vary.cls.php — LiteSpeed Cache 6.5.4

litespeed-cache / src / vary.cls.php

litespeed-cache / src Last commit date

vary.cls.php

760 lines

1	<?php
2
3	/**
4	* The plugin vary class to manage X-LiteSpeed-Vary
5	*
6	* @since 1.1.3
7	*/
8
9	namespace LiteSpeed;
10
11	defined('WPINC') \|\| exit();
12
13	class Vary extends Root
14	{
15	const X_HEADER = 'X-LiteSpeed-Vary';
16
17	private static $_vary_name = '_lscache_vary'; // this default vary cookie is used for logged in status check
18	private static $_can_change_vary = false; // Currently only AJAX used this
19
20	/**
21	* Adds the actions used for setting up cookies on log in/out.
22	*
23	* Also checks if the database matches the rewrite rule.
24	*
25	* @since 1.0.4
26	*/
27	public function init()
28	{
29	$this->_update_vary_name();
30	}
31
32	/**
33	* Update the default vary name if changed
34	*
35	* @since 4.0
36	*/
37	private function _update_vary_name()
38	{
39	$db_cookie = $this->conf(Base::O_CACHE_LOGIN_COOKIE); // [3.0] todo: check if works in network's sites
40
41	// If no vary set in rewrite rule
42	if (!isset($_SERVER['LSCACHE_VARY_COOKIE'])) {
43	if ($db_cookie) {
44	// Display cookie error msg to admin
45	if (is_multisite() ? is_network_admin() : is_admin()) {
46	Admin_Display::show_error_cookie();
47	}
48	Control::set_nocache('vary cookie setting error');
49	return;
50	}
51	return;
52	}
53	// If db setting does not exist, skip checking db value
54	if (!$db_cookie) {
55	return;
56	}
57
58	// beyond this point, need to make sure db vary setting is in $_SERVER env.
59	$vary_arr = explode(',', $_SERVER['LSCACHE_VARY_COOKIE']);
60
61	if (in_array($db_cookie, $vary_arr)) {
62	self::$_vary_name = $db_cookie;
63	return;
64	}
65
66	if (is_multisite() ? is_network_admin() : is_admin()) {
67	Admin_Display::show_error_cookie();
68	}
69	Control::set_nocache('vary cookie setting lost error');
70	}
71
72	/**
73	* Hooks after user init
74	*
75	* @since 4.0
76	*/
77	public function after_user_init()
78	{
79	// logged in user
80	if (Router::is_logged_in()) {
81	// If not esi, check cache logged-in user setting
82	if (!$this->cls('Router')->esi_enabled()) {
83	// If cache logged-in, then init cacheable to private
84	if ($this->conf(Base::O_CACHE_PRIV)) {
85	add_action('wp_logout', __NAMESPACE__ . '\Purge::purge_on_logout');
86
87	$this->cls('Control')->init_cacheable();
88	Control::set_private('logged in user');
89	}
90	// No cache for logged-in user
91	else {
92	Control::set_nocache('logged in user');
93	}
94	}
95	// ESI is on, can be public cache
96	else {
97	// Need to make sure vary is using group id
98	$this->cls('Control')->init_cacheable();
99	}
100
101	// register logout hook to clear login status
102	add_action('clear_auth_cookie', array($this, 'remove_logged_in'));
103	} else {
104	// Only after vary init, can detect if is Guest mode or not
105	$this->_maybe_guest_mode();
106
107	// Set vary cookie for logging in user, otherwise the user will hit public with vary=0 (guest version)
108	add_action('set_logged_in_cookie', array($this, 'add_logged_in'), 10, 4);
109	add_action('wp_login', __NAMESPACE__ . '\Purge::purge_on_logout');
110
111	$this->cls('Control')->init_cacheable();
112
113	// Check `login page` cacheable setting because they don't go through main WP logic
114	add_action('login_init', array($this->cls('Tag'), 'check_login_cacheable'), 5);
115
116	if (!empty($_GET['litespeed_guest'])) {
117	add_action('wp_loaded', array($this, 'update_guest_vary'), 20);
118	}
119	}
120
121	// Add comment list ESI
122	add_filter('comments_array', array($this, 'check_commenter'));
123
124	// Set vary cookie for commenter.
