asset_manager = $asset_manager; $this->options = $options; $this->capability = $capability; $this->request_post = $request_post; $this->seo_analysis = new WPSEO_Metabox_Analysis_SEO(); $this->readability_analysis = new WPSEO_Metabox_Analysis_Readability(); $this->inclusive_language_analysis = new WPSEO_Metabox_Analysis_Inclusive_Language(); $this->social_is_enabled = $this->options->get( 'opengraph', false ) || $this->options->get( 'twitter', false ); $this->is_advanced_metadata_enabled = $this->capability->current_user_can( 'wpseo_edit_advanced_metadata' ) || $this->options->get( 'disableadvanced_meta' ) === false; } /** * Initializes the integration. * * This is the place to register hooks and filters. * * @return void */ public function register_hooks() { \add_action( 'wp_ajax_wpseo_elementor_save', [ $this, 'save_postdata' ] ); // We need to delay the post type lookup to give other plugins a chance to register custom post types. \add_action( 'init', [ $this, 'register_elementor_hooks' ], \PHP_INT_MAX ); } /** * Registers our Elementor hooks. * This is done for pages with metabox on page load and not on ajax request. * * @return void */ public function register_elementor_hooks() { if ( $this->get_metabox_post() === null || ! $this->display_metabox( $this->get_metabox_post()->post_type ) ) { return; } \add_action( 'elementor/editor/before_enqueue_scripts', [ $this, 'init' ] ); } /** * Initializes the integration. * * @return void */ public function init() { $this->asset_manager->register_assets(); $this->enqueue(); $this->render_hidden_fields(); } // Below is mostly copied from `class-metabox.php`. That constructor has side-effects we do not need. /** * Determines whether the metabox should be shown for the passed identifier. * * By default, the check is done for post types, but can also be used for taxonomies. * * @param string|null $identifier The identifier to check. * @param string $type The type of object to check. Defaults to post_type. * * @return bool Whether the metabox should be displayed. */ public function display_metabox( $identifier = null, $type = 'post_type' ) { return WPSEO_Utils::is_metabox_active( $identifier, $type ); } /** * Saves the WP SEO metadata for posts. * * Outputs JSON via wp_send_json then stops code execution. * * {@internal $_POST parameters are validated via sanitize_post_meta().}} * * @return void */ public function save_postdata() { global $post; if ( ! isset( $_POST['post_id'] ) || ! \is_string( $_POST['post_id'] ) ) { \wp_send_json_error( 'Bad Request', 400 ); } // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: No sanitization needed because we cast to an integer. $post_id = (int) \wp_unslash( $_POST['post_id'] ); if ( $post_id <= 0 ) { \wp_send_json_error( 'Bad Request', 400 ); } if ( ! \current_user_can( 'edit_post', $post_id ) ) { \wp_send_json_error( 'Forbidden', 403 ); } \check_ajax_referer( 'wpseo_elementor_save', '_wpseo_elementor_nonce' ); // Bail if this is a multisite installation and the site has been switched. if ( \is_multisite() && \ms_is_switched() ) { \wp_send_json_error( 'Switched multisite', 409 ); } \clean_post_cache( $post_id ); // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited -- To setup the post we need to do this explicitly. $post = \get_post( $post_id ); if ( ! \is_object( $post ) ) { // Non-existent post. \wp_send_json_error( 'Post not found', 400 ); } \do_action( 'wpseo_save_compare_data', $post ); // Initialize meta, amongst other things it registers sanitization. WPSEO_Meta::init(); $social_fields = []; if ( $this->social_is_enabled ) { $social_fields = WPSEO_Meta::get_meta_field_defs( 'social', $post->post_type ); } // The below methods use the global post so make sure it is setup. \setup_postdata( $post ); $meta_boxes = \apply_filters( 'wpseo_save_metaboxes', [] ); $meta_boxes = \array_merge( $meta_boxes, WPSEO_Meta::get_meta_field_defs( 'general', $post->post_type ), WPSEO_Meta::get_meta_field_defs( 'advanced', $post->post_type ), $social_fields, WPSEO_Meta::get_meta_field_defs( 'schema', $post->post_type ) ); foreach ( $meta_boxes as $key => $meta_box ) { // If analysis is disabled remove that analysis score value from the DB. if ( $this->is_meta_value_disabled( $key ) ) { WPSEO_Meta::delete( $key, $post_id ); continue; } $data = null; $field_name = WPSEO_Meta::$form_prefix . $key; if ( $meta_box['type'] === 'checkbox' ) { $data = isset( $_POST[ $field_name ] ) ? 