Merge pull request #2 from pressidium/next

over-engineer · web-flow · commit 38531c00e555 · 2026-01-09T10:35:42.000+02:00
1.0.0
diff --git a/composer.lock b/composer.lock
diff --git a/includes/API/Sanitizer.php b/includes/API/Sanitizer.php
@@ -49,7 +49,7 @@ public static function sanitize_email( $email ): string {
      * @return string
      */
     public static function sanitize_url( $url ): string {
-        return sanitize_url( $url );
+        return esc_url_raw( $url );
     }
 
     /**
diff --git a/includes/Files/File.php b/includes/Files/File.php
@@ -9,8 +9,8 @@
 namespace Pressidium\WP\Performance\Files;
 
 use Pressidium\WP\Performance\Logging\Logger;
-use Pressidium\WP\Performance\Utils\URL_Utils;
 use Pressidium\WP\Performance\Utils\WP_Utils;
+use Pressidium\WP\Performance\Utils\URL_Utils;
 
 if ( ! defined( 'ABSPATH' ) ) {
     die( 'Forbidden' );
@@ -154,6 +154,10 @@ private function compute_hash(): string {
                 )
             );
 
+            if ( URL_Utils::is_url( $location ) ) {
+                $location = URL_Utils::normalize_url( $location );
+            }
+
             // phpcs:ignore WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents
             $contents = file_get_contents( $location );
 
diff --git a/includes/Files/File_Reader.php b/includes/Files/File_Reader.php
@@ -11,6 +11,7 @@
 use Pressidium\WP\Performance\Exceptions\Filesystem_Exception;
 use Pressidium\WP\Performance\Logging\Logger;
 use Pressidium\WP\Performance\Utils\WP_Utils;
+use Pressidium\WP\Performance\Utils\URL_Utils;
 
 use const Pressidium\WP\Performance\VERSION;
 
@@ -25,6 +26,11 @@
  */
 final class File_Reader {
 
+    /**
+     * @var string User agent for remote requests.
+     */
+    const USER_AGENT = 'Pressidium Performance Plugin';
+
     /**
      * File_Reader constructor.
      *
@@ -49,6 +55,20 @@ private function maybe_read_local( string $file_path ): string {
         return $this->filesystem->read( $file_path );
     }
 
+    /**
+     * Determine if the given URL is protocol-relative.
+     *
+     * Protocol-relative URLs start with '//' and inherit
+     * the protocol (http or https) from the current context.
+     *
+     * @param string $url URL to check.
+     *
+     * @return bool `true` if the URL is protocol-relative, `false` otherwise.
+     */
+    private function is_protocol_relative_url( string $url ): bool {
+        return str_starts_with( $url, '//' );
+    }
+
     /**
      * Fetch and return the contents of the file at the given URI.
      *
@@ -59,11 +79,13 @@ private function maybe_read_local( string $file_path ): string {
      * @return string Contents of the file.
      */
     private function maybe_fetch_remote( string $file_uri ): string {
+        $file_uri = URL_Utils::normalize_url( $file_uri );
+
         $response = wp_safe_remote_request(
             $file_uri,
             array(
                 'timeout'    => 10, // seconds
-                'user-agent' => sprintf( 'Pressidium Performance Plugin/%s', VERSION ),
+                'user-agent' => sprintf( '%s/%s', self::USER_AGENT, VERSION ),
                 'sslverify'  => ! WP_Utils::is_local_or_development_env(), // do not verify SSL in local/dev env
             ),
         );
diff --git a/includes/Utils/URL_Utils.php b/includes/Utils/URL_Utils.php
@@ -19,6 +19,25 @@
  */
 final class URL_Utils {
 
+    /**
+     * Normalize the given URL.
+     *
+     * @param string $url URL to normalize.
+     *
+     * @return string
+     */
+    public static function normalize_url( string $url ): string {
+        // Handle protocol-relative URLs
+        $is_protocol_relative = str_starts_with( $url, '//' );
+
+        if ( $is_protocol_relative ) {
+            $protocol = WP_Utils::get_site_protocol();
+            $url      = $protocol . ':' . $url;
+        }
+
+        return $url;
+    }
+
     /**
      * Whether the given value is a valid URL.
      *
@@ -27,7 +46,9 @@ final class URL_Utils {
      * @return bool
      */
     public static function is_url( string $value ): bool {
-        return (bool) filter_var( $value, FILTER_VALIDATE_URL );
+        $normalized_value = self::normalize_url( $value );
+
+        return (bool) filter_var( $normalized_value, FILTER_VALIDATE_URL );
     }
 
     /**
diff --git a/includes/Utils/WP_Utils.php b/includes/Utils/WP_Utils.php
@@ -48,6 +48,22 @@ public static function get_request_uri(): string {
         return esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
     }
 
+    /**
+     * Return the protocol of this WordPress website.
+     *
+     * @return string
+     */
+    public static function get_site_protocol(): string {
+        $parsed_url = wp_parse_url( get_home_url() );
+        $scheme     = $parsed_url['scheme'] ?? 'https';
+
+        if ( $scheme === 'http' ) {
+            return 'http';
+        }
+
+        return 'https';
+    }
+
     /**
      * Return the environment type of this WordPress website.
      *
diff --git a/readme.txt b/readme.txt
@@ -157,6 +157,6 @@ If you have spotted any bugs, or would like to request additional features from
 
 == Changelog ==
 
-= 1.0.0: Nov 22, 2025 =
+= 1.0.0: Jan 9, 2026 =
 
 * Initial version

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ public static function sanitize_email( $email ): string {`
`49`	`49`	`* @return string`
`50`	`50`	`*/`
`51`	`51`	`public static function sanitize_url( $url ): string {`
`52`		`- return sanitize_url( $url );`
	`52`	`+ return esc_url_raw( $url );`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`/**`