From f3218eaa7dfff8fab19d3792364e331bb7a12f55 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Wed, 21 Mar 2018 14:45:46 -0700
Subject: [PATCH] Prevent handling XHR request if _wp_amp_action_xhr_converted
 query var absent

---
 includes/class-amp-theme-support.php   | 9 ++++++++-
 tests/test-class-amp-theme-support.php | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/includes/class-amp-theme-support.php b/includes/class-amp-theme-support.php
index 3e24228c1af..44f6872330f 100644
--- a/includes/class-amp-theme-support.php
+++ b/includes/class-amp-theme-support.php
@@ -363,7 +363,14 @@ public static function send_header( $name, $value, $args = array() ) {
 	 * @since 0.7.0
 	 */
 	public static function handle_xhr_request() {
-		if ( empty( self::$purged_amp_query_vars['__amp_source_origin'] ) || empty( $_SERVER['REQUEST_METHOD'] ) || 'POST' !== $_SERVER['REQUEST_METHOD'] ) {
+		$is_amp_xhr = (
+			! empty( self::$purged_amp_query_vars['_wp_amp_action_xhr_converted'] )
+			&&
+			! empty( self::$purged_amp_query_vars['__amp_source_origin'] )
+			&&
+			( ! empty( $_SERVER['REQUEST_METHOD'] ) && 'POST' === $_SERVER['REQUEST_METHOD'] )
+		);
+		if ( ! $is_amp_xhr ) {
 			return;
 		}
 
diff --git a/tests/test-class-amp-theme-support.php b/tests/test-class-amp-theme-support.php
index e672e5e0cdf..9a278c8efca 100644
--- a/tests/test-class-amp-theme-support.php
+++ b/tests/test-class-amp-theme-support.php
@@ -279,6 +279,8 @@ public function test_handle_xhr_request() {
 		AMP_Theme_Support::handle_xhr_request();
 		$this->assertEmpty( AMP_Theme_Support::$headers_sent );
 
+		$_GET['_wp_amp_action_xhr_converted'] = '1';
+
 		// Try bad source origin.
 		$_GET['__amp_source_origin'] = 'http://evil.example.com/';
 		$_SERVER['REQUEST_METHOD']   = 'POST';