1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
<?php
// phpcs:ignoreFile
namespace AutomateWoo;
if ( ! defined( 'ABSPATH' ) ) exit;
/**
* Contains functions relevant to open, click, conversion tracking.
*
* @since 3.9
*/
class Tracking {
/**
* @param Workflow $workflow
* @return string
*/
static function get_open_tracking_url( $workflow ) {
$log = $workflow->get_current_log();
// SEMGREP WARNING EXPLANATION
// This URL is escaped later
$url = add_query_arg([
'aw-action' => 'open',
'log' => $log ? $log->get_id() : 0
], home_url() );
return apply_filters( 'automatewoo_open_track_url', $url, $workflow );
}
/**
* @param Workflow $workflow
* @param $redirect
* @return string
*/
static function get_click_tracking_url( $workflow, $redirect ) {
$valid_redirect = wp_validate_redirect( $redirect );
if ( ! $valid_redirect ) {
return $redirect; // if redirect is not a valid redirect return the original URL
}
$log = $workflow->get_current_log();
$args = [
'aw-action' => 'click',
'log' => $log ? $log->get_id() : 0,
'redirect' => urlencode( $valid_redirect )
];
// SEMGREP WARNING EXPLANATION
// URL is escaped later by the consumer.
$url = add_query_arg( $args, home_url() );
return apply_filters( 'automatewoo_click_track_url', $url, $args );
}
/**
* Records the open track event if a valid log id is passed.
* Then outputs a blank GIF image.
*/
static function handle_open_tracking_url() {
$log = Log_Factory::get( aw_request( 'log' ) );
if ( $log && ! self::is_excluded_user_agent() ) {
$log->record_open();
}
$image_path = AW()->admin_path( '/assets/img/blank.gif' );
// render image
header( 'Content-Type: image/gif' );
header( 'Pragma: public' ); // required
header( 'Expires: 0' ); // no cache
header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' );
header( 'Cache-Control: private', false );
header( 'Content-Disposition: attachment; filename="blank.gif"' );
header( 'Content-Transfer-Encoding: binary' );
header( 'Content-Length: ' . filesize( $image_path ) ); // provide file size
readfile( $image_path );
exit;
}
/**
* Records the click event and then redirects the user if safe.
* Still allow redirect if log param is invalid, when testing a '0' value for log is used.
*/
static function handle_click_tracking_url() {
$redirect = esc_url_raw( aw_request( 'redirect' ) );
$log = Log_Factory::get( aw_request( 'log' ) );
if ( ! $redirect ) {
return;
}
if ( $log && ! self::is_excluded_user_agent() ) {
$log->record_click( $redirect );
}
// fallback to the home page instead of the admin area if redirect is unsafe
add_filter( 'wp_safe_redirect_fallback', [ 'AutomateWoo\Tracking', 'safe_redirect_fallback' ] );
wp_safe_redirect( $redirect );
exit;
}
/**
* @return string
*/
static function safe_redirect_fallback() {
return apply_filters( 'automatewoo/click_track/safe_redirect_fallback', home_url() );
}
/**
* Is the useragent excluded from tracking.
*
* @since 4.8.1
*
* @return bool
*/
public static function is_excluded_user_agent() {
$user_agent = wc_get_user_agent();
$matches = (array) apply_filters(
'automatewoo/tracking/excluded_user_agents',
[
'bitlybot'
]
);
foreach ( $matches as $match ) {
// Match any part of the user agent string
if ( false !== stristr( $user_agent, $match ) ) {
return true;
}
}
return false;
}
}
|