Actions
1 month ago
AnalyticsCleanup.php
4 years ago
AnalyticsConsent.php
8 months ago
AnalyticsEventDto.php
2 years ago
AnalyticsEventWithTimeDto.php
8 months ago
AnalyticsGenericEventHandler.php
1 month ago
AnalyticsSender.php
8 months ago
WithAnalyticsAPI.php
8 months ago
WithAnalyticsSiteInfo.php
4 months ago
AnalyticsGenericEventHandler.php
90 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Framework\Analytics; |
| 4 | |
| 5 | use WPStaging\Framework\Analytics\Actions\AnalyticsGenericEvent; |
| 6 | use WPStaging\Framework\Security\Auth; |
| 7 | use WPStaging\Framework\Utils\Sanitize; |
| 8 | |
| 9 | /** |
| 10 | * Handles the AJAX endpoint for logging generic analytics events |
| 11 | */ |
| 12 | class AnalyticsGenericEventHandler |
| 13 | { |
| 14 | /** @var Auth */ |
| 15 | private $auth; |
| 16 | |
| 17 | /** @var Sanitize */ |
| 18 | private $sanitize; |
| 19 | |
| 20 | /** @var AnalyticsConsent */ |
| 21 | private $analyticsConsent; |
| 22 | |
| 23 | public function __construct(Auth $auth, Sanitize $sanitize, AnalyticsConsent $analyticsConsent) |
| 24 | { |
| 25 | $this->auth = $auth; |
| 26 | $this->sanitize = $sanitize; |
| 27 | $this->analyticsConsent = $analyticsConsent; |
| 28 | } |
| 29 | |
| 30 | public function ajaxHandleGenericEvent() |
| 31 | { |
| 32 | if (!$this->auth->isAuthenticatedRequest()) { |
| 33 | wp_send_json_error(null, 401); |
| 34 | return; |
| 35 | } |
| 36 | |
| 37 | $eventName = isset($_POST['event_name']) ? $this->sanitize->sanitizeString($_POST['event_name']) : ''; |
| 38 | if ($eventName === '' || !preg_match('/^[a-zA-Z0-9_]{1,100}$/', $eventName)) { |
| 39 | wp_send_json_error(null, 400); |
| 40 | return; |
| 41 | } |
| 42 | |
| 43 | $groupName = isset($_POST['group_name']) ? $this->sanitize->sanitizeString($_POST['group_name']) : ''; |
| 44 | if ($groupName !== '' && !preg_match('/^[a-zA-Z0-9_]{1,100}$/', $groupName)) { |
| 45 | wp_send_json_error(null, 400); |
| 46 | return; |
| 47 | } |
| 48 | |
| 49 | $custom = isset($_POST['custom']) ? $this->sanitizeCustomData($this->sanitize->sanitizeArrayString($_POST['custom'])) : []; |
| 50 | |
| 51 | // Do not persist events when consent is missing to avoid unbounded queue growth. |
| 52 | if (!$this->analyticsConsent->hasUserConsent()) { |
| 53 | wp_send_json_success(); |
| 54 | return; |
| 55 | } |
| 56 | |
| 57 | AnalyticsGenericEvent::logEvent($eventName, $groupName, $custom); |
| 58 | |
| 59 | wp_send_json_success(); |
| 60 | } |
| 61 | |
| 62 | /** |
| 63 | * @param array $data |
| 64 | * @return array<string, string> |
| 65 | */ |
| 66 | private function sanitizeCustomData(array $data): array |
| 67 | { |
| 68 | $sanitized = []; |
| 69 | |
| 70 | // Hard cap processed payload size to keep this endpoint lightweight. |
| 71 | $data = array_slice($data, 0, 20, true); |
| 72 | |
| 73 | foreach ($data as $key => $value) { |
| 74 | if (!is_scalar($value)) { |
| 75 | continue; |
| 76 | } |
| 77 | |
| 78 | $key = mb_substr((string)$key, 0, 100); |
| 79 | $key = $this->sanitize->sanitizeString($key); |
| 80 | if ($key === '') { |
| 81 | continue; |
| 82 | } |
| 83 | |
| 84 | $sanitized[$key] = mb_substr($this->sanitize->sanitizeString((string)$value), 0, 500); |
| 85 | } |
| 86 | |
| 87 | return $sanitized; |
| 88 | } |
| 89 | } |
| 90 |