1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
use Automattic\Jetpack\Connection\Initial_State as Connection_Initial_State;
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
use Automattic\Jetpack\Status;
require_once __DIR__ . '/class.jetpack-admin-page.php';
require_once __DIR__ . '/class-jetpack-redux-state-helper.php';
/**
* Builds the landing page and its menu.
*/
class Jetpack_React_Page extends Jetpack_Admin_Page {
/**
* Show the landing page only when Jetpack is connected.
*
* @var bool
*/
protected $dont_show_if_not_active = false;
/**
* Used for fallback when REST API is disabled.
*
* @var bool
*/
protected $is_redirecting = false;
/**
* Add the main admin Jetpack menu.
*
* @return string|false Return value from WordPress's `add_menu_page()`.
*/
public function get_page_hook() {
return add_menu_page( 'Jetpack', 'Jetpack', 'jetpack_admin_page', 'jetpack', array( $this, 'render' ), 'div', 3 );
}
/**
* Add page action.
*
* @param string $hook Hook of current page.
* @return void
*/
public function add_page_actions( $hook ) {
/** This action is documented in class.jetpack-admin.php */
do_action( 'jetpack_admin_menu', $hook );
if ( ! isset( $_GET['page'] ) || 'jetpack' !== $_GET['page'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- This is view logic.
return; // No need to handle the fallback redirection if we are not on the Jetpack page.
}
// Adding a redirect meta tag if the REST API is disabled.
if ( ! $this->is_rest_api_enabled() ) {
$this->is_redirecting = true;
add_action( 'admin_head', array( $this, 'add_fallback_head_meta' ) );
}
// Adding a redirect meta tag wrapped in noscript tags for all browsers in case they have JavaScript disabled.
add_action( 'admin_head', array( $this, 'add_noscript_head_meta' ) );
// If this is the first time the user is viewing the admin, don't show JITMs.
// This filter is added just in time because this function is called on admin_menu
// and JITMs are initialized on admin_init.
if ( Jetpack::is_connection_ready() && ! Jetpack_Options::get_option( 'first_admin_view', false ) ) {
Jetpack_Options::update_option( 'first_admin_view', true );
add_filter( 'jetpack_just_in_time_msgs', '__return_false' );
}
}
/**
* Add Jetpack Dashboard sub-link and point it to AAG if the user can view stats, manage modules or if Protect is active.
*
* Works in Dev Mode or when user is connected.
*
* @since 4.3.0
*/
public function jetpack_add_dashboard_sub_nav_item() {
if ( ( new Status() )->is_offline_mode() || Jetpack::is_connection_ready() ) {
add_submenu_page( 'jetpack', __( 'Dashboard', 'jetpack' ), __( 'Dashboard', 'jetpack' ), 'jetpack_admin_page', 'jetpack#/dashboard', '__return_null' );
remove_submenu_page( 'jetpack', 'jetpack' );
}
}
/**
* Determine whether a user can access the Jetpack Settings page.
*
* Rules are:
* - user is allowed to see the Jetpack Admin
* - site is connected or in offline mode
* - non-admins only need access to the settings when there are modules they can manage.
*
* @return bool $can_access_settings Can the user access settings.
*/
private function can_access_settings() {
$connection = new Connection_Manager( 'jetpack' );
$status = new Status();
// User must have the necessary permissions to see the Jetpack settings pages.
if ( ! current_user_can( 'edit_posts' ) ) {
return false;
}
// In offline mode, allow access to admins.
if ( $status->is_offline_mode() && current_user_can( 'manage_options' ) ) {
return true;
}
// If not in offline mode but site is not connected, bail.
if ( ! Jetpack::is_connection_ready() ) {
return false;
}
/*
* Additional checks for non-admins.
*/
if ( ! current_user_can( 'manage_options' ) ) {
// If the site isn't connected at all, bail.
if ( ! $connection->has_connected_owner() ) {
return false;
}
/*
* If they haven't connected their own account yet,
* they have no use for the settings page.
* They will not be able to manage any settings.
*/
if ( ! $connection->is_user_connected() ) {
return false;
}
/*
* Non-admins only have access to settings
* for the following modules:
* - Publicize
* - Post By Email
* If those modules are not available, bail.
*/
if (
! Jetpack::is_module_active( 'post-by-email' )
&& ! Jetpack::is_module_active( 'publicize' )
) {
return false;
}
}
// fallback.
return true;
}
/**
* Jetpack Settings sub-link.
*
* @since 4.3.0
* @since 9.7.0 If Connection does not have an owner, restrict it to admins
*/
public function jetpack_add_settings_sub_nav_item() {
if ( $this->can_access_settings() ) {
add_submenu_page( 'jetpack', __( 'Settings', 'jetpack' ), __( 'Settings', 'jetpack' ), 'jetpack_admin_page', 'jetpack#/settings', '__return_null' );
}
}
/**
* Fallback redirect meta tag if the REST API is disabled.
*
* @return void
*/
public function add_fallback_head_meta() {
echo '<meta http-equiv="refresh" content="0; url=?page=jetpack_modules">';
}
/**
* Fallback meta tag wrapped in noscript tags for all browsers in case they have JavaScript disabled.
*
* @return void
*/
public function add_noscript_head_meta() {
echo '<noscript>';
$this->add_fallback_head_meta();
echo '</noscript>';
}
/**
* Custom menu order.
*
* @deprecated since 9.2.0
* @param array $menu_order Menu order.
* @return array
*/
public function jetpack_menu_order( $menu_order ) {
_deprecated_function( __METHOD__, 'jetpack-9.2' );
return $menu_order;
}
/**
* Add action to render page specific HTML.
*
* @return void
*/
public function page_render() {
/** This action is already documented in class.jetpack-admin-page.php */
do_action( 'jetpack_notices' );
// Fetch static.html.
$static_html = @file_get_contents( JETPACK__PLUGIN_DIR . '_inc/build/static.html' ); //phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged, WordPress.WP.AlternativeFunctions.file_get_contents_file_get_contents, Not fetching a remote file.
if ( false === $static_html ) {
// If we still have nothing, display an error.
echo '<p>';
esc_html_e( 'Error fetching static.html. Try running: ', 'jetpack' );
echo '<code>pnpm run distclean && pnpm jetpack build plugins/jetpack</code>';
echo '</p>';
} else {
// We got the static.html so let's display it.
echo $static_html; //phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
}
}
/**
* Allow robust deep links to React.
*
* The Jetpack dashboard requires fragments/hash values to make
* a deep link to it but passing fragments as part of a return URL
* will most often be discarded throughout the process.
* This logic aims to bridge this gap and reduce the chance of React
* specific links being broken while passing them along.
*/
public function react_redirects() {
global $pagenow;
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( 'admin.php' !== $pagenow || ! isset( $_GET['jp-react-redirect'] ) ) {
return;
}
$allowed_paths = array(
'product-purchased' => admin_url( '/admin.php?page=jetpack#/recommendations/product-purchased' ),
);
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
$target = sanitize_text_field( wp_unslash( $_GET['jp-react-redirect'] ) );
if ( isset( $allowed_paths[ $target ] ) ) {
wp_safe_redirect( $allowed_paths[ $target ] );
exit;
}
}
/**
* Load styles for static page.
*/
public function additional_styles() {
Jetpack_Admin_Page::load_wrapper_styles();
}
/**
* Load admin page scripts.
*/
public function page_admin_scripts() {
if ( $this->is_redirecting ) {
return; // No need for scripts on a fallback page.
}
$status = new Status();
$is_offline_mode = $status->is_offline_mode();
$site_suffix = $status->get_site_suffix();
$script_deps_path = JETPACK__PLUGIN_DIR . '_inc/build/admin.asset.php';
$script_dependencies = array( 'wp-polyfill' );
$version = JETPACK__VERSION;
if ( file_exists( $script_deps_path ) ) {
$asset_manifest = include $script_deps_path;
$script_dependencies = $asset_manifest['dependencies'];
$version = $asset_manifest['version'];
}
wp_enqueue_script(
'react-plugin',
plugins_url( '_inc/build/admin.js', JETPACK__PLUGIN_FILE ),
$script_dependencies,
$version,
true
);
if ( ! $is_offline_mode && Jetpack::is_connection_ready() ) {
// Required for Analytics.
wp_enqueue_script( 'jp-tracks', '//stats.wp.com/w.js', array(), gmdate( 'YW' ), true );
}
wp_set_script_translations( 'react-plugin', 'jetpack' );
// Add objects to be passed to the initial state of the app.
// Use wp_add_inline_script instead of wp_localize_script, see https://core.trac.wordpress.org/ticket/25280.
wp_add_inline_script( 'react-plugin', 'var Initial_State=JSON.parse(decodeURIComponent("' . rawurlencode( wp_json_encode( Jetpack_Redux_State_Helper::get_initial_state() ) ) . '"));', 'before' );
// This will set the default URL of the jp_redirects lib.
wp_add_inline_script( 'react-plugin', 'var jetpack_redirects = { currentSiteRawUrl: "' . $site_suffix . '" };', 'before' );
// Adds Connection package initial state.
wp_add_inline_script( 'react-plugin', Connection_Initial_State::render(), 'before' );
}
}
|