Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3484579

Timestamp:

03/17/2026 09:02:21 AM (11 days ago)

Author:

semust

Message:

Version 1.2.0 - UPDATED

Location:

Files:

: 2 added
: 10 edited
: 1 copied

tags/1.2.0 (copied) (copied from semust/trunk)
tags/1.2.0/includes/class-semust-api.php (modified) (7 diffs)
tags/1.2.0/includes/class-semust-auth.php (modified) (2 diffs)
tags/1.2.0/includes/class-semust-core.php (modified) (2 diffs)
tags/1.2.0/includes/class-semust-media.php (added)
tags/1.2.0/readme.txt (modified) (2 diffs)
tags/1.2.0/semust-seo.php (modified) (2 diffs)
trunk/includes/class-semust-api.php (modified) (7 diffs)
trunk/includes/class-semust-auth.php (modified) (2 diffs)
trunk/includes/class-semust-core.php (modified) (2 diffs)
trunk/includes/class-semust-media.php (added)
trunk/readme.txt (modified) (2 diffs)
trunk/semust-seo.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

semust/tags/1.2.0/includes/class-semust-api.php

-                      r3427143
+                      r3484579
     private $auth;
     private $posts;
+    public function __construct(SEMUST_Auth $auth, SEMUST_Posts $posts) {
+    private $media;
+    public function __construct(SEMUST_Auth $auth, SEMUST_Posts $posts, SEMUST_Media $media) {
         $this->auth = $auth;
         $this->posts = $posts;
+        $this->media = $media;
+    }
 …
             'permission_callback' => [$this->auth, 'verify_request']
         ]);
+        // GET /list-posts - List posts
+        register_rest_route(self::NAMESPACE, '/list-posts', [
+            'methods' => WP_REST_Server::READABLE,
+            'callback' => [$this, 'list_posts'],
+            'permission_callback' => [$this->auth, 'verify_request'],
+            'args' => $this->list_posts_args()
+        ]);
+        // GET /media-library - Get media library items
+        register_rest_route(self::NAMESPACE, '/media-library', [
+            'methods' => WP_REST_Server::READABLE,
+            'callback' => [$this, 'get_media_library'],
+            'permission_callback' => [$this->auth, 'verify_request'],
+            'args' => $this->media_library_args()
+        ]);
+        // POST /upload-media - Upload media file
+        register_rest_route(self::NAMESPACE, '/upload-media', [
+            'methods' => WP_REST_Server::CREATABLE,
+            'callback' => [$this, 'upload_media'],
+            'permission_callback' => [$this->auth, 'verify_request']
+        ]);
+    }
 …
     /**
      * POST /update-post - Update post content
+     * POST /update-post - Update post content or create new post
      */
     public function update_post($request) {
         $url = $request->get_param('url');
         $content = $request->get_param('content');
+        $meta = $request->get_param('meta');
+        $action = $request->get_param('action');
+        // Default action is update
+        if (empty($action)) {
+            $action = 'update';
+        }
+        // Validate URL parameter for update action
+        if ($action === 'update' && empty($url)) {
+            return new WP_Error(
+                'semust_missing_url',
+                __('URL parameter is required when action is "update"', 'semust'),
+                ['status' => 400]
+            );
+        }
         // Sanitize content with wp_kses_post to allow safe HTML
         $content = wp_kses_post($content);
+        // Sanitize metadata if provided
+        $sanitized_meta = null;
+        if (!empty($meta) && is_array($meta)) {
+            $sanitized_meta = [
+                'title' => isset($meta['title']) ? sanitize_text_field($meta['title']) : '',
+                'excerpt' => isset($meta['excerpt']) ? sanitize_text_field($meta['excerpt']) : '',
+                'slug' => isset($meta['slug']) ? sanitize_title($meta['slug']) : '',
+                'featured_media' => isset($meta['featured_media']) ? intval($meta['featured_media']) : null
+            ];
+        }
+        // Handle create action
+        if ($action === 'create') {
+            return $this->create_new_post($content, $sanitized_meta);
+        }
+        // Handle update action (existing logic)
+        return $this->update_existing_post($url, $content, $sanitized_meta);
+    }
+    /**
+     * Create new post with content and metadata
+     */
+    private function create_new_post($content, $meta) {
+        $post_data = [
+            'post_content' => $content,
+            'post_status' => 'draft', // Create as draft for safety
