Project-Pro/doitinpoland.com
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
doitinpoland.com/wp-content/plugins/autoptimize/classes/autoptimizeCriticalCSSSettingsAjax.php
Pyziak Jacek 3361a7f053 first commit
2023-09-12 21:41:04 +02:00

381 lines
14 KiB
PHP
Raw Permalink Blame History

<?php
/**
* Critical CSS settings AJAX logic.
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
class autoptimizeCriticalCSSSettingsAjax {
public function __construct()
{
// fetch all options at once and populate them individually explicitely as globals.
$all_options = autoptimizeCriticalCSSBase::fetch_options();
foreach ( $all_options as $_option => $_value ) {
global ${$_option};
${$_option} = $_value;
}
$this->run();
}
public function run() {
// add filters.
add_action( 'wp_ajax_fetch_critcss', array( $this, 'critcss_fetch_callback' ) );
add_action( 'wp_ajax_save_critcss', array( $this, 'critcss_save_callback' ) );
add_action( 'wp_ajax_rm_critcss', array( $this, 'critcss_rm_callback' ) );
add_action( 'wp_ajax_rm_critcss_all', array( $this, 'critcss_rm_all_callback' ) );
add_action( 'wp_ajax_ao_ccss_export', array( $this, 'ao_ccss_export_callback' ) );
add_action( 'wp_ajax_ao_ccss_import', array( $this, 'ao_ccss_import_callback' ) );
}
public function critcss_fetch_callback() {
// Ajax handler to obtain a critical CSS file from the filesystem.
// Check referer.
check_ajax_referer( 'fetch_critcss_nonce', 'critcss_fetch_nonce' );
// Initialize error flag.
$error = true;
// Allow no content for MANUAL rules (as they may not exist just yet).
if ( current_user_can( 'manage_options' ) && empty( $_POST['critcssfile'] ) ) {
$content = '';
$error = false;
} elseif ( current_user_can( 'manage_options' ) && $this->critcss_check_filename( $_POST['critcssfile'] ) ) {
// Or check user permissios and filename.
// Set file path and obtain its content.
$critcssfile = AO_CCSS_DIR . strip_tags( $_POST['critcssfile'] );
if ( file_exists( $critcssfile ) ) {
$content = file_get_contents( $critcssfile );
$error = false;
}
}
// Prepare response.
if ( $error ) {
$response['code'] = '500';
$response['string'] = 'Error reading file ' . $critcssfile . '.';
} else {
$response['code'] = '200';
$response['string'] = $content;
}
// Dispatch respose.
echo json_encode( $response );
// Close ajax request.
wp_die();
}
public function critcss_save_callback() {
$error = false;
$status = false;
$response = array();
// Ajax handler to write a critical CSS to the filesystem
// Check referer.
check_ajax_referer( 'save_critcss_nonce', 'critcss_save_nonce' );
// Allow empty contents for MANUAL rules (as they are fetched later).
if ( current_user_can( 'manage_options' ) && empty( $_POST['critcssfile'] ) ) {
$critcssfile = false;
$status = true;
} elseif ( current_user_can( 'manage_options' ) && $this->critcss_check_filename( $_POST['critcssfile'] ) ) {
// Or check user permissios and filename
// Set critical CSS content.
$critcsscontents = stripslashes( $_POST['critcsscontents'] );
// If there is content and it's valid, write the file.
if ( $critcsscontents && autoptimizeCriticalCSSCore::ao_ccss_check_contents( $critcsscontents ) ) {
// Set file path and status.
$critcssfile = AO_CCSS_DIR . strip_tags( $_POST['critcssfile'] );
$status = file_put_contents( $critcssfile, $critcsscontents, LOCK_EX );
// Or set as error.
} else {
$error = true;
}
// Or just set an error.
} else {
$error = true;
}
// Prepare response.
if ( ! $status || $error ) {
$response['code'] = '500';
$response['string'] = 'Error saving file ' . $critcssfile . '.';
} else {
$response['code'] = '200';
if ( $critcssfile ) {
$response['string'] = 'File ' . $critcssfile . ' saved.';
} else {
$response['string'] = 'Empty content do not need to be saved.';
}
}
// Dispatch respose.
echo json_encode( $response );
// Close ajax request.
wp_die();
}
public function critcss_rm_callback() {
// Ajax handler to delete a critical CSS from the filesystem
// Check referer.
check_ajax_referer( 'rm_critcss_nonce', 'critcss_rm_nonce' );
// Initialize error and status flags.
$error = true;
$status = false;
// Allow no file for MANUAL rules (as they may not exist just yet).
if ( current_user_can( 'manage_options' ) && empty( $_POST['critcssfile'] ) ) {
$error = false;
} elseif ( current_user_can( 'manage_options' ) && $this->critcss_check_filename( $_POST['critcssfile'] ) ) {
// Or check user permissios and filename
// Set file path and delete it.
$critcssfile = AO_CCSS_DIR . strip_tags( $_POST['critcssfile'] );
if ( file_exists( $critcssfile ) ) {
$status = unlink( $critcssfile );
$error = false;
}
}
// Prepare response.
if ( $error ) {
$response['code'] = '500';
$response['string'] = 'Error removing file ' . $critcssfile . '.';
} else {
$response['code'] = '200';
if ( $status ) {
$response['string'] = 'File ' . $critcssfile . ' removed.';
} else {
$response['string'] = 'No file to be removed.';
}
}
// Dispatch respose.
echo json_encode( $response );
// Close ajax request.
wp_die();
}
public function critcss_rm_all_callback() {
// Ajax handler to delete a critical CSS from the filesystem
// Check referer.
check_ajax_referer( 'rm_critcss_all_nonce', 'critcss_rm_all_nonce' );
// Initialize error and status flags.
$error = true;
$status = false;
// Remove all ccss files on filesystem.
if ( current_user_can( 'manage_options' ) ) {
if ( file_exists( AO_CCSS_DIR ) && is_dir( AO_CCSS_DIR ) ) {
array_map( 'unlink', glob( AO_CCSS_DIR . 'ccss_*.css', GLOB_BRACE ) );
$error = false;
$status = true;
}
}
// Prepare response.
if ( $error ) {
$response['code'] = '500';
$response['string'] = 'Error removing all critical CSS files.';
} else {
$response['code'] = '200';
if ( $status ) {
$response['string'] = 'Critical CSS Files removed.';
} else {
$response['string'] = 'No file removed.';
}
}
// Dispatch respose.
echo json_encode( $response );
// Close ajax request.
wp_die();
}
public function ao_ccss_export_callback() {
// Ajax handler export settings
// Check referer.
check_ajax_referer( 'ao_ccss_export_nonce', 'ao_ccss_export_nonce' );
if ( ! class_exists( 'ZipArchive' ) ) {
$response['code'] = '500';
$response['msg'] = 'PHP ZipArchive not present, cannot create zipfile';
echo json_encode( $response );
wp_die();
}
// Init array, get options and prepare the raw object.
$settings = array();
$settings['rules'] = get_option( 'autoptimize_ccss_rules' );
$settings['additional'] = get_option( 'autoptimize_ccss_additional' );
$settings['viewport'] = get_option( 'autoptimize_ccss_viewport' );
$settings['finclude'] = get_option( 'autoptimize_ccss_finclude' );
$settings['rtimelimit'] = get_option( 'autoptimize_ccss_rtimelimit' );
$settings['noptimize'] = get_option( 'autoptimize_ccss_noptimize' );
$settings['debug'] = get_option( 'autoptimize_ccss_debug' );
$settings['key'] = get_option( 'autoptimize_ccss_key' );
// Initialize error flag.
$error = true;
// Check user permissions.
if ( current_user_can( 'manage_options' ) ) {
// Prepare settings file path and content.
$exportfile = AO_CCSS_DIR . 'settings.json';
$contents = json_encode( $settings );
$status = file_put_contents( $exportfile, $contents, LOCK_EX );
$error = false;
}
// Prepare archive.
$zipfile = AO_CCSS_DIR . date( 'Ymd-H\hi' ) . '_ao_ccss_settings.zip';
$file = pathinfo( $zipfile, PATHINFO_BASENAME );
$zip = new ZipArchive();
$ret = $zip->open( $zipfile, ZipArchive::CREATE );
if ( true !== $ret ) {
$error = true;
} else {
$zip->addFile( AO_CCSS_DIR . 'settings.json', 'settings.json' );
if ( file_exists( AO_CCSS_DIR . 'queue.json' ) ) {
$zip->addFile( AO_CCSS_DIR . 'queue.json', 'queue.json' );
}
$options = array(
'add_path' => './',
'remove_all_path' => true,
);
$zip->addGlob( AO_CCSS_DIR . '*.css', 0, $options );
$zip->close();
}
// Prepare response.
if ( ! $status || $error ) {
$response['code'] = '500';
$response['msg'] = 'Error saving file ' . $file . ', code: ' . $ret;
} else {
$response['code'] = '200';
$response['msg'] = 'File ' . $file . ' saved.';
$response['file'] = $file;
}
// Dispatch respose.
echo json_encode( $response );
// Close ajax request.
wp_die();
}
public function ao_ccss_import_callback() {
// Ajax handler import settings
// Check referer.
check_ajax_referer( 'ao_ccss_import_nonce', 'ao_ccss_import_nonce' );
// Initialize error flag.
$error = false;
// Process an uploaded file with no errors.
if ( current_user_can( 'manage_options' ) && ! $_FILES['file']['error'] && $_FILES['file']['size'] < 500001 && strpos( $_FILES['file']['name'], '.zip' ) === strlen( $_FILES['file']['name'] ) - 4 ) {
// create tmp dir with hard guess name in AO_CCSS_DIR.
$_secret_dir = wp_hash( uniqid( md5( AUTOPTIMIZE_CACHE_URL ), true ) );
$_import_tmp_dir = trailingslashit( AO_CCSS_DIR . $_secret_dir );
mkdir( $_import_tmp_dir );
// Save file to that tmp directory but give it our own name to prevent directory traversal risks when using original name.
$zipfile = $_import_tmp_dir . uniqid( 'import_settings-', true ) . '.zip';
move_uploaded_file( $_FILES['file']['tmp_name'], $zipfile );
// Extract archive in the tmp directory.
$zip = new ZipArchive;
if ( $zip->open( $zipfile ) === true ) {
// loop through all files in the zipfile.
for ($i = 0; $i < $zip->numFiles; $i++) {
// but only extract known good files.
if ( preg_match('/^settings\.json$|^ccss_[a-z0-9]{32}\.css$/', $zip->getNameIndex( $i ) ) > 0 ) {
$zip->extractTo( AO_CCSS_DIR, $zip->getNameIndex( $i ) );
}
}
$zip->close();
} else {
$error = 'could not extract';
}
// and remove temp. dir with all contents (the import-zipfile).
$this->rrmdir( $_import_tmp_dir );
if ( ! $error ) {
// Archive extraction ok, continue importing settings from AO_CCSS_DIR.
// Settings file.
$importfile = AO_CCSS_DIR . 'settings.json';
if ( file_exists( $importfile ) ) {
// Get settings and turn them into an object.
$settings = json_decode( file_get_contents( $importfile ), true );
// Update options.
update_option( 'autoptimize_ccss_rules', $settings['rules'] );
update_option( 'autoptimize_ccss_additional', $settings['additional'] );
update_option( 'autoptimize_ccss_viewport', $settings['viewport'] );
update_option( 'autoptimize_ccss_finclude', $settings['finclude'] );
update_option( 'autoptimize_ccss_rtimelimit', $settings['rtimelimit'] );
update_option( 'autoptimize_ccss_noptimize', $settings['noptimize'] );
update_option( 'autoptimize_ccss_debug', $settings['debug'] );
update_option( 'autoptimize_ccss_key', $settings['key'] );
} else {
// Settings file doesn't exist, update error flag.
$error = 'settings file does not exist';
}
}
} else {
$error = 'file could not be saved';
}
// Prepare response.
if ( $error ) {
$response['code'] = '500';
$response['msg'] = 'Error importing settings: ' . $error;
} else {
$response['code'] = '200';
$response['msg'] = 'Settings imported successfully';
}
// Dispatch respose.
echo json_encode( $response );
// Close ajax request.
wp_die();
}
public function critcss_check_filename( $filename ) {
// Try to avoid directory traversal when reading/writing/deleting critical CSS files.
if ( strpos( $filename, 'ccss_' ) !== 0 ) {
return false;
} elseif ( substr( $filename, -4, 4 ) !== '.css' ) {
return false;
} elseif ( sanitize_file_name( $filename ) !== $filename ) {
// Use WordPress core's sanitize_file_name to see if anything fishy is going on.
return false;
} else {
return true;
}
}
public function rrmdir( $path ) {
// recursively remove a directory as found on
// https://andy-carter.com/blog/recursively-remove-a-directory-in-php.
$files = glob($path . '/*');
foreach ( $files as $file ) {
is_dir( $file ) ? $this->rrmdir( $file ) : unlink( $file );
}
rmdir( $path );
return;
}
}
Reference in New Issue View Git Blame Copy Permalink