Changeset 2966789

Timestamp:

09/14/2023 12:26:14 AM (3 years ago)

Author:

dmchale

Message:

v1.8

Location:

disable-json-api

Files:

• tags/v1.8 (added)
• tags/v1.8/README.md (added)
• tags/v1.8/admin.php (added)
• tags/v1.8/classes (added)
• tags/v1.8/classes/admin.php (added)
• tags/v1.8/classes/disable-rest-api.php (added)
• tags/v1.8/classes/helpers.php (added)
• tags/v1.8/classes/index.php (added)
• tags/v1.8/classes/requirements-check.php (added)
• tags/v1.8/css (added)
• tags/v1.8/css/admin.css (added)
• tags/v1.8/disable-json-api.php (added)
• tags/v1.8/docs (added)
• tags/v1.8/docs/_config.yml (added)
• tags/v1.8/docs/index.md (added)
• tags/v1.8/index.php (added)
• tags/v1.8/js (added)
• tags/v1.8/js/admin-footer.js (added)
• tags/v1.8/js/admin-header.js (added)
• tags/v1.8/languages (added)
• tags/v1.8/languages/index.php (added)
• tags/v1.8/readme.txt (added)
• tags/v1.8/uninstall.php (added)
• trunk/README.md (added)
• trunk/admin.php (modified) (1 diff)
• trunk/classes/admin.php (modified) (4 diffs)
• trunk/classes/disable-rest-api.php (modified) (13 diffs)
• trunk/classes/helpers.php (modified) (9 diffs)
• trunk/classes/requirements-check.php (modified) (4 diffs)
• trunk/disable-json-api.php (modified) (3 diffs)
• trunk/docs (added)
• trunk/docs/_config.yml (added)
• trunk/docs/index.md (added)
• trunk/functions/index.php (deleted)
• trunk/functions/legacy.php (deleted)
• trunk/readme.txt (modified) (3 diffs)

disable-json-api/trunk/admin.php

@@ -8 +8 @@
     </p>
 
-    <hr />
+    <hr/>
 
     <div id="select-container">
         <?php esc_html_e( "Rules for", "disable-json-api" ); ?>: <select name="role" id="dra-role">
             <option value="none"><?php esc_html_e( "Unauthenticated Users", "disable-json-api" ); ?></option>
-            <?php
-            $role = ( isset( $_GET['role'] ) ) ? $_GET['role'] : 'none';
-            wp_dropdown_roles( $role );
-            ?>
+            <?php
+            $role = ( isset( $_GET['role'] ) ) ? $_GET['role'] : 'none';
+            wp_dropdown_roles( $role );
+            ?>
         </select>
     </div>
 
-    <hr />
+    <hr/>
 
     <form method="post" action="" id="DRA_form">
-        <?php wp_nonce_field( 'DRA_admin_nonce' ); ?>
+        <?php wp_nonce_field( 'DRA_admin_nonce' ); ?>
         <input type="hidden" name="role" value="<?php echo esc_attr( $role ); ?>">
 
         <div id="default-allow-container">
-            <?php DRA_Admin::display_role_default_allow( $role ); ?>
+            <?php DRA_Admin::display_role_default_allow( $role ); ?>
         </div>
 
-        <hr />
+        <hr/>
 
         <div id="route-container">
-            <?php DRA_Admin::display_route_checkboxes( $role ); ?>
-            <hr />
+            <?php DRA_Admin::display_route_checkboxes( $role ); ?>
+            <hr/>
         </div>
 

disable-json-api/trunk/classes/admin.php

@@ -1 +1 @@
 <?php
+
 class DRA_Admin {
 
@@ -8 +9 @@
      */
     static function display_route_checkboxes( $role = 'none' ) {
-        $all_namespaces     = DRA_Helpers::get_all_rest_namespaces();
-        $all_routes         = DRA_Helpers::get_all_rest_routes();
-        $allowed_routes     = DRA_Helpers::get_allowed_routes( $role );
+        $all_namespaces = DRA_Helpers::get_all_rest_namespaces();
+        $all_routes     = DRA_Helpers::get_all_rest_routes();
+        $allowed_routes = DRA_Helpers::get_allowed_routes( $role );
 
         $loopCounter       = 0;
@@ -64 +65 @@
      */
     static function display_role_default_allow( $role ) {
-        $default_allow_true_checked = '';
+        $default_allow_true_checked  = '';
         $default_allow_false_checked = '';
 
@@ -76 +77 @@
         /* translators: name of user role */
         echo sprintf( '<h2>%s</h2>', sprintf( esc_html__( 'Manage Rules for %s Users', 'disable-json-api' ), DRA_Helpers::get_role_name( $role ) ) );
-        ?>
-        <p style="font-style:italic;">
-            <?php
-            echo esc_html__( 'NOTE: New routes may be added in the future by plugins, themes, or WordPress itself.', 'disable-json-api' );
-            echo '<br />';
-            echo esc_html__( 'If you choose to manage access for a user role, you will have to come back and add permissions for any new routes later.', 'disable-json-api' );
-            ?>
+        ?>
+        <p style="font-style:italic;">
+            <?php
+            echo esc_html__( 'NOTE: New routes may be added in the future by plugins, themes, or WordPress itself.', 'disable-json-api' );
+            echo '<br />';
+            echo esc_html__( 'If you choose to manage access for a user role, you will have to come back and add permissions for any new routes later.', 'disable-json-api' );
+            ?>
         </p>
-        <label><input type="radio" name="default_allow" value="0" <?php echo $default_allow_false_checked; ?>>&nbsp;<?php echo esc_html__( 'Manage REST API Access', 'disable-json-api' ); ?></label>
-        &nbsp;&nbsp;&nbsp;
-        <label><input type="radio" name="default_allow" value="1" <?php echo $default_allow_true_checked; ?>>&nbsp;<?php echo esc_html__( 'Allow Full REST API Access', 'disable-json-api' ); ?></label>
+        <label><input type="radio" name="default_allow" value="0" <?php echo $default_allow_false_checked; ?>>&nbsp;<?php echo esc_html__( 'Manage REST API Access', 'disable-json-api' ); ?></label>
+        &nbsp;&nbsp;&nbsp;
+        <label><input type="radio" name="default_allow" value="1" <?php echo $default_allow_true_checked; ?>>&nbsp;<?php echo esc_html__( 'Allow Full REST API Access', 'disable-json-api' ); ?></label>
         <?php
     }

disable-json-api/trunk/classes/disable-rest-api.php

@@ -1 +1 @@
 <?php
+
 /**
  * Disable_REST_API class
@@ -30 +31 @@
 
         // Do logic for upgrading to 1.6 from versions less than 1.6
-        add_action( 'init', array( &$this, 'option_check' ) );
+        add_action( 'wp_loaded', array( &$this, 'option_check' ) );
 
         // Set up admin page for plugin settings
@@ -73 +74 @@
      */
     private function get_current_route() {
-        $rest_route = $GLOBALS['wp']->query_vars['rest_route'];
+        $rest_route = isset( $GLOBALS['wp']->query_vars['rest_route'] ) ?
+            $GLOBALS['wp']->query_vars['rest_route'] :
+            '';
 
         return ( empty( $rest_route ) || '/' == $rest_route ) ?
@@ -90 +93 @@
     private function is_route_allowed( $currentRoute ) {
 
-        $current_options = get_option( 'disable_rest_api_options', array() );
+        $current_options    = get_option( 'disable_rest_api_options', array() );
         $current_user_roles = $this->get_current_user_roles();
 
@@ -97 +100 @@
 
             // If we have a definition for the current user's role
-            if ( isset( $current_options['roles'][$role] ) ) {
+            if ( isset( $current_options['roles'][ $role ] ) ) {
 
                 // If any role for this user is set to Allow Full REST API Access, return true automatically
-                if ( true === $current_options['roles'][$role]['default_allow'] ) {
+                if ( true === $current_options['roles'][ $role ]['default_allow'] ) {
                     return true;
                 }
@@ -215 +218 @@
         if ( ! DRA_Helpers::is_valid_role( $role ) ) {
             add_settings_error( 'DRA-notices', esc_attr( 'settings_updated' ), esc_html__( 'Invalid user role detected when processing form. No updates have been made.', 'disable-json-api' ), 'error' );
+
             return;
         }
@@ -232 +236 @@
             // Unauthorized users default to no routes allowed. All other user roles default to allowing all routes
             $rest_routes_for_setting = DRA_Helpers::build_routes_rule_for_all( $default_allow );
-            $msg = esc_html__( 'All allowlists have been reset for this user role.', 'disable-json-api' );
+            $msg                     = esc_html__( 'All allowlists have been reset for this user role.', 'disable-json-api' );
 
         } else {
@@ -238 +242 @@
             // Get back the full list of true/false routes based on the posted routes allowed
             $rest_routes_for_setting = DRA_Helpers::build_routes_rule( $rest_routes );
-            $msg = esc_html__( 'Allowlist settings saved for this user role.', 'disable-json-api' );
+            $msg                     = esc_html__( 'Allowlist settings saved for this user role.', 'disable-json-api' );
 
