From 8789642fb9f98466ac0729e3d9e0285e42dbb852 Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Wed, 2 May 2018 14:34:50 +0200 Subject: [PATCH 1/8] Add protocol to URLs for thumbnails in cart. Removed wc_get_relative_url(), as it's not used anymore. --- includes/abstracts/abstract-wc-product.php | 2 +- includes/wc-core-functions.php | 11 ----------- templates/cart/mini-cart.php | 4 ++-- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/includes/abstracts/abstract-wc-product.php b/includes/abstracts/abstract-wc-product.php index 5fe522d1c5a..3076af7df5a 100644 --- a/includes/abstracts/abstract-wc-product.php +++ b/includes/abstracts/abstract-wc-product.php @@ -1809,7 +1809,7 @@ class WC_Product extends WC_Abstract_Legacy_Product { $image = ''; } - return apply_filters( 'woocommerce_product_get_image', wc_get_relative_url( $image ), $this, $size, $attr, $placeholder, $image ); + return apply_filters( 'woocommerce_product_get_image', $image, $this, $size, $attr, $placeholder ); } /** diff --git a/includes/wc-core-functions.php b/includes/wc-core-functions.php index 2c09e9a94e6..3df315a239f 100644 --- a/includes/wc-core-functions.php +++ b/includes/wc-core-functions.php @@ -1997,17 +1997,6 @@ function wc_delete_expired_transients() { } add_action( 'woocommerce_installed', 'wc_delete_expired_transients' ); -/** - * Make a URL relative, if possible. - * - * @since 3.2.0 - * @param string $url URL to make relative. - * @return string - */ -function wc_get_relative_url( $url ) { - return wc_is_external_resource( $url ) ? $url : str_replace( array( 'http://', 'https://' ), '//', $url ); -} - /** * See if a resource is remote. * diff --git a/templates/cart/mini-cart.php b/templates/cart/mini-cart.php index d989799178e..dc18c2aba20 100644 --- a/templates/cart/mini-cart.php +++ b/templates/cart/mini-cart.php @@ -51,10 +51,10 @@ do_action( 'woocommerce_before_mini_cart' ); ?> ), $cart_item_key ); ?> - + - + From 084e4885da48553fc8f30e3577574ab8fe8d96eb Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Wed, 2 May 2018 17:07:19 +0200 Subject: [PATCH 2/8] Removed unused function wc_is_external_resource. --- includes/wc-core-functions.php | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/includes/wc-core-functions.php b/includes/wc-core-functions.php index 3df315a239f..210445d54e1 100644 --- a/includes/wc-core-functions.php +++ b/includes/wc-core-functions.php @@ -1997,19 +1997,6 @@ function wc_delete_expired_transients() { } add_action( 'woocommerce_installed', 'wc_delete_expired_transients' ); -/** - * See if a resource is remote. - * - * @since 3.2.0 - * @param string $url URL to check. - * @return bool - */ -function wc_is_external_resource( $url ) { - $wp_base = str_replace( array( 'http://', 'https://' ), '//', get_home_url( null, '/', 'http' ) ); - - return strstr( $url, '://' ) && ! strstr( $url, $wp_base ); -} - /** * See if theme/s is activate or not. * From 04dd99613e864bed703a33e43bef1605e41e41f1 Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Wed, 2 May 2018 22:07:49 +0200 Subject: [PATCH 3/8] Putting public functions back. In case some plugins are using them. --- includes/wc-core-functions.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/includes/wc-core-functions.php b/includes/wc-core-functions.php index 210445d54e1..865034c5578 100644 --- a/includes/wc-core-functions.php +++ b/includes/wc-core-functions.php @@ -1997,6 +1997,31 @@ function wc_delete_expired_transients() { } add_action( 'woocommerce_installed', 'wc_delete_expired_transients' ); +/** + * Make a URL relative, if possible. + * + * @since 3.2.0 + * @param string $url URL to make relative. + * @return string + */ +function wc_get_relative_url( $url ) { + return wc_is_external_resource( $url ) ? $url : str_replace( array( 'http://', 'https://' ), '//', $url ); +} + + +/** + * See if a resource is remote. + * + * @since 3.2.0 + * @param string $url URL to check. + * @return bool + */ +function wc_is_external_resource( $url ) { + $wp_base = str_replace( array( 'http://', 'https://' ), '//', get_home_url( null, '/', 'http' ) ); + + return strstr( $url, '://' ) && ! strstr( $url, $wp_base ); +} + /** * See if theme/s is activate or not. * From 45cd62e3b9869cd96a90d32dfb9554e489292c50 Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Wed, 2 May 2018 22:15:25 +0200 Subject: [PATCH 4/8] Removed superfluous newline. --- includes/wc-core-functions.php | 1 - 1 file changed, 