Boost: Fix photon URL check (#39635)

* Extract is_photon_url to a method * Improve photon URL check in image guide proxy * changelog * Rename the method for consistency * Add boost changelog * Add a test * Update projects/packages/image-cdn/src/class-image-cdn-core.php Co-authored-by: Brad Jorsch <[email protected]> * Update projects/packages/image-cdn/changelog/add-photon-url-check-method Co-authored-by: Brad Jorsch <[email protected]> --------- Co-authored-by: Brad Jorsch <[email protected]>
Automattic · Oct 4, 2024 · c96cadf · c96cadf
1 parent 7a2a5d6
commit c96cadf
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 10 deletions.
diff --git a/projects/packages/image-cdn/changelog/add-photon-url-check-method b/projects/packages/image-cdn/changelog/add-photon-url-check-method
@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Added a public method to check if a URL is CDN url
diff --git a/projects/packages/image-cdn/src/class-image-cdn-core.php b/projects/packages/image-cdn/src/class-image-cdn-core.php
@@ -156,17 +156,12 @@ public static function cdn_url( $image_url, $args = array(), $scheme = null ) {
 			}
 		}
 
-		/** This filter is documented below. */
-		$custom_photon_url = apply_filters( 'jetpack_photon_domain', '', $image_url );
-		$custom_photon_url = esc_url( $custom_photon_url );
-
 		// You can't run a Photon URL through Photon again because query strings are stripped.
 		// So if the image is already a Photon URL, append the new arguments to the existing URL.
 		// Alternately, if it's a *.files.wordpress.com url or an image on a private WordPress.com Simple site,
 		// then keep the domain as is.
 		if (
-			in_array( $image_url_parts['host'], array( 'i0.wp.com', 'i1.wp.com', 'i2.wp.com' ), true )
-			|| wp_parse_url( $custom_photon_url, PHP_URL_HOST ) === $image_url_parts['host']
+			self::is_cdn_url( $image_url )
 			|| $is_wpcom_image
 			|| $is_wpcom_private_site
 		) {
@@ -245,6 +240,28 @@ public static function cdn_url( $image_url, $args = array(), $scheme = null ) {
 		return self::cdn_url_scheme( $photon_url, $scheme );
 	}
 
+	/**
+	 * Checks if a given URL is a Photon URL.
+	 *
+	 * @since $$next-version$$
+	 * @param string $url The URL to check.
+	 * @return bool True if the URL is a Photon URL, false otherwise.
+	 */
+	public static function is_cdn_url( $url ) {
+		$parsed_url = wp_parse_url( $url );
+
+		if ( ! $parsed_url ) {
+			return false;
+		}
+
+		// See usage in ::cdn_url for documentation of this filter
+		$custom_photon_url = apply_filters( 'jetpack_photon_domain', '', $url );
+		$custom_photon_url = esc_url( $custom_photon_url );
+
+		return in_array( $parsed_url['host'], array( 'i0.wp.com', 'i1.wp.com', 'i2.wp.com' ), true )
+			|| wp_parse_url( $custom_photon_url, PHP_URL_HOST ) === $parsed_url['host'];
+	}
+
 	/**
 	 * Parses WP.com-hosted image args to replicate the crop.
 	 *

diff --git a/projects/packages/image-cdn/tests/php/test_class.image_cdn_core.php b/projects/packages/image-cdn/tests/php/test_class.image_cdn_core.php
@@ -265,6 +265,24 @@ public function test_photon_url_filter_network_path_photonized_to_https() {
 		$this->assertEquals( 'https://photon.test/example.com/img.jpg', $url );
 	}
 
+	/**
+	 * @covers ::Image_CDN_Core::is_cdn_url
+	 * @since  $$next-version$$
+	 * @group  jetpack_photon_filter_network_path
+	 */
+	public function test_is_cdn_url_method() {
+		$this->apply_custom_domain( '//photon.test' );
+		$this->assertTrue( Image_CDN_Core::is_cdn_url( '//photon.test/example.com/img.jpg' ) );
+
+		$this->assertTrue( Image_CDN_Core::is_cdn_url( 'https://i0.wp.com/example.com/img.jpg' ) );
+		$this->assertTrue( Image_CDN_Core::is_cdn_url( 'http://i1.wp.com/example.com/img.jpg' ) );
+		$this->assertTrue( Image_CDN_Core::is_cdn_url( '//i2.wp.com/example.com/img.jpg' ) );
+		$this->assertFalse( Image_CDN_Core::is_cdn_url( '//i3.wp.com/example.com/img.jpg' ) );
+		$this->assertFalse( Image_CDN_Core::is_cdn_url( 'http://example.com/img.jpg' ) );
+		$this->assertFalse( Image_CDN_Core::is_cdn_url( 'https://example.com/img.jpg' ) );
+		$this->assertFalse( Image_CDN_Core::is_cdn_url( '//example.com/img.jpg' ) );
+	}
+
 	/**
 	 * @author aduth
 	 * @covers ::Image_CDN_Core::cdn_url_scheme

diff --git a/projects/plugins/boost/app/modules/image-guide/Image_Guide_Proxy.php b/projects/plugins/boost/app/modules/image-guide/Image_Guide_Proxy.php
@@ -36,10 +36,8 @@ public static function handle_proxy() {
 			wp_send_json_error( 'Invalid URL', 400 );
 		}
 
-		$photon_url        = Image_CDN_Core::cdn_url( $proxy_url );
-		$photon_url_domain = wp_parse_url( $photon_url, PHP_URL_HOST );
-		$photon_domain     = wp_parse_url( apply_filters( 'jetpack_photon_domain', 'https://i0.wp.com' ), PHP_URL_HOST );
-		if ( $photon_url_domain !== $photon_domain ) {
+		$photon_url = Image_CDN_Core::cdn_url( $proxy_url );
+		if ( ! Image_CDN_Core::is_cdn_url( $proxy_url ) ) {
 			wp_send_json_error( 'Failed to proxy the image.', 400 );
 		}
 

diff --git a/projects/plugins/boost/changelog/improve-cdn-url-check b/projects/plugins/boost/changelog/improve-cdn-url-check
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Image Guide: Improve check for Jetpack Image CDN URLs