From a7de746a6c35834bc1b6d321605bf76a2be9ce33 Mon Sep 17 00:00:00 2001
From: vnmedeiros <vnicius.nm.ba@gmail.com>
Date: Wed, 18 May 2022 18:11:02 -0300
Subject: [PATCH] fix not using `file_get_contents` to get remote files

---
 .../class-tainacan-rest-items-controller.php  |  7 ++++-
 .../class-tainacan-flickr-importer.php        | 18 +++++++++----
 .../importer/class-tainacan-test-importer.php |  4 ++-
 .../class-tainacan-youtube-importer.php       | 26 ++++++++++++++-----
 4 files changed, 41 insertions(+), 14 deletions(-)

diff --git a/src/classes/api/endpoints/class-tainacan-rest-items-controller.php b/src/classes/api/endpoints/class-tainacan-rest-items-controller.php
index 2220cb62d..d7232d2f9 100644
--- a/src/classes/api/endpoints/class-tainacan-rest-items-controller.php
+++ b/src/classes/api/endpoints/class-tainacan-rest-items-controller.php
@@ -1383,7 +1383,12 @@ class REST_Items_Controller extends REST_Controller {
 				], 400);
 			}
 			$secret_key = get_option("tnc_option_recaptch_secret_key");
-			$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR']));
+			$api_url = "https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR'];
+
+			$response = wp_remote_get( $api_url );
+			$body = wp_remote_retrieve_body( $response );
+			$response = json_decode($body);
+
 			if ($response->success) {
 				return true;
 			} else {
diff --git a/src/classes/importer/class-tainacan-flickr-importer.php b/src/classes/importer/class-tainacan-flickr-importer.php
index 9865c2891..920c212ff 100644
--- a/src/classes/importer/class-tainacan-flickr-importer.php
+++ b/src/classes/importer/class-tainacan-flickr-importer.php
@@ -188,7 +188,9 @@ class Flickr_Importer extends Importer {
 
                 $this->add_log('url ' . $api_url);
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->photoset) ){
                     return $json;
                 }
@@ -203,7 +205,10 @@ class Flickr_Importer extends Importer {
 
                 $this->add_log('url ' . $api_url);
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
+
                 if( $json && isset($json->photos) ){
                     return $json;
 
@@ -218,7 +223,9 @@ class Flickr_Importer extends Importer {
 
                 $this->add_log('url ' . $api_url);
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->photo) ){
                     return $json;
 
@@ -428,8 +435,9 @@ class Flickr_Importer extends Importer {
             . $id . $this->format;
 
         $this->add_log('url ' . $api_url);
-
-        $json = json_decode(file_get_contents($api_url));
+        $response = wp_remote_get( $api_url );
+        $body = wp_remote_retrieve_body( $response );
+        $json = json_decode($body);
         if( $json && isset($json->photo) ){
             return $json;
 
diff --git a/src/classes/importer/class-tainacan-test-importer.php b/src/classes/importer/class-tainacan-test-importer.php
index 8494244c1..08ef31fc3 100644
--- a/src/classes/importer/class-tainacan-test-importer.php
+++ b/src/classes/importer/class-tainacan-test-importer.php
@@ -649,8 +649,10 @@ class Test_Importer extends Importer {
 			$keyword = ( $this->get_option('keyword_images') ) ? $this->get_option('keyword_images') : '';
 
 			$url = "https://loremflickr.com/$horizontal_size/$vertical_size/$keyword";
+			$response = wp_remote_get( $url );
+			$content = wp_remote_retrieve_body( $response );
 			
-			$id = $TainacanMedia->insert_attachment_from_blob(file_get_contents($url), time() . '.jpg', $inserted_item->get_id());
+			$id = $TainacanMedia->insert_attachment_from_blob($content, time() . '.jpg', $inserted_item->get_id());
 
 			if(!$id){
 				$this->add_error_log('Error in imported URL ' . $url);
diff --git a/src/classes/importer/class-tainacan-youtube-importer.php b/src/classes/importer/class-tainacan-youtube-importer.php
index f058f5d49..9c598276e 100644
--- a/src/classes/importer/class-tainacan-youtube-importer.php
+++ b/src/classes/importer/class-tainacan-youtube-importer.php
@@ -231,7 +231,9 @@ class Youtube_Importer extends Importer {
                 $api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&id='
                     . $id . '&key=' . $api_key;
 
-                $json = json_decode(file_get_contents($api_url));
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     $item = $json->items[0];
 
@@ -239,7 +241,9 @@ class Youtube_Importer extends Importer {
                         . $pageToken . '&maxResults=1&playlistId='
                         . $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
 
-                    $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
 
                     if( $json && isset($json->items) ){
                         return $json;
@@ -251,8 +255,10 @@ class Youtube_Importer extends Importer {
             case 'user':
                 $api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&forUsername='
                     . $id . '&key=' . $api_key;
-
-                $json = json_decode(file_get_contents($api_url));
+                
+                $response = wp_remote_get( $api_url );
+                $body = wp_remote_retrieve_body( $response );
+                $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     $item = $json->items[0];
 
@@ -260,7 +266,9 @@ class Youtube_Importer extends Importer {
                         . $pageToken . '&maxResults=1&playlistId='
                         . $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
 
-                    $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
 
                     if( $json && isset($json->items) ){
                         return $json;
@@ -274,7 +282,9 @@ class Youtube_Importer extends Importer {
                     . $pageToken . '&maxResults=1&playlistId='
                     . $id . '&key=' . $api_key;
 
-                $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     return $json;
 
@@ -285,7 +295,9 @@ class Youtube_Importer extends Importer {
                 $api_url = 'https://www.googleapis.com/youtube/v3/videos?part=snippet%2CcontentDetails&maxResults=1&id='
                     . $id . '&key=' . $api_key;
 
-                $json = json_decode(file_get_contents($api_url));
+                    $response = wp_remote_get( $api_url );
+                    $body = wp_remote_retrieve_body( $response );
+                    $json = json_decode($body);
                 if( $json && isset($json->items) ){
                     return $json;