-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathplugin.php
More file actions
135 lines (117 loc) · 4.3 KB
/
plugin.php
File metadata and controls
135 lines (117 loc) · 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<?php
/*
Plugin Name: External Content Block
Plugin URI: https://github.com/roldan/external-content-block
Description: A Gutenberg block to load and display external content from a URL.
Version: 1.0
Author: Matías Roldán
Author URI: https://github.com/roldan
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
*/
// Prevent direct access
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
function register_external_content_block_scripts() {
wp_enqueue_script(
'external-content-block/url-block',
plugins_url( 'js/url-block.js', __FILE__ ),
array( 'wp-blocks', 'wp-element', 'wp-components', 'wp-i18n' ),
'1.0.0',
true
);
}
add_action( 'enqueue_block_editor_assets', 'register_external_content_block_scripts' );
function register_external_content_block_render_callback() {
register_block_type(
'external-content-block/url-block',
array(
'render_callback' => 'render_url_block',
'attributes' => array(
'url' => array(
'type' => 'string',
),
'sanitize_html' => array(
'type' => 'boolean',
'default' => true,
),
'timeout' => array(
'type' => 'number',
'default' => 5,
),
'cache_ttl' => array(
'type' => 'number',
'default' => 0,
),
),
)
);
}
add_action( 'init', 'register_external_content_block_render_callback' );
/**
* Render the URL block with external content
*
* @param array $attributes Block attributes.
* @return string Rendered content or error message.
*/
function render_url_block( $attributes ) {
// Validate URL exists
if ( empty( $attributes['url'] ) ) {
return '<p class="external-content-block-error">Error: URL is required</p>';
}
// Sanitize and validate URL
$url = esc_url_raw( $attributes['url'] );
if ( ! filter_var( $url, FILTER_VALIDATE_URL ) ) {
return '<p class="external-content-block-error">Error: Invalid URL format</p>';
}
// Get attributes with defaults
$sanitize_html = isset( $attributes['sanitize_html'] ) ? (bool) $attributes['sanitize_html'] : true;
$timeout = isset( $attributes['timeout'] ) ? absint( $attributes['timeout'] ) : 5;
$cache_ttl = isset( $attributes['cache_ttl'] ) ? absint( $attributes['cache_ttl'] ) : 0;
// Generate cache key
$cache_key = 'external_content_' . md5( $url . $sanitize_html );
// Try to get from cache if cache is enabled
if ( $cache_ttl > 0 ) {
$cached_content = get_transient( $cache_key );
if ( false !== $cached_content ) {
return $cached_content;
}
}
// Prepare request arguments
$args = array(
'timeout' => $timeout,
'sslverify' => true,
'redirection' => 5,
);
// Make the request
$response = wp_remote_get( $url, $args );
// Check for errors
if ( is_wp_error( $response ) ) {
$error_message = $response->get_error_message();
return '<p class="external-content-block-error">Error loading content: ' . esc_html( $error_message ) . '</p>';
}
// Check response code
$response_code = wp_remote_retrieve_response_code( $response );
if ( 200 !== $response_code ) {
return '<p class="external-content-block-error">Error: HTTP ' . esc_html( $response_code ) . ' - Unable to load content from URL</p>';
}
// Get response body
$body = wp_remote_retrieve_body( $response );
// Sanitize content if requested
if ( $sanitize_html ) {
// Strict sanitization - only safe HTML tags allowed (wp_kses_post)
$body = wp_kses_post( $body );
} else {
// No sanitization - output content exactly as received
// WARNING: This allows raw HTML, scripts, and other potentially unsafe content
// Use only if you trust the source URL
$body = $body;
}
// Cache the content if cache is enabled
if ( $cache_ttl > 0 ) {
set_transient( $cache_key, $body, $cache_ttl );
}
// Wrap content in a container for styling
return '<div class="external-content-block">' . $body . '</div>';
}