125	add_action('set_comment_cookies', array($this, 'append_commenter'));
126
127	/**
128	* Don't change for REST call because they don't carry on user info usually
129	* @since 1.6.7
130	*/
131	add_action('rest_api_init', function () {
132	// this hook is fired in `init` hook
133	Debug2::debug('[Vary] Rest API init disabled vary change');
134	add_filter('litespeed_can_change_vary', '__return_false');
135	});
136	}
137
138	/**
139	* Check if is Guest mode or not
140	*
141	* @since 4.0
142	*/
143	private function _maybe_guest_mode()
144	{
145	if (defined('LITESPEED_GUEST')) {
146	Debug2::debug('[Vary] 👒👒 Guest mode ' . (LITESPEED_GUEST ? 'predefined' : 'turned off'));
147	return;
148	}
149
150	if (!$this->conf(Base::O_GUEST)) {
151	return;
152	}
153
154	// If vary is set, then not a guest
155	if (self::has_vary()) {
156	return;
157	}
158
159	// If has admin QS, then no guest
160	if (!empty($_GET[Router::ACTION])) {
161	return;
162	}
163
164	if (defined('DOING_AJAX')) {
165	return;
166	}
167
168	if (defined('DOING_CRON')) {
169	return;
170	}
171
172	// If is the request to update vary, then no guest
173	// Don't need anymore as it is always ajax call
174	// Still keep it in case some WP blocked the lightweight guest vary update script, WP can still update the vary
175	if (!empty($_GET['litespeed_guest'])) {
176	return;
177	}
178
179	/* @ref https://wordpress.org/support/topic/checkout-add-to-cart-executed-twice/ */
180	if (!empty($_GET['litespeed_guest_off'])) {
181	return;
182	}
183
184	Debug2::debug('[Vary] 👒👒 Guest mode');
185
186	!defined('LITESPEED_GUEST') && define('LITESPEED_GUEST', true);
187
188	if ($this->conf(Base::O_GUEST_OPTM)) {
189	!defined('LITESPEED_GUEST_OPTM') && define('LITESPEED_GUEST_OPTM', true);
190	}
191	}
192
193	/**
194	* Update Guest vary
195	*
196	* @since 4.0
197	* @deprecated 4.1 Use independent lightweight guest.vary.php as a replacement
198	*/
199	public function update_guest_vary()
200	{
201	// This process must not be cached
202	!defined('LSCACHE_NO_CACHE') && define('LSCACHE_NO_CACHE', true);
203
204	$_guest = new Lib\Guest();
205	if ($_guest->always_guest() \|\| self::has_vary()) {
206	// If contains vary already, don't reload to avoid infinite loop when parent page having browser cache
207	!defined('LITESPEED_GUEST') && define('LITESPEED_GUEST', true); // Reuse this const to bypass set vary in vary finalize
208	Debug2::debug('[Vary] 🤠🤠 Guest');
209	echo '[]';
210	exit();
211	}
212
213	Debug2::debug('[Vary] Will update guest vary in finalize');
214
215	// return json
216	echo \json_encode(array('reload' => 'yes'));
217	exit();
218	}
219
220	/**
221	* Hooked to the comments_array filter.
222	*
223	* Check if the user accessing the page has the commenter cookie.
224	*
225	* If the user does not want to cache commenters, just check if user is commenter.
226	* Otherwise if the vary cookie is set, unset it. This is so that when the page is cached, the page will appear as if the user was a normal user.
227	* Normal user is defined as not a logged in user and not a commenter.
228	*
229	* @since 1.0.4
230	* @access public
231	* @global type $post
232	* @param array $comments The current comments to output
233	* @return array The comments to output.
234	*/
235	public function check_commenter($comments)
236	{
237	/**
238	* Hook to bypass pending comment check for comment related plugins compatibility
239	* @since 2.9.5
240	*/
241	if (apply_filters('litespeed_vary_check_commenter_pending', true)) {
242	$pending = false;
243	foreach ($comments as $comment) {
244	if (!$comment->comment_approved) {
245	// current user has pending comment
246	$pending = true;
247	break;
248	}
249	}
250
251	// No pending comments, don't need to add private cache
252	if (!$pending) {
253	Debug2::debug('[Vary] No pending comment');
254	$this->remove_commenter();
255
256	// Remove commenter prefilled info if exists, for public cache
257	foreach ($_COOKIE as $cookie_name => $cookie_value) {
258	if (strlen($cookie_name) >= 15 && strpos($cookie_name, 'comment_author_') === 0) {
259	unset($_COOKIE[$cookie_name]);
260	}
261	}
262
263	return $comments;
264	}
265	}
266
267	// Current user/visitor has pending comments
268	// set vary=2 for next time vary lookup
269	$this->add_commenter();
270
271	if ($this->conf(Base::O_CACHE_COMMENTER)) {
272	Control::set_private('existing commenter');
273	} else {
274	Control::set_nocache('existing commenter');
275	}
276
277	return $comments;
278	}
279
280	/**
281	* Check if default vary has a value
282	*
283	* @since 1.1.3
284	* @access public
285	*/
286	public static function has_vary()
287	{
288	if (empty($_COOKIE[self::$_vary_name])) {
289	return false;
290	}
291	return $_COOKIE[self::$_vary_name];
292	}
293
294	/**
295	* Append user status with logged in
296	*
297	* @since 1.1.3
298	* @since 1.6.2 Removed static referral
299	* @access public
300	*/
301	public function add_logged_in($logged_in_cookie = false, $expire = false, $expiration = false, $uid = false)
302	{
303	Debug2::debug('[Vary] add_logged_in');
304
305	/**
306	* NOTE: Run before `$this->_update_default_vary()` to make vary changeable
307	* @since 2.2.2
308	*/
309	self::can_ajax_vary();
310
311	// If the cookie is lost somehow, set it
312	$this->_update_default_vary($uid, $expire);
313	}
314
315	/**
316	* Remove user logged in status
317	*
318	* @since 1.1.3
319	* @since 1.6.2 Removed static referral
320	* @access public
321	*/
322	public function remove_logged_in()
323	{
324	Debug2::debug('[Vary] remove_logged_in');
325
326	/**
327	* NOTE: Run before `$this->_update_default_vary()` to make vary changeable
328	* @since 2.2.2
329	*/
330	self::can_ajax_vary();
331
332	// Force update vary to remove login status
333	$this->_update_default_vary(-1);
334	}
335
336	/**
337	* Allow vary can be changed for ajax calls
338	*
339	* @since 2.2.2
340	* @since 2.6 Changed to static
341	* @access public
342	*/
343	public static function can_ajax_vary()
344	{
345	Debug2::debug('[Vary] _can_change_vary -> true');
346	self::$_can_change_vary = true;
347	}
348
349	/**
350	* Check if can change default vary
351	*
352	* @since 1.6.2
353	* @access private
354	*/
355	private function can_change_vary()
356	{
357	// Don't change for ajax due to ajax not sending webp header
358	if (Router::is_ajax()) {
359	if (!self::$_can_change_vary) {
360	Debug2::debug('[Vary] can_change_vary bypassed due to ajax call');
361	return false;
362	}
363	}
364
365	/**
366	* POST request can set vary to fix #820789 login "loop" guest cache issue
367	* @since 1.6.5
368	*/
369	if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'POST') {
370	Debug2::debug('[Vary] can_change_vary bypassed due to method not get/post');
371	return false;
372	}
373
374	/**
375	* Disable vary change if is from crawler
376	* @since 2.9.8 To enable woocommerce cart not empty warm up (@Taba)
377	*/
378	if (!empty($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], Crawler::FAST_USER_AGENT) === 0) {
379	Debug2::debug('[Vary] can_change_vary bypassed due to crawler');
380	return false;
381	}
382
383	if (!apply_filters('litespeed_can_change_vary', true)) {
384	Debug2::debug('[Vary] can_change_vary bypassed due to litespeed_can_change_vary hook');
385	return false;
386	}
387
388	return true;
389	}
390
391	/**
392	* Update default vary
393	*
394	* @since 1.6.2
395	* @since 1.6.6.1 Add ran check to make it only run once ( No run multiple times due to login process doesn't have valid uid )
396	* @access private
397	*/
398	private function _update_default_vary($uid = false, $expire = false)
399	{
400	// Make sure header output only run once
401	if (!defined('LITESPEED_DID_' . __FUNCTION__)) {
402	define('LITESPEED_DID_' . __FUNCTION__, true);
403	} else {
404	Debug2::debug2('[Vary] _update_default_vary bypassed due to run already');
405	return;
406	}
407
408	// If the cookie is lost somehow, set it
409	$vary = $this->finalize_default_vary($uid);
410	$current_vary = self::has_vary();
411	if ($current_vary !== $vary && $current_vary !== 'commenter' && $this->can_change_vary()) {
412	// $_COOKIE[ self::$_vary_name ] = $vary; // not needed
413
414	// save it
415	if (!$expire) {
416	$expire = time() + 2 * DAY_IN_SECONDS;
417	}
418	$this->_cookie($vary, $expire);
419	Debug2::debug("[Vary] set_cookie ---> $vary");
420	// Control::set_nocache( 'changing default vary' . " $current_vary => $vary" );
421	}
422	}
423
424	/**
425	* Get vary name
426	*
427	* @since 1.9.1
428	* @access public
429	*/
430	public function get_vary_name()
431	{
432	return self::$_vary_name;
433	}
434
435	/**
436	* Check if one user role is in vary group settings
437	*
438	* @since 1.2.0
439	* @since 3.0 Moved here from conf.cls
440	* @access public
441	* @param string $role The user role
442	* @return int The set value if already set
443	*/
444	public function in_vary_group($role)
445	{
446	$group = 0;
447	$vary_groups = $this->conf(Base::O_CACHE_VARY_GROUP);
448
449	$roles = explode(',', $role);
450	if ($found = array_intersect($roles, array_keys($vary_groups))) {
451	$groups = array();
452	foreach ($found as $curr_role) {
453	$groups[] = $vary_groups[$curr_role];
454	}
455	$group = implode(',', array_unique($groups));
456	} elseif (in_array('administrator', $roles)) {
457	$group = 99;
458	}
459
460	if ($group) {
461	Debug2::debug2('[Vary] role in vary_group [group] ' . $group);
462	}
463
464	return $group;
465	}
466
467	/**
468	* Finalize default Vary Cookie
469	*
470	* Get user vary tag based on admin_bar & role
471	*
472	* NOTE: Login process will also call this because it does not call wp hook as normal page loading
473	*
474	* @since 1.6.2
475	* @access public
476	*/
477	public function finalize_default_vary($uid = false)
478	{
479	// Must check this to bypass vary generation for guests
480	// Must check this to avoid Guest page's CSS/JS/CCSS/UCSS get non-guest vary filename
481	if (defined('LITESPEED_GUEST') && LITESPEED_GUEST) {
482	return false;
483	}
484
485	$vary = array();
486
487	if ($this->conf(Base::O_GUEST)) {
488	$vary['guest_mode'] = 1;
489	}
490
491	if (!$uid) {
492	$uid = get_current_user_id();
493	} else {
494	Debug2::debug('[Vary] uid: ' . $uid);
495	}
496
497	// get user's group id
498	$role = Router::get_role($uid);
499
500	if ($uid > 0 && $role) {
501	$vary['logged-in'] = 1;
502
503	// parse role group from settings
504	if ($role_group = $this->in_vary_group($role)) {
505	$vary['role'] = $role_group;
506	}
507
508	// Get admin bar set
509	// see @_get_admin_bar_pref()
510	$pref = get_user_option('show_admin_bar_front', $uid);
511	Debug2::debug2('[Vary] show_admin_bar_front: ' . $pref);
512	$admin_bar = $pref === false \|\| $pref === 'true';
513
514	if ($admin_bar) {
515	$vary['admin_bar'] = 1;
516	Debug2::debug2('[Vary] admin bar : true');
517	}
518	} else {
519	// Guest user
520	Debug2::debug('[Vary] role id: failed, guest');
521	}
522
523	/**
524	* Add filter
525	* @since 1.6 Added for Role Excludes for optimization cls
526	* @since 1.6.2 Hooked to webp (checked in v4, no webp anymore)
527	* @since 3.0 Used by 3rd hooks too
528	*/
529	$vary = apply_filters('litespeed_vary', $vary);
530
531	if (!$vary) {
532	return false;
533	}
534
535	ksort($vary);
536	$res = array();
537	foreach ($vary as $key => $val) {
538	$res[] = $key . ':' . $val;
539	}
540
541	$res = implode(';', $res);
542	if (defined('LSCWP_LOG')) {
543	return $res;
544	}
545	// Encrypt in production
546	return md5($this->conf(Base::HASH) . $res);
547	}
548
549	/**
550	* Get the hash of all vary related values
551	*
552	* @since 4.0
553	*/
554	public function finalize_full_varies()
555	{
556	$vary = $this->_finalize_curr_vary_cookies(true);
557	$vary .= $this->finalize_default_vary(get_current_user_id());
558	$vary .= $this->get_env_vary();
559	return $vary;
560	}
561
562	/**
563	* Get request environment Vary
564	*
565	* @since 4.0
566	*/
567	public function get_env_vary()
568	{
569	$env_vary = isset($_SERVER['LSCACHE_VARY_VALUE']) ? $_SERVER['LSCACHE_VARY_VALUE'] : false;
570	if (!$env_vary) {
571	$env_vary = isset($_SERVER['HTTP_X_LSCACHE_VARY_VALUE']) ? $_SERVER['HTTP_X_LSCACHE_VARY_VALUE'] : false;
572	}
573	return $env_vary;
574	}
575
576	/**
577	* Append user status with commenter
578	*
579	* This is ONLY used when submit a comment
580	*
581	* @since 1.1.6
582	* @access public
583	*/
584	public function append_commenter()
585	{
586	$this->add_commenter(true);
587	}
588
589	/**
590	* Correct user status with commenter
591	*
592	* @since 1.1.3
593	* @access private
594	* @param boolean $from_redirect If the request is from redirect page or not
595	*/
596	private function add_commenter($from_redirect = false)
597	{
598	// If the cookie is lost somehow, set it
599	if (self::has_vary() !== 'commenter') {
600	Debug2::debug('[Vary] Add commenter');
601	// $_COOKIE[ self::$_vary_name ] = 'commenter'; // not needed
602
603	// save it
604	// only set commenter status for current domain path
605	$this->_cookie('commenter', time() + apply_filters('comment_cookie_lifetime', 30000000), self::_relative_path($from_redirect));
606	// Control::set_nocache( 'adding commenter status' );
607	}
608	}
609
610	/**
611	* Remove user commenter status
612	*
613	* @since 1.1.3
614	* @access private
615	*/
616	private function remove_commenter()
617	{
618	if (self::has_vary() === 'commenter') {
619	Debug2::debug('[Vary] Remove commenter');
620	// remove logged in status from global var
621	// unset( $_COOKIE[ self::$_vary_name ] ); // not needed
622
623	// save it
624	$this->_cookie(false, false, self::_relative_path());
625	// Control::set_nocache( 'removing commenter status' );
626	}
627	}
628
629	/**
630	* Generate relative path for cookie
631	*
632	* @since 1.1.3
633	* @access private
634	* @param boolean $from_redirect If the request is from redirect page or not
635	*/
636	private static function _relative_path($from_redirect = false)
637	{
638	$path = false;
639	$tag = $from_redirect ? 'HTTP_REFERER' : 'SCRIPT_URL';
640	if (!empty($_SERVER[$tag])) {
641	$path = parse_url($_SERVER[$tag]);
642	$path = !empty($path['path']) ? $path['path'] : false;
643	Debug2::debug('[Vary] Cookie Vary path: ' . $path);
644	}
645	return $path;
646	}
647
648	/**
649	* Builds the vary header.
650	*
651	* NOTE: Non caccheable page can still set vary ( for logged in process )
652	*
653	* Currently, this only checks post passwords and 3rd party.
654	*
655	* @since 1.0.13
656	* @access public
657	* @global $post
658	* @return mixed false if the user has the postpass cookie. Empty string if the post is not password protected. Vary header otherwise.
659	*/
660	public function finalize()
661	{
662	// Finalize default vary
663	if (!defined('LITESPEED_GUEST') \|\| !LITESPEED_GUEST) {
664	$this->_update_default_vary();
665	}
666
667	$tp_cookies = $this->_finalize_curr_vary_cookies();
668
669	if (!$tp_cookies) {
670	Debug2::debug2('[Vary] no custimzed vary');
671	return;
672	}
673
674	return self::X_HEADER . ': ' . implode(',', $tp_cookies);
675	}
676
677	/**
678	* Gets vary cookies or their values unique hash that are already added for the current page.
679	*
680	* @since 1.0.13
681	* @access private
682	* @return array List of all vary cookies currently added.
683	*/
684	private function _finalize_curr_vary_cookies($values_json = false)
685	{
686	global $post;
687
688	$cookies = array(); // No need to append default vary cookie name
689
690	if (!empty($post->post_password)) {
691	$postpass_key = 'wp-postpass_' . COOKIEHASH;
692	if ($this->_get_cookie_val($postpass_key)) {
693	Debug2::debug('[Vary] finalize bypassed due to password protected vary ');
694	// If user has password cookie, do not cache & ignore existing vary cookies
695	Control::set_nocache('password protected vary');
696	return false;
697	}
698
699	$cookies[] = $values_json ? $this->_get_cookie_val($postpass_key) : $postpass_key;
700	}
701
702	$cookies = apply_filters('litespeed_vary_curr_cookies', $cookies);
703	if ($cookies) {
704	$cookies = array_filter(array_unique($cookies));
705	Debug2::debug('[Vary] vary cookies changed by filter litespeed_vary_curr_cookies', $cookies);
706	}
707
708	if (!$cookies) {
709	return false;
710	}
711	// Format cookie name data or value data
712	sort($cookies); // This is to maintain the cookie val orders for $values_json=true case.
713	foreach ($cookies as $k => $v) {
714	$cookies[$k] = $values_json ? $this->_get_cookie_val($v) : 'cookie=' . $v;
715	}
716
717	return $values_json ? \json_encode($cookies) : $cookies;
718	}
719
720	/**
721	* Get one vary cookie value
722	*
723	* @since 4.0
724	*/
725	private function _get_cookie_val($key)
726	{
727	if (!empty($_COOKIE[$key])) {
728	return $_COOKIE[$key];
729	}
730
731	return false;
732	}
733
734	/**
735	* Set the vary cookie.
736	*
737	* If vary cookie changed, must set non cacheable.
738	*
739	* @since 1.0.4
740	* @access private
741	* @param integer $val The value to update.
742	* @param integer $expire Expire time.
743	* @param boolean $path False if use wp root path as cookie path
744	*/
745	private function _cookie($val = false, $expire = false, $path = false)
746	{
747	if (!$val) {
748	$expire = 1;
749	}
750
751	/**
752	* Add HTTPS bypass in case clients use both HTTP and HTTPS version of site
753	* @since 1.7
754	*/
755	$is_ssl = $this->conf(Base::O_UTIL_NO_HTTPS_VARY) ? false : is_ssl();
756
757	setcookie(self::$_vary_name, $val, $expire, $path ?: COOKIEPATH, COOKIE_DOMAIN, $is_ssl, true);
758	}
759	}
760