Fix: QA issues

assets/src/admin/media-sharing/components/browser-uploader.js

@@ -9,12 +9,12 @@ import { useState, useRef } from '@wordpress/element';
  * Internal dependencies
  */
 import { uploadMedia, updateExistingAttachment, checkIfAllSitesConnected, isSyncAttachment as isSyncAttachmentApi } from '../../../components/api';
-import { getFrameProperty, restrictMediaFrameUploadTypes, showSnackbarNotice } from '../../../js/utils';
+import { getExtensions, getFrameProperty, getMimeTypes, restrictMediaFrameUploadTypes, showSnackbarNotice } from '../../../js/utils';
 
 //
 const UPLOAD_NONCE = window.OneMediaMediaFrame?.uploadNonce || '';
-const ALLOWED_MIME_TYPES = typeof window.OneMediaMediaFrame?.allowedMimeTypes !== 'undefined'
-	? Object.values( window.OneMediaMediaFrame?.allowedMimeTypes )
+const ALLOWED_MIME_TYPES_MAP = typeof window.OneMediaMediaFrame?.allowedMimeTypesMap !== 'undefined'
+	? window.OneMediaMediaFrame?.allowedMimeTypesMap
 	: [];
 
 const BrowserUploaderButton = ( {
@@ -108,12 +108,12 @@ const BrowserUploaderButton = ( {
 			},
 			multiple: false,
 			library: {
-				type: ALLOWED_MIME_TYPES,
+				type: getMimeTypes( ALLOWED_MIME_TYPES_MAP ),
 				is_onemedia_sync: false,
 			},
 		} );
 
-		restrictMediaFrameUploadTypes( frame, ALLOWED_MIME_TYPES.join( ',' ).replaceAll( 'image/', '' ).replaceAll( '+xml', '' ) );
+		restrictMediaFrameUploadTypes( frame, getExtensions( ALLOWED_MIME_TYPES_MAP ).join( ',' ) );
 
 		frame.on( 'open', () => {
 			const frameEl = frame.el;
@@ -194,12 +194,12 @@ const BrowserUploaderButton = ( {
 			},
 			multiple: false,
 			library: {
-				type: ALLOWED_MIME_TYPES,
+				type: getMimeTypes( ALLOWED_MIME_TYPES_MAP ),
 				is_onemedia_sync: false,
 			},
 		} );
 
-		restrictMediaFrameUploadTypes( frame, ALLOWED_MIME_TYPES.join( ',' ).replaceAll( 'image/', '' ).replaceAll( '+xml', '' ) );
+		restrictMediaFrameUploadTypes( frame, getExtensions( ALLOWED_MIME_TYPES_MAP ).join( ',' ) );
 
 		frame.on( 'open', () => {
 			const frameEl = frame.el;
@@ -258,8 +258,10 @@ const BrowserUploaderButton = ( {
 			return;
 		}
 
+		const mimeTypes = getMimeTypes( ALLOWED_MIME_TYPES_MAP );
+
 		// Validate file type.
-		if ( ! ALLOWED_MIME_TYPES.length > 0 || ! ALLOWED_MIME_TYPES.includes( file.type ) ) {
+		if ( ! mimeTypes.length > 0 || ! mimeTypes.includes( file.type ) ) {
 			setNotice( {
 				type: 'error',
 				message: __( 'Please select a valid image file.', 'onemedia' ),
@@ -352,7 +354,7 @@ const BrowserUploaderButton = ( {
 				<input
 					className="onemedia-hidden-file-input"
 					type="file"
-					accept={ ALLOWED_MIME_TYPES.join( ',' ) }
+					accept={ getMimeTypes( ALLOWED_MIME_TYPES_MAP ).join( ',' ) }
 					ref={ fileInputRef }
 					onChange={ handleFileSelect }
 				/>

assets/src/admin/media-sharing/index.js

@@ -32,15 +32,15 @@ import BrowserUploaderButton from './components/browser-uploader';
 import ShareMediaModal from './components/ShareMediaModal';
 import VersionModal from './components/VersionModal';
 import { fetchSyncedSites as fetchSyncedSitesApi, fetchMediaItems as fetchMediaItemsApi, fetchBrandSites as fetchBrandSitesApi, shareMedia as shareMediaApi, uploadMedia } from '../../components/api';
-import { getNoticeClass, trimTitle, debounce, getFrameProperty, restrictMediaFrameUploadTypes } from '../../js/utils';
+import { getNoticeClass, trimTitle, debounce, getFrameProperty, restrictMediaFrameUploadTypes, getExtensions } from '../../js/utils';
 import fallbackImage from '../../images/fallback-image.svg';
 
 const MEDIA_PER_PAGE = 12;
 const ONEMEDIA_PLUGIN_TAXONOMY_TERM = 'onemedia';
 const UPLOAD_NONCE = window.OneMediaMediaSharing?.uploadNonce || '';
 const ONEMEDIA_MEDIA_SHARING = window.OneMediaMediaSharing || {};
-const ALLOWED_MIME_TYPES = typeof window.OneMediaMediaFrame?.allowedMimeTypes !== 'undefined'
-	? Object.values( window.OneMediaMediaFrame?.allowedMimeTypes )
+const ALLOWED_MIME_TYPES_MAP = typeof window.OneMediaMediaFrame?.allowedMimeTypesMap !== 'undefined'
+	? window.OneMediaMediaFrame?.allowedMimeTypesMap
 	: [];
 
 const MediaSharingApp = ( {
@@ -217,7 +217,7 @@ const MediaSharingApp = ( {
 				},
 			} );
 
