Making WordPress.org

Changeset 11237


Ignore:
Timestamp:
09/15/2021 06:20:16 AM (3 years ago)
Author:
dd32
Message:

Theme Directory: Introduce a specific constant/key for fetching the SVN Auth file.

This also stops outputting theme access rules until ready.

See #5899.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/theme-directory/rest-api/class-internal.php

    r11228 r11237  
    1111            'methods'             => \WP_REST_Server::CREATABLE,
    1212            'callback'            => array( $this, 'bulk_update_stats' ),
    13             'permission_callback' => array( $this, 'permission_check_internal_api_bearer' ),
     13            'permission_callback' => array( $this, 'permission_check_bearer' ),
    1414        ) );
    1515
     
    1717            'methods'             => \WP_REST_Server::READABLE,
    1818            'callback'            => array( $this, 'svn_auth' ),
    19             'permission_callback' => array( $this, 'permission_check_internal_api_bearer' ),
     19            'permission_callback' => function( $request ) {
     20                return $this->permission_check_bearer( $request, 'THEME_SVN_AUTH_BEARER_TOKEN' );
     21            }
    2022        ) );
    2123    }
     
    2426     * A Permission Check callback which validates the request with a Bearer token.
    2527     *
    26      * @param \WP_REST_Request $request The Rest API Request.
     28     * @param \WP_REST_Request $request  The Rest API Request.
     29     * @param string           $constant The constant to check.
    2730     * @return bool|\WP_Error True if the token exists, WP_Error upon failure.
    2831     */
    29     function permission_check_internal_api_bearer( $request ) {
     32    function permission_check_bearer( $request, $constant = 'THEME_API_INTERNAL_BEARER_TOKEN' ) {
    3033        $authorization_header = $request->get_header( 'authorization' );
    3134        $authorization_header = trim( str_ireplace( 'bearer', '', $authorization_header ) );
     
    3336        if (
    3437            ! $authorization_header ||
    35             ! defined( 'THEME_API_INTERNAL_BEARER_TOKEN' ) ||
    36             ! hash_equals( THEME_API_INTERNAL_BEARER_TOKEN, $authorization_header )
     38            ! defined( $constant ) ||
     39            ! hash_equals( constant( $constant ), $authorization_header )
    3740        ) {
    3841            return new WP_Error(
     
    7477        }
    7578        echo "\n";
     79
     80        // TODO: Temporarily don't output the Theme Authors until we're ready.
     81        exit();
    7682
    7783        // Theme Authors.
Note: See TracChangeset for help on using the changeset viewer.