+            'post_type' => 'post',
+        ];
+        // Add metadata if provided
+        if (!empty($meta)) {
+            if (!empty($meta['title'])) {
+                $post_data['post_title'] = $meta['title'];
+            }
+            if (!empty($meta['excerpt'])) {
+                $post_data['post_excerpt'] = $meta['excerpt'];
+            }
+            if (!empty($meta['slug'])) {
+                $post_data['post_name'] = $meta['slug'];
+            }
+        }
+        // Insert the post
+        $post_id = wp_insert_post($post_data, true);
+        if (is_wp_error($post_id)) {
+            return new WP_Error(
+                'semust_create_failed',
+                $post_id->get_error_message(),
+                ['status' => 500]
+            );
+        }
+        // Handle featured image if provided
+        if (!empty($meta['featured_media'])) {
+            $featured_result = $this->media->set_featured_image($post_id, intval($meta['featured_media']));
+            if (is_wp_error($featured_result)) {
+                // Log warning but don't fail the post creation
+                error_log('SEMUST: Failed to set featured image: ' . $featured_result->get_error_message());
+            }
+        }
+        return rest_ensure_response([
+            'success' => true,
+            'post_id' => $post_id,
+            'action' => 'created',
+            'url' => get_permalink($post_id),
+            'featured_media' => $this->media->get_featured_image($post_id),
+            'message' => __('Post created successfully', 'semust')
+        ]);
+    }
+    /**
+     * Update existing post with content and metadata
+     */
+    private function update_existing_post($url, $content, $meta) {
         $post = $this->posts->find_by_url($url);
 …
+        }
+        $result = $this->posts->update_content($post['post_id'], $content);
+        $post_data = [
+            'ID' => $post['post_id'],
+            'post_content' => $content,
+        ];
+        // Update metadata if provided
+        if (!empty($meta)) {
+            if (!empty($meta['title'])) {
+                $post_data['post_title'] = $meta['title'];
+            }
+            if (!empty($meta['excerpt'])) {
+                $post_data['post_excerpt'] = $meta['excerpt'];
+            }
+            if (!empty($meta['slug'])) {
+                $post_data['post_name'] = $meta['slug'];
+            }
+        }
+        $result = wp_update_post($post_data, true);
         if (is_wp_error($result)) {
 …
+        }
+        // Handle featured image if provided
+        if (isset($meta['featured_media'])) {
+            if ($meta['featured_media'] === 0 || $meta['featured_media'] === null) {
+                // Remove featured image
+                $this->media->remove_featured_image($post['post_id']);
+            } else {
+                // Set featured image
+                $featured_result = $this->media->set_featured_image($post['post_id'], intval($meta['featured_media']));
+                if (is_wp_error($featured_result)) {
+                    error_log('SEMUST: Failed to set featured image: ' . $featured_result->get_error_message());
+                }
+            }
+        }
+        // Clear cache
+        clean_post_cache($post['post_id']);
         return rest_ensure_response([
             'success' => true,
             'post_id' => $post['post_id'],
+            'action' => 'updated',
+            'url' => get_permalink($post['post_id']),
+            'featured_media' => $this->media->get_featured_image($post['post_id']),
             'message' => __('Post updated successfully', 'semust')
         ]);
 …
     /**
+     * GET /list-posts - List posts with search support
+     */
+    public function list_posts($request) {
+        $search = $request->get_param('search');
+        $per_page = $request->get_param('per_page') ?: 50;
+        $page = $request->get_param('page') ?: 1;
+        $args = [
+            'post_type' => 'post',
+            'post_status' => ['publish', 'draft', 'pending', 'private'],
+            'posts_per_page' => $per_page,
+            'paged' => $page,
+            'orderby' => 'modified',
+            'order' => 'DESC',
+        ];
+        // Add search if provided
+        if (!empty($search)) {
+            $args['s'] = sanitize_text_field($search);
+        }
+        $query = new \WP_Query($args);
+        $posts = [];
+        foreach ($query->posts as $post) {
+            $posts[] = [