-			restrictMediaFrameUploadTypes( editFrame, ALLOWED_MIME_TYPES.join( ',' ).replaceAll( 'image/', '' ).replaceAll( '+xml', '' ), true );
+			restrictMediaFrameUploadTypes( editFrame, getExtensions( ALLOWED_MIME_TYPES_MAP ).join( ',' ), true );
 
 			editFrame.on( 'open', function() {
 				// Reset the selection state.

assets/src/js/utils.ts

@@ -4,6 +4,21 @@
 
 import type { NoticeType } from '../admin/settings/page';
 
+declare global {
+	interface Window {
+		wp: {
+			Uploader: {
+				queue: unknown;
+			};
+			media: {
+				attachment( id: number ): {
+					get( key: string ): unknown;
+				} | undefined;
+			};
+		};
+	}
+}
+
 type WPMediaUploader = {
 	settings: {
 		multipart_params: Record<string, unknown>;
@@ -29,21 +44,6 @@ type WPMediaFrame = {
 	};
 };
 
-declare global {
-	interface Window {
-		wp: {
-			Uploader: {
-				queue: unknown;
-			};
-			media: {
-				attachment( id: number ): {
-					get( key: string ): unknown;
-				} | undefined;
-			};
-		};
-	}
-}
-
 /**
  * Helper function to validate if a string is a well-formed URL.
  *
@@ -287,6 +287,23 @@ const restrictMediaFrameUploadTypes = ( frame : WPMediaFrame, allowedTypes: stri
 	} );
 };
 
+/**
+ * Get MIME types from a MIME map.
+ * @param {Object} mimeMap
+ */
+function getMimeTypes( mimeMap : Object ) : string[] {
+	return [ ...new Set( Object.values( mimeMap ) ) ];
+}
+
+/**
+ * Get extensions from a MIME map.
+ * @param {Object} mimeMap
+ */
+function getExtensions( mimeMap : Object ) : string[] {
+	return Object.keys( mimeMap )
+		.flatMap( ( key ) => key.split( '|' ) );
+}
+
 export {
 	isURL,
 	isValidUrl,
@@ -298,4 +315,6 @@ export {
 	getFrameProperty,
 	showSnackbarNotice,
 	restrictMediaFrameUploadTypes,
+	getMimeTypes,
+	getExtensions,
 };

inc/Modules/Core/Assets.php

@@ -68,21 +68,21 @@ final class Assets implements Registrable {
 	public static function get_localized_data(): array {
 		if ( empty( self::$localized_data ) ) {
 			self::$localized_data = [
-				'restUrl'          => esc_url( home_url( '/wp-json' ) ),
-				'restNonce'        => wp_create_nonce( 'wp_rest' ),
-				'apiKey'           => Settings::get_api_key(),
-				'settingsLink'     => esc_url( admin_url( 'admin.php?page=onemedia-settings' ) ),
-				'siteType'         => Settings::get_site_type(),
-				'siteName'         => get_bloginfo( 'name' ),
-				'ajaxUrl'          => admin_url( 'admin-ajax.php' ),
-				'uploadNonce'      => wp_create_nonce( 'onemedia_upload_media' ),
-				'allowedMimeTypes' => Utils::get_supported_mime_types(),
-				'mediaSyncNonce'   => wp_create_nonce( 'onemedia_check_sync_status' ),
-				'allLabel'         => __( 'All media', 'onemedia' ),
-				'syncLabel'        => __( 'Synced', 'onemedia' ),
-				'notSyncLabel'     => __( 'Not Synced', 'onemedia' ),
-				'filterLabel'      => __( 'Sync Status', 'onemedia' ),
-				'syncStatus'       => Attachment::SYNC_STATUS_POSTMETA_KEY,
+				'restUrl'             => esc_url( home_url( '/wp-json' ) ),
+				'restNonce'           => wp_create_nonce( 'wp_rest' ),
+				'apiKey'              => Settings::get_api_key(),
+				'settingsLink'        => esc_url( admin_url( 'admin.php?page=onemedia-settings' ) ),
+				'siteType'            => Settings::get_site_type(),
+				'siteName'            => get_bloginfo( 'name' ),
+				'ajaxUrl'             => admin_url( 'admin-ajax.php' ),
+				'uploadNonce'         => wp_create_nonce( 'onemedia_upload_media' ),
+				'allowedMimeTypesMap' => Utils::get_supported_mime_types(),
+				'mediaSyncNonce'      => wp_create_nonce( 'onemedia_check_sync_status' ),
+				'allLabel'            => __( 'All media', 'onemedia' ),
+				'syncLabel'           => __( 'Synced', 'onemedia' ),
+				'notSyncLabel'        => __( 'Not Synced', 'onemedia' ),
+				'filterLabel'         => __( 'Sync Status', 'onemedia' ),
+				'syncStatus'          => Attachment::SYNC_STATUS_POSTMETA_KEY,
 			];
 		}
 

