From fc9877bdc6fa88785b5d82f90a210b07fbfaa574 Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Thu, 8 Feb 2018 23:16:23 -0800 Subject: [PATCH 1/2] Prevent PHP error in style sanitizer when no head element is present --- includes/sanitizers/class-amp-style-sanitizer.php | 7 ++++++- tests/test-amp-style-sanitizer.php | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/includes/sanitizers/class-amp-style-sanitizer.php b/includes/sanitizers/class-amp-style-sanitizer.php index f643a1d7f0b..92e9831d454 100644 --- a/includes/sanitizers/class-amp-style-sanitizer.php +++ b/includes/sanitizers/class-amp-style-sanitizer.php @@ -196,7 +196,12 @@ public function sanitize() { if ( ! $this->amp_custom_style_element ) { $this->amp_custom_style_element = $this->dom->createElement( 'style' ); $this->amp_custom_style_element->setAttribute( 'amp-custom', '' ); - $this->dom->getElementsByTagName( 'head' )->item( 0 )->appendChild( $this->amp_custom_style_element ); + $head = $this->dom->getElementsByTagName( 'head' )->item( 0 ); + if ( ! $head ) { + $head = $this->dom->createElement( 'head' ); + $this->dom->documentElement->insertBefore( $head, $this->dom->documentElement->firstChild ); + } + $head->appendChild( $this->amp_custom_style_element ); } // Gather stylesheets to print as long as they don't surpass the limit. diff --git a/tests/test-amp-style-sanitizer.php b/tests/test-amp-style-sanitizer.php index 9280a2117b4..c0190ec8811 100644 --- a/tests/test-amp-style-sanitizer.php +++ b/tests/test-amp-style-sanitizer.php @@ -160,7 +160,7 @@ public function get_link_and_style_test_data() { 's {color:yellow}', ), ), - 'style_eleemnts_with_link_elements' => array( + 'style_elements_with_link_elements' => array( sprintf( '', // phpcs:ignore WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet includes_url( 'css/dashicons.css' ) @@ -172,6 +172,12 @@ public function get_link_and_style_test_data() { 's {color:yellow}', ), ), + 'style_with_no_head' => array( + 'Not good!', + array( + 'body{color:red}', + ), + ), ); } From 2e8b4a213957beb58d14114c245ca78a269e99fa Mon Sep 17 00:00:00 2001 From: Weston Ruter Date: Thu, 8 Feb 2018 23:17:14 -0800 Subject: [PATCH 2/2] Prevent preparing AMP HTML for output-buffered response when it is not HTML --- includes/class-amp-theme-support.php | 9 +++++++++ tests/test-class-amp-theme-support.php | 23 +++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/includes/class-amp-theme-support.php b/includes/class-amp-theme-support.php index 0d955ea0084..acda180917f 100644 --- a/includes/class-amp-theme-support.php +++ b/includes/class-amp-theme-support.php @@ -772,6 +772,15 @@ public static function finish_output_buffering() { public static function prepare_response( $response, $args = array() ) { global $content_width; + /* + * Check if the response starts with HTML markup. + * Without this check, JSON responses will be erroneously corrupted, + * being wrapped in HTML documents. + */ + if ( '<' !== substr( ltrim( $response ), 0, 1 ) ) { + return $response; + } + $args = array_merge( array( 'content_max_width' => ! empty( $content_width ) ? $content_width : AMP_Post_Template::CONTENT_MAX_WIDTH, // Back-compat. diff --git a/tests/test-class-amp-theme-support.php b/tests/test-class-amp-theme-support.php index 3429ab836cb..b71c4d41228 100644 --- a/tests/test-class-amp-theme-support.php +++ b/tests/test-class-amp-theme-support.php @@ -138,6 +138,29 @@ public function test_prepare_response() { $this->assertContains( '