Merge pull request #7330 from ampproject/add/path-check-in-frontend-url

Update `is_frontend_url()` to verify passed url path with `home_url()`

includes/embeds/class-amp-vimeo-embed-handler.php

@@ -146,7 +146,7 @@ private function get_video_id_from_url( $url ) {
 			$video_id = $matches[1];
 		}
 
-		return $video_id;
+		return (int) $video_id;
 	}
 
 	/**

includes/sanitizers/class-amp-link-sanitizer.php

@@ -52,6 +52,13 @@ class AMP_Link_Sanitizer extends AMP_Base_Sanitizer {
 	 */
 	protected $home_host;
 
+	/**
+	 * Home path.
+	 *
+	 * @var string
+	 */
+	protected $home_path;
+
 	/**
 	 * Content path.
 	 *
@@ -79,7 +86,9 @@ public function __construct( $dom, array $args = [] ) {
 
 		parent::__construct( $dom, $args );
 
-		$this->home_host    = wp_parse_url( home_url(), PHP_URL_HOST );
+		$parsed_home        = wp_parse_url( home_url( '/' ) );
+		$this->home_host    = $parsed_home['host'] ?? null;
+		$this->home_path    = $parsed_home['path'] ?? '/';
 		$this->content_path = wp_parse_url( content_url( '/' ), PHP_URL_PATH );
 		$this->admin_path   = wp_parse_url( admin_url(), PHP_URL_PATH );
 	}
@@ -295,6 +304,11 @@ public function is_frontend_url( $url ) {
 			return false;
 		}
 
+		// Skip adding query var to links on other paths.
+		if ( ! empty( $parsed_url['path'] ) && 0 !== strpos( $parsed_url['path'], $this->home_path ) ) {
+			return false;
+		}
+
 		// Skip adding query var to PHP files (e.g. wp-login.php).
 		if ( ! empty( $parsed_url['path'] ) && preg_match( '/\.php$/', $parsed_url['path'] ) ) {
 			return false;

tests/e2e/config/bootstrap.js

@@ -260,6 +260,7 @@ async function setupThemesAndPlugins() {
 	await deactivatePlugin( 'do-not-allow-amp-validate-capability' );
 
 	await installTheme( 'hestia' );
+	await installTheme( 'twentytwenty' ); // Ensure that twentytwenty theme is installed.
 	await activateTheme( 'twentytwenty' );
 }
 

tests/e2e/specs/admin/analytics-options.js

@@ -30,6 +30,8 @@ describe( 'AMP analytics options', () => {
 		await expect( '.amp-analytics-entry' ).countToBe( 2 );
 		await expect( page ).toFill( '#amp-analytics-entry-2 input', 'googleanalytics-2' );
 
+		await scrollToElement( { selector: '#amp-analytics-add-entry' } );
+
 		// Add third entry.
 		await expect( page ).toClick( '#amp-analytics-add-entry' );
 		await expect( '.amp-analytics-entry' ).countToBe( 3 );

tests/php/test-class-amp-core-block-handler.php

@@ -352,13 +352,16 @@ public function test_ampify_gallery_block( $original_block_content, $expected_bl
 		$actual   = preg_replace( '/ data-id="\d+"/', '', $actual );
 
 		// Remove `is-layout-flex` class name injected by block editor layout styles.
-		$actual = preg_replace( '/(?<= class=")is-layout-flex /', '', $actual );
+		$actual = preg_replace( '/\s*(?<= class=")?is-layout-flex\s*/', '', $actual );
 
 		// Remove `wp-block-gallery-` class by block_core_gallery_render()
-		$actual = preg_replace( '/(?<= class=")wp-block-gallery-\w+ /', '', $actual );
+		$actual = preg_replace( '/\s*(?<= class=")?wp-block-gallery-\w+\s*/', '', $actual );
 
 		// Remove class name injected by gutenberg_render_layout_support_flag().
-		$actual = preg_replace( '/(?<= class=")wp-container-\w+ /', '', $actual );
+		$actual = preg_replace( '/\s*(?<= class=")?wp-container-\w+\s*/', '', $actual );
+
+		// Remove whitespace from the class attribute in the end.
+		$actual = preg_replace( '/ class=""/', '', $actual );
 
 		$this->assertEqualMarkup( $expected, $actual );
 	}

tests/php/test-class-amp-link-sanitizer.php

@@ -322,4 +322,77 @@ public function test_amp_to_amp_linking_enabled( $filter, $expected ) {
 			$this->assertArrayNotHasKey( AMP_Link_Sanitizer::class, $sanitizers );
 		}
 	}
+
+	/**
+	 * Get data for test_is_frontend_url
+	 *
+	 * @return array
+	 */
+	public function get_test_is_frontend_url() {
+		return [
+			'no_scheme'      => [
+				'//example.com/',
+				false,
+			],
+			'invalid_scheme' => [
+				'ftp://example.com/',
+				false,
+			],
+			'different_host' => [
+				'https://cdn.foo.org/',
+				false,
+			],
+			'different_path' => [
+				home_url( '/foo' ),
+				false,
+			],
+			'php_file'       => [
+				home_url( '/foo.php' ),
+				false,
+			],
+			'feed'           => [
+				home_url( '/feed/' ),
+				false,
+			],
+			'admin'          => [
+				admin_url(),
+				false,
+			],
+			'content'        => [
+				content_url( '/' ),
+				false,
+			],
+			'valid'          => [
+				home_url( '/' ),
+				true,
+			],
+		];
+	}
+
+	/**
+	 * Test is_frontend_url.
+	 *
+	 * @dataProvider get_test_is_frontend_url
+	 * @covers AMP_Link_Sanitizer::is_frontend_url()
+	 *
+	 * @param string $url URL.
+	 * @param bool   $expected Expected.
+	 */
+	public function test_is_frontend_url( $url, $expected ) {
+		$dom = AMP_DOM_Utils::get_dom_from_content( '<a href="https://example.com/">Foo</a>' );
+
+		if ( home_url( '/foo' ) === $url ) {
+			$new_home_url = home_url( '/bar/' );
+
+			add_filter(
+				'home_url',
+				static function() use ( $new_home_url ) {
+					return $new_home_url;
+				}
+			);
+		}
+
+		$sanitizer = new AMP_Link_Sanitizer( $dom );
+		$this->assertEquals( $expected, $sanitizer->is_frontend_url( $url ) );
+	}
 }

tests/php/validation/test-class-amp-validation-manager.php

@@ -1394,10 +1394,10 @@ public function test_add_block_source_comments( $content, $expected, $query ) {
 		$rendered_block = do_blocks( AMP_Validation_Manager::add_block_source_comments( $content ) );
 
 		// Remove `is-layout-flex` class name injected by block editor layout styles.
-		$rendered_block = preg_replace( '/(?<= class=")is-layout-flex /', '', $rendered_block );
+		$rendered_block = preg_replace( '/\s*(?<= class=")?is-layout-flex\s*/', '', $rendered_block );
 
 		// Remove class name injected by gutenberg_render_layout_support_flag().
-		$rendered_block = preg_replace( '/(?<= class=")wp-container-\w+ /', '', $rendered_block );
+		$rendered_block = preg_replace( '/\s*(?<= class=")?wp-container-\w+\s*/', '', $rendered_block );
 
 		$expected = str_replace(
 			[