PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 4.9.0
WP STAGING – WordPress Backup, Restore, Migration & Clone v4.9.0
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Framework / Analytics / AnalyticsGenericEventHandler.php
wp-staging / Framework / Analytics Last commit date
Actions 1 week ago AnalyticsCleanup.php 4 years ago AnalyticsConsent.php 8 months ago AnalyticsEventDto.php 1 week ago AnalyticsEventWithTimeDto.php 8 months ago AnalyticsGenericEventHandler.php 1 month ago AnalyticsSender.php 8 months ago WithAnalyticsAPI.php 8 months ago WithAnalyticsSiteInfo.php 4 months ago
AnalyticsGenericEventHandler.php
90 lines
1 <?php
2
3 namespace WPStaging\Framework\Analytics;
4
5 use WPStaging\Framework\Analytics\Actions\AnalyticsGenericEvent;
6 use WPStaging\Framework\Security\Auth;
7 use WPStaging\Framework\Utils\Sanitize;
8
9 /**
10 * Handles the AJAX endpoint for logging generic analytics events
11 */
12 class AnalyticsGenericEventHandler
13 {
14 /** @var Auth */
15 private $auth;
16
17 /** @var Sanitize */
18 private $sanitize;
19
20 /** @var AnalyticsConsent */
21 private $analyticsConsent;
22
23 public function __construct(Auth $auth, Sanitize $sanitize, AnalyticsConsent $analyticsConsent)
24 {
25 $this->auth = $auth;
26 $this->sanitize = $sanitize;
27 $this->analyticsConsent = $analyticsConsent;
28 }
29
30 public function ajaxHandleGenericEvent()
31 {
32 if (!$this->auth->isAuthenticatedRequest()) {
33 wp_send_json_error(null, 401);
34 return;
35 }
36
37 $eventName = isset($_POST['event_name']) ? $this->sanitize->sanitizeString($_POST['event_name']) : '';
38 if ($eventName === '' || !preg_match('/^[a-zA-Z0-9_]{1,100}$/', $eventName)) {
39 wp_send_json_error(null, 400);
40 return;
41 }
42
43 $groupName = isset($_POST['group_name']) ? $this->sanitize->sanitizeString($_POST['group_name']) : '';
44 if ($groupName !== '' && !preg_match('/^[a-zA-Z0-9_]{1,100}$/', $groupName)) {
45 wp_send_json_error(null, 400);
46 return;
47 }
48
49 $custom = isset($_POST['custom']) ? $this->sanitizeCustomData($this->sanitize->sanitizeArrayString($_POST['custom'])) : [];
50
51 // Do not persist events when consent is missing to avoid unbounded queue growth.
52 if (!$this->analyticsConsent->hasUserConsent()) {
53 wp_send_json_success();
54 return;
55 }
56
57 AnalyticsGenericEvent::logEvent($eventName, $groupName, $custom);
58
59 wp_send_json_success();
60 }
61
62 /**
63 * @param array $data
64 * @return array<string, string>
65 */
66 private function sanitizeCustomData(array $data): array
67 {
68 $sanitized = [];
69
70 // Hard cap processed payload size to keep this endpoint lightweight.
71 $data = array_slice($data, 0, 20, true);
72
73 foreach ($data as $key => $value) {
74 if (!is_scalar($value)) {
75 continue;
76 }
77
78 $key = mb_substr((string)$key, 0, 100);
79 $key = $this->sanitize->sanitizeString($key);
80 if ($key === '') {
81 continue;
82 }
83
84 $sanitized[$key] = mb_substr($this->sanitize->sanitizeString((string)$value), 0, 500);
85 }
86
87 return $sanitized;
88 }
89 }
90