         }
 
         // Save only the rules for this role back to itself
-        $arr_option['roles'][$role] = array(
-            'default_allow'     => $default_allow,
-            'allow_list'        => $rest_routes_for_setting,
+        $arr_option['roles'][ $role ] = array(
+            'default_allow' => $default_allow,
+            'allow_list'    => $rest_routes_for_setting,
         );
 
@@ -274 +278 @@
      */
     private function get_wp_error( $access ) {
-        $error_message = esc_html__( 'DRA: Only authenticated users can access the REST API.', 'disable-json-api' );
+        $dra_error_message = apply_filters( 'dra_error_message', 'DRA: Only authenticated users can access the REST API.', $access );
+        $error_message     = esc_html__( $dra_error_message, 'disable-json-api' );
 
         if ( is_wp_error( $access ) ) {
@@ -292 +297 @@
 
         // If our new option already exists, we can bail
-        if ( get_option( 'disable_rest_api_options') ) {
+        if ( get_option( 'disable_rest_api_options' ) ) {
             return;
         }
@@ -309 +314 @@
         // Define the basic structure of our new option
         $arr_option = array(
-            'version'           => self::VERSION,       // the current version of this plugin
-            'default_allow'     => true,                // if a role is not specifically defined in the settings, should the default be to ALLOW the route or not?
-            'roles'             => array(),             // array of the user roles in this install of wordpress
+            'version'       => self::VERSION,       // the current version of this plugin
+            'default_allow' => true,                // if a role is not specifically defined in the settings, should the default be to ALLOW the route or not?
+            'roles'         => array(),             // array of the user roles in this install of wordpress
         );
 
@@ -325 +330 @@
         // Define the "unauthenticated" rules based on the old option value (or default value of "nothing")
         $arr_option['roles']['none'] = array(
-            'default_allow'     => false,
-            'allow_list'        => $new_unauthenticated_rules,
+            'default_allow' => false,
+            'allow_list'    => $new_unauthenticated_rules,
         );
 
@@ -353 +358 @@
 
         $user = wp_get_current_user();
+
         return ( array ) $user->roles;
 

disable-json-api/trunk/classes/helpers.php

@@ -1 +1 @@
 <?php
+
 class DRA_Helpers {
 
@@ -8 +9 @@
      */
     static function get_all_rest_routes() {
-        $wp_rest_server     = rest_get_server();
+        $wp_rest_server = rest_get_server();
+
         return array_keys( $wp_rest_server->get_routes() );
     }
@@ -19 +21 @@
      */
     static function get_all_rest_namespaces() {
-        $wp_rest_server     = rest_get_server();
+        $wp_rest_server = rest_get_server();
+
         return $wp_rest_server->get_namespaces();
     }
@@ -45 +48 @@
                 $new_value = true;
             }
-            $new_rules[esc_html($route)] = $new_value;
+            $new_rules[ esc_html( $route ) ] = $new_value;
         }
 
@@ -69 +72 @@
         // Loop through ALL routes, set all to the desired value
         foreach ( $all_routes as $route ) {
-            $new_rules[esc_html($route)] = $default_value;
+            $new_rules[ esc_html( $route ) ] = $default_value;
         }
 
@@ -120 +123 @@
         }
 
-        $option_rules = array();
+        $option_rules  = array();
         $allowed_rules = array();
 
@@ -129 +132 @@
             $option_rules = ( array ) DRA_Helpers::build_routes_rule( $arr_option );
 
-        } elseif ( isset( $arr_option['roles'][$role]['allow_list'] ) ) {
+        } elseif ( isset( $arr_option['roles'][ $role ]['allow_list'] ) ) {
 
             // If we have a definition for the currently requested role, return it
-            $option_rules = ( array ) $arr_option['roles'][$role]['allow_list'];
+            $option_rules = ( array ) $arr_option['roles'][ $role ]['allow_list'];
 
         } else {
@@ -175 +178 @@
         $default_allow = ( 'none' == $role ) ? false : true;
 
-        if ( isset( $arr_option['roles'][$role]['default_allow'] ) ) {
-            $default_allow = $arr_option['roles'][$role]['default_allow'];
+        if ( isset( $arr_option['roles'][ $role ]['default_allow'] ) ) {
+            $default_allow = $arr_option['roles'][ $role ]['default_allow'];
         }
 
@@ -199 +202 @@
 
         $editable_roles = get_editable_roles();
-        if ( isset( $editable_roles[$role] ) ) {
-            return translate_user_role( $editable_roles[$role]['name'] );
+        if ( isset( $editable_roles[ $role ] ) ) {
+            return translate_user_role( $editable_roles[ $role ]['name'] );
         }
 

disable-json-api/trunk/classes/requirements-check.php

@@ -15 +15 @@
     public function __construct( $args ) {
         foreach ( array( 'title', 'php', 'wp', 'file' ) as $setting ) {
-            if ( isset( $args[$setting] ) ) {
-                $this->$setting = $args[$setting];
+            if ( isset( $args[ $setting ] ) ) {
+                $this->$setting = $args[ $setting ];
             }
         }
@@ -26 +26 @@
             add_action( 'admin_notices', array( $this, 'deactivate' ) );
         }
+
         return $passes;
     }
@@ -40 +41 @@
         } else {
             add_action( 'admin_notices', array( $this, 'php_version_notice' ) );
+
             return false;
         }
@@ -59 +61 @@
         } else {
             add_action( 'admin_notices', array( $this, 'wp_version_notice' ) );
+
             return false;
         }

disable-json-api/trunk/disable-json-api.php

@@ -4 +4 @@
  * Plugin URI: http://www.binarytemplar.com/disable-json-api
  * Description: Disable the use of the REST API on your website to anonymous users. You can optionally enable select endpoints if you wish. Now with support for User Roles!
- * Version: 1.7
+ * Version: 1.8
+ * Requires at least: 4.9
+ * Requires PHP: 5.6
  * Author: Dave McHale
  * Author URI: http://www.binarytemplar.com
+ * License: GPL2+
+ * License URI: https://www.gnu.org/licenses/gpl-2.0.html
  * Text Domain: disable-json-api
  * Domain Path: /languages
- * License: GPL2+
  */
 
@@ -28 +31 @@
 $dra_requirements_check = new DRA_Requirements_Check( array(
     'title' => 'Disable REST API',
-    'php'   => '5.3',
-    'wp'    => '4.4',
+    'php'   => '5.6',
+    'wp'    => '4.9',
     'file'  => __FILE__,
 ) );
@@ -41 +44 @@
     remove_action( 'template_redirect', 'rest_output_link_header', 11 );
 
-    // WordPress 4.7+ disables the REST API via authentication short-circuit.
-    // For versions of WordPress < 4.7, disable the REST API via filters
-    if ( version_compare( get_bloginfo( 'version' ), '4.7', '>=' ) ) {
+    // Load in extra classes
+    require_once( plugin_dir_path( __FILE__ ) . 'classes/helpers.php' );
 
-        // Load in extra classes
-        require_once( plugin_dir_path( __FILE__ ) . 'classes/helpers.php' );
+    // Only load admin classes if in admin area
+    if ( is_admin() ) {
+        require_once( plugin_dir_path( __FILE__ ) . 'classes/admin.php' );
+    }
 
-        // Only load admin classes if in admin area
-        if ( is_admin() ) {
-            require_once( plugin_dir_path( __FILE__ ) . 'classes/admin.php' );
-        }
-
-        // Load the primary Disable_REST_API class
-        require_once( plugin_dir_path( __FILE__ ) . 'classes/disable-rest-api.php' );
-        new Disable_REST_API( __FILE__ );
-
-    } else {
-        require_once( plugin_dir_path( __FILE__ ) . 'functions/legacy.php' );
-        DRA_Disable_Via_Filters();
-    }
+    // Load the primary Disable_REST_API class
+    require_once( plugin_dir_path( __FILE__ ) . 'classes/disable-rest-api.php' );
+    new Disable_REST_API( __FILE__ );
 
 }

disable-json-api/trunk/readme.txt

@@ -2 +2 @@
 Contributors: dmchale, tangrufus
 Tags: admin, api, json, REST, rest-api, disable
-Requires at least: 4.4
+Requires at least: 4.9
 Requires PHP: 5.6
-Tested up to: 5.8
-Stable tag: 1.7
+Tested up to: 6.3
+Stable tag: 1.8
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -46 +46 @@
 
 == Changelog ==
+
+= 1.8 =
+* Tested up to WP v6.3
+* Added `dra_error_message` filter so devs can customize the access error message
+* Fixed bug that caused fatal errors if activating plugin on installations running the LearnPress plugin
+* Changed minimum requirements to PHP 5.6 (up from 5.3) and WordPress 4.9 (up from 4.4). Adding docblock comments to support minimums.
 
 = 1.7 =
@@ -100 +106 @@
 == Upgrade Notice ==
 
+= 1.8 =
+* Improved UI/UX of admin settings page to better manage routes
+
 = 1.6 =
 * By popular request... now with User Role support!