'on' : 'off'; } else { if ( isset( $_POST[ $field_name ] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: Sanitized through sanitize_post_meta. $data = \wp_unslash( $_POST[ $field_name ] ); // For multi-select. if ( \is_array( $data ) ) { $data = \array_map( [ 'WPSEO_Utils', 'sanitize_text_field' ], $data ); } if ( \is_string( $data ) ) { $data = ( $key !== 'canonical' ) ? WPSEO_Utils::sanitize_text_field( $data ) : WPSEO_Utils::sanitize_url( $data ); } } // Reset options when no entry is present with multiselect - only applies to `meta-robots-adv` currently. if ( ! isset( $_POST[ $field_name ] ) && ( $meta_box['type'] === 'multiselect' ) ) { $data = []; } } if ( $data !== null ) { WPSEO_Meta::set_value( $key, $data, $post_id ); } } if ( isset( $_POST[ WPSEO_Meta::$form_prefix . 'slug' ] ) && \is_string( $_POST[ WPSEO_Meta::$form_prefix . 'slug' ] ) ) { $slug = \sanitize_title( \wp_unslash( $_POST[ WPSEO_Meta::$form_prefix . 'slug' ] ) ); if ( $post->post_name !== $slug ) { $post_array = $post->to_array(); $post_array['post_name'] = $slug; $save_successful = \wp_insert_post( $post_array ); if ( \is_wp_error( $save_successful ) ) { \wp_send_json_error( 'Slug not saved', 400 ); } // Update the post object to ensure we have the actual slug. // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited -- Updating the post is needed to get the current slug. $post = \get_post( $post_id ); if ( ! \is_object( $post ) ) { \wp_send_json_error( 'Updated slug not found', 400 ); } } } \do_action( 'wpseo_saved_postdata' ); // Output the slug, because it is processed by WP and we need the actual slug again. \wp_send_json_success( [ 'slug' => $post->post_name ] ); } /** * Determines if the given meta value key is disabled. * * @param string $key The key of the meta value. * * @return bool Whether the given meta value key is disabled. */ public function is_meta_value_disabled( $key ) { if ( $key === 'linkdex' && ! $this->seo_analysis->is_enabled() ) { return true; } if ( $key === 'content_score' && ! $this->readability_analysis->is_enabled() ) { return true; } if ( $key === 'inclusive_language_score' && ! $this->inclusive_language_analysis->is_enabled() ) { return true; } return false; } /** * Enqueues all the needed JS and CSS. * * @return void */ public function enqueue() { $post_id = \get_queried_object_id(); if ( empty( $post_id ) ) { $post_id = 0; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Reason: We are not processing form information. if ( isset( $_GET['post'] ) && \is_string( $_GET['post'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,WordPress.Security.NonceVerification.Recommended -- Reason: No sanitization needed because we cast to an integer,We are not processing form information. $post_id = (int) \wp_unslash( $_GET['post'] ); } } if ( $post_id !== 0 ) { // Enqueue files needed for upload functionality. \wp_enqueue_media( [ 'post' => $post_id ] ); } $this->asset_manager->enqueue_style( 'admin-global' ); $this->asset_manager->enqueue_style( 'metabox-css' ); $this->asset_manager->enqueue_style( 'scoring' ); $this->asset_manager->enqueue_style( 'monorepo' ); $this->asset_manager->enqueue_style( 'admin-css' ); $this->asset_manager->enqueue_style( 'ai-generator' ); $this->asset_manager->enqueue_style( 'elementor' ); $this->asset_manager->enqueue_script( 'admin-global' ); $this->asset_manager->enqueue_script( 'elementor' ); $this->asset_manager->localize_script( 'elementor', 'wpseoAdminGlobalL10n', \YoastSEO()->helpers->wincher->get_admin_global_links() ); $this->asset_manager->localize_script( 'elementor', 'wpseoAdminL10n', WPSEO_Utils::get_admin_l10n() ); $this->asset_manager->localize_script( 'elementor', 'wpseoFeaturesL10n', WPSEO_Utils::retrieve_enabled_features() ); $plugins_script_data = [ 'replaceVars' => [ 'replace_vars' => $this->get_replace_vars(), 'recommended_replace_vars' => $this->get_recommended_replace_vars(), 'hidden_replace_vars' => $this->get_hidden_replace_vars(), 'scope' => $this->determine_scope(), 'has_taxonomies' => $this->current_post_type_has_taxonomies(), ], 'shortcodes' => [ 'wpseo_shortcode_tags' => $this->get_valid_shortcode_tags(), 'wpseo_filter_shortcodes_nonce' => \wp_create_nonce( 'wpseo-filter-shortcodes' ), ], ]; $worker_script_data = [ 'url' => \YoastSEO()->helpers->asset->get_asset_url( 'yoast-seo-analysis-worker' ), 'dependencies' => \YoastSEO()->helpers->asset->get_dependency_urls_by_handle( 'yoast-seo-analysis-worker' ), 'keywords_assessment_url' => \YoastSEO()->helpers->asset->get_asset_url( 'yoast-seo-used-keywords-assessment' ), 'log_level' => WPSEO_Utils::get_analysis_worker_log_level(), // We need to make the feature flags separately available inside of the analysis web worker. 