+                'id' => $post->ID,
+                'title' => $post->post_title,
+                'url' => get_permalink($post->ID),
+                'status' => $post->post_status,
+                'modified' => $post->post_modified,
+            ];
+        }
+        return rest_ensure_response([
+            'success' => true,
+            'posts' => $posts,
+            'total' => $query->found_posts,
+            'pages' => $query->max_num_pages,
+        ]);
+    }
+    /**
      * Arguments for GET /post
      */
 …
         return [
             'url' => [
                 'required' => true,
+                'required' => false,
                 'type' => 'string',
                 'sanitize_callback' => 'esc_url_raw',
                 'description' => __('Post URL to update', 'semust')
+                'description' => __('Post URL to update (required for action=update)', 'semust')
             ],
             'content' => [
                 'required' => true,
                 'type' => 'string',
+                'description' => __('New post content', 'semust')
+                'description' => __('Post content', 'semust')
+            ],
+            'meta' => [
+                'required' => false,
+                'type' => 'object',
+                'description' => __('Post metadata (title, excerpt, slug, featured_media)', 'semust')
+            ],
+            'action' => [
+                'required' => false,
+                'type' => 'string',
+                'default' => 'update',
+                'enum' => ['create', 'update'],
+                'description' => __('Action to perform: create or update', 'semust')
+            ]
         ];
+    }
+    /**
+     * Arguments for GET /list-posts
+     */
+    private function list_posts_args() {
+        return [
+            'search' => [
+                'required' => false,
+                'type' => 'string',
+                'sanitize_callback' => 'sanitize_text_field',
+                'description' => __('Search posts by title', 'semust')
+            ],
+            'per_page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 50,
+                'description' => __('Number of posts per page', 'semust')
+            ],
+            'page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 1,
+                'description' => __('Page number', 'semust')
+            ]
+        ];
+    }
+    /**
+     * GET /media-library - Get media library items
+     */
+    public function get_media_library($request) {
+        $args = [
+            'search' => $request->get_param('search'),
+            'per_page' => $request->get_param('per_page') ?: 50,
+            'page' => $request->get_param('page') ?: 1
+        ];
+        $result = $this->media->get_media_library($args);
+        return rest_ensure_response([
+            'success' => true,
+            'data' => $result
+        ]);
+    }
+    /**
+     * POST /upload-media - Upload media file
+     */
+    public function upload_media($request) {
+        // Get uploaded files
+        $files = $request->get_file_params();
+        if (empty($files['file'])) {
+            return new WP_Error(
+                'semust_no_file',
+                __('No file uploaded', 'semust'),
+                ['status' => 400]
+            );
+        }
+        // Upload the file
+        $result = $this->media->upload_media($files['file']);
+        if (is_wp_error($result)) {
+            return $result;
+        }
+        return rest_ensure_response([
+            'success' => true,
+            'data' => $result,
+            'message' => __('Media uploaded successfully', 'semust')
+        ]);
+    }
+    /**
+     * Arguments for GET /media-library
+     */
+    private function media_library_args() {
+        return [
+            'search' => [
+                'required' => false,
+                'type' => 'string',
+                'sanitize_callback' => 'sanitize_text_field',
+                'description' => __('Search media by title', 'semust')
+            ],
+            'per_page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 50,
+                'minimum' => 1,
+                'maximum' => 100,
+                'description' => __('Number of items per page', 'semust')
+            ],
+            'page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 1,
+                'minimum' => 1,
+                'description' => __('Page number', 'semust')
+            ]
+        ];
+    }
+}

semust/tags/1.2.0/includes/class-semust-auth.php

-                      r3427143
+                      r3484579
      */
     public function verify_request($request) {
+        // Enforce HTTPS in production
+        if (!is_ssl() && !defined('WP_DEBUG')) {
+            return new WP_Error(
+                'semust_https_required',
+                __('HTTPS is required for API requests', 'semust'),
+                ['status' => 403]
+            );
+        }
         $stored_key = $this->get_api_key();
 …
+        }
+        // Set current user to admin after successful API key auth
+        // This is needed for current_user_can() checks in update operations
+        $admins = get_users(['role' => 'administrator', 'number' => 1]);
+        if (!empty($admins)) {
+            wp_set_current_user($admins[0]->ID);
+        // Rate limiting check
+        $key_hash = md5($provided_key);
+        $transient_key = 'semust_rate_limit_' . $key_hash;
+        $requests = get_transient($transient_key);
+        if ($requests === false) {
+            $requests = 0;
+        }
+        // Limit: 100 requests per minute
+        if ($requests >= 100) {
+            return new WP_Error(
+                'semust_rate_limit',
+                __('Rate limit exceeded. Maximum 100 requests per minute.', 'semust'),
+                ['status' => 429]
+            );
+        }
+        // Increment request counter
+        set_transient($transient_key, $requests + 1, 60);
+        // API key authentication successful
+        // Note: We don't set current user to avoid privilege escalation
+        // API key represents site-level authorization
         return true;
+    }

semust/tags/1.2.0/includes/class-semust-core.php

-                      r3427143
+                      r3484579
     public $auth;
     public $posts;
+    public $media;
     public $admin;
 …
         $this->auth = new SEMUST_Auth();
         $this->posts = new SEMUST_Posts();
+        $this->api = new SEMUST_Api($this->auth, $this->posts);
+        $this->media = new SEMUST_Media();
+        $this->api = new SEMUST_Api($this->auth, $this->posts, $this->media);
         if (is_admin()) {

semust/tags/1.2.0/readme.txt

-                      r3427148
+                      r3484579
 Requires at least: 5.0
 Tested up to: 6.9
 Stable tag: 1.0.1
+Stable tag: 1.2.0
 Requires PHP: 7.4
 License: GPLv2 or later
 …
 For support and questions, please visit [semust.com](https://semust.com) or contact us through the SEMUST dashboard.
-== Changelog ==
-= 1.0.0 =
-* Initial release
-* REST API endpoints for post management
-* Admin settings page with v2 design

semust/tags/1.2.0/semust-seo.php

-                      r3427145
+                      r3484579
  * Plugin Name: SEMUST
  * Description: Connect your WordPress site to SEMUST SEO platform
  * Version: 1.0.1
+ * Version: 1.2.0
  * Author: SEMUST
  * Author URI: https://semust.com/hakkimizda
 …
  * Requires PHP: 7.4
  * Tested up to: 6.9
+ *
+ * Changelog:
+ * 1.2.0 - Added media library management, featured image support, and WordPress post management
+ * 1.0.1 - Previous version
+ * 1.0.0 - Initial release
  */
 if (!defined('ABSPATH')) exit;
 define('SEMUST_VERSION', '1.0.0');
+define('SEMUST_VERSION', '1.2.0');
 define('SEMUST_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('SEMUST_PLUGIN_URL', plugin_dir_url(__FILE__));

semust/trunk/includes/class-semust-api.php

-                      r3427143
+                      r3484579
     private $auth;
     private $posts;
+    public function __construct(SEMUST_Auth $auth, SEMUST_Posts $posts) {
+    private $media;
+    public function __construct(SEMUST_Auth $auth, SEMUST_Posts $posts, SEMUST_Media $media) {
         $this->auth = $auth;
         $this->posts = $posts;
+        $this->media = $media;
+    }
 …
             'permission_callback' => [$this->auth, 'verify_request']
         ]);
+        // GET /list-posts - List posts
+        register_rest_route(self::NAMESPACE, '/list-posts', [
+            'methods' => WP_REST_Server::READABLE,
+            'callback' => [$this, 'list_posts'],
+            'permission_callback' => [$this->auth, 'verify_request'],
+            'args' => $this->list_posts_args()
+        ]);
+        // GET /media-library - Get media library items
+        register_rest_route(self::NAMESPACE, '/media-library', [
+            'methods' => WP_REST_Server::READABLE,
+            'callback' => [$this, 'get_media_library'],
+            'permission_callback' => [$this->auth, 'verify_request'],
+            'args' => $this->media_library_args()
+        ]);
+        // POST /upload-media - Upload media file
+        register_rest_route(self::NAMESPACE, '/upload-media', [
+            'methods' => WP_REST_Server::CREATABLE,
+            'callback' => [$this, 'upload_media'],
+            'permission_callback' => [$this->auth, 'verify_request']
+        ]);
+    }
 …
     /**
      * POST /update-post - Update post content
+     * POST /update-post - Update post content or create new post
      */
     public function update_post($request) {
         $url = $request->get_param('url');
         $content = $request->get_param('content');
+        $meta = $request->get_param('meta');
+        $action = $request->get_param('action');
+        // Default action is update
+        if (empty($action)) {
+            $action = 'update';
+        }
+        // Validate URL parameter for update action
+        if ($action === 'update' && empty($url)) {
+            return new WP_Error(
+                'semust_missing_url',
+                __('URL parameter is required when action is "update"', 'semust'),
+                ['status' => 400]
+            );
+        }
         // Sanitize content with wp_kses_post to allow safe HTML
         $content = wp_kses_post($content);
+        // Sanitize metadata if provided
+        $sanitized_meta = null;
+        if (!empty($meta) && is_array($meta)) {
+            $sanitized_meta = [
+                'title' => isset($meta['title']) ? sanitize_text_field($meta['title']) : '',
+                'excerpt' => isset($meta['excerpt']) ? sanitize_text_field($meta['excerpt']) : '',
+                'slug' => isset($meta['slug']) ? sanitize_title($meta['slug']) : '',
+                'featured_media' => isset($meta['featured_media']) ? intval($meta['featured_media']) : null
+            ];
+        }
+        // Handle create action
+        if ($action === 'create') {
+            return $this->create_new_post($content, $sanitized_meta);
+        }
+        // Handle update action (existing logic)
+        return $this->update_existing_post($url, $content, $sanitized_meta);
+    }
+    /**
+     * Create new post with content and metadata
+     */
+    private function create_new_post($content, $meta) {
+        $post_data = [
+            'post_content' => $content,
+            'post_status' => 'draft', // Create as draft for safety
+            'post_type' => 'post',
+        ];
+        // Add metadata if provided
+        if (!empty($meta)) {
+            if (!empty($meta['title'])) {
+                $post_data['post_title'] = $meta['title'];
+            }
+            if (!empty($meta['excerpt'])) {
+                $post_data['post_excerpt'] = $meta['excerpt'];
+            }
+            if (!empty($meta['slug'])) {
+                $post_data['post_name'] = $meta['slug'];
+            }
+        }
+        // Insert the post
+        $post_id = wp_insert_post($post_data, true);
+        if (is_wp_error($post_id)) {
+            return new WP_Error(
+                'semust_create_failed',
+                $post_id->get_error_message(),
+                ['status' => 500]
+            );
+        }
+        // Handle featured image if provided
+        if (!empty($meta['featured_media'])) {
+            $featured_result = $this->media->set_featured_image($post_id, intval($meta['featured_media']));
+            if (is_wp_error($featured_result)) {
+                // Log warning but don't fail the post creation
+                error_log('SEMUST: Failed to set featured image: ' . $featured_result->get_error_message());
+            }
+        }
+        return rest_ensure_response([
+            'success' => true,
+            'post_id' => $post_id,
+            'action' => 'created',
+            'url' => get_permalink($post_id),
+            'featured_media' => $this->media->get_featured_image($post_id),
+            'message' => __('Post created successfully', 'semust')
+        ]);
+    }
+    /**
+     * Update existing post with content and metadata
+     */
+    private function update_existing_post($url, $content, $meta) {
         $post = $this->posts->find_by_url($url);
 …
+        }
+        $result = $this->posts->update_content($post['post_id'], $content);
+        $post_data = [
+            'ID' => $post['post_id'],
+            'post_content' => $content,
+        ];
+        // Update metadata if provided
+        if (!empty($meta)) {
+            if (!empty($meta['title'])) {
+                $post_data['post_title'] = $meta['title'];
+            }
+            if (!empty($meta['excerpt'])) {
+                $post_data['post_excerpt'] = $meta['excerpt'];
+            }
+            if (!empty($meta['slug'])) {
+                $post_data['post_name'] = $meta['slug'];
+            }
+        }
+        $result = wp_update_post($post_data, true);
         if (is_wp_error($result)) {
 …
+        }
+        // Handle featured image if provided
+        if (isset($meta['featured_media'])) {
+            if ($meta['featured_media'] === 0 || $meta['featured_media'] === null) {
+                // Remove featured image
+                $this->media->remove_featured_image($post['post_id']);
+            } else {
+                // Set featured image
+                $featured_result = $this->media->set_featured_image($post['post_id'], intval($meta['featured_media']));
+                if (is_wp_error($featured_result)) {
+                    error_log('SEMUST: Failed to set featured image: ' . $featured_result->get_error_message());
+                }
+            }
+        }
+        // Clear cache
+        clean_post_cache($post['post_id']);
         return rest_ensure_response([
             'success' => true,
             'post_id' => $post['post_id'],
+            'action' => 'updated',
+            'url' => get_permalink($post['post_id']),
+            'featured_media' => $this->media->get_featured_image($post['post_id']),
             'message' => __('Post updated successfully', 'semust')
         ]);
 …
     /**
+     * GET /list-posts - List posts with search support
+     */
+    public function list_posts($request) {
+        $search = $request->get_param('search');
+        $per_page = $request->get_param('per_page') ?: 50;
+        $page = $request->get_param('page') ?: 1;
+        $args = [
+            'post_type' => 'post',
+            'post_status' => ['publish', 'draft', 'pending', 'private'],
+            'posts_per_page' => $per_page,
+            'paged' => $page,
+            'orderby' => 'modified',
+            'order' => 'DESC',
+        ];
+        // Add search if provided
+        if (!empty($search)) {
+            $args['s'] = sanitize_text_field($search);
+        }
+        $query = new \WP_Query($args);
+        $posts = [];
+        foreach ($query->posts as $post) {
+            $posts[] = [
+                'id' => $post->ID,
+                'title' => $post->post_title,
+                'url' => get_permalink($post->ID),
+                'status' => $post->post_status,
+                'modified' => $post->post_modified,
+            ];
+        }
+        return rest_ensure_response([
+            'success' => true,
+            'posts' => $posts,
+            'total' => $query->found_posts,
+            'pages' => $query->max_num_pages,
+        ]);
+    }
+    /**
      * Arguments for GET /post
      */
 …
         return [
             'url' => [
                 'required' => true,
+                'required' => false,
                 'type' => 'string',
                 'sanitize_callback' => 'esc_url_raw',
                 'description' => __('Post URL to update', 'semust')
+                'description' => __('Post URL to update (required for action=update)', 'semust')
             ],
             'content' => [
                 'required' => true,
                 'type' => 'string',
+                'description' => __('New post content', 'semust')
+                'description' => __('Post content', 'semust')
+            ],
+            'meta' => [
+                'required' => false,
+                'type' => 'object',
+                'description' => __('Post metadata (title, excerpt, slug, featured_media)', 'semust')
+            ],
+            'action' => [
+                'required' => false,
+                'type' => 'string',
+                'default' => 'update',
+                'enum' => ['create', 'update'],
+                'description' => __('Action to perform: create or update', 'semust')
+            ]
         ];
+    }
+    /**
+     * Arguments for GET /list-posts
+     */
+    private function list_posts_args() {
+        return [
+            'search' => [
+                'required' => false,
+                'type' => 'string',
+                'sanitize_callback' => 'sanitize_text_field',
+                'description' => __('Search posts by title', 'semust')
+            ],
+            'per_page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 50,
+                'description' => __('Number of posts per page', 'semust')
+            ],
+            'page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 1,
+                'description' => __('Page number', 'semust')
+            ]
+        ];
+    }
+    /**
+     * GET /media-library - Get media library items
+     */
+    public function get_media_library($request) {
+        $args = [
+            'search' => $request->get_param('search'),
+            'per_page' => $request->get_param('per_page') ?: 50,
+            'page' => $request->get_param('page') ?: 1
+        ];
+        $result = $this->media->get_media_library($args);
+        return rest_ensure_response([
+            'success' => true,
+            'data' => $result
+        ]);
+    }
+    /**
+     * POST /upload-media - Upload media file
+     */
+    public function upload_media($request) {
+        // Get uploaded files
+        $files = $request->get_file_params();
+        if (empty($files['file'])) {
+            return new WP_Error(
+                'semust_no_file',
+                __('No file uploaded', 'semust'),
+                ['status' => 400]
+            );
+        }
+        // Upload the file
+        $result = $this->media->upload_media($files['file']);
+        if (is_wp_error($result)) {
+            return $result;
+        }
+        return rest_ensure_response([
+            'success' => true,
+            'data' => $result,
+            'message' => __('Media uploaded successfully', 'semust')
+        ]);
+    }
+    /**
+     * Arguments for GET /media-library
+     */
+    private function media_library_args() {
+        return [
+            'search' => [
+                'required' => false,
+                'type' => 'string',
+                'sanitize_callback' => 'sanitize_text_field',
+                'description' => __('Search media by title', 'semust')
+            ],
+            'per_page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 50,
+                'minimum' => 1,
+                'maximum' => 100,
+                'description' => __('Number of items per page', 'semust')
+            ],
+            'page' => [
+                'required' => false,
+                'type' => 'integer',
+                'default' => 1,
+                'minimum' => 1,
+                'description' => __('Page number', 'semust')
+            ]
+        ];
+    }
+}

semust/trunk/includes/class-semust-auth.php

-                      r3427143
+                      r3484579
      */
     public function verify_request($request) {
+        // Enforce HTTPS in production
+        if (!is_ssl() && !defined('WP_DEBUG')) {
+            return new WP_Error(
+                'semust_https_required',
+                __('HTTPS is required for API requests', 'semust'),
+                ['status' => 403]
+            );
+        }
         $stored_key = $this->get_api_key();
 …
+        }
+        // Set current user to admin after successful API key auth
+        // This is needed for current_user_can() checks in update operations
+        $admins = get_users(['role' => 'administrator', 'number' => 1]);
+        if (!empty($admins)) {
+            wp_set_current_user($admins[0]->ID);
+        // Rate limiting check
+        $key_hash = md5($provided_key);
+        $transient_key = 'semust_rate_limit_' . $key_hash;
+        $requests = get_transient($transient_key);
+        if ($requests === false) {
+            $requests = 0;
+        }
+        // Limit: 100 requests per minute
+        if ($requests >= 100) {
+            return new WP_Error(
+                'semust_rate_limit',
+                __('Rate limit exceeded. Maximum 100 requests per minute.', 'semust'),
+                ['status' => 429]
+            );
+        }
+        // Increment request counter
+        set_transient($transient_key, $requests + 1, 60);
+        // API key authentication successful
+        // Note: We don't set current user to avoid privilege escalation
+        // API key represents site-level authorization
         return true;
+    }

semust/trunk/includes/class-semust-core.php

-                      r3427143
+                      r3484579
     public $auth;
     public $posts;
+    public $media;
     public $admin;
 …
         $this->auth = new SEMUST_Auth();
         $this->posts = new SEMUST_Posts();
+        $this->api = new SEMUST_Api($this->auth, $this->posts);
+        $this->media = new SEMUST_Media();
+        $this->api = new SEMUST_Api($this->auth, $this->posts, $this->media);
         if (is_admin()) {

semust/trunk/readme.txt

-                      r3427148
+                      r3484579
 Requires at least: 5.0
 Tested up to: 6.9
 Stable tag: 1.0.1
+Stable tag: 1.2.0
 Requires PHP: 7.4
 License: GPLv2 or later
 …
 For support and questions, please visit [semust.com](https://semust.com) or contact us through the SEMUST dashboard.
-== Changelog ==
-= 1.0.0 =
-* Initial release
-* REST API endpoints for post management
-* Admin settings page with v2 design

semust/trunk/semust-seo.php

-                      r3427145
+                      r3484579
  * Plugin Name: SEMUST
  * Description: Connect your WordPress site to SEMUST SEO platform
  * Version: 1.0.1
+ * Version: 1.2.0
  * Author: SEMUST
  * Author URI: https://semust.com/hakkimizda
 …
  * Requires PHP: 7.4
  * Tested up to: 6.9
+ *
+ * Changelog:
+ * 1.2.0 - Added media library management, featured image support, and WordPress post management
+ * 1.0.1 - Previous version
+ * 1.0.0 - Initial release
  */
 if (!defined('ABSPATH')) exit;
 define('SEMUST_VERSION', '1.0.0');
+define('SEMUST_VERSION', '1.2.0');
 define('SEMUST_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('SEMUST_PLUGIN_URL', plugin_dir_url(__FILE__));

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: