Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3203528

Timestamp:

12/06/2024 10:34:20 AM (13 months ago)

Author:

nico23

Message:

Update plugin to version 1.2.1 with NextgenThemes WordPress Plugin Deploy

Location:

nextgenthemes-jsdelivr-this

Files:

: 2 added
: 4 edited
: 1 copied

tags/1.2.1 (copied) (copied from nextgenthemes-jsdelivr-this/trunk)
tags/1.2.1/dialog.js (added)
tags/1.2.1/nextgenthemes-jsdelivr-this.php (modified) (13 diffs)
tags/1.2.1/readme.txt (modified) (4 diffs)
trunk/dialog.js (added)
trunk/nextgenthemes-jsdelivr-this.php (modified) (13 diffs)
trunk/readme.txt (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

nextgenthemes-jsdelivr-this/tags/1.2.1/nextgenthemes-jsdelivr-this.php

-                      r3203494
+                      r3203528
 /**
  * @wordpress-plugin
  * Plugin Name:       NGT jsDelivr CDN
+ * Plugin Name:       Free jsDelivr CDN
  * Plugin URI:        https://nextgenthemes.com
  * Description:       Makes your site load all WP Core and plugin assets from jsDelivr CDN
  * Version:           1.1.1
+ * Description:       Serves all available assets from free jsDelivr CDN
+ * Version:           1.2.1
  * Requres PHP:       7.4
  * Author:            Nicolas Jonas
 …
  * License URI:       http://www.gnu.org/licenses/gpl-3.0.html
  */
+declare(strict_types = 1);
 namespace Nextgenthemes\jsDelivrThis;
+const VERSION = '1.1.1';
+add_filter( 'script_loader_src', __NAMESPACE__ . '\filter_script_loader_src', 10, 2 );
+add_filter( 'style_loader_src', __NAMESPACE__ . '\filter_style_loader_src', 10, 2 );
+add_filter(
+    'plugin_action_links_' . plugin_basename( __FILE__ ),
+    function ( array $links ) {
+        $links['donate'] = sprintf(
+            '<a href="https://nextgenthemes.com/donate/"><strong style="display: inline;">%s</strong></a>',
+            esc_html__( 'Donate', 'jsdelivr-this' )
+const VERSION = '1.2.1';
+add_action( 'plugins_loaded', __NAMESPACE__ . '\init' );
+function init(): void {
+    add_filter( 'wp_script_attributes', __NAMESPACE__ . '\filter_script_attributes', 10, 1 );
+    add_filter( 'style_loader_tag', __NAMESPACE__ . '\filter_style_loader_tag', 10, 1 );
+    add_action( 'admin_bar_menu', __NAMESPACE__ . '\add_item_to_admin_bar', 33 );
+    add_action( 'wp_enqueue_scripts', __NAMESPACE__ . '\enqueue_assets' );
+    add_action( 'admin_enqueue_scripts', __NAMESPACE__ . '\enqueue_assets' );
+    add_action( 'admin_footer', __NAMESPACE__ . '\admin_bar_html' );
+    add_action( 'wp_footer', __NAMESPACE__ . '\admin_bar_html' );
+    add_action(
+        'init',
+        function (): void {
+            wp_register_script_module(
+                'ngt-jsdelivr-dialog',
+                plugins_url( 'dialog.js', __FILE__ ),
+                array(),
+                VERSION
+            );
+        }
+    );
+    add_filter(
+        'plugin_row_meta',
+        function ( array $links, string $file ): array {
+            if ( 'nextgenthemes-jsdelivr-this/nextgenthemes-jsdelivr-this.php' !== $file ) {
+                return $links;
+            }
+            $links[] = '<strong>' . arve_links() . '</strong>';
+            return $links;
+        },
+,
+    );
+    add_filter(
+        'plugin_action_links_' . plugin_basename( __FILE__ ),
+        function ( array $links ) {
+            $links['donate'] = sprintf(
+                '<a href="https://nextgenthemes.com/donate/">%s</a>',
+                esc_html__( 'Donate', 'nextgenthemes-jsdelivr-this' )
+            );
+            return $links;
+        }
+    );
+}
+function enqueue_assets(): void {
+    if ( is_admin_bar_showing() ) {
+        wp_enqueue_script_module( 'ngt-jsdelivr-dialog' );
+    }
+}
+function add_item_to_admin_bar( object $admin_bar ): void {
+    // Add a new item to the admin bar
+    $admin_bar->add_node(
+        array(
+            'id'     => 'ngt-jsdelivr',
+            'title'  => '&nbsp;',
+            'href'   => '#',
+            'parent' => 'top-secondary',
+        )
+    );
+}
+function arve_links(): string {
+    return wp_kses(
+        sprintf(
+                // translators: %1$s: link, %2$s: link
+            __( 'Level up your video embeds with <a href="%1$s">ARVE</a> or <a href="%2$s">ARVE Pro</a>', 'nextgenthemes-jsdelivr-this' ),
+            esc_url( 'https://wordpress.org/plugins/advanced-responsive-video-embedder/' ),
+            esc_url( 'https://nextgenthemes.com/plugins/arve-pro/' )
+        ),
+        array( 'a' => array( 'href' => array() ) )
+    );
+}
+function admin_bar_html(): void {
+    if ( ! is_admin_bar_showing() ) {
+        return;
+    }
+    wp_enqueue_style( 'media-views' );
+    ?>
+<dialog class="ngt-jsdelivr-dialog">
+    <div class="ngt-jsdelivr-dialog__header">
+        <button type="button" class="media-modal-close">
+            <span class="media-modal-icon">
+                <span class="screen-reader-text">Close dialog</span>
+            </span>
+        </button>
+    </div>
+    <h3><?= esc_html__( 'jsDelivr CDN plugin by Nextgenthemes', 'nextgenthemes-jsdelivr-this' ); ?></h3>
+    <p>
+        <?php
+        esc_html_e(
+            'These are the assets loaded from jsDelivr CDN. Do not worry about old WP versions in the URLs, this is simply because the files were not modified. A sha384 hash check is used so you can be 100% sure the files loaded from jsDelivr are the exact same files that would be served from your server.',
+            'nextgenthemes-jsdelivr-this'
         );
+        return $links;
+    }
+);
+function filter_script_loader_src( string $src, string $handle ): string {
+    return maybe_replace_src( 'script', $src, $handle );
+}
+function filter_style_loader_src( string $src, string $handle ): string {
+    return maybe_replace_src( 'style', $src, $handle );
+}
+function maybe_replace_src( string $type, string $src, string $handle ): string {
+    $src = detect_by_hash( $type, $src, $handle );
+    $src = detect_plugin_asset( $type, $src, $handle );
+    return $src;
+}
+        ?>
+    </p>
+    <pre></pre>
+    <p>
+        <?php
+        echo wp_kses(
+            sprintf(
+                // translators: %1$s: link, %2$s: link
+                __( 'Level up your video embeds with <a href="%1$s">ARVE</a> or <a href="%2$s">ARVE Pro</a>', 'nextgenthemes-jsdelivr-this' ),
+                esc_url( 'https://wordpress.org/plugins/advanced-responsive-video-embedder/' ),
+                esc_url( 'https://nextgenthemes.com/plugins/arve-pro/' )
+            ),
+            array( 'a' => array( 'href' => array() ) )
+        );
+        ?>
+    </p>
+</dialog>
+<style>
+#wp-admin-bar-ngt-jsdelivr a {
+    cursor: pointer;
+    &:hover {
+        background-color: darkred !important;
+    }
+}
+.ngt-jsdelivr-dialog {
+    --dialog-padding: 1.2rem;
+    border: none;
+    border-radius: 2px;
+    box-shadow: 0 0 10px rgba(0, 0, 0, 0.2);
+    padding: 0 var(--dialog-padding);
+    width: 100dvw;
+    max-width: 50rem;
+    font-size: 1rem;
+    &::backdrop {
+        /* Style the backdrop */
+        background-color: rgba(0, 0, 0, .9);
+    }
+    pre {
+        font-size: 14px;
+        overflow-x: auto;
+    }
+}
+.ngt-jsdelivr-dialog__header {
+    position: relative;
+    > button {
+        --btn-bg: oklch(0.91 0.01 281.07);
+        position: absolute;
+        top: 0;
+        right: calc(var(--dialog-padding) * -1);
+        border-radius: 0;
+        background: var(--btn-bg);
+        border-width: 0;
+        &:hover {
+            background-color: oklch(from var(--btn-bg) calc(l - 0.1) c h);
+        }
+    }
+}
+</style>
+    <?php
+}
+function filter_script_attributes( array $attributes ): array {
+    $by_hash = detect_by_hash( $attributes['src'] );
+    if ( $by_hash ) {
+        $attributes['src']         = $by_hash['src'];
+        $attributes['integrity']   = $by_hash['integrity'];
+        $attributes['crossorigin'] = 'anonymous';
+        // we already got what we wanted, so exit early
+        return $attributes;
+    }
+    $by_plugin = detect_plugin_asset( $attributes['src'], 'js' );
+    if ( $by_plugin ) {
+        $attributes['src']         = $by_plugin['src'];
+        $attributes['integrity']   = $by_plugin['integrity'];
+        $attributes['crossorigin'] = 'anonymous';
+    }
+    return $attributes;
+}
+function filter_style_loader_tag( string $html ): string {
+    $p = new \WP_HTML_Tag_Processor( $html );
+    // we may have multiple links here, like with rel="preload" and regular
+    while ( $p->next_tag( 'link' ) ) {
+        $href = $p->get_attribute( 'href' );
+        if ( ! $href ) {
+            continue;
+        }
+        $by_hash = detect_by_hash( $href );
+        if ( $by_hash ) {
+            $p->set_attribute( 'href', $by_hash['src'] );
+            $p->set_attribute( 'integrity', $by_hash['integrity'] );
+            $p->set_attribute( 'crossorigin', 'anonymous' );
+            // we already got what we wanted, so exit early
+            return $p->get_updated_html();
+        }
+        $by_plugin = detect_plugin_asset( $href, 'css' );
+        if ( $by_plugin ) {
+            $p->set_attribute( 'href', $by_plugin['src'] );
+            $p->set_attribute( 'integrity', $by_plugin['integrity'] );
+            $p->set_attribute( 'crossorigin', 'anonymous' );
+        }
+    }
+    return $html;
+}
+/**
+ * Checks for a active plugin file based on a slug.
+ *
+ * @param string $plugin_slug The plugin slug to search for.
+ *
+ * @return string|null The path to the main plugin file if found, null otherwise.
+ */
 function get_plugin_dir_file( string $plugin_slug ): ?string {
 …
+}
+function detect_plugin_asset( string $type, string $src, string $handle ): string {
+/**
+ * Detects if file can be served from CDN
+ *
+ * Given a <link href="..."> or <script src="..."> it detects CDN files
+ *
+ * Plugins hosted on wp.org need some trickery by this plugin as the jsDelivr API does not detect them by hash.
+ * #1 For wp.org assets the src URL most have `/plugins/plugin-slug/` in them and end with `.js` or `.css` (excluding cash busting `?ver=1.2.3`).
+ * #2 wp.org assets need to have its current version published as a tag on the wp.org plugins SVN, `trunk` will not work.
+ *
+ * @param string $src     The src to detect.
+ * @param string $extension The extension of the file (css or js).
+ *
+ * @return array|null The array contains 'src' and 'integrity' if file and hash can be detected on the server and the file exists on the CDN.
+ */
+function detect_plugin_asset( string $src, string $extension ): ?array {
     if ( str_starts_with( $src, 'https://cdn.jsdelivr.net' ) ) {
         return $src;
+    }
+    $ext = ( 'style' === $type ) ? 'css' : 'js';
+    preg_match( "#/plugins/(?<plugin_slug>[^/]+)/(?<path>.*\.$ext)#", $src, $matches );
+    preg_match( "#/plugins/(?<plugin_slug>[^/]+)/(?<path>.*\.$extension)#", $src, $matches );
     if ( ! empty( $matches['plugin_slug'] ) ) {
 …
     if ( empty( $plugin_dir_file ) ) {
+        return $src;
+    }
+    static $ran_already = false;
+    $plugin_ver         = get_plugin_version( $plugin_dir_file );
+    $cdn_file           = "https://cdn.jsdelivr.net/wp/{$matches['plugin_slug']}/tags/$plugin_ver/{$matches['path']}";
+    $transient_name     = 'ngt_jsdelivr_this_' . $cdn_file;
+    $data               = get_transient( $transient_name );
+    if ( false === $data && ! $ran_already ) {
+        $opts['http']['timeout'] = 2;
+        $ran_already  = true;
+        return null;
+    }
+    $plugin_ver     = get_plugin_version( $plugin_dir_file );
+    $cdn_file       = 'https://cdn.jsdelivr.net/wp/' . $matches['plugin_slug'] . '/tags/' . $plugin_ver . '/' . $matches['path'];
+    $transient_name = shorten_transient_name( 'ngt-jsd_' . $cdn_file );
+    $data = get_transient( $transient_name );
+    if ( false === $data && ! call_limit() ) {
         $data         = new \stdClass();
         $file_headers = ngt_headers( $cdn_file );
         if ( ! empty( $file_headers[0] ) && 'HTTP/1.1 200 OK' === $file_headers[0] ) {
+        $file_headers = remote_get_head($cdn_file, [ 'timeout' => 2 ]);
+        if ( ! is_wp_error( $file_headers ) ) {
             $data->file_exists = true;
+            $path              = path_from_url( $src );
+            if ( $path ) {
+                $data->integrity = gen_integrity( file_get_contents( $path ) );
+            }
+            $data->integrity   = integrity_for_src( $src );
+        }
 …
     if ( ! empty( $data->file_exists ) && ! empty( $data->integrity ) ) {
+        $src = $cdn_file;
+        add_integrity_to_asset( $type, $handle, $data->integrity );
+    }
+    return $src;
+}
+/**
+ * Retrieves headers for the given URL.
+ *
+ * @param string $url The URL for which to retrieve headers.
+ * @return array|false Returns an array of headers on success or FALSE on failure.
+ */
+function ngt_headers( string $url ) {
+    $opts['http']['timeout'] = 2;
+    $context = stream_context_create( $opts );
+    return @get_headers( $url, 0, $context ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
+}
+/**
+ * Adds integrity and crossorigin attributes to assets based on type.
+ *
+ * @param string $type The type of the asset ('script' or 'style').
+ * @param string $handle The handle of the asset.
