Changeset 1714477
- Timestamp:
- 08/17/2017 06:32:47 AM (9 years ago)
- Location:
- amp/trunk
- Files:
-
- 4 edited
-
amp.php (modified) (2 diffs)
-
includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php (modified) (5 diffs)
-
includes/utils/class-amp-image-dimension-extractor.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
amp/trunk/amp.php
r1708734 r1714477 6 6 * Author: Automattic 7 7 * Author URI: https://automattic.com 8 * Version: 0.5 8 * Version: 0.5.1 9 9 * Text Domain: amp 10 10 * Domain Path: /languages/ … … 14 14 define( 'AMP__FILE__', __FILE__ ); 15 15 define( 'AMP__DIR__', dirname( __FILE__ ) ); 16 define( 'AMP__VERSION', '0.5 ' );16 define( 'AMP__VERSION', '0.5.1' ); 17 17 18 18 require_once( AMP__DIR__ . '/back-compat/back-compat.php' ); -
amp/trunk/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
r1708734 r1714477 84 84 // Remove nodes with non-whitelisted tags. 85 85 if ( ! $this->is_amp_allowed_tag( $node ) ) { 86 87 86 // If it's not an allowed tag, replace the node with it's children 88 87 $this->replace_node_with_children( $node ); … … 110 109 111 110 // The remaining validations all have to do with attributes. 112 if ( $node->hasAttributes() ) { 113 $attr_spec_list = array(); 114 115 // If we have exactly one rule_spec, use it's attr_spec_list to 116 // validate the node's attributes. 117 if ( 1 == count( $rule_spec_list_to_validate ) ) { 118 $rule_spec = array_pop( $rule_spec_list_to_validate ); 119 $attr_spec_list = $rule_spec[AMP_Rule_Spec::ATTR_SPEC_LIST]; 120 111 $attr_spec_list = array(); 112 113 // If we have exactly one rule_spec, use it's attr_spec_list to 114 // validate the node's attributes. 115 if ( 1 == count( $rule_spec_list_to_validate ) ) { 116 $rule_spec = array_pop( $rule_spec_list_to_validate ); 117 $attr_spec_list = $rule_spec[AMP_Rule_Spec::ATTR_SPEC_LIST]; 118 } else { 121 119 // If there is more than one valid rule_spec for this node, then 122 120 // try to deduce which one is intended by inspecting the node's 123 121 // attributes. 122 123 // Get a score from each attr_spec_list by seeing how many 124 // attributes and values match the node. 125 $attr_spec_scores = array(); 126 foreach ( $rule_spec_list_to_validate as $spec_id => $rule_spec ) { 127 $attr_spec_scores[ $spec_id ] = $this->validate_attr_spec_list_for_node( $node, $rule_spec[AMP_Rule_Spec::ATTR_SPEC_LIST] ); 128 } 129 130 // Get the key(s) to the highest score(s). 131 $spec_ids_sorted = array_keys( $attr_spec_scores, max( $attr_spec_scores ) ); 132 133 // If there is exactly one attr_spec with a max score, use that one. 134 if ( 1 == count( $spec_ids_sorted ) ) { 135 $attr_spec_list = $rule_spec_list_to_validate[ $spec_ids_sorted[0] ][AMP_Rule_Spec::ATTR_SPEC_LIST]; 136 // Otherwise... 124 137 } else { 125 126 // Get a score from each attr_spec_list by seeing how many 127 // attributes and values match the node. 128 $attr_spec_scores = array(); 129 foreach ( $rule_spec_list_to_validate as $spec_id => $rule_spec ) { 130 $attr_spec_scores[ $spec_id ] = $this->validate_attr_spec_list_for_node( $node, $rule_spec[AMP_Rule_Spec::ATTR_SPEC_LIST] ); 131 } 132 133 // Get the key(s) to the highest score(s). 134 $spec_ids_sorted = array_keys( $attr_spec_scores, max( $attr_spec_scores ) ); 135 136 // If there is exactly one attr_spec with a max score, use that one. 137 if ( 1 == count( $spec_ids_sorted ) ) { 138 $attr_spec_list = $rule_spec_list_to_validate[ $spec_ids_sorted[0] ][AMP_Rule_Spec::ATTR_SPEC_LIST]; 139 140 // Otherwise... 141 } else { 142 // This shoud not happen very often, but... 143 // If we're here, then we have no idea which spec should 144 // be used. Try to merge the top scoring ones and cross 145 // your fingers. 146 foreach( $spec_ids_sorted as $id ) { 147 $attr_spec_list = array_merge( $attr_spec_list, $rule_spec_list_to_validate[ $id ][AMP_Rule_Spec::ATTR_SPEC_LIST] ); 148 } 149 } 150 } 151 152 // Remove any remaining disallowed attributes. 