Merge branch 'uat' into fix/insecure-replacements

Marco Pereirinha · Marco Pereirinha · commit 36cf974d6157 · 2021-06-18T19:20:14.000+01:00
diff --git a/php/class-delivery.php b/php/class-delivery.php
@@ -48,6 +48,13 @@ class Delivery implements Setup {
 	 */
 	protected $sync;
 
+	/**
+	 * Hold the Post ID.
+	 *
+	 * @var null|int
+	 */
+	protected $current_post_id = null;
+
 	/**
 	 * The meta data cache key to store URLS.
 	 *
@@ -73,6 +80,8 @@ public function __construct( Plugin $plugin ) {
 	protected function setup_hooks() {
 		add_filter( 'cloudinary_filter_out_local', '__return_false' );
 		add_action( 'update_option_cloudinary_media_display', array( $this, 'clear_cache' ) );
+		add_filter( 'cloudinary_post_id_taxonomy', array( $this, 'get_current_post_id' ) );
+		add_filter( 'the_content', array( $this, 'add_post_id' ) );
 	}
 
 	/**
@@ -82,6 +91,36 @@ public function clear_cache() {
 		delete_post_meta_by_key( self::META_CACHE_KEY );
 	}
 
+	/**
+	 * Add the Post ID to images and videos.
+	 *
+	 * @param string $content The content.
+	 *
+	 * @return string
+	 */
+	public function add_post_id( $content ) {
+		return str_replace(
+			array(
+				'wp-image-',
+				'wp-video-',
+			),
+			array(
+				'wp-post-' . get_the_ID() . ' wp-image-',
+				'wp-post-' . get_the_ID() . ' wp-video-',
+			),
+			$content
+		);
+	}
+
+	/**
+	 * Get the current post ID.
+	 *
+	 * @return int|null
+	 */
+	public function get_current_post_id() {
+		return $this->current_post_id;
+	}
+
 	/**
 	 * Setup component.
 	 */
@@ -108,6 +147,8 @@ public function process_featured_image( $html, $post_id, $attachment_id ) {
 		// Get tag element.
 		$tag_element                    = $this->parse_element( $html );
 		$tag_element['atts']['class'][] = 'wp-image-' . $attachment_id;
+		$tag_element['atts']['class'][] = 'wp-post-' . $post_id;
+
 		if ( true === (bool) $this->media->get_post_meta( $post_id, Global_Transformations::META_FEATURED_IMAGE_KEY, true ) ) {
 			$tag_element['atts']['class'][] = 'cld-overwrite';
 		}
@@ -219,13 +260,16 @@ public function convert_tags( $content ) {
 		$replacements   = array();
 		$attachment_ids = array();
 		foreach ( $tags as $element ) {
-			$attachment_id = $this->filter->get_id_from_tag( $element );
+			$attachment_id         = $this->filter->get_id_from_tag( $element );
+			$this->current_post_id = $this->filter->get_id_from_tag( $element, 'wp-post-' );
+
 			if ( empty( $attachment_id ) || ! $this->sync->is_synced( $attachment_id ) ) {
 				continue;
 			}
 			// Register replacement.
 			$replacements[ $element ] = $this->rebuild_tag( $element, $attachment_id );
 			$attachment_ids[]         = $attachment_id;
+			$this->current_post_id    = null;
 		}
 
 		// Create other image sizes for ID's found.
diff --git a/php/media/class-filter.php b/php/media/class-filter.php
@@ -8,7 +8,11 @@
 namespace Cloudinary\Media;
 
 use Cloudinary\Connect\Api;
+use Cloudinary\Media;
 use Cloudinary\Utils;
+use WP_Post;
+use WP_REST_Request;
+use WP_REST_Response;
 
 /**
  * Class Filter.
@@ -22,16 +26,16 @@ class Filter {
 	 *
 	 * @since   0.1
 	 *
-	 * @var     \Cloudinary\Media Instance of the plugin.
+	 * @var     Media Instance of the plugin.
 	 */
 	private $media;
 
 	/**
 	 * Filter constructor.
 	 *
-	 * @param \Cloudinary\Media $media The plugin.
+	 * @param Media $media The plugin.
 	 */
-	public function __construct( \Cloudinary\Media $media ) {
+	public function __construct( Media $media ) {
 		$this->media = $media;
 		$this->setup_hooks();
 	}
@@ -87,13 +91,13 @@ public function get_video_shortcodes( $html ) {
 	 * Get the attachment ID from the media tag.
 	 *
 	 * @param string $asset The media tag.
-	 *
-	 * @return int|false
+	 * @param string $type  The type.
+	 * @return int|null
 	 */
-	public function get_id_from_tag( $asset ) {
-		$attachment_id = false;
+	public function get_id_from_tag( $asset, $type = 'wp-image-|wp-video-' ) {
+		$attachment_id = null;
 		// Get attachment id from class name.
-		if ( preg_match( '#class=["|\']?[^"\']*(wp-image-|wp-video-)([\d]+)[^"\']*["|\']?#i', $asset, $found ) ) {
+		if ( preg_match( '#class=["|\']?[^"\']*(' . $type . ')([\d]+)[^"\']*["|\']?#i', $asset, $found ) ) {
 			$attachment_id = intval( $found[2] );
 		}
 
@@ -442,9 +446,9 @@ public function filter_attachment_for_js( $attachment ) {
 	/**
 	 * Return a Cloudinary URL for an attachment used in a REST REQUEST.
 	 *
-	 * @param \WP_REST_Response $attachment The attachment array to be used in JS.
+	 * @param WP_REST_Response $attachment The attachment array to be used in JS.
 	 *
-	 * @return \WP_REST_Response
+	 * @return WP_REST_Response
 	 * @uses filter:rest_prepare_attachment
 	 */
 	public function filter_attachment_for_rest( $attachment ) {
@@ -546,13 +550,13 @@ public function filter_video_embeds( $html, $id, $attachment ) {
 	}
 
 	/**
-	 * Filter out local urls in an 'edit' context rest request ( i.e for Gutenburg ).
+	 * Filter out local urls in an 'edit' context rest request ( i.e for Gutenberg ).
 	 *
-	 * @param \WP_REST_Response $response The post data array to save.
-	 * @param \WP_Post          $post     The current post.
-	 * @param \WP_REST_Request  $request  The request object.
+	 * @param WP_REST_Response $response The post data array to save.
+	 * @param WP_Post          $post     The current post.
+	 * @param WP_REST_Request  $request  The request object.
 	 *
-	 * @return \WP_REST_Response
+	 * @return WP_REST_Response
 	 */
 	public function pre_filter_rest_content( $response, $post, $request ) {
 		$context = $request->get_param( 'context' );
diff --git a/php/media/class-global-transformations.php b/php/media/class-global-transformations.php
@@ -8,6 +8,7 @@
 namespace Cloudinary\Media;
 
 use Cloudinary\Settings\Setting;
+use WP_Post;
 
 /**
  * Class Global Transformations.
@@ -241,25 +242,23 @@ public function get_transformations( $type ) {
 	 *
 	 * @param string $type The type to get.
 	 *
-	 * @return array
+	 * @return string
 	 */
 	public function get_taxonomy_transformations( $type ) {
 		$return_transformations = '';
-		if ( in_the_loop() ) {
-			$post = get_post();
-			if ( ! empty( $post ) ) {
-				$transformations = array();
-				$terms           = $this->get_terms( $post->ID );
-				if ( ! empty( $terms ) ) {
-					foreach ( $terms as $item ) {
-						$transformation = $this->get_term_transformations( $item['term']->term_id, $type );
-						if ( ! empty( $transformation[ $type . '_freeform' ] ) ) {
-							$transformations[] = trim( $transformation[ $type . '_freeform' ] );
-						}
+		$post                   = $this->get_current_post();
+		if ( $post ) {
+			$transformations = array();
+			$terms           = $this->get_terms( $post->ID );
+			if ( ! empty( $terms ) ) {
+				foreach ( $terms as $item ) {
+					$transformation = $this->get_term_transformations( $item['term']->term_id, $type );
+					if ( ! empty( $transformation[ $type . '_freeform' ] ) ) {
+						$transformations[] = trim( $transformation[ $type . '_freeform' ] );
 					}
-					// Join the freeform.
-					$return_transformations = implode( '/', (array) $transformations );
 				}
+				// Join the freeform.
+				$return_transformations = implode( '/', (array) $transformations );
 			}
 		}
 
@@ -273,8 +272,8 @@ public function get_taxonomy_transformations( $type ) {
 	 */
 	public function is_taxonomy_overwrite() {
 		$apply_type = false;
-		if ( in_the_loop() ) {
-			$post       = get_post();
+		$post       = $this->get_current_post();
+		if ( $post ) {
 			$apply_type = get_post_meta( $post->ID, self::META_APPLY_KEY . '_terms', true );
 		}
 
@@ -563,6 +562,29 @@ public function save_overwrite_transformations_featured_image( $post_id ) {
 		}
 	}
 
+	/**
+	 * Get the current post.
+	 *
+	 * @return WP_Post|null
+	 */
+	protected function get_current_post() {
+		/**
+		 * Filter the post ID.
+		 *
+		 * @hook    cloudinary_post_id
+		 * @default null
+		 *
+		 * @return  {WP_Post|null}
+		 */
+		$post_id = apply_filters( 'cloudinary_post_id', null );
+
+		if ( is_null( $post_id ) ) {
+			return null;
+		}
+
+		return get_post( $post_id );
+	}
+
 	/**
 	 * Setup hooks for the filters.
 	 */