+ * @param string $integrity The integrity value to be added.
+ */
+function add_integrity_to_asset( string $type, string $handle, string $integrity ): void {
+    if ( 'script' === $type ) {
+        add_filter(
+            'wp_script_attributes',
+            function ( array $attr ) use ( $handle, $integrity ) {
+                if ( ! empty( $attr['src'] ) &&
+                    ! empty( $attr['id'] ) &&
+                    $attr['id'] === $handle . '-js'
+                ) {
+                    $attr['integrity']   = $integrity;
+                    $attr['crossorigin'] = 'anonymous';
+                }
+                return $attr;
+            }
+        );
+    } else {
+        add_filter(
+            'style_loader_tag',
+            function ( $html, $fn_handle ) use ( $handle, $integrity ) {
+                if ( $fn_handle === $handle ) {
+                    $p = new \WP_HTML_Tag_Processor( $html );
+                    if ( $p->next_tag( 'link' ) && $p->get_attribute( 'href' ) ) {
+                        $p->set_attribute( 'integrity', $integrity );
+                        $p->set_attribute( 'crossorigin', 'anonymous' );
+                        $html = $p->get_updated_html();
+                    }
+                }
+                return $html;
+            },
+,
+        );
+    }
+}
+function get_jsdelivr_hash_api_data( string $file_path, string $handle, string $src ): ?object {
+    static $ran_already = false;
+    $transient_name     = "ngt_jsdelivr_this_{$handle}_{$src}_wp{$GLOBALS['wp_version']}";
+    $result             = get_transient( $transient_name );
+    if ( false === $result && ! $ran_already ) {
+        $ran_already  = true;
+        return [
+            'src'        => $cdn_file,
+            'integrity'  => $data->integrity,
+        ];
+    }
+    return null;
+}
+function integrity_for_src( string $src ): ?string {
+    $path = path_from_url( $src );
+    if ( $path ) {
+        $file_content = file_get_contents( $path );
+        if ( ! $file_content ) {
+            wp_trigger_error( __FUNCTION__, 'Could not read file: ' . $path );
+        } else {
+            return gen_integrity( $file_content );
+        }
+    }
+    return null;
+}
+function get_jsdelivr_hash_api_data( string $file_path, string $src ): ?object {
+    $transient_name = shorten_transient_name( 'ngt-jsd_' . $src);
+    $result         = get_transient( $transient_name );
+    if ( false === $result && ! call_limit() ) {
         $result       = new \stdClass();
         $file_content = file_get_contents( $file_path );
 …
             $sha256 = hash( 'sha256', $file_content );
             $data   = wp_safe_remote_get(
                 "https://data.jsdelivr.com/v1/lookup/hash/$sha256",
+                'https://data.jsdelivr.com/v1/lookup/hash/' . $sha256,
                 array(
                     'user-agent' => 'https://nextgenthemes.com/plugins/jsdelivr-this',
 …
             if ( ! is_wp_error( $data ) ) {
+                $result            = (object) json_decode( wp_remote_retrieve_body( $data ) );
+                $body = wp_remote_retrieve_body( $data );
+                if ( '' === $body ) {
+                    wp_trigger_error( __FUNCTION__, 'Empty body' );
+                } else {
+                    try {
+                        $result = (object) json_decode( $body, false, 5, JSON_THROW_ON_ERROR );
+                    } catch ( \Exception $e ) {
+                        wp_trigger_error( __FUNCTION__, $e->getMessage() );
+                    }
+                }
                 $result->integrity = gen_integrity( $file_content );
+            }
 …
+    }
+    // So we can used nulled return type on php 7.4. Union types require 8.0
     if ( false === $result ) {
         $result = null;
 …
+}
 function detect_by_hash( string $type, string $src, string $handle ): string {
+function detect_by_hash( string $src ): ?array {
     if ( str_starts_with( $src, 'https://cdn.jsdelivr.net' ) ) {
 …
     if ( $path ) {
         $data = get_jsdelivr_hash_api_data( $path, $handle, $src );
+        $data = get_jsdelivr_hash_api_data( $path, $src );
+    }
 …
             $data->version . $data->file
         );
+        add_integrity_to_asset( $type, $handle, $data->integrity );
+    }
+    return $src;
+        return [
+            'src'        => $src,
+            'integrity'  => $data->integrity,
+        ];
+    }
+    return null;
+}
 …
+}
+/**
+ * Retrieves the file path for a given URL, relative to the WordPress root directory.
+ *
+ * First checks if the file exists in the WordPress root directory, and if not, then
+ * checks the parent directory of the WordPress root directory.
+ *
+ * @param string $url The URL to retrieve the file path for.
+ * @return string|null The file path if it exists, or null otherwise.
+ */
 function path_from_url( string $url ): ?string {
     $parsed_url = wp_parse_url( $url );
 …
     return $plugin_data['Version'];
+}
+/**
+ * @return mixed|WP_Error
+ */
+function remote_get_head( string $url, array $args = array() ) {
+    $response = wp_safe_remote_head( $url, $args );
+    if ( is_wp_error( $response ) ) {
+        return $response;
+    }
+    $response_code = wp_remote_retrieve_response_code( $response );
+    if ( 200 !== $response_code ) {
+        return new \WP_Error(
+            $response_code,
+            sprintf(
+                // Translators: 1 URL 2 HTTP response code.
+                __( 'url: %1$s Status code 200 expected but was %2$s.', 'advanced-responsive-video-embedder' ),
+                $url,
+                $response_code
+            )
+        );
+    }
+    return $response;
+}
+function shorten_transient_name( string $transient_name ): string {
+    $transient_name = str_replace( 'https://', '', $transient_name );
+    if ( strlen($transient_name) > 172 ) {
+        $transient_name = preg_replace( '/[^a-zA-Z0-9_]/', '', $transient_name );
+    }
+    if ( strlen($transient_name) > 172 ) {
+        $transient_name = substr($transient_name, 0, 107) . '_' . hash( 'sha256', $transient_name ); // 107 + 1 + 64
+    }
+    return $transient_name;
+}
+/**
+ * Limit the number of remote requests to jsDelivr in a short timespan.
+ * In THEORY after the plugin is activated having this unlimited could
+ * take the first php page generation of a page a long time, so we limit
+ * it to 2 (this) x 2 (wp_safe_remote_get timeout) seconds at the time
+ * of writing.
+ *
+ * @return bool True if the limit is reached, false otherwise.
+ */
+function call_limit(): bool {
+    static $limit = 2;
+    if ( 0 === $limit ) {
+        return true;
+    }
+    --$limit;
+    return false;
+}

nextgenthemes-jsdelivr-this/tags/1.2.1/readme.txt

-                      r3203494
+                      r3203528
 === NGT jsDelivr CDN ===
 Contributors: nico23
 …
 Requires PHP: 7.4
 Tested up to: 6.5.3
 Stable tag: 1.1.1
+Stable tag: 1.2.1
 License: GPL 3.0
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 Free CDN for WordPress Core and Plugin assets.
+Free CDN for for all assets from wordpress.org Github and NPM.
 == Changelog ==
+= 2024-12-06 1.1.1 =
+* 1.2 was broken. Revert release.
+= 2024-12-06 1.2.1 =
+* Fix: Code mistake caused `integrity` attribute to be wrong, plugin files would get blocked.
+= 2024-12-04 1.2.0 =
+* New: A info dialog was added that is only loaded when the admin bar is visible.
+* New/Fix: Support for script modules.
+* Improved: Shorten potentially too long transient names.
+* Improved: Replaced `get_headers` with `wp_safe_remote_head`. WP coding standards and more efficient.
+* Improved: Simplified and improved the code.
 = 2024-05-14 1.1.0 =
 …
 * Run only once per page-load.
 * Better function names and some useful comments.
 * Send this plugins url as user-agent to jsDelivr knows how its used. (They asked for this). This also means more privacy as the `wp_remote_get` referrer sends your site URL (I really do not like that)
+* Send this plugins url as user-agent to jsDelivr knows how it's used. (They asked for this). This also means more privacy as the `wp_remote_get` referrer by default would send your site URL (I really do not like that)
 = 2019-08-31 0.9.4 =
 …
 == Description ==
 It replaces all WP Core assets with versions hosted on jsDelivr.
+It replaces all assets with versions available on jsDelivr. No options, nothing to configure, just works.
 The following conditions need to be met that plugins assets will be served from jsDeliver:
+The code needs to be openly hosted on NPM, Github or wordpress.org.
+. The plugin needs to be hosted on wp.org. Commercial plugins and plugins from elsewhere will not work because jsDelivr mirrors the wp.org plugin dir and nothing else.
+. The asset src URL most have `/plugins/plugin-slug/` in them and end with `.js` or `.css` (excluding cash busting `?ver=1.2.3`).
+. It needs to have its current version published as a tag on the wp.org plugins SVN. Some plugins may only push to /trunk/ (like my own at the time of writing) or do not have their latest version published as tags.
+This plugin adds a little a invisible button on the admin bar on the top right, left of "Howdy, Name". You can click that and see the assets loaded from jsDelivr.
 = Donations are really appreciated =
+= Support me =
+It took me a lot of time to come up with this plugin and I had many iterations over various different approaches how to do this until I came up with this working solution that also does not need much code. I know the official plugin was abandoned years ago and I looked at complicated bloated code and did not even feel like learning what its doing and never looked at it again and started from scratch. [Please donate here](https://nextgenthemes.com/donate/).
+It took me a lot of time to come up with this plugin and I had many iterations over various different approaches how to do this until I came up with this working solution that also does not need much code. I know the official plugin was abandoned years ago and I looked at complicated bloated code and did not even feel like learning what its doing and never looked at it again and started from scratch.
+Please check out my commercial plugin and level up your video embeds with [ARVE Pro](https://nextgenthemes.com/plugins/arve-pro/) or [Donate here](https://nextgenthemes.com/donate/)

nextgenthemes-jsdelivr-this/trunk/nextgenthemes-jsdelivr-this.php

-                      r3203494
+                      r3203528
 /**
  * @wordpress-plugin
  * Plugin Name:       NGT jsDelivr CDN
+ * Plugin Name:       Free jsDelivr CDN
  * Plugin URI:        https://nextgenthemes.com
  * Description:       Makes your site load all WP Core and plugin assets from jsDelivr CDN
  * Version:           1.1.1
+ * Description:       Serves all available assets from free jsDelivr CDN
+ * Version:           1.2.1
  * Requres PHP:       7.4
  * Author:            Nicolas Jonas
 …
  * License URI:       http://www.gnu.org/licenses/gpl-3.0.html
  */
+declare(strict_types = 1);
 namespace Nextgenthemes\jsDelivrThis;
+const VERSION = '1.1.1';
+add_filter( 'script_loader_src', __NAMESPACE__ . '\filter_script_loader_src', 10, 2 );
+add_filter( 'style_loader_src', __NAMESPACE__ . '\filter_style_loader_src', 10, 2 );
+add_filter(
+    'plugin_action_links_' . plugin_basename( __FILE__ ),
+    function ( array $links ) {
+        $links['donate'] = sprintf(
+            '<a href="https://nextgenthemes.com/donate/"><strong style="display: inline;">%s</strong></a>',
+            esc_html__( 'Donate', 'jsdelivr-this' )
+const VERSION = '1.2.1';
+add_action( 'plugins_loaded', __NAMESPACE__ . '\init' );
+function init(): void {
+    add_filter( 'wp_script_attributes', __NAMESPACE__ . '\filter_script_attributes', 10, 1 );
+    add_filter( 'style_loader_tag', __NAMESPACE__ . '\filter_style_loader_tag', 10, 1 );
+    add_action( 'admin_bar_menu', __NAMESPACE__ . '\add_item_to_admin_bar', 33 );
+    add_action( 'wp_enqueue_scripts', __NAMESPACE__ . '\enqueue_assets' );
+    add_action( 'admin_enqueue_scripts', __NAMESPACE__ . '\enqueue_assets' );
+    add_action( 'admin_footer', __NAMESPACE__ . '\admin_bar_html' );
+    add_action( 'wp_footer', __NAMESPACE__ . '\admin_bar_html' );
+    add_action(
+        'init',
+        function (): void {
+            wp_register_script_module(
+                'ngt-jsdelivr-dialog',
+                plugins_url( 'dialog.js', __FILE__ ),
+                array(),
+                VERSION
+            );
+        }
+    );
+    add_filter(
+        'plugin_row_meta',
+        function ( array $links, string $file ): array {
+            if ( 'nextgenthemes-jsdelivr-this/nextgenthemes-jsdelivr-this.php' !== $file ) {
+                return $links;
+            }
+            $links[] = '<strong>' . arve_links() . '</strong>';
+            return $links;
+        },
+,
+    );
+    add_filter(
+        'plugin_action_links_' . plugin_basename( __FILE__ ),
+        function ( array $links ) {
+            $links['donate'] = sprintf(
+                '<a href="https://nextgenthemes.com/donate/">%s</a>',
+                esc_html__( 'Donate', 'nextgenthemes-jsdelivr-this' )
+            );
+            return $links;
+        }
+    );
+}
+function enqueue_assets(): void {
+    if ( is_admin_bar_showing() ) {
+        wp_enqueue_script_module( 'ngt-jsdelivr-dialog' );
+    }
+}
+function add_item_to_admin_bar( object $admin_bar ): void {
+    // Add a new item to the admin bar
+    $admin_bar->add_node(
+        array(
+            'id'     => 'ngt-jsdelivr',
+            'title'  => '&nbsp;',
+            'href'   => '#',
+            'parent' => 'top-secondary',
+        )
+    );
+}
+function arve_links(): string {
+    return wp_kses(
+        sprintf(
+                // translators: %1$s: link, %2$s: link
+            __( 'Level up your video embeds with <a href="%1$s">ARVE</a> or <a href="%2$s">ARVE Pro</a>', 'nextgenthemes-jsdelivr-this' ),
+            esc_url( 'https://wordpress.org/plugins/advanced-responsive-video-embedder/' ),
+            esc_url( 'https://nextgenthemes.com/plugins/arve-pro/' )
+        ),
+        array( 'a' => array( 'href' => array() ) )
+    );
+}
+function admin_bar_html(): void {
+    if ( ! is_admin_bar_showing() ) {
+        return;
+    }
+    wp_enqueue_style( 'media-views' );
+    ?>
+<dialog class="ngt-jsdelivr-dialog">
+    <div class="ngt-jsdelivr-dialog__header">
+        <button type="button" class="media-modal-close">
+            <span class="media-modal-icon">
+                <span class="screen-reader-text">Close dialog</span>
+            </span>
+        </button>
+    </div>
+    <h3><?= esc_html__( 'jsDelivr CDN plugin by Nextgenthemes', 'nextgenthemes-jsdelivr-this' ); ?></h3>
+    <p>
+        <?php
+        esc_html_e(
+            'These are the assets loaded from jsDelivr CDN. Do not worry about old WP versions in the URLs, this is simply because the files were not modified. A sha384 hash check is used so you can be 100% sure the files loaded from jsDelivr are the exact same files that would be served from your server.',
+            'nextgenthemes-jsdelivr-this'
         );
+        return $links;
+    }
+);
+function filter_script_loader_src( string $src, string $handle ): string {
+    return maybe_replace_src( 'script', $src, $handle );
+}
+function filter_style_loader_src( string $src, string $handle ): string {
+    return maybe_replace_src( 'style', $src, $handle );
+}
+function maybe_replace_src( string $type, string $src, string $handle ): string {
+    $src = detect_by_hash( $type, $src, $handle );
+    $src = detect_plugin_asset( $type, $src, $handle );
+    return $src;
+}
+        ?>
+    </p>
+    <pre></pre>
+    <p>
+        <?php
+        echo wp_kses(
+            sprintf(
+                // translators: %1$s: link, %2$s: link
+                __( 'Level up your video embeds with <a href="%1$s">ARVE</a> or <a href="%2$s">ARVE Pro</a>', 'nextgenthemes-jsdelivr-this' ),
+                esc_url( 'https://wordpress.org/plugins/advanced-responsive-video-embedder/' ),
+                esc_url( 'https://nextgenthemes.com/plugins/arve-pro/' )
+            ),
+            array( 'a' => array( 'href' => array() ) )
+        );
+        ?>
+    </p>
+</dialog>
+<style>
+#wp-admin-bar-ngt-jsdelivr a {
+    cursor: pointer;
+    &:hover {
+        background-color: darkred !important;
+    }
+}
+.ngt-jsdelivr-dialog {
+    --dialog-padding: 1.2rem;
+    border: none;
+    border-radius: 2px;
+    box-shadow: 0 0 10px rgba(0, 0, 0, 0.2);
+    padding: 0 var(--dialog-padding);
+    width: 100dvw;
+    max-width: 50rem;
+    font-size: 1rem;
+    &::backdrop {
+        /* Style the backdrop */
+        background-color: rgba(0, 0, 0, .9);
+    }
+    pre {
+        font-size: 14px;
+        overflow-x: auto;
+    }
+}
+.ngt-jsdelivr-dialog__header {
+    position: relative;
+    > button {
+        --btn-bg: oklch(0.91 0.01 281.07);
+        position: absolute;
+        top: 0;
+        right: calc(var(--dialog-padding) * -1);
+        border-radius: 0;
+        background: var(--btn-bg);
+        border-width: 0;
+        &:hover {
+            background-color: oklch(from var(--btn-bg) calc(l - 0.1) c h);
+        }
+    }
+}
+</style>
+    <?php
+}
+function filter_script_attributes( array $attributes ): array {
+    $by_hash = detect_by_hash( $attributes['src'] );
+    if ( $by_hash ) {
+        $attributes['src']         = $by_hash['src'];
+        $attributes['integrity']   = $by_hash['integrity'];
+        $attributes['crossorigin'] = 'anonymous';
+        // we already got what we wanted, so exit early
+        return $attributes;
+    }
+    $by_plugin = detect_plugin_asset( $attributes['src'], 'js' );
+    if ( $by_plugin ) {
+        $attributes['src']         = $by_plugin['src'];
+        $attributes['integrity']   = $by_plugin['integrity'];
+        $attributes['crossorigin'] = 'anonymous';
+    }
+    return $attributes;
+}
+function filter_style_loader_tag( string $html ): string {
+    $p = new \WP_HTML_Tag_Processor( $html );
+    // we may have multiple links here, like with rel="preload" and regular
+    while ( $p->next_tag( 'link' ) ) {
+        $href = $p->get_attribute( 'href' );
+        if ( ! $href ) {
+            continue;
+        }
+        $by_hash = detect_by_hash( $href );
+        if ( $by_hash ) {
+            $p->set_attribute( 'href', $by_hash['src'] );
+            $p->set_attribute( 'integrity', $by_hash['integrity'] );
+            $p->set_attribute( 'crossorigin', 'anonymous' );
+            // we already got what we wanted, so exit early
+            return $p->get_updated_html();
+        }
+        $by_plugin = detect_plugin_asset( $href, 'css' );
+        if ( $by_plugin ) {
+            $p->set_attribute( 'href', $by_plugin['src'] );
+            $p->set_attribute( 'integrity', $by_plugin['integrity'] );
+            $p->set_attribute( 'crossorigin', 'anonymous' );
+        }
+    }
+    return $html;
+}
+/**
+ * Checks for a active plugin file based on a slug.
+ *
+ * @param string $plugin_slug The plugin slug to search for.
+ *
+ * @return string|null The path to the main plugin file if found, null otherwise.
+ */
 function get_plugin_dir_file( string $plugin_slug ): ?string {
 …
+}
+function detect_plugin_asset( string $type, string $src, string $handle ): string {
+/**
+ * Detects if file can be served from CDN
+ *
+ * Given a <link href="..."> or <script src="..."> it detects CDN files
+ *
+ * Plugins hosted on wp.org need some trickery by this plugin as the jsDelivr API does not detect them by hash.
+ * #1 For wp.org assets the src URL most have `/plugins/plugin-slug/` in them and end with `.js` or `.css` (excluding cash busting `?ver=1.2.3`).
+ * #2 wp.org assets need to have its current version published as a tag on the wp.org plugins SVN, `trunk` will not work.
+ *
+ * @param string $src     The src to detect.
+ * @param string $extension The extension of the file (css or js).
+ *
+ * @return array|null The array contains 'src' and 'integrity' if file and hash can be detected on the server and the file exists on the CDN.
+ */
+function detect_plugin_asset( string $src, string $extension ): ?array {
     if ( str_starts_with( $src, 'https://cdn.jsdelivr.net' ) ) {
         return $src;
+    }
+    $ext = ( 'style' === $type ) ? 'css' : 'js';
+    preg_match( "#/plugins/(?<plugin_slug>[^/]+)/(?<path>.*\.$ext)#", $src, $matches );
+    preg_match( "#/plugins/(?<plugin_slug>[^/]+)/(?<path>.*\.$extension)#", $src, $matches );
     if ( ! empty( $matches['plugin_slug'] ) ) {
 …
     if ( empty( $plugin_dir_file ) ) {
+        return $src;
+    }
+    static $ran_already = false;
+    $plugin_ver         = get_plugin_version( $plugin_dir_file );
+    $cdn_file           = "https://cdn.jsdelivr.net/wp/{$matches['plugin_slug']}/tags/$plugin_ver/{$matches['path']}";
+    $transient_name     = 'ngt_jsdelivr_this_' . $cdn_file;
+    $data               = get_transient( $transient_name );
+    if ( false === $data && ! $ran_already ) {
+        $opts['http']['timeout'] = 2;
+        $ran_already  = true;
+        return null;
+    }
+    $plugin_ver     = get_plugin_version( $plugin_dir_file );
+    $cdn_file       = 'https://cdn.jsdelivr.net/wp/' . $matches['plugin_slug'] . '/tags/' . $plugin_ver . '/' . $matches['path'];
+    $transient_name = shorten_transient_name( 'ngt-jsd_' . $cdn_file );
+    $data = get_transient( $transient_name );
+    if ( false === $data && ! call_limit() ) {
         $data         = new \stdClass();
         $file_headers = ngt_headers( $cdn_file );
         if ( ! empty( $file_headers[0] ) && 'HTTP/1.1 200 OK' === $file_headers[0] ) {
+        $file_headers = remote_get_head($cdn_file, [ 'timeout' => 2 ]);
+        if ( ! is_wp_error( $file_headers ) ) {
             $data->file_exists = true;
+            $path              = path_from_url( $src );
+            if ( $path ) {
+                $data->integrity = gen_integrity( file_get_contents( $path ) );
+            }
+            $data->integrity   = integrity_for_src( $src );
+        }
 …
     if ( ! empty( $data->file_exists ) && ! empty( $data->integrity ) ) {
+        $src = $cdn_file;
+        add_integrity_to_asset( $type, $handle, $data->integrity );
+    }
+    return $src;
+}
+/**
+ * Retrieves headers for the given URL.
+ *
+ * @param string $url The URL for which to retrieve headers.
+ * @return array|false Returns an array of headers on success or FALSE on failure.
+ */
+function ngt_headers( string $url ) {
+    $opts['http']['timeout'] = 2;
+    $context = stream_context_create( $opts );
+    return @get_headers( $url, 0, $context ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
+}
+/**
+ * Adds integrity and crossorigin attributes to assets based on type.
+ *
+ * @param string $type The type of the asset ('script' or 'style').
+ * @param string $handle The handle of the asset.
+ * @param string $integrity The integrity value to be added.
+ */
+function add_integrity_to_asset( string $type, string $handle, string $integrity ): void {
+    if ( 'script' === $type ) {
+        add_filter(
+            'wp_script_attributes',
+            function ( array $attr ) use ( $handle, $integrity ) {
+                if ( ! empty( $attr['src'] ) &&
+                    ! empty( $attr['id'] ) &&
+                    $attr['id'] === $handle . '-js'
+                ) {
+                    $attr['integrity']   = $integrity;
+                    $attr['crossorigin'] = 'anonymous';
+                }
+                return $attr;
+            }
+        );
+    } else {
+        add_filter(
+            'style_loader_tag',
+            function ( $html, $fn_handle ) use ( $handle, $integrity ) {
+                if ( $fn_handle === $handle ) {
+                    $p = new \WP_HTML_Tag_Processor( $html );
+                    if ( $p->next_tag( 'link' ) && $p->get_attribute( 'href' ) ) {
+                        $p->set_attribute( 'integrity', $integrity );
+                        $p->set_attribute( 'crossorigin', 'anonymous' );
+                        $html = $p->get_updated_html();
+                    }
+                }
+                return $html;
+            },
+,
+        );
+    }
+}
+function get_jsdelivr_hash_api_data( string $file_path, string $handle, string $src ): ?object {
+    static $ran_already = false;
+    $transient_name     = "ngt_jsdelivr_this_{$handle}_{$src}_wp{$GLOBALS['wp_version']}";
+    $result             = get_transient( $transient_name );
+    if ( false === $result && ! $ran_already ) {
+        $ran_already  = true;
+        return [
+            'src'        => $cdn_file,
+            'integrity'  => $data->integrity,
+        ];
+    }
+    return null;
+}
+function integrity_for_src( string $src ): ?string {
+    $path = path_from_url( $src );
+    if ( $path ) {
+        $file_content = file_get_contents( $path );
+        if ( ! $file_content ) {
+            wp_trigger_error( __FUNCTION__, 'Could not read file: ' . $path );
+        } else {
+            return gen_integrity( $file_content );
+        }
+    }
+    return null;
+}
+function get_jsdelivr_hash_api_data( string $file_path, string $src ): ?object {
+    $transient_name = shorten_transient_name( 'ngt-jsd_' . $src);
+    $result         = get_transient( $transient_name );
+    if ( false === $result && ! call_limit() ) {
         $result       = new \stdClass();
         $file_content = file_get_contents( $file_path );
 …
             $sha256 = hash( 'sha256', $file_content );
             $data   = wp_safe_remote_get(
                 "https://data.jsdelivr.com/v1/lookup/hash/$sha256",
+                'https://data.jsdelivr.com/v1/lookup/hash/' . $sha256,
                 array(
                     'user-agent' => 'https://nextgenthemes.com/plugins/jsdelivr-this',
 …
             if ( ! is_wp_error( $data ) ) {
+                $result            = (object) json_decode( wp_remote_retrieve_body( $data ) );
+                $body = wp_remote_retrieve_body( $data );
+                if ( '' === $body ) {
+                    wp_trigger_error( __FUNCTION__, 'Empty body' );
+                } else {
+                    try {
+                        $result = (object) json_decode( $body, false, 5, JSON_THROW_ON_ERROR );
+                    } catch ( \Exception $e ) {
+                        wp_trigger_error( __FUNCTION__, $e->getMessage() );
+                    }
+                }
                 $result->integrity = gen_integrity( $file_content );
+            }
 …
+    }
+    // So we can used nulled return type on php 7.4. Union types require 8.0
     if ( false === $result ) {
         $result = null;
 …
+}
 function detect_by_hash( string $type, string $src, string $handle ): string {
+function detect_by_hash( string $src ): ?array {
     if ( str_starts_with( $src, 'https://cdn.jsdelivr.net' ) ) {
 …
     if ( $path ) {
         $data = get_jsdelivr_hash_api_data( $path, $handle, $src );
+        $data = get_jsdelivr_hash_api_data( $path, $src );
+    }
 …
             $data->version . $data->file
         );
+        add_integrity_to_asset( $type, $handle, $data->integrity );
+    }
+    return $src;
+        return [
+            'src'        => $src,
+            'integrity'  => $data->integrity,
+        ];
+    }
+    return null;
+}
 …
+}
+/**
+ * Retrieves the file path for a given URL, relative to the WordPress root directory.
+ *
+ * First checks if the file exists in the WordPress root directory, and if not, then
+ * checks the parent directory of the WordPress root directory.
+ *
+ * @param string $url The URL to retrieve the file path for.
+ * @return string|null The file path if it exists, or null otherwise.
+ */
 function path_from_url( string $url ): ?string {
     $parsed_url = wp_parse_url( $url );
 …
     return $plugin_data['Version'];
+}
+/**
+ * @return mixed|WP_Error
+ */
+function remote_get_head( string $url, array $args = array() ) {
+    $response = wp_safe_remote_head( $url, $args );
+    if ( is_wp_error( $response ) ) {
+        return $response;
+    }
+    $response_code = wp_remote_retrieve_response_code( $response );
+    if ( 200 !== $response_code ) {
+        return new \WP_Error(
+            $response_code,
+            sprintf(
+                // Translators: 1 URL 2 HTTP response code.
+                __( 'url: %1$s Status code 200 expected but was %2$s.', 'advanced-responsive-video-embedder' ),
+                $url,
+                $response_code
+            )
+        );
+    }
+    return $response;
+}
+function shorten_transient_name( string $transient_name ): string {
+    $transient_name = str_replace( 'https://', '', $transient_name );
+    if ( strlen($transient_name) > 172 ) {
+        $transient_name = preg_replace( '/[^a-zA-Z0-9_]/', '', $transient_name );
+    }
+    if ( strlen($transient_name) > 172 ) {
+        $transient_name = substr($transient_name, 0, 107) . '_' . hash( 'sha256', $transient_name ); // 107 + 1 + 64
+    }
+    return $transient_name;
+}
+/**
+ * Limit the number of remote requests to jsDelivr in a short timespan.
+ * In THEORY after the plugin is activated having this unlimited could
+ * take the first php page generation of a page a long time, so we limit
+ * it to 2 (this) x 2 (wp_safe_remote_get timeout) seconds at the time
+ * of writing.
+ *
+ * @return bool True if the limit is reached, false otherwise.
+ */
+function call_limit(): bool {
+    static $limit = 2;
+    if ( 0 === $limit ) {
+        return true;
+    }
+    --$limit;
+    return false;
+}

nextgenthemes-jsdelivr-this/trunk/readme.txt

-                      r3203494
+                      r3203528
 === NGT jsDelivr CDN ===
 Contributors: nico23
 …
 Requires PHP: 7.4
 Tested up to: 6.5.3
 Stable tag: 1.1.1
+Stable tag: 1.2.1
 License: GPL 3.0
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 Free CDN for WordPress Core and Plugin assets.
+Free CDN for for all assets from wordpress.org Github and NPM.
 == Changelog ==
+= 2024-12-06 1.1.1 =
+* 1.2 was broken. Revert release.
+= 2024-12-06 1.2.1 =
+* Fix: Code mistake caused `integrity` attribute to be wrong, plugin files would get blocked.
+= 2024-12-04 1.2.0 =
+* New: A info dialog was added that is only loaded when the admin bar is visible.
+* New/Fix: Support for script modules.
+* Improved: Shorten potentially too long transient names.
+* Improved: Replaced `get_headers` with `wp_safe_remote_head`. WP coding standards and more efficient.
+* Improved: Simplified and improved the code.
 = 2024-05-14 1.1.0 =
 …
 * Run only once per page-load.
 * Better function names and some useful comments.
 * Send this plugins url as user-agent to jsDelivr knows how its used. (They asked for this). This also means more privacy as the `wp_remote_get` referrer sends your site URL (I really do not like that)
+* Send this plugins url as user-agent to jsDelivr knows how it's used. (They asked for this). This also means more privacy as the `wp_remote_get` referrer by default would send your site URL (I really do not like that)
 = 2019-08-31 0.9.4 =
 …
 == Description ==
 It replaces all WP Core assets with versions hosted on jsDelivr.
+It replaces all assets with versions available on jsDelivr. No options, nothing to configure, just works.
 The following conditions need to be met that plugins assets will be served from jsDeliver:
+The code needs to be openly hosted on NPM, Github or wordpress.org.
+. The plugin needs to be hosted on wp.org. Commercial plugins and plugins from elsewhere will not work because jsDelivr mirrors the wp.org plugin dir and nothing else.
+. The asset src URL most have `/plugins/plugin-slug/` in them and end with `.js` or `.css` (excluding cash busting `?ver=1.2.3`).
+. It needs to have its current version published as a tag on the wp.org plugins SVN. Some plugins may only push to /trunk/ (like my own at the time of writing) or do not have their latest version published as tags.
+This plugin adds a little a invisible button on the admin bar on the top right, left of "Howdy, Name". You can click that and see the assets loaded from jsDelivr.
 = Donations are really appreciated =
+= Support me =
+It took me a lot of time to come up with this plugin and I had many iterations over various different approaches how to do this until I came up with this working solution that also does not need much code. I know the official plugin was abandoned years ago and I looked at complicated bloated code and did not even feel like learning what its doing and never looked at it again and started from scratch. [Please donate here](https://nextgenthemes.com/donate/).
+It took me a lot of time to come up with this plugin and I had many iterations over various different approaches how to do this until I came up with this working solution that also does not need much code. I know the official plugin was abandoned years ago and I looked at complicated bloated code and did not even feel like learning what its doing and never looked at it again and started from scratch.
+Please check out my commercial plugin and level up your video embeds with [ARVE Pro](https://nextgenthemes.com/plugins/arve-pro/) or [Donate here](https://nextgenthemes.com/donate/)

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory