From 5713515269a417e27ce20ee349e16afe6e42c1f1 Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:48:22 -0700 Subject: [PATCH 1/9] Move to inline class instantiations and conditions. --- wp-rest-api-cache.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wp-rest-api-cache.php b/wp-rest-api-cache.php index 8719b36..5ed755c 100644 --- a/wp-rest-api-cache.php +++ b/wp-rest-api-cache.php @@ -4,7 +4,7 @@ * Description: Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints. * Author: Austin Passy * Author URI: http://github.com/thefrosty - * Version: 1.2.3 + * Version: 1.3.0 * Requires at least: 4.9 * Tested up to: 4.9 * Requires PHP: 7.0 @@ -17,10 +17,12 @@ use Dwnload\WpRestApi\WpAdmin\Admin; use TheFrosty\WpUtilities\Plugin\PluginFactory; -PluginFactory::create('rest-api-object-cache') - ->addOnHook(RestDispatch::class) - ->addOnHook(Admin::class) - ->initialize(); +$plugin = PluginFactory::create('rest-api-object-cache'); +$plugin->addOnHook(RestDispatch::class, 'rest_api_init')->initialize(); + +if (is_admin()) { + $plugin->add(new Admin())->initialize(); +} call_user_func_array( function ($filter) { From 7e093d8355cf3f38e6ef69bc2a90fbf7008ca080 Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:48:39 -0700 Subject: [PATCH 2/9] Remove helpers.php. --- helpers.php | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 helpers.php diff --git a/helpers.php b/helpers.php deleted file mode 100644 index ca258eb..0000000 --- a/helpers.php +++ /dev/null @@ -1,30 +0,0 @@ - Date: Mon, 30 Jul 2018 14:55:38 -0700 Subject: [PATCH 3/9] Remove input ID and add a conform to the cache clear button. --- views/settings.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/views/settings.php b/views/settings.php index 17c593c..948a495 100644 --- a/views/settings.php +++ b/views/settings.php @@ -26,12 +26,13 @@ - From 4441d31492d59c71f84925f91b61c0a627e3b498 Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:56:14 -0700 Subject: [PATCH 4/9] Remove helper functions and add a new replace method. --- src/RestApi/CacheApiTrait.php | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/src/RestApi/CacheApiTrait.php b/src/RestApi/CacheApiTrait.php index 83b301f..7ab8fe9 100644 --- a/src/RestApi/CacheApiTrait.php +++ b/src/RestApi/CacheApiTrait.php @@ -2,7 +2,6 @@ namespace Dwnload\WpRestApi\RestApi; -use function Dwnload\WpRestApi\Helpers\filter_var_string; use WP_REST_Request; use WP_REST_Server; @@ -44,7 +43,7 @@ protected function getCacheKey( } } - return filter_var_string(\apply_filters(RestDispatch::FILTER_API_KEY, $request_uri, $server, $request)); + return $this->sanitize(\apply_filters(RestDispatch::FILTER_API_KEY, $request_uri, $server, $request)); } /** @@ -54,7 +53,7 @@ protected function getCacheKey( */ protected function getCacheGroup() : string { - return filter_var_string(\apply_filters(RestDispatch::FILTER_API_GROUP, RestDispatch::CACHE_GROUP)); + return $this->sanitize(\apply_filters(RestDispatch::FILTER_API_GROUP, RestDispatch::CACHE_GROUP)); } /** @@ -68,11 +67,23 @@ protected function wpCacheFlush() : bool return \wp_cache_flush(); } + /** + * Empty all cache. + * + * @uses wp_cache_replace() + * @param string $key The key under which the value is stored. + * @return bool Returns TRUE on success or FALSE on failure. + */ + protected function wpCacheReplace(string $key) : bool + { + return \wp_cache_replace($this->cleanKey($key), false, $this->getCacheGroup(), -1); + } + /** * Empty all cache. * * @uses wp_cache_delete() - * @param string $key The key under which to store the value. + * @param string $key The key under which the value is stored. * @return bool Returns TRUE on success or FALSE on failure. */ protected function wpCacheDeleteByKey(string $key) : bool @@ -104,6 +115,16 @@ protected function cleanKey(string $key) : string */ protected function getRequestUri() : string { - return filter_var_string(wp_unslash($_SERVER['REQUEST_URI'])); + return $this->sanitize(\wp_unslash($_SERVER['REQUEST_URI'])); + } + + /** + * Sanitize incoming variables as a string value. + * @param mixed $variable + * @return string|false + */ + private function sanitize($variable) + { + return \filter_var($variable, FILTER_SANITIZE_STRING); } } From 7d2a49322c54ee0259952520841901806d5215b8 Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:56:36 -0700 Subject: [PATCH 5/9] Remove use of helper functions. --- src/RestApi/RestDispatch.php | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/RestApi/RestDispatch.php b/src/RestApi/RestDispatch.php index 6d7bf30..8c6fb41 100644 --- a/src/RestApi/RestDispatch.php +++ b/src/RestApi/RestDispatch.php @@ -2,8 +2,6 @@ namespace Dwnload\WpRestApi\RestApi; -use function Dwnload\WpRestApi\Helpers\filter_var_bool; -use function Dwnload\WpRestApi\Helpers\filter_var_int; use Dwnload\WpRestApi\WpAdmin\Admin; use Dwnload\WpRestApi\WpAdmin\Settings; use Dwnload\WpRestApi\WpRestApiCache; @@ -105,7 +103,7 @@ protected function preDispatch($result, WP_REST_Server $server, WP_REST_Request } // Cache is refreshed (cached below). - $refresh = filter_var_bool($request->get_param(self::QUERY_CACHE_REFRESH)); + $refresh = \filter_var($request->get_param(self::QUERY_CACHE_REFRESH), FILTER_VALIDATE_BOOLEAN); if ($refresh) { $server->send_header( self::CACHE_HEADER, @@ -128,8 +126,9 @@ protected function preDispatch($result, WP_REST_Server $server, WP_REST_Request ); } - $skip = filter_var_bool( - \apply_filters(self::FILTER_CACHE_SKIP, WP_DEBUG, $request_uri, $server, $request) + $skip = \filter_var( + \apply_filters(self::FILTER_CACHE_SKIP, WP_DEBUG, $request_uri, $server, $request), + FILTER_VALIDATE_BOOLEAN ); if ($skip) { $server->send_header( @@ -237,7 +236,7 @@ protected function getCachedResult( $this->cleanKey($key), $result, $group, - \absint($expire) + \intval($expire) ); return $result; @@ -324,7 +323,7 @@ private function dispatchShutdownAction(string $key) private function validateQueryParam(WP_REST_Request $request, string $key) : bool { return \array_key_exists($key, $request->get_query_params()) && - filter_var_int($request->get_query_params()[$key]) === 1; + \filter_var($request->get_query_params()[$key], FILTER_VALIDATE_INT) === 1; } /** @@ -336,10 +335,8 @@ private function validateQueryParam(WP_REST_Request $request, string $key) : boo */ private function queryParamContextIsEdit(WP_REST_Request $request) : bool { - return ( - array_key_exists('context', $request->get_query_params()) && - $request->get_query_params()['context'] === 'edit' - ); + return \array_key_exists('context', $request->get_query_params()) && + $request->get_query_params()['context'] === 'edit'; } /** From f84dd5de03e279b0461bfc8926987bc505b0a51f Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:57:17 -0700 Subject: [PATCH 6/9] Remove helper functions and add new custom capability that is mapped to `delete_users` (super_admin). --- src/WpAdmin/Admin.php | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/src/WpAdmin/Admin.php b/src/WpAdmin/Admin.php index e427231..547851c 100644 --- a/src/WpAdmin/Admin.php +++ b/src/WpAdmin/Admin.php @@ -2,7 +2,6 @@ namespace Dwnload\WpRestApi\WpAdmin; -use function Dwnload\WpRestApi\Helpers\filter_var_int; use Dwnload\WpRestApi\RestApi\CacheApiTrait; use Dwnload\WpRestApi\RestApi\RestDispatch; use Dwnload\WpRestApi\WpRestApiCache; @@ -21,6 +20,7 @@ class Admin implements WpHooksInterface const ACTION_REQUEST_FLUSH_CACHE = WpRestApiCache::FILTER_PREFIX . 'request_flush_cache'; const ADMIN_ACTION = WpRestApiCache::FILTER_PREFIX . 'flush'; + const CAPABILITY = 'manage_wp_rest_api_cache'; const FILTER_SHOW_ADMIN = WpRestApiCache::FILTER_PREFIX . 'show_admin'; const FILTER_SHOW_ADMIN_BAR_MENU = WpRestApiCache::FILTER_PREFIX . 'show_admin_bar_menu'; const FILTER_SHOW_ADMIN_MENU = WpRestApiCache::FILTER_PREFIX . 'show_admin_menu'; @@ -59,11 +59,33 @@ public function addHooks() $this->addAction('admin_action_' . self::ADMIN_ACTION, [$this, 'adminAction']); $this->addAction('admin_notices', [$this, 'adminNotices']); } - if ($this->showAdminMenuBar()) { $this->addAction('admin_bar_menu', [$this, 'adminBarMenu'], 999); } + if ($this->showAdminMenu() || $this->showAdminMenuBar()) { + $this->addFilter('map_meta_cap', [$this, 'mapMetaCap'], 10, 2); + } + } + } + + + /** + * Map `self::CAPABILITY` capability. + * + * @param array $caps Returns the user's actual capabilities. + * @param string $cap Capability name. + * @return array + */ + protected function mapMetaCap(array $caps, string $cap) : array + { + // Map single-site cap check to 'manage_options' + if ($cap === self::CAPABILITY) { + if (! \is_multisite()) { + $caps = ['delete_users']; + } } + + return $caps; } /** @@ -75,7 +97,7 @@ protected function adminMenu() 'options-general.php', \esc_html__('WP REST API Cache', 'wp-rest-api-cache'), \esc_html__('REST API Cache', 'wp-rest-api-cache'), - 'delete_users', + self::CAPABILITY, self::MENU_SLUG, function () { $this->renderPage(); @@ -90,7 +112,7 @@ function () { */ protected function adminBarMenu(WP_Admin_Bar $wp_admin_bar) { - if (! is_user_logged_in() || ! current_user_can('delete_users') || ! is_admin_bar_showing()) { + if (! \is_user_logged_in() || ! \current_user_can(self::CAPABILITY) || ! \is_admin_bar_showing()) { return; } @@ -103,6 +125,9 @@ protected function adminBarMenu(WP_Admin_Bar $wp_admin_bar) 'id' => self::MENU_ID, 'title' => \esc_html__('Empty all cache', 'wp-rest-api-cache'), 'href' => \esc_url($this->getEmptyCacheUrl()), + 'meta' => [ + 'onclick' => 'return confirm("This will clear ALL cache, continue?")' + ] ]); } @@ -130,7 +155,7 @@ protected function adminAction() protected function adminNotices() { if (! empty($_GET[self::NOTICE]) && - filter_var_int($_GET[self::NOTICE]) === 1 + \filter_var($_GET[self::NOTICE], FILTER_VALIDATE_INT) === 1 ) { $message = \esc_html__('The cache has been successfully cleared.', 'wp-rest-api-cache'); echo "

{$message}

"; // PHPCS: XSS OK. @@ -178,7 +203,7 @@ private function requestCallback() \wp_verify_nonce($_REQUEST[self::NONCE_NAME], 'rest_cache_options') !== false ) { if (! empty($_GET['rest_cache_empty']) && - filter_var_int($_GET['rest_cache_empty']) === 1 + \filter_var($_GET['rest_cache_empty'], FILTER_VALIDATE_INT) === 1 ) { if ($this->wpCacheFlush()) { $type = 'updated'; @@ -196,7 +221,7 @@ private function requestCallback() */ \do_action(self::ACTION_REQUEST_FLUSH_CACHE, $message, $type, \wp_get_current_user()); } elseif (! empty($_POST[self::OPTION_KEY])) { - if ($this->updateOptions($_POST['rest_cache_options'])) { + if ($this->updateOptions($_POST[self::OPTION_KEY])) { $type = 'updated'; $message = \esc_html__('The cache time has been updated', 'wp-rest-api-cache'); } else { @@ -280,6 +305,6 @@ private function showAdminMenu() : bool */ private function showAdminMenuBar() : bool { - return \apply_filters(self::FILTER_SHOW_ADMIN_BAR_MENU, true) === true; + return \apply_filters(self::FILTER_SHOW_ADMIN_BAR_MENU, \is_admin_bar_showing()) === true; } } From 03b283e46efef7544447ee8341997fedc590c97e Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:57:30 -0700 Subject: [PATCH 7/9] Update inline code format. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2211a59..91766cb 100755 --- a/README.md +++ b/README.md @@ -12,10 +12,10 @@ Enable object caching for WordPress' REST API. Aids in increased response times To install this package, edit your `composer.json` file: -```js +```json { "require": { - "dwnload/wp-rest-api-object-cache": "^1.2.0" + "dwnload/wp-rest-api-object-cache": "^1.3.0" } } ``` From 3dc8399f42b5c880226fd2f562e96376ed18924b Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:57:58 -0700 Subject: [PATCH 8/9] Version bump thefrosty/wp-utilities and remove helpers.php. --- composer.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/composer.json b/composer.json index 51ce4f3..81fe661 100755 --- a/composer.json +++ b/composer.json @@ -2,7 +2,7 @@ "name": "dwnload/wp-rest-api-object-cache", "description": "Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.", "type": "wordpress-plugin", - "version": "1.2.3", + "version": "1.3.0", "license": "MIT", "authors": [ { @@ -14,7 +14,7 @@ ], "require": { "composer/installers": "~1.0", - "thefrosty/wp-utilities": "^1.1.3", + "thefrosty/wp-utilities": "^1.2.2", "php": ">=7.0.4" }, "require-dev": { @@ -30,8 +30,7 @@ "autoload": { "psr-4": { "Dwnload\\WpRestApi\\": "src" - }, - "files": ["helpers.php"] + } }, "autoload-dev": { "psr-4": { From 7192335f9c037590c7692eb91b8e393061156cfc Mon Sep 17 00:00:00 2001 From: Austin Passy Date: Mon, 30 Jul 2018 14:58:06 -0700 Subject: [PATCH 9/9] Version 1.3 changelog. --- CHANGELONG.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/CHANGELONG.md b/CHANGELONG.md index 909a388..7ca9ef9 100755 --- a/CHANGELONG.md +++ b/CHANGELONG.md @@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## 1.3.0 - 2018-07-27 +### Updated +- Removed the `helper.php` file. +- Updated all the functions that were using the helper functions. +- Update [thefrosty/wp-utilities](https://github.com/thefrosty/wp-utilities) to 1.2.2. +- Fix save settings on admin page, (POST array key was incorrect). +- Add confirm to clear all cache button on settings page. +- Only load the Admin class in the admin. + +### Changed +- Added a new capability (`manage_wp_rest_api_cache`) to view the settings page and/or admin bar which +is (mapped to `delete_users`). +- The `Dwnload\WpRestApi\RestApi\RestDispatch::FILTER_CACHE_EXPIRE` filters expire sanitize function was changed from +`absint` to `inval` function to allow for zero and negative numbers. +- Pass `is_admin_bar_showing()` into FILTER_SHOW_ADMIN_BAR_MENU. + +### Added +- Added `wpCacheReplace()` to the `CacheApiTrait`. + ## 1.2.3 - 2018-05-30 ### Updated - Added permission check (`delete_users`) before adding admin bar node.