Ads.txt file exists check from backend side #131
Conversation
inc/admin.php
Outdated
| @@ -269,6 +269,14 @@ function settings_screen( $post_id, $strings, $args ) { | |||
| } | |||
| ?> | |||
| <div class="wrap"> | |||
| <?php if ( file_exists( ABSPATH . '/ads.txt' ) ) { ?> | |||
There was a problem hiding this comment.
This check won't work I'm afraid.
ABSPATH points to the directory of the WordPress install, which isn't necessarily the same as the root directory of the website. See this guide for running wordpress in a subdirectory.
To use my site as an example, this would check for /path/to/files/wp/ads.txt rather than /path/to/files/ads.txt.
I think there would be some weirdness around multisite installs too.
There was a problem hiding this comment.
Yeah, that makes sense, I'll try to fix the issue
There was a problem hiding this comment.
I added a quick comment with some pseudo code on the original issue #48 (comment)
There was a problem hiding this comment.
@peterwilsoncc I'm trying to check the file following your suggestions but somehow when I try to get the file via wp_remote_request request I'm getting empty headers data, I've pushed the latest changes on this branch, could you take a look, please? Thanks
There was a problem hiding this comment.
I'm unable to reproduce an error with empty headers, this is what I am seeing in xdebug using the file_exists line as a break point.
There was a problem hiding this comment.
Thanks @peterwilsoncc I was able to test header data today
This is the header response from ads.txt file
and this from adstxt post type
Can we check the file with the Content-Length and/or ETag properties as these are not present in the post-type response? although I don't have much experience with online server file systems, I think these might help to differentiate between file response and post-type response! please let me know your feedback. Thanks
|
@sksaju there appears to be a merge conflict, mind resolving that and letting us know if this is ready for re-review? Thanks! |
|
@peterwilsoncc back to you for review here |
inc/admin.php
Outdated
| // Get the headers of the response | ||
| $headers = wp_remote_retrieve_headers( $response ); | ||
| $content_type = isset( $headers['content-type'] ) ? $headers['content-type'] : ''; | ||
| $file_exist = strpos( $content_type, 'application/octet-stream' ) !== false; |
There was a problem hiding this comment.
While testing, I was getting a false report here (I had an ads.txt file but it wasn't detected).
How about the adding header( 'X-Ads-Txt-Generator: https://wordpress.org/plugins/ads-txt/' ); to the output in the main file (both for ads.txt and for app-ads.txt) and then checking for the header:
| // Get the headers of the response | |
| $headers = wp_remote_retrieve_headers( $response ); | |
| $content_type = isset( $headers['content-type'] ) ? $headers['content-type'] : ''; | |
| $file_exist = strpos( $content_type, 'application/octet-stream' ) !== false; | |
| // Check the ads.txt generator header. | |
| $headers = wp_remote_retrieve_headers( $response ); | |
| $generator = isset( $headers['X-Ads-Txt-Generator'] ) ? $headers['X-Ads-Txt-Generator'] : ''; | |
| $file_exist = 'https://wordpress.org/plugins/ads-txt/' !== $generator; |
The generator header would need to be included regardless of whether the post exists or not, so probably right after the get_option() check in each block.
inc/admin.php
Outdated
| function adstxts_check_for_existing_file() { | ||
| $home_url_parsed = wp_parse_url( home_url() ); | ||
| if ( empty( $home_url_parsed['path'] ) ) { | ||
| $response = wp_remote_request( home_url( '/ads.txt' ) ); |
There was a problem hiding this comment.
We'll need something here (and in the JS) to determine whether the check should be for ads.txt or app-ads.txt .
You can probably include something in the admin_enqueue_scripts() function within this file based on the hook -- whether it contains app-adstxt or not.
To be secure you should send it in the form is_appstxt: true|false and modify the URL check based on the true false statement. Don't use the variable home_url( $passed_value ) as someone could modify that to a random file name, such as .env or similar.
| * @return void | ||
| */ | ||
| function adstxts_check_for_existing_file() { | ||
| $home_url_parsed = wp_parse_url( home_url() ); |
There was a problem hiding this comment.
Security: This will need both a nonce and a capability check, similar to that used in the save function:
Lines 19 to 20 in dc18245
|
|
||
| // Make sure to exit | ||
| wp_die(); |
There was a problem hiding this comment.
wp_send_json() exits.
| // Make sure to exit | |
| wp_die(); |
| <div class="notice notice-error adstxt-notice existing-adstxt" style="display: none;"> | ||
| <p><strong><?php echo esc_html( $strings['existing'] ); ?></strong></p> | ||
| <p><?php echo esc_html( $strings['precedence'] ); ?></p> | ||
|
|
||
| <p><?php echo esc_html_e( 'Removed the existing file but are still seeing this warning?', 'ads-txt' ); ?> <a class="ads-txt-rerun-check" href="#"><?php echo esc_html_e( 'Re-run the check now', 'ads-txt' ); ?></a> <span class="spinner" style="float:none;margin:-2px 5px 0"></span></p> | ||
| </div> |
There was a problem hiding this comment.
Follow up: it's the presence of this that is causing the tests to fail. I pushed a fix in 5d9f27d
There was a problem hiding this comment.
This looks good to me, thank you for your patience during the review process.
Testing notes:
- identical content in a real file and the generated version show the warning
- different content in a real file and the generated version show the warning
- the generated file includes the custom header
- file not found errors include the custom header
- accounts for built in Multisite domain mapping
peterwilsoncc
deleted the
fix/adstxt-file-detection-does-not-take-mapped-domains-into-account
branch
Description of the Change
This PR fixes the #48 issue, by adding ads.txt file check from the backend side
Closes #
How to test the Change
Changelog Entry
Credits
Props @sksaju, @mmcachran, @peterwilsoncc, @dinhtungdu, @helen, @jeffpaul.
Checklist: