WordPress.org

Making WordPress.org

Changeset 6226


Ignore:
Timestamp:
12/03/17 22:01:27 (12 days ago)
Author:
coreymckrill
Message:

WordCamp Coming Soon: Disable anonymous REST requests in Coming Soon mode

This prevents the REST API from sending successful responses to unauthenticated
requests while Coming Soon mode is active, thus preventing the site's content
from being publicly accessible via REST.

Props RMarks, icaleb, briandichiara
Fixes #2934

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-coming-soon-page/classes/wordcamp-coming-soon-page.php

    r6014 r6226  
    99     */ 
    1010    public function __construct() { 
    11         add_action( 'init',               array( $this, 'init' ), 11 );                               // after WCCSP_Settings::init() 
    12         add_action( 'wp_enqueue_scripts', array( $this, 'manage_plugin_theme_stylesheets' ), 99 );    // (hopefully) after all plugins/themes have enqueