File "class-yoast-network-admin.php"

Full Path: /home/ycoalition/public_html/blog/wp-admin/js/widgets/plugins/wordpress-seo/admin/class-yoast-network-admin.php
File size: 9.96 KB
MIME-type: text/x-php
Charset: utf-8

<?php
/**
 * WPSEO plugin file.
 *
 * @package WPSEO\Internals
 */

/**
 * Multisite utility class for network admin functionality.
 */
class Yoast_Network_Admin implements WPSEO_WordPress_AJAX_Integration, WPSEO_WordPress_Integration {

	/**
	 * Action identifier for updating plugin network options.
	 *
	 * @var string
	 */
	const UPDATE_OPTIONS_ACTION = 'yoast_handle_network_options';

	/**
	 * Action identifier for restoring a site.
	 *
	 * @var string
	 */
	const RESTORE_SITE_ACTION = 'yoast_restore_site';

	/**
	 * Gets the available sites as choices, e.g. for a dropdown.
	 *
	 * @param bool $include_empty Optional. Whether to include an initial placeholder choice.
	 *                            Default false.
	 * @param bool $show_title    Optional. Whether to show the title for each site. This requires
	 *                            switching through the sites, so has performance implications for
	 *                            sites that do not use a persistent cache.
	 *                            Default false.
	 *
	 * @return array Choices as $site_id => $site_label pairs.
	 */
	public function get_site_choices( $include_empty = false, $show_title = false ) {
		$choices = [];

		if ( $include_empty ) {
			$choices['-'] = __( 'None', 'wordpress-seo' );
		}

		$criteria = [
			'deleted'    => 0,
			'network_id' => get_current_network_id(),
		];
		$sites    = get_sites( $criteria );

		foreach ( $sites as $site ) {
			$site_name = $site->domain . $site->path;
			if ( $show_title ) {
				$site_name = $site->blogname . ' (' . $site->domain . $site->path . ')';
			}
			$choices[ $site->blog_id ] = $site->blog_id . ': ' . $site_name;

			$site_states = $this->get_site_states( $site );
			if ( ! empty( $site_states ) ) {
				$choices[ $site->blog_id ] .= ' [' . implode( ', ', $site_states ) . ']';
			}
		}

		return $choices;
	}

	/**
	 * Gets the states of a site.
	 *
	 * @param WP_Site $site Site object.
	 *
	 * @return array Array of $state_slug => $state_label pairs.
	 */
	public function get_site_states( $site ) {
		$available_states = [
			'public'   => __( 'public', 'wordpress-seo' ),
			'archived' => __( 'archived', 'wordpress-seo' ),
			'mature'   => __( 'mature', 'wordpress-seo' ),
			'spam'     => __( 'spam', 'wordpress-seo' ),
			'deleted'  => __( 'deleted', 'wordpress-seo' ),
		];

		$site_states = [];
		foreach ( $available_states as $state_slug => $state_label ) {
			if ( $site->$state_slug === '1' ) {
				$site_states[ $state_slug ] = $state_label;
			}
		}

		return $site_states;
	}

	/**
	 * Handles a request to update plugin network options.
	 *
	 * This method works similar to how option updates are handled in `wp-admin/options.php` and
	 * `wp-admin/network/settings.php`.
	 *
	 * @return void
	 */
	public function handle_update_options_request() {
		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Reason: Nonce verification will happen in verify_request below.
		if ( ! isset( $_POST['network_option_group'] ) || ! is_string( $_POST['network_option_group'] ) ) {
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Reason: Nonce verification will happen in verify_request below.
		$option_group = sanitize_text_field( wp_unslash( $_POST['network_option_group'] ) );

		if ( empty( $option_group ) ) {
			return;
		}

		$this->verify_request( "{$option_group}-network-options" );

		$whitelist_options = Yoast_Network_Settings_API::get()->get_whitelist_options( $option_group );

		if ( empty( $whitelist_options ) ) {
			add_settings_error( $option_group, 'settings_updated', __( 'You are not allowed to modify unregistered network settings.', 'wordpress-seo' ), 'error' );

			$this->terminate_request();
			return;
		}

		// phpcs:disable WordPress.Security.NonceVerification -- Nonce verified via `verify_request()` above.
		foreach ( $whitelist_options as $option_name ) {
			$value = null;
			if ( isset( $_POST[ $option_name ] ) ) {
				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: Adding sanitize_text_field around this will break the saving of settings because it expects a string: https://github.com/Yoast/wordpress-seo/issues/12440.
				$value = wp_unslash( $_POST[ $option_name ] );
			}

			WPSEO_Options::update_site_option( $option_name, $value );
		}
		// phpcs:enable WordPress.Security.NonceVerification

		$settings_errors = get_settings_errors();
		if ( empty( $settings_errors ) ) {
			add_settings_error( $option_group, 'settings_updated', __( 'Settings Updated.', 'wordpress-seo' ), 'updated' );
		}

		$this->terminate_request();
	}

	/**
	 * Handles a request to restore a site's default settings.
	 *
	 * @return void
	 */
	public function handle_restore_site_request() {
		$this->verify_request( 'wpseo-network-restore', 'restore_site_nonce' );

		$option_group = 'wpseo_ms';

		// phpcs:ignore WordPress.Security.NonceVerification -- Nonce verified via `verify_request()` above.
		$site_id = ! empty( $_POST[ $option_group ]['site_id'] ) ? (int) $_POST[ $option_group ]['site_id'] : 0;
		if ( ! $site_id ) {
			add_settings_error( $option_group, 'settings_updated', __( 'No site has been selected to restore.', 'wordpress-seo' ), 'error' );

			$this->terminate_request();
			return;
		}

		$site = get_site( $site_id );
		if ( ! $site ) {
			/* translators: %s expands to the ID of a site within a multisite network. */
			add_settings_error( $option_group, 'settings_updated', sprintf( __( 'Site with ID %d not found.', 'wordpress-seo' ), $site_id ), 'error' );
		}
		else {
			WPSEO_Options::reset_ms_blog( $site_id );

			/* translators: %s expands to the name of a site within a multisite network. */
			add_settings_error( $option_group, 'settings_updated', sprintf( __( '%s restored to default SEO settings.', 'wordpress-seo' ), esc_html( $site->blogname ) ), 'updated' );
		}

		$this->terminate_request();
	}

	/**
	 * Outputs nonce, action and option group fields for a network settings page in the plugin.
	 *
	 * @param string $option_group Option group name for the current page.
	 *
	 * @return void
	 */
	public function settings_fields( $option_group ) {
		?>
		<input type="hidden" name="network_option_group" value="<?php echo esc_attr( $option_group ); ?>" />
		<input type="hidden" name="action" value="<?php echo esc_attr( self::UPDATE_OPTIONS_ACTION ); ?>" />
		<?php
		wp_nonce_field( "$option_group-network-options" );
	}

	/**
	 * Enqueues network admin assets.
	 *
	 * @return void
	 */
	public function enqueue_assets() {
		$asset_manager = new WPSEO_Admin_Asset_Manager();
		$asset_manager->enqueue_script( 'network-admin' );

		$translations = [
			/* translators: %s: success message */
			'success_prefix' => __( 'Success: %s', 'wordpress-seo' ),
			/* translators: %s: error message */
			'error_prefix'   => __( 'Error: %s', 'wordpress-seo' ),
		];
		$asset_manager->localize_script(
			'network-admin',
			'wpseoNetworkAdminGlobalL10n',
			$translations
		);
	}

	/**
	 * Hooks in the necessary actions and filters.
	 *
	 * @return void
	 */
	public function register_hooks() {

		if ( ! $this->meets_requirements() ) {
			return;
		}

		add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_assets' ] );

		add_action( 'admin_action_' . self::UPDATE_OPTIONS_ACTION, [ $this, 'handle_update_options_request' ] );
		add_action( 'admin_action_' . self::RESTORE_SITE_ACTION, [ $this, 'handle_restore_site_request' ] );
	}

	/**
	 * Hooks in the necessary AJAX actions.
	 *
	 * @return void
	 */
	public function register_ajax_hooks() {
		add_action( 'wp_ajax_' . self::UPDATE_OPTIONS_ACTION, [ $this, 'handle_update_options_request' ] );
		add_action( 'wp_ajax_' . self::RESTORE_SITE_ACTION, [ $this, 'handle_restore_site_request' ] );
	}

	/**
	 * Checks whether the requirements to use this class are met.
	 *
	 * @return bool True if requirements are met, false otherwise.
	 */
	public function meets_requirements() {
		return is_multisite() && is_network_admin();
	}

	/**
	 * Verifies that the current request is valid.
	 *
	 * @param string $action    Nonce action.
	 * @param string $query_arg Optional. Nonce query argument. Default '_wpnonce'.
	 *
	 * @return void
	 */
	public function verify_request( $action, $query_arg = '_wpnonce' ) {
		$has_access = current_user_can( 'wpseo_manage_network_options' );

		if ( wp_doing_ajax() ) {
			check_ajax_referer( $action, $query_arg );

			if ( ! $has_access ) {
				wp_die( -1, 403 );
			}
			return;
		}

		check_admin_referer( $action, $query_arg );

		if ( ! $has_access ) {
			wp_die( esc_html__( 'You are not allowed to perform this action.', 'wordpress-seo' ) );
		}
	}

	/**
	 * Terminates the current request by either redirecting back or sending an AJAX response.
	 *
	 * @return void
	 */
	public function terminate_request() {
		if ( wp_doing_ajax() ) {
			$settings_errors = get_settings_errors();

			if ( ! empty( $settings_errors ) && $settings_errors[0]['type'] === 'updated' ) {
				wp_send_json_success( $settings_errors, 200 );
			}

			wp_send_json_error( $settings_errors, 400 );
		}

		$this->persist_settings_errors();
		$this->redirect_back( [ 'settings-updated' => 'true' ] );
	}

	/**
	 * Persists settings errors.
	 *
	 * Settings errors are stored in a transient for 30 seconds so that this transient
	 * can be retrieved on the next page load.
	 *
	 * @return void
	 */
	protected function persist_settings_errors() {
		/*
		 * A regular transient is used here, since it is automatically cleared right after the redirect.
		 * A network transient would be cleaner, but would require a lot of copied code from core for
		 * just a minor adjustment when displaying settings errors.
		 */
		set_transient( 'settings_errors', get_settings_errors(), 30 );
	}

	/**
	 * Redirects back to the referer URL, with optional query arguments.
	 *
	 * @param array $query_args Optional. Query arguments to add to the redirect URL. Default none.
	 *
	 * @return void
	 */
	protected function redirect_back( $query_args = [] ) {
		$sendback = wp_get_referer();

		if ( ! empty( $query_args ) ) {
			$sendback = add_query_arg( $query_args, $sendback );
		}

		wp_safe_redirect( $sendback );
		exit;
	}
}