ | ||
private $total_post_count = 1; | ||
|
||
/** | ||
* Data of posts where 1 or more URLs were found to be insecure and command fixed summary. | ||
* | ||
* @var array | ||
*/ | ||
private $fixed_post_count; | ||
|
||
/** | ||
* Lorem. | ||
* | ||
* @var array | ||
*/ | ||
private $warning_count = []; | ||
|
||
/** | ||
* Class instance | ||
* | ||
* @var FixInsecureContent | ||
*/ | ||
protected static $instance = null; | ||
|
||
/** | ||
* Get class instance | ||
* | ||
* @return FixInsecureContent | ||
*/ | ||
public static function get_instance() { | ||
if ( null === self::$instance ) { | ||
self::$instance = new self(); | ||
} | ||
|
||
return self::$instance; | ||
} | ||
|
||
/** | ||
* Test | ||
* | ||
* @param bool|string $include | ||
* @param string $all | ||
* @param string $post_type | ||
* @param int $posts_per_page | ||
* @param int $post_offset | ||
* @param bool $dry_run | ||
* @param array $args | ||
* | ||
* @return array|void | ||
*/ | ||
public function fix( $include, $all, $post_type, $posts_per_page, $post_offset, $dry_run, $args = [] ) { | ||
$this->dry_run = $dry_run; | ||
|
||
if ( defined( 'WP_CLI' ) && WP_CLI ) { | ||
WP_CLI::log( __( 'Checking post content...', 'insecure-content-warning' ) ); | ||
} | ||
|
||
if ( false === $all && ! empty( $args[0] ) ) { | ||
$this->fix_insecure_content( $args[0] ); | ||
} elseif ( false === $all && empty( $args ) && false !== $include ) { | ||
$post_ids_list = explode( ',', $include ); | ||
foreach ( $post_ids_list as $icw_post_id ) { | ||
$this->fix_insecure_content( trim( $icw_post_id ) ); | ||
} | ||
$this->total_post_count = count( $post_ids_list ); | ||
} else { | ||
$total = 0; | ||
|
||
// Loop through all posts and fix content. | ||
while ( true ) { | ||
$args = [ | ||
'posts_per_page' => $posts_per_page, | ||
'post_type' => $post_type, | ||
'post_status' => 'publish', | ||
'offset' => $post_offset, | ||
]; | ||
$query = new \WP_Query( $args ); | ||
|
||
if ( $query->have_posts() ) { | ||
while ( $query->have_posts() ) { | ||
$query->the_post(); | ||
$this->fix_insecure_content( get_the_ID() ); | ||
} | ||
} else { | ||
break; | ||
} | ||
|
||
// Set offset for next page. | ||
$post_offset += $posts_per_page; | ||
$total += $query->post_count; | ||
|
||
// Wait for a while before fixing the rest. | ||
usleep( 1000 ); | ||
} | ||
|
||
$this->total_post_count = $total; | ||
} | ||
|
||
// translators: Lala | ||
$message = PHP_EOL . sprintf( __( 'Total posts checked for insecure URL(s): %s', 'insecure-content-warning' ), $this->total_post_count ) . PHP_EOL; | ||
if ( defined( 'WP_CLI' ) && WP_CLI ) { | ||
WP_CLI::log( WP_CLI::colorize( "%c{$message}%n " ) ); | ||
Utils\format_items( 'table', $this->fixed_post_count, [ 'URL(s) fixed summary' ] ); | ||
} else { | ||
if ( null === $this->fixed_post_count ) { | ||
return __( 'No post(s) found', 'insecure-content-warning' ); | ||
} | ||
$output = ''; | ||
|
||
foreach ( $this->warning_count as $warning ) { | ||
$warning_message = array_shift( $warning ); | ||
$output .= '<span class="warning">' . __( 'Warning', 'insecure-content-warning' ) . '</span>: ' . $warning_message . PHP_EOL; | ||
} | ||
|
||
$output .= '<span class="info">' . $message . '</span>' . PHP_EOL; | ||
|
||
foreach ( $this->fixed_post_count as $fixed_post ) { | ||
$output .= array_shift( $fixed_post ) . PHP_EOL; | ||
} | ||
return $output; | ||
} | ||
} | ||
|
||
/** | ||
* Fix insecure content for given Post ID. | ||
* | ||
* @param int $post_id Post ID. | ||
* | ||
* @return array|string | ||
*/ | ||
protected function fix_insecure_content( $post_id ) { | ||
$current_post = get_post( $post_id ); | ||
|
||
// Check and make sure post exists. | ||
if ( empty( $current_post ) ) { | ||
// translators: Message to show when the system is unable to fetch details for the post. | ||
$message = sprintf( __( 'Unable to fetch details for post %s', 'insecure-content-warning' ), $post_id ); | ||
if ( defined( 'WP_CLI' ) && WP_CLI ) { | ||
// translators: Message to show when the system is unable to fetch details for the post. | ||
WP_CLI::warning( $message ); | ||
} else { | ||
$this->warning_count[] = [ __( 'Warning', 'insecure-content-warning' ) => $message ]; | ||
} | ||
return ''; | ||
} | ||
|
||
// Loop through post content and get HTTPS URLs wherever possible. | ||
$post_content = $current_post->post_content; | ||
$urls = $this->parse_content_for_insecure_urls( $post_content ); | ||
$count = 0; | ||
|
||
// Check if post content has insecure URLs. | ||
if ( empty( $urls ) ) { | ||
// translators: Message to show when no insecure content URL found in the post. | ||
$message = sprintf( __( 'No insecure content URL found in post %s', 'insecure-content-warning' ), $post_id ); | ||
if ( defined( 'WP_CLI' ) && WP_CLI ) { | ||
WP_CLI::warning( $message ); | ||
} else { | ||
$this->warning_count[] = [ __( 'Warning', 'insecure-content-warning' ) => $message ]; | ||
} | ||
|
||
if ( $this->dry_run ) { | ||
// translators: Summary to show on dry run fix. | ||
$this->fixed_post_count[] = [ __( 'URL(s) fixed summary', 'insecure-content-warning' ) => sprintf( __( '0/0 URL(s) will be fixed in post %s', 'insecure-content-warning' ), $post_id ) ]; | ||
} else { | ||
// translators: Summary to show on fix. | ||
$this->fixed_post_count[] = [ __( 'URL(s) fixed summary', 'insecure-content-warning' ) => sprintf( __( '0/0 URL(s) fixed in post %s', 'insecure-content-warning' ), $post_id ) ]; | ||
} | ||
|
||
return ''; | ||
} | ||
|
||
foreach ( $urls as $url ) { | ||
if ( $this->does_secure_content_exist( $url ) ) { | ||
$ssl_url = preg_replace( '/^http:/i', 'https:', $url ); | ||
$post_content = str_replace( $url, $ssl_url, $post_content ); | ||
$count ++; | ||
} | ||
} | ||
|
||
if ( false === $this->dry_run ) { | ||
// Update post content with HTTPS URLs. | ||
wp_update_post( | ||
[ | ||
'ID' => $post_id, | ||
'post_content' => $post_content, | ||
] | ||
); | ||
} | ||
|
||
if ( $this->dry_run ) { | ||
// translators: Summary to show on dry run fix. | ||
$dry_run_message = sprintf( __( '%1$s/%2$s insecure URLs will be fixed in post %3$s.', 'insecure-content-warning' ), $count, count( $urls ), $post_id ); | ||
if ( defined( 'WP_CLI' ) && WP_CLI ) { | ||
WP_CLI::debug( $dry_run_message ); | ||
} | ||
$this->fixed_post_count[] = [ 'URL(s) fixed summary' => $dry_run_message ]; | ||
} else { | ||
// translators: Summary to show on fix. | ||
$success_message = sprintf( __( '%1$s/%2$s insecure URLs fixed in post %3$s.', 'insecure-content-warning' ), $count, count( $urls ), $post_id ); | ||
if ( defined( 'WP_CLI' ) && WP_CLI ) { | ||
WP_CLI::debug( $success_message ); | ||
} | ||
$this->fixed_post_count[] = [ 'URL(s) fixed summary' => $success_message ]; | ||
} | ||
} | ||
|
||
/** | ||
* Check if a SSL version of the URL exists. | ||
* | ||
* @param string $url URL to check for SSL version. | ||
* | ||
* @return bool | ||
*/ | ||
protected function does_secure_content_exist( $url ) { | ||
// Check if a https version of the URL exists. | ||
$secure_version_exists = false; | ||
$ssl = preg_replace( '/^http:/i', 'https:', $url ); | ||
$response = wp_remote_get( $ssl ); | ||
$response_code = wp_remote_retrieve_response_code( $response ); | ||
|
||
if ( 200 === $response_code ) { | ||
$secure_version_exists = true; | ||
} | ||
|
||
return $secure_version_exists; | ||
} | ||
|
||
/** | ||
* Create list of URLs. | ||
* | ||
* @param string $post_content Post Content. | ||
* | ||
* @return array | ||
*/ | ||
protected function parse_content_for_insecure_urls( $post_content ) { | ||
// Check all src and create an array of URLs to check https URL availability. | ||
$src_urls = []; | ||
$src_regex = '/src="([^"]+)"/'; | ||
preg_match_all( $src_regex, $post_content, $matches, PREG_SET_ORDER, 0 ); | ||
|
||
// If we have matches, loop through and get clean URL. | ||
if ( ! empty( $matches ) ) { | ||
foreach ( $matches as $match ) { | ||
$matched_url = $match[1]; | ||
$base_url = explode( '?', $matched_url )[0]; | ||
if ( 'https://' !== substr( $base_url, 0, 8 ) ) { | ||
$src_urls[] = $base_url; | ||
} | ||
} | ||
} | ||
|
||
return $src_urls; | ||
} | ||
} |
Oops, something went wrong.