1 deletion(-) diff --git a/includes/wc-core-functions.php b/includes/wc-core-functions.php index 865034c5578..2c09e9a94e6 100644 --- a/includes/wc-core-functions.php +++ b/includes/wc-core-functions.php @@ -2008,7 +2008,6 @@ function wc_get_relative_url( $url ) { return wc_is_external_resource( $url ) ? $url : str_replace( array( 'http://', 'https://' ), '//', $url ); } - /** * See if a resource is remote. * From 92180d2b420635b67f7f559fe8577e14b22e3796 Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Thu, 3 May 2018 14:10:04 +0200 Subject: [PATCH 5/8] Add scheme to widget id when caching objects. This should prevent cache from serving mixed content when widget cache is preloaded with http version, then accessed via https. --- includes/abstracts/abstract-wc-widget.php | 26 +++++++++++++++++------ 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/includes/abstracts/abstract-wc-widget.php b/includes/abstracts/abstract-wc-widget.php index 3b50e0d43c1..ee9a60a9a4b 100644 --- a/includes/abstracts/abstract-wc-widget.php +++ b/includes/abstracts/abstract-wc-widget.php @@ -78,14 +78,14 @@ abstract class WC_Widget extends WP_Widget { * @return bool true if the widget is cached otherwise false */ public function get_cached_widget( $args ) { - $cache = wp_cache_get( apply_filters( 'woocommerce_cached_widget_id', $this->widget_id ), 'widget' ); + $cache = wp_cache_get( apply_filters( 'woocommerce_cached_widget_id', $this->get_widget_id_for_cache( $this->widget_id ) ), 'widget' ); if ( ! is_array( $cache ) ) { $cache = array(); } - if ( isset( $cache[ $args['widget_id'] ] ) ) { - echo $cache[ $args['widget_id'] ]; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped + if ( isset( $cache[ $this->get_widget_id_for_cache( $args['widget_id'] ) ] ) ) { + echo $cache[ $this->get_widget_id_for_cache( $args['widget_id'] ) ]; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped return true; } @@ -100,15 +100,15 @@ abstract class WC_Widget extends WP_Widget { * @return string the content that was cached */ public function cache_widget( $args, $content ) { - $cache = wp_cache_get( apply_filters( 'woocommerce_cached_widget_id', $this->widget_id ), 'widget' ); + $cache = wp_cache_get( apply_filters( 'woocommerce_cached_widget_id', $this->get_widget_id_for_cache( $this->widget_id ) ), 'widget' ); if ( ! is_array( $cache ) ) { $cache = array(); } - $cache[ $args['widget_id'] ] = $content; + $cache[ $this->get_widget_id_for_cache( $args['widget_id'] ) ] = $content; - wp_cache_set( apply_filters( 'woocommerce_cached_widget_id', $this->widget_id ), $cache, 'widget' ); + wp_cache_set( apply_filters( 'woocommerce_cached_widget_id', $this->get_widget_id_for_cache( $this->widget_id ) ), $cache, 'widget' ); return $content; } @@ -117,7 +117,9 @@ abstract class WC_Widget extends WP_Widget { * Flush the cache. */ public function flush_widget_cache() { - wp_cache_delete( apply_filters( 'woocommerce_cached_widget_id', $this->widget_id ), 'widget' ); + foreach ( array( '-https', '-http' ) as $scheme ) { + wp_cache_delete( apply_filters( 'woocommerce_cached_widget_id', $this->widget_id . $scheme ), 'widget' ); + } } /** @@ -347,4 +349,14 @@ abstract class WC_Widget extends WP_Widget { return $link; } + + /** + * Get widget id plus scheme/protocol to prevent serving mixed content from (persistently) cached widgets. + * + * @param string $widget_id Id of the cached widget. + * @return string Widget id including scheme/protocol. + */ + protected function get_widget_id_for_cache( $widget_id ) { + return $widget_id . ( is_ssl() ? '-https' : '-http' ); + } } From 8a8f085dcf802a866c4f8de2f3656ceb47478854 Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Tue, 8 May 2018 10:16:53 +0200 Subject: [PATCH 6/8] Added back extra parameter for backwards compatibility. --- includes/abstracts/abstract-wc-product.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/abstracts/abstract-wc-product.php b/includes/abstracts/abstract-wc-product.php index 3076af7df5a..b1f8c6e6d4b 100644 --- a/includes/abstracts/abstract-wc-product.php +++ b/includes/abstracts/abstract-wc-product.php @@ -1809,7 +1809,7 @@ class WC_Product extends WC_Abstract_Legacy_Product { $image = ''; } - return apply_filters( 'woocommerce_product_get_image', $image, $this, $size, $attr, $placeholder ); + return apply_filters( 'woocommerce_product_get_image', $image, $this, $size, $attr, $placeholder, $image ); } /** From 424213bc17c314a67f08f50643cd762966531b8c Mon Sep 17 00:00:00 2001 From: Peter Fabian Date: Wed, 9 May 2018 09:42:28 +0200 Subject: [PATCH 7/8] Applied the filter inside the function. Added optional scheme parameter and @since docstring according to the code review. --- includes/abstracts/abstract-wc-widget.php | 24 +++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/includes/abstracts/abstract-wc-widget.php b/includes/abstracts/abstract-wc-widget.php index ee9a60a9a4b..b5ebe020fd9 100644 --- a/includes/abstracts/abstract-wc-widget.php +++ b/includes/abstracts/abstract-wc-widget.php @@ -78,7 +78,7 @@ abstract class WC_Widget extends WP_Widget { * @return bool true if the widget is cached otherwise false */ public function get_cached_widget( $args ) { - $cache = wp_cache_get( apply_filters( 'woocommerce_cached_widget_id', $this->get_widget_id_for_cache( $this->widget_id ) ), 'widget' ); + $cache = wp_cache_get( $this->get_widget_id_for_cache( $this->widget_id ), 'widget' ); if ( ! is_array( $cache ) ) { $cache = array(); @@ -100,7 +100,7 @@ abstract class WC_Widget extends WP_Widget { * @return string the content that was cached */ public function cache_widget( $args, $content ) { - $cache = wp_cache_get( apply_filters( 'woocommerce_cached_widget_id', $this->get_widget_id_for_cache( $this->widget_id ) ), 'widget' ); + $cache = wp_cache_get( $this->get_widget_id_for_cache( $this->widget_id ), 'widget' ); if ( ! is_array( $cache ) ) { $cache = array(); @@ -108,7 +108,7 @@ abstract class WC_Widget extends WP_Widget { $cache[ $this->get_widget_id_for_cache( $args['widget_id'] ) ] = $content; - wp_cache_set( apply_filters( 'woocommerce_cached_widget_id', $this->get_widget_id_for_cache( $this->widget_id ) ), $cache, 'widget' ); + wp_cache_set( $this->get_widget_id_for_cache( $this->widget_id ), $cache, 'widget' ); return $content; } @@ -118,7 +118,7 @@ abstract class WC_Widget extends WP_Widget { */ public function flush_widget_cache() { foreach ( array( '-https', '-http' ) as $scheme ) { - wp_cache_delete( apply_filters( 'woocommerce_cached_widget_id', $this->widget_id . $scheme ), 'widget' ); + wp_cache_delete( $this->get_widget_id_for_cache( $this->widget_id, $scheme ), 'widget' ); } } @@ -353,10 +353,18 @@ abstract class WC_Widget extends WP_Widget { /** * Get widget id plus scheme/protocol to prevent serving mixed content from (persistently) cached widgets. * - * @param string $widget_id Id of the cached widget. - * @return string Widget id including scheme/protocol. + * @since 3.4.0 + * @param string $widget_id Id of the cached widget. + * @param string $scheme Scheme for the widget id. + * @return string Widget id including scheme/protocol. */ - protected function get_widget_id_for_cache( $widget_id ) { - return $widget_id . ( is_ssl() ? '-https' : '-http' ); + protected function get_widget_id_for_cache( $widget_id, $scheme = '' ) { + if ( $scheme ) { + $widget_id_for_cache = $widget_id . $scheme; + } else { + $widget_id_for_cache = $widget_id . ( is_ssl() ? '-https' : '-http' ); + } + + return apply_filters( 'woocommerce_cached_widget_id', $widget_id_for_cache ); } } From 14cbf7b0f0b0b9d9f68f9c44ce0f0e39855efc90 Mon Sep 17 00:00:00 2001 From: Mike Jolley Date: Wed, 9 May 2018 17:06:34 +0100 Subject: [PATCH 8/8] Pass scheme without hyphen --- includes/abstracts/abstract-wc-widget.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/abstracts/abstract-wc-widget.php b/includes/abstracts/abstract-wc-widget.php index b5ebe020fd9..279693784bb 100644 --- a/includes/abstracts/abstract-wc-widget.php +++ b/includes/abstracts/abstract-wc-widget.php @@ -117,7 +117,7 @@ abstract class WC_Widget extends WP_Widget { * Flush the cache. */ public function flush_widget_cache() { - foreach ( array( '-https', '-http' ) as $scheme ) { + foreach ( array( 'https', 'http' ) as $scheme ) { wp_cache_delete( $this->get_widget_id_for_cache( $this->widget_id, $scheme ), 'widget' ); } } @@ -360,9 +360,9 @@ abstract class WC_Widget extends WP_Widget { */ protected function get_widget_id_for_cache( $widget_id, $scheme = '' ) { if ( $scheme ) { - $widget_id_for_cache = $widget_id . $scheme; + $widget_id_for_cache = $widget_id . '-' . $scheme; } else { - $widget_id_for_cache = $widget_id . ( is_ssl() ? '-https' : '-http' ); + $widget_id_for_cache = $widget_id . '-' . ( is_ssl() ? 'https' : 'http' ); } return apply_filters( 'woocommerce_cached_widget_id', $widget_id_for_cache );