inc/Modules/MediaLibrary/Admin.php

@@ -121,7 +121,7 @@ public function filter_ajax_query_attachments_args( array $query ): array {
 		}
 
 		// check for is_onemedia_sync meta filter.
-		if ( isset( $request_query['is_onemedia_sync'] ) ) {
+		if ( ! empty( $request_query['is_onemedia_sync'] ) ) {
 			$is_onemedia_sync = filter_var( $request_query['is_onemedia_sync'], FILTER_VALIDATE_BOOLEAN );
 
 			if ( true === $is_onemedia_sync ) {

inc/Modules/MediaSharing/MediaProtection.php

@@ -41,25 +41,16 @@ public function add_term_to_attachment( int $attachment_id ): void {
 		if ( ! wp_doing_ajax() ) {
 			return;
 		}
-		$action = isset( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
-		if ( 'upload-attachment' !== $action ) {
+		if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_POST['_wpnonce'] ), 'media-form' ) ) {
 			return;
 		}
-		// check if is_onemedia_sync is set and true.
-		$is_onemedia_sync = isset( $_POST['is_onemedia_sync'] ) &&
-						filter_var( $_POST['is_onemedia_sync'], FILTER_VALIDATE_BOOLEAN );
-
-		// Verify nonce for security.
-		if ( ! isset( $_POST['_wpnonce'] ) ) {
+		if ( ! isset( $_REQUEST['action'] ) || 'upload-attachment' !== sanitize_text_field( $_REQUEST['action'] ) ) {
 			return;
 		}
 
-		if ( isset( $_POST['_wpnonce'] ) ) {
-			$nonce = sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) );
-			if ( ! wp_verify_nonce( $nonce, 'media-form' ) ) {
-				return;
-			}
-		}
+		// Check if is_onemedia_sync is set and true.
+		$is_onemedia_sync = ! empty( $_POST['is_onemedia_sync'] );
+
 		update_post_meta( $attachment_id, Attachment::IS_SYNC_POSTMETA_KEY, $is_onemedia_sync );
 
 		if ( true !== $is_onemedia_sync ) {
@@ -89,6 +80,7 @@ public function maybe_block_media_delete( int $attachment_id ): int|\WP_Error {
 			wp_safe_redirect( $redirect_url );
 			exit;
 		}
+
 		return $attachment_id;
 	}
 
@@ -118,10 +110,10 @@ public function show_deletion_notice(): void {
 	/**
 	 * Prevent editing or deleting of synced media attachments on brand sites.
 	 *
-	 * @param array  $caps Current user's capabilities.
-	 * @param string $cap Capability being checked.
+	 * @param array  $caps    Current user's capabilities.
+	 * @param string $cap     Capability being checked.
 	 * @param int    $user_id User ID.
-	 * @param array  $args Arguments for the capability check.
+	 * @param array  $args    Arguments for the capability check.
 	 *
 	 * @return array|string[]
 	 */

inc/Utils.php

@@ -53,16 +53,18 @@ public static function decode_filename( string $filename ): string {
 	 * @return array Array of supported mime types by the server.
 	 */
 	public static function get_supported_mime_types(): array {
-		$allowed_types = self::ALLOWED_MIME_TYPES;
-
-		// Remove any types that are not supported by the server.
-		$supported_types = array_values( get_allowed_mime_types() );
-		$allowed_types   = array_intersect( $allowed_types, $supported_types );
-
-		// WP uses jpeg for all jpeg types, so we need to add jpg and jpe as well explicitly.
-		$allowed_types = array_merge( $allowed_types, [ 'image/jpg', 'image/jpe' ] );
-
-		return $allowed_types;
+		$allowed_mimes = array_flip( self::ALLOWED_MIME_TYPES );
+		$wp_mimes      = get_allowed_mime_types();
+
+		/**
+		 * Filter WordPress mime list by allowed mime values.
+		 */
+		return array_filter(
+			$wp_mimes,
+			static function ( string $mime ) use ( $allowed_mimes ): bool {
+				return isset( $allowed_mimes[ $mime ] );
+			}
+		);
 	}
 
 	/**