153 $this->sanitize_disallowed_attributes_in_node( $node, $attr_spec_list ); 154 155 // Remove values that don't conform to the attr_spec. 156 $this->sanitize_disallowed_attribute_values_in_node( $node, $attr_spec_list ); 157 } 138 // This should not happen very often, but... 139 // If we're here, then we're not sure which spec should 140 // be used. Let's use the top scoring ones. 141 foreach( $spec_ids_sorted as $id ) { 142 $attr_spec_list = array_merge( $attr_spec_list, $rule_spec_list_to_validate[ $id ][AMP_Rule_Spec::ATTR_SPEC_LIST] ); 143 } 144 } 145 } 146 147 // If an attribute is mandatory and we don't have it, just remove the node and move on. 148 foreach ( $attr_spec_list as $attr_name => $attr_spec_rule_value ) { 149 $is_mandatory = 150 isset( $attr_spec_rule_value[ AMP_Rule_Spec::MANDATORY ] ) 151 ? (bool) $attr_spec_rule_value[ AMP_Rule_Spec::MANDATORY ] 152 : false; 153 $attribute_exists = $node->hasAttribute( $attr_name ); 154 155 if ( $is_mandatory && ! $attribute_exists ) { 156 $this->remove_node( $node ); 157 return; 158 } 159 } 160 161 // Remove any remaining disallowed attributes. 162 $this->sanitize_disallowed_attributes_in_node( $node, $attr_spec_list ); 163 164 // Remove values that don't conform to the attr_spec. 165 $this->sanitize_disallowed_attribute_values_in_node( $node, $attr_spec_list ); 158 166 } 159 167 … … 168 176 */ 169 177 private function validate_tag_spec_for_node( $node, $tag_spec ) { 170 171 178 if ( ! empty( $tag_spec[AMP_Rule_Spec::MANDATORY_PARENT] ) && 172 179 ! $this->has_parent( $node, $tag_spec[AMP_Rule_Spec::MANDATORY_PARENT] ) ) { … … 365 372 } 366 373 374 $mandatory_attributes = array(); 375 367 376 foreach( $node->attributes as $attr_name => $attr_node ) { 368 377 … … 371 380 } 372 381 373 $attr_spec_rule = $attr_spec_list[$attr_name]; 382 $should_remove_node = false; 383 $attr_spec_rule = $attr_spec_list[ $attr_name ]; 374 384 375 385 if ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE] ) && 376 386 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value( $node, $attr_name, $attr_spec_rule ) ) { 387 $should_remove_node = true; 388 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE_CASEI] ) && 389 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value_casei( $node, $attr_name, $attr_spec_rule ) ) { 390 $should_remove_node = true; 391 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE_REGEX] ) && 392 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value_regex( $node, $attr_name, $attr_spec_rule ) ) { 393 $should_remove_node = true; 394 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE_REGEX_CASEI] ) && 395 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value_regex_casei( $node, $attr_name, $attr_spec_rule ) ) { 396 $should_remove_node = true; 397 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::ALLOWED_PROTOCOL] ) && 398 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_allowed_protocol( $node, $attr_name, $attr_spec_rule ) ) { 399 $should_remove_node = true; 400 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::ALLOW_RELATIVE] ) && 401 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_disallowed_relative( $node, $attr_name, $attr_spec_rule ) ) { 402 $should_remove_node = true; 403 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::ALLOW_EMPTY] ) && 404 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_disallowed_empty( $node, $attr_name, $attr_spec_rule ) ) { 405 $should_remove_node = true; 406 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::DISALLOWED_DOMAIN] ) && 407 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_disallowed_domain( $node, $attr_name, $attr_spec_rule ) ) { 408 $should_remove_node = true; 409 } elseif ( isset( $attr_spec_rule[AMP_Rule_Spec::BLACKLISTED_VALUE_REGEX] ) && 410 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_blacklisted_value_regex( $node, $attr_name, $attr_spec_rule ) ) { 411 $should_remove_node = true; 412 } 413 414 if ( $should_remove_node ) { 415 $is_mandatory = 416 isset( $attr_spec_rule[ AMP_Rule_Spec::MANDATORY ] ) 417 ? (bool) $attr_spec_rule[ AMP_Rule_Spec::MANDATORY ] 418 : false; 419 420 if ( $is_mandatory ) { 421 $this->remove_node( $node ); 422 return; 423 } 424 377 425 $attrs_to_remove[] = $attr_name; 378 continue;379 }380 381 if ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE_CASEI] ) &&382 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value_casei( $node, $attr_name, $attr_spec_rule ) ) {383 $attrs_to_remove[] = $attr_name;384 continue;385 }386 387 if ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE_REGEX] ) &&388 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value_regex( $node, $attr_name, $attr_spec_rule ) ) {389 $attrs_to_remove[] = $attr_name;390 continue;391 }392 393 if ( isset( $attr_spec_rule[AMP_Rule_Spec::VALUE_REGEX_CASEI] ) &&394 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_value_regex_casei( $node, $attr_name, $attr_spec_rule ) ) {395 $attrs_to_remove[] = $attr_name;396 continue;397 }398 399 if ( isset( $attr_spec_rule[AMP_Rule_Spec::ALLOWED_PROTOCOL] ) &&400 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_allowed_protocol( $node, $attr_name, $attr_spec_rule ) ) {401 $attrs_to_remove[] = $attr_name;402 continue;403 }404 405 if ( isset( $attr_spec_rule[AMP_Rule_Spec::ALLOW_RELATIVE] ) &&406 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_disallowed_relative( $node, $attr_name, $attr_spec_rule ) ) {407 $attrs_to_remove[] = $attr_name;408 continue;409 }410 411 if ( isset( $attr_spec_rule[AMP_Rule_Spec::ALLOW_EMPTY] ) &&412 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_disallowed_empty( $node, $attr_name, $attr_spec_rule ) ) {413 $attrs_to_remove[] = $attr_name;414 continue;415 }416 417 if ( isset( $attr_spec_rule[AMP_Rule_Spec::DISALLOWED_DOMAIN] ) &&418 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_disallowed_domain( $node, $attr_name, $attr_spec_rule ) ) {419 $attrs_to_remove[] = $attr_name;420 continue;421 }422 423 if ( isset( $attr_spec_rule[AMP_Rule_Spec::BLACKLISTED_VALUE_REGEX] ) &&424 AMP_Rule_Spec::FAIL == $this->check_attr_spec_rule_blacklisted_value_regex( $node, $attr_name, $attr_spec_rule ) ) {425 $attrs_to_remove[] = $attr_name;426 continue;427 426 } 428 427 } -
amp/trunk/includes/utils/class-amp-image-dimension-extractor.php
r1708734 r1714477 11 11 } 12 12 13 $valid_urls = array(); 14 foreach ( $urls as $url ) { 15 $url = self::normalize_url( $url ); 16 if ( false !== $url ) { 17 $valid_urls[] = $url; 18 } 19 } 20 21 $dimensions = array_fill_keys( $valid_urls, false ); 22 $dimensions = apply_filters( 'amp_extract_image_dimensions_batch', $dimensions ); 23 24 return $dimensions; 13 $return_dimensions = array(); 14 15 // Normalize URLs and also track a map of normalized-to-original as we'll need it to reformat things when returning the data. 16 $url_map = array(); 17 $normalized_urls = array(); 18 foreach ( $urls as $original_url ) { 19 $normalized_url = self::normalize_url( $original_url ); 20 if ( false !== $normalized_url ) { 21 $url_map[ $normalized_url ] = $original_url; 22 $normalized_urls[] = $normalized_url; 23 } else { 24 // This is not a URL we can extract dimensions from, so default to false. 25 $return_dimensions[ $original_url ] = false; 26 } 27 } 28 29 $extracted_dimensions = array_fill_keys( $normalized_urls, false ); 30 $extracted_dimensions = apply_filters( 'amp_extract_image_dimensions_batch', $extracted_dimensions ); 31 32 // We need to return a map with the original (un-normalized URL) as we that to match nodes that need dimensions. 33 foreach ( $extracted_dimensions as $normalized_url => $dimension ) { 34 $original_url = $url_map[ $normalized_url ]; 35 $return_dimensions[ $original_url ] = $dimension; 36 } 37 38 return $return_dimensions; 25 39 } 26 40 -
amp/trunk/readme.txt
r1708734 r1714477 4 4 Requires at least: 4.7 5 5 Tested up to: 4.8 6 Stable tag: 0.5 6 Stable tag: 0.5.1 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 53 53 54 54 == Changelog == 55 56 = 0.5.1 (2017-08-17) = 57 58 - Fix: issues with invalid tags not being stripped out (e.g. script tags) (h/t tmmbecker, fahmi182, pppdog, seejacobscott, RavanH, jenniejj, lkraav, simonrperry for the reports). 59 - Fix: issues with dimension extraction for protocol-less and relative URLs (h/t ktmn for the report). 55 60 56 61 = 0.5 (2017-08-04) =
Note: See TracChangeset
for help on using the changeset viewer.