'enabled_features' => WPSEO_Utils::retrieve_enabled_features(), ]; $woocommerce_conditional = new WooCommerce_Conditional(); $permalink = $this->get_permalink(); $script_data = [ 'metabox' => $this->get_metabox_script_data( $permalink ), 'userLanguageCode' => WPSEO_Language_Utils::get_language( \get_user_locale() ), 'isPost' => true, 'isBlockEditor' => WP_Screen::get()->is_block_editor(), 'isElementorEditor' => true, 'isWooCommerceActive' => $woocommerce_conditional->is_met(), 'postStatus' => \get_post_status( $post_id ), 'postType' => \get_post_type( $post_id ), 'analysis' => [ 'plugins' => $plugins_script_data, 'worker' => $worker_script_data, ], 'webinarIntroElementorUrl' => WPSEO_Shortlinker::get( 'https://yoa.st/webinar-intro-elementor' ), 'usedKeywordsNonce' => \wp_create_nonce( 'wpseo-keyword-usage-and-post-types' ), ]; /** * The website information repository. * * @var $repo Website_Information_Repository */ $repo = \YoastSEO()->classes->get( Website_Information_Repository::class ); $site_information = $repo->get_post_site_information(); $site_information->set_permalink( $permalink ); $script_data = \array_merge_recursive( $site_information->get_legacy_site_information(), $script_data ); $this->asset_manager->localize_script( 'elementor', 'wpseoScriptData', $script_data ); $this->asset_manager->enqueue_user_language_script(); } /** * Renders the metabox hidden fields. * * @return void */ protected function render_hidden_fields() { // Wrap in a form with an action and post_id for the submit. \printf( '
'; } /** * Returns the slug for the post being edited. * * @return string */ protected function get_post_slug() { $post = $this->get_metabox_post(); // In case get_metabox_post returns null for whatever reason. if ( ! $post instanceof WP_Post ) { return ''; } // Drafts might not have a post_name unless the slug has been manually changed. // In this case we get it using get_sample_permalink. if ( ! $post->post_name ) { $sample = \get_sample_permalink( $post ); // Since get_sample_permalink runs through filters, ensure that it has the expected return value. if ( \is_array( $sample ) && \count( $sample ) === 2 && \is_string( $sample[1] ) ) { return $sample[1]; } } return $post->post_name; } /** * Returns post in metabox context. * * @return WP_Post|null */ protected function get_metabox_post() { if ( $this->post !== null ) { return $this->post; } $this->post = $this->request_post->get_post(); return $this->post; } /** * Passes variables to js for use with the post-scraper. * * @param string $permalink The permalink. * * @return array */ protected function get_metabox_script_data( $permalink ) { $post_formatter = new WPSEO_Metabox_Formatter( new WPSEO_Post_Metabox_Formatter( $this->get_metabox_post(), [], $permalink ) ); $values = $post_formatter->get_values(); /** This filter is documented in admin/filters/class-cornerstone-filter.php. */ $post_types = \apply_filters( 'wpseo_cornerstone_post_types', \YoastSEO()->helpers->post_type->get_accessible_post_types() ); if ( $values['cornerstoneActive'] && ! \in_array( $this->get_metabox_post()->post_type, $post_types, true ) ) { $values['cornerstoneActive'] = false; } $values['elementorMarkerStatus'] = $this->is_highlighting_available() ? 'enabled' : 'hidden'; return $values; } /** * Gets the permalink. * * @return string */ protected function get_permalink(): string { $permalink = ''; if ( \is_object( $this->get_metabox_post() ) ) { $permalink = \get_sample_permalink( $this->get_metabox_post()->ID ); $permalink = $permalink[0]; } return $permalink; } /** * Checks whether the highlighting functionality is available for Elementor: * - in Free it's always available (as an upsell). * - in Premium it's available as long as the version is 21.8-RC0 or above. * * @return bool Whether the highlighting functionality is available. */ private function is_highlighting_available() { $is_premium = \YoastSEO()->helpers->product->is_premium(); $premium_version = \YoastSEO()->helpers->product->get_premium_version(); return ! $is_premium || \version_compare( $premium_version, '21.8-RC0', '>=' ); } /** * Prepares the replace vars for localization. * * @return array Replace vars. */ protected function get_replace_vars() { $cached_replacement_vars = []; $vars_to_cache = [ 'date', 'id', 'sitename', 'sitedesc', 'sep', 'page', 'currentyear', 'currentdate', 'currentmonth', 'currentday', 'tag', 'category', 'category_title', 'primary_category', 'pt_single', 'pt_plural', 'modified', 'name', 'user_description', 'pagetotal', 'pagenumber', 'post_year', 'post_month', 'post_day', 'author_first_name', 'author_last_name', 'permalink', 'post_content', ]; foreach ( $vars_to_cache as $var ) { $cached_replacement_vars[ $var ] = \wpseo_replace_vars( '%%' . $var . '%%', $this->get_metabox_post() ); } // Merge custom replace variables with the WordPress ones. return \array_merge( $cached_replacement_vars, $this->get_custom_replace_vars( $this->get_metabox_post() ) ); } /** * Prepares the recommended replace vars for localization. * * @return array Recommended replacement variables. */ protected function get_recommended_replace_vars() { $recommended_replace_vars = new WPSEO_Admin_Recommended_Replace_Vars(); // What is recommended depends on the current context. $post_type = $recommended_replace_vars->determine_for_post( $this->get_metabox_post() ); return $recommended_replace_vars->get_recommended_replacevars_for( $post_type ); } /** * Returns the list of replace vars that should be hidden inside the editor. * * @return string[] The hidden replace vars. */ protected function get_hidden_replace_vars() { return ( new WPSEO_Replace_Vars() )->get_hidden_replace_vars(); } /** * Gets the custom replace variables for custom taxonomies and fields. * * @param WP_Post $post The post to check for custom taxonomies and fields. * * @return array Array containing all the replacement variables. */ protected function get_custom_replace_vars( $post ) { return [ 'custom_fields' => $this->get_custom_fields_replace_vars( $post ), 'custom_taxonomies' => $this->get_custom_taxonomies_replace_vars( $post ), ]; } /** * Gets the custom replace variables for custom taxonomies. * * @param WP_Post $post The post to check for custom taxonomies. * * @return array Array containing all the replacement variables. */ protected function get_custom_taxonomies_replace_vars( $post ) { $taxonomies = \get_object_taxonomies( $post, 'objects' ); $custom_replace_vars = []; foreach ( $taxonomies as $taxonomy_name => $taxonomy ) { if ( \is_string( $taxonomy ) ) { // If attachment, see https://core.trac.wordpress.org/ticket/37368 . $taxonomy_name = $taxonomy; $taxonomy = \get_taxonomy( $taxonomy_name ); } if ( $taxonomy->_builtin && $taxonomy->public ) { continue; } $custom_replace_vars[ $taxonomy_name ] = [ 'name' => $taxonomy->name, 'description' => $taxonomy->description, ]; } return $custom_replace_vars; } /** * Gets the custom replace variables for custom fields. * * @param WP_Post $post The post to check for custom fields. * * @return array Array containing all the replacement variables. */ protected function get_custom_fields_replace_vars( $post ) { $custom_replace_vars = []; // If no post object is passed, return the empty custom_replace_vars array. if ( ! \is_object( $post ) ) { return $custom_replace_vars; } $custom_fields = \get_post_custom( $post->ID ); // Simply concatenate all fields containing replace vars so we can handle them all with a single regex find. $replace_vars_fields = \implode( ' ', [ \YoastSEO()->meta->for_post( $post->ID )->presentation->title, \YoastSEO()->meta->for_post( $post->ID )->presentation->meta_description, ] ); \preg_match_all( '/%%cf_([A-Za-z0-9_]+)%%/', $replace_vars_fields, $matches ); $fields_to_include = $matches[1]; foreach ( $custom_fields as $custom_field_name => $custom_field ) { // Skip private custom fields. if ( \substr( $custom_field_name, 0, 1 ) === '_' ) { continue; } // Skip custom fields that are not used, new ones will be fetched dynamically. if ( ! \in_array( $custom_field_name, $fields_to_include, true ) ) { continue; } // Skip custom field values that are serialized. if ( \is_serialized( $custom_field[0] ) ) { continue; } $custom_replace_vars[ $custom_field_name ] = $custom_field[0]; } return $custom_replace_vars; } /** * Determines the scope based on the post type. * This can be used by the replacevar plugin to determine if a replacement needs to be executed. * * @return string String describing the current scope. */ protected function determine_scope() { if ( $this->get_metabox_post()->post_type === 'page' ) { return 'page'; } return 'post'; } /** * Determines whether or not the current post type has registered taxonomies. * * @return bool Whether the current post type has taxonomies. */ protected function current_post_type_has_taxonomies() { $post_taxonomies = \get_object_taxonomies( $this->get_metabox_post()->post_type ); return ! empty( $post_taxonomies ); } /** * Returns an array with shortcode tags for all registered shortcodes. * * @return array */ protected function get_valid_shortcode_tags() { $shortcode_tags = []; foreach ( $GLOBALS['shortcode_tags'] as $tag => $description ) { $shortcode_tags[] = $tag; } return $shortcode_tags; } }