PK qhYJF F ) nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/
Dir : /proc/thread-self/root/proc/self/root/proc/self/cwd/wp-content/plugins/amp/src/ |
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
Dir : //proc/thread-self/root/proc/self/root/proc/self/cwd/wp-content/plugins/amp/src/Sandboxing.php |
<?php /** * Class Sandboxing. * * @package AmpProject\AmpWP */ namespace AmpProject\AmpWP; use AMP_Comments_Sanitizer; use AMP_Form_Sanitizer; use AMP_Options_Manager; use AMP_Script_Sanitizer; use AMP_Style_Sanitizer; use AmpProject\AmpWP\Infrastructure\Registerable; use AmpProject\AmpWP\Infrastructure\Service; use AmpProject\AmpWP\Option; use AmpProject\Dom\Document; use AmpProject\Dom\Element; use AmpProject\Html\Attribute; use AmpProject\Html\Tag; use DOMAttr; /** * Experimental service to facilitate flexible AMP. * * @package AmpProject\AmpWP * @since 2.2 * @internal */ final class Sandboxing implements Service, Registerable { /** * Option key for enabling sandboxing. * * @deprecated Use Options interface for option keys. * * @var string */ const OPTION_ENABLED = 'sandboxing_enabled'; /** * Option key for sandboxing level. * * @deprecated Use Options interface for option keys. * * @var string */ const OPTION_LEVEL = 'sandboxing_level'; /** * Sandboxing levels. * * @var int[] */ const LEVELS = [ 1, 2, 3 ]; /** * Default sandboxing options schema. * * @var array */ const DEFAULT_OPTIONS_SCHEMA = [ Option::SANDBOXING_ENABLED => [ 'type' => 'bool', 'default' => false, ], Option::SANDBOXING_LEVEL => [ 'type' => 'int', 'enum' => self::LEVELS, 'default' => 1, ], ]; /** * Register. */ public function register() { add_filter( 'amp_rest_options_schema', [ $this, 'filter_rest_options_schema' ] ); add_filter( 'amp_default_options', [ $this, 'filter_default_options' ], 10, 2 ); add_filter( 'amp_options_updating', [ $this, 'sanitize_options' ], 10, 2 ); add_action( 'init', [ $this, 'add_hooks' ] ); } /** * Filter the REST options schema to add items. * * @param array $schema Schema. * @return array Schema. */ public function filter_rest_options_schema( $schema ) { return array_merge( $schema, self::DEFAULT_OPTIONS_SCHEMA ); } /** * Add default options. * * @param array $defaults Default options. * @return array Defaults. */ public function filter_default_options( $defaults ) { foreach ( self::DEFAULT_OPTIONS_SCHEMA as $option_name => $option_schema ) { $defaults[ $option_name ] = $option_schema['default']; } return $defaults; } /** * Sanitize options. * * @param array $options Existing options with already-sanitized values for updating. * @param array $new_options Unsanitized options being submitted for updating. * @return array Sanitized options. */ public function sanitize_options( $options, $new_options ) { if ( isset( $new_options[ Option::SANDBOXING_ENABLED ] ) ) { $options[ Option::SANDBOXING_ENABLED ] = (bool) $new_options[ Option::SANDBOXING_ENABLED ]; } if ( isset( $new_options[ Option::SANDBOXING_LEVEL ] ) && in_array( $new_options[ Option::SANDBOXING_LEVEL ], self::LEVELS, true ) ) { $options[ Option::SANDBOXING_LEVEL ] = $new_options[ Option::SANDBOXING_LEVEL ]; } return $options; } /** * Add hooks. */ public function add_hooks() { $sandboxing_level = amp_get_sandboxing_level(); if ( 0 === $sandboxing_level ) { return; } // Opt-in to the new script sanitization logic in the script sanitizer. add_filter( 'amp_content_sanitizers', static function ( $sanitizers ) use ( $sandboxing_level ) { $sanitizers[ AMP_Script_Sanitizer::class ]['sanitize_js_scripts'] = true; if ( $sandboxing_level < 3 ) { // <3 === ❤️ $sanitizers[ AMP_Script_Sanitizer::class ]['comment_reply_allowed'] = 'conditionally'; $sanitizers[ AMP_Form_Sanitizer::class ]['native_post_forms_allowed'] = 'conditionally'; $sanitizers[ AMP_Comments_Sanitizer::class ]['ampify_comment_threading'] = 'conditionally'; $sanitizers[ AMP_Style_Sanitizer::class ]['allow_excessive_css'] = true; } return $sanitizers; } ); if ( 1 === $sandboxing_level ) { // Keep all invalid AMP markup by default. add_filter( 'amp_validation_error_default_sanitized', '__return_false' ); } // To facilitate testing, vary the errors by the sandboxing level. add_filter( 'amp_validation_error', static function ( $error ) use ( $sandboxing_level ) { $error['sandboxing_level'] = $sandboxing_level; return $error; } ); add_action( 'amp_finalize_dom', [ $this, 'finalize_document' ], 10, 2 ); } /** * Get the effective sandboxing level. * * Even though a site may be configured with a given sandboxing level (e.g. level 1) to allow custom scripts, if no such * markup is on the page to necessitate the loose level, then the effective level will be actually higher. * * @param Document $dom Document. * @return int Effective sandboxing level. */ public static function get_effective_level( Document $dom ) { if ( ValidationExemption::is_document_with_amp_unvalidated_nodes( $dom ) ) { return 1; } elseif ( ValidationExemption::is_document_with_px_verified_nodes( $dom ) ) { return 2; } else { return 3; } } /** * Remove required AMP markup if not used. * * @param Document $dom Document. * @param int $effective_sandboxing_level Effective sandboxing level. */ private function remove_required_amp_markup_if_not_used( Document $dom, $effective_sandboxing_level ) { if ( 3 === $effective_sandboxing_level ) { // When valid AMP is the target, don't remove the scripts since it won't be valid AMP. return; } if ( $dom->ampElements->length > 0 ) { return; } $amp_scripts = $dom->xpath->query( '//script[ @custom-element or @custom-template ]' ); if ( $amp_scripts->length > 0 ) { return; } // Remove runtime script(s). $runtime_scripts = $dom->xpath->query( '//script[ @async and @src and starts-with( @src, "https://cdn.ampproject.org/" ) and contains( @src, "v0" ) ]' ); foreach ( $runtime_scripts as $runtime_script ) { if ( $runtime_script instanceof Element ) { $runtime_script->parentNode->removeChild( $runtime_script ); } } // Remove runtime style. $runtime_style = $dom->xpath->query( './style[ @amp-runtime ]', $dom->head )->item( 0 ); if ( $runtime_style instanceof Element ) { $dom->head->removeChild( $runtime_style ); } // Remove preconnect link. $preconnect_link = $dom->xpath->query( './link[ @href = "https://cdn.ampproject.org" ]', $dom->head )->item( 0 ); if ( $preconnect_link instanceof Element ) { $dom->head->removeChild( $preconnect_link ); } } /** * Finalize document. * * @param Document $dom Document. * @param int $effective_sandboxing_level Effective sandboxing level. */ public function finalize_document( Document $dom, $effective_sandboxing_level ) { $actual_sandboxing_level = AMP_Options_Manager::get_option( Option::SANDBOXING_LEVEL ); $meta_generator = $dom->xpath->query( '/html/head/meta[ @name = "generator" and starts-with( @content, "AMP Plugin" ) ]/@content' )->item( 0 ); if ( $meta_generator instanceof DOMAttr ) { $meta_generator->nodeValue .= "; sandboxing-level={$actual_sandboxing_level}:{$effective_sandboxing_level}"; } $this->remove_required_amp_markup_if_not_used( $dom, $effective_sandboxing_level ); $amp_admin_bar_menu_item = $dom->xpath->query( '//div[ @id = "wpadminbar" ]//li[ @id = "wp-admin-bar-amp" ]' )->item( 0 ); if ( $amp_admin_bar_menu_item instanceof Element ) { switch ( $effective_sandboxing_level ) { case 1: $text = '1️⃣'; $title = __( 'Sandboxing level: Loose (1)', 'amp' ); break; case 2: $text = '2️⃣'; $title = __( 'Sandboxing level: Moderate (2)', 'amp' ); break; default: $text = '3️⃣'; $title = __( 'Sandboxing level: Strict (3)', 'amp' ); break; } $amp_link = $dom->xpath->query( './a', $amp_admin_bar_menu_item )->item( 0 ); if ( $amp_link instanceof Element ) { $span = $dom->createElement( Tag::SPAN ); $span->setAttribute( Attribute::TITLE, $title ); $span->textContent = $text; $amp_link->appendChild( $dom->createTextNode( ' ' ) ); $amp_link->appendChild( $span ); } $amp_submenu_ul = $dom->xpath->query( './div/ul[ @id = "wp-admin-bar-amp-default" ]', $amp_admin_bar_menu_item )->item( 0 ); if ( $amp_submenu_ul instanceof Element ) { $level_li = $dom->createElement( Tag::LI ); $level_li->setAttribute( Attribute::ID, 'wp-admin-bar-amp-sandboxing-level' ); $link = $dom->createElement( Tag::A ); $link->setAttribute( Attribute::CLASS_, 'ab-item' ); $link->textContent = $title; if ( current_user_can( 'manage_options' ) ) { $link->setAttribute( Attribute::HREF, add_query_arg( 'page', AMP_Options_Manager::OPTION_NAME, admin_url( 'admin.php' ) ) . '#sandboxing' ); } $level_li->appendChild( $link ); $amp_submenu_ul->appendChild( $level_li ); } } } }