abilities
1 month ago
newsletter-widget
2 days ago
subscribe-floating-button
2 months ago
subscribe-modal
2 months ago
subscribe-overlay
2 months ago
class-settings.php
1 year ago
jetpack-user-content-link-redirection.php
1 week ago
subscriptions.css
4 months ago
views.php
1 month ago
jetpack-user-content-link-redirection.php
78 lines
| 1 | <?php |
| 2 | /** |
| 3 | * User Content Link Redirection |
| 4 | * |
| 5 | * The purpose of this file is to track and redirect user content links in emails. |
| 6 | * This renders an iframe pointing to subscribe.wordpress.com which will track and |
| 7 | * return the destination url for the iframe parent to redirect to. |
| 8 | * |
| 9 | * @package automattic/jetpack |
| 10 | */ |
| 11 | |
| 12 | use Automattic\Jetpack\Connection\Manager as Connection_Manager; |
| 13 | |
| 14 | /** |
| 15 | * Render a page with an iframe to track and redirect user content links in emails. |
| 16 | * |
| 17 | * Hooked to the `init` action, this function renders a page with an iframe pointing to |
| 18 | * subscribe.wordpress.com to track and return the destination URL for redirection. |
| 19 | * |
| 20 | * Redirects to the site's home page if required parameters are missing. |
| 21 | * Returns a 400 error if the request's `blog_id` doesn't match the actual `blog_id`. |
| 22 | * |
| 23 | * @return never |
| 24 | */ |
| 25 | function jetpack_user_content_link_redirection() { |
| 26 | // phpcs:ignore WordPress.Security.NonceVerification.Recommended |
| 27 | if ( empty( $_SERVER['QUERY_STRING'] ) || empty( $_SERVER['HTTP_HOST'] ) || empty( $_GET['blog_id'] ) ) { |
| 28 | wp_safe_redirect( get_home_url() ); |
| 29 | exit( 0 ); |
| 30 | } |
| 31 | |
| 32 | // phpcs:ignore WordPress.Security.NonceVerification.Recommended |
| 33 | $request_blog_id = intval( sanitize_text_field( wp_unslash( $_GET['blog_id'] ) ) ); |
| 34 | $actual_blog_id = Connection_Manager::get_site_id( true ); |
| 35 | |
| 36 | if ( $actual_blog_id !== $request_blog_id ) { |
| 37 | wp_die( esc_html__( 'Invalid link.', 'jetpack' ), 400 ); |
| 38 | exit( 0 ); |
| 39 | } |
| 40 | |
| 41 | $query_params = sanitize_text_field( wp_unslash( $_SERVER['QUERY_STRING'] ) ); |
| 42 | $iframe_url = "https://subscribe.wordpress.com/?$query_params"; |
| 43 | |
| 44 | echo <<<'EOF' |
| 45 | <!DOCTYPE html> |
| 46 | <html> |
| 47 | <head> |
| 48 | <script> |
| 49 | let messageReceived = false; |
| 50 | window.addEventListener( 'message', function(event) { |
| 51 | if ( event.origin !== 'https://subscribe.wordpress.com' || messageReceived ) { |
| 52 | return; |
| 53 | } |
| 54 | if ( event.data.redirectUrl ) { |
| 55 | messageReceived = true; |
| 56 | window.location.href = event.data.redirectUrl; |
| 57 | } |
| 58 | } ); |
| 59 | </script> |
| 60 | </head> |
| 61 | <body> |
| 62 | EOF; |
| 63 | echo '<iframe id="user-content-link-redirection" hidden aria-hidden="true" tabindex="-1" width="0" height="0" style="display: none" src="' . esc_url( $iframe_url ) . '"></iframe>'; |
| 64 | echo <<<'EOF' |
| 65 | </body> |
| 66 | </html> |
| 67 | EOF; |
| 68 | exit( 0 ); |
| 69 | } |
| 70 | |
| 71 | // The WPCOM_USER_CONTENT_LINK_REDIRECTION flag prevents this redirection logic from running |
| 72 | // on Atomic in case we'd like to override the redirection logic on the Atomic end. |
| 73 | |
| 74 | // phpcs:ignore WordPress.Security.NonceVerification.Recommended |
| 75 | if ( ! defined( 'WPCOM_USER_CONTENT_LINK_REDIRECTION' ) && isset( $_GET['action'] ) && $_GET['action'] === 'user_content_redirect' ) { |
| 76 | add_action( 'init', 'jetpack_user_content_link_redirection' ); |
| 77 | } |
| 78 |