Merge pull request #772 from google/fix/765

Ensure verification token is also accepted without the wrapping meta tag
google · Nov 2, 2019 · 8ab07e4 · 8ab07e4
2 parents 24fc7aa + d526249
commit 8ab07e4
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 9 deletions.
diff --git a/google-site-kit.php b/google-site-kit.php
@@ -11,7 +11,7 @@
  * Plugin Name: Site Kit by Google
  * Plugin URI:  https://sitekit.withgoogle.com
  * Description: Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.
- * Version:     1.0.0
+ * Version:     1.0.1
  * Author:      Google
  * Author URI:  https://opensource.google.com
  * License:     Apache License 2.0
@@ -24,7 +24,7 @@
 }
 
 // Define most essential constants.
-define( 'GOOGLESITEKIT_VERSION', '1.0.0' );
+define( 'GOOGLESITEKIT_VERSION', '1.0.1' );
 define( 'GOOGLESITEKIT_PLUGIN_MAIN_FILE', __FILE__ );
 
 /**

diff --git a/includes/Core/Authentication/Authentication.php b/includes/Core/Authentication/Authentication.php
@@ -567,7 +567,12 @@ private function print_site_verification_meta() {
 		);
 
 		foreach ( $verification_tags as $verification_tag ) {
-			echo wp_kses( html_entity_decode( $verification_tag ), $allowed_html );
+			$verification_tag = html_entity_decode( $verification_tag );
+			if ( 0 !== strpos( $verification_tag, '<meta ' ) ) {
+				$verification_tag = '<meta name="google-site-verification" content="' . esc_attr( $verification_tag ) . '">';
+			}
+
+			echo wp_kses( $verification_tag, $allowed_html );
 		}
 	}
 

diff --git a/includes/Core/Authentication/Clients/OAuth_Client.php b/includes/Core/Authentication/Clients/OAuth_Client.php
@@ -632,6 +632,7 @@ public function get_proxy_setup_url( $access_code = '', $error_code = '' ) {
 					'nonce'      => $nonce,
 					'name'       => rawurlencode( wp_specialchars_decode( get_bloginfo( 'name' ) ) ),
 					'url'        => rawurlencode( $home_url ),
+					'version'    => GOOGLESITEKIT_VERSION,
 					'rest_root'  => rawurlencode( $rest_root ),
 					'admin_root' => rawurlencode( $admin_root ),
 					'scope'      => rawurlencode( $scope ),
@@ -643,6 +644,7 @@ public function get_proxy_setup_url( $access_code = '', $error_code = '' ) {
 		$query_args = array(
 			'site_id' => $credentials->web->client_id,
 			'code'    => $access_code,
+			'version' => GOOGLESITEKIT_VERSION,
 			'scope'   => rawurlencode( $scope ),
 		);
 		if ( 'missing_verification' === $error_code ) {

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Contributors:      google
 Requires at least: 4.7
 Tested up to:      5.3
 Requires PHP:      5.4
-Stable tag:        1.0.0
+Stable tag:        1.0.1
 License:           Apache License 2.0
 License URI:       https://www.apache.org/licenses/LICENSE-2.0
 Tags:              google, search-console, analytics, adsense, pagespeed-insights, optimize, tag-manager, site-kit

diff --git a/tests/phpunit/integration/Core/Authentication/AuthenticationTest.php b/tests/phpunit/integration/Core/Authentication/AuthenticationTest.php
@@ -95,26 +95,42 @@ protected function assertSetupDataExtended() {
 		);
 	}
 
-	public function test_register_head_verification_tags() {
+	/**
+	 * @dataProvider data_register_head_verification_tags
+	 */
+	public function test_register_head_verification_tags( $saved_tag, $expected_output ) {
 		remove_all_actions( 'wp_head' );
 		remove_all_actions( 'login_head' );
 		$auth = new Authentication( new Context( GOOGLESITEKIT_PLUGIN_MAIN_FILE ) );
 		$auth->register();
 
-		$tag_html = '<meta name="google-site-verification" content="test-verification-content">';
-		set_transient( 'googlesitekit_verification_meta_tags', array( $tag_html ) );
+		set_transient( 'googlesitekit_verification_meta_tags', array( $saved_tag ) );
 
 		$this->assertContains(
-			$tag_html,
+			$expected_output,
 			$this->capture_action( 'wp_head' )
 		);
 
 		$this->assertContains(
-			$tag_html,
+			$expected_output,
 			$this->capture_action( 'login_head' )
 		);
 	}
 
+	public function data_register_head_verification_tags() {
+		return array(
+			array( // Full meta tag stored.
+				'<meta name="google-site-verification" content="test-verification-content">',
+				'<meta name="google-site-verification" content="test-verification-content">',
+			),
+			array(
+				// Only verification token stored.
+				'test-verification-content-2',
+				'<meta name="google-site-verification" content="test-verification-content-2">',
+			),
+		);
+	}
+
 	public function test_register_allowed_redirect_hosts() {
 		remove_all_filters( 'allowed_redirect_hosts' );
 		$auth = new Authentication( new Context( GOOGLESITEKIT_PLUGIN_MAIN_FILE ) );

diff --git a/tests/phpunit/integration/Core/Authentication/Clients/OAuth_ClientTest.php b/tests/phpunit/integration/Core/Authentication/Clients/OAuth_ClientTest.php
@@ -274,6 +274,7 @@ public function test_get_proxy_setup_url() {
 		$url = $client->get_proxy_setup_url();
 		$this->assertContains( 'name=', $url );
 		$this->assertContains( 'url=', $url );
+		$this->assertContains( 'version=', $url );
 		$this->assertContains( 'rest_root=', $url );
 		$this->assertContains( 'admin_root=', $url );
 		$this->assertContains( 'scope=', $url );
@@ -285,6 +286,7 @@ public function test_get_proxy_setup_url() {
 		$url = $client->get_proxy_setup_url( 'temp-code' );
 		$this->assertContains( 'site_id=' . self::SITE_ID, $url );
 		$this->assertContains( 'code=temp-code', $url );
+		$this->assertContains( 'version=', $url );
 		$this->assertContains( 'scope=', $url );
 		$this->assertNotContains( 'name=', $url );
 		$this->assertNotContains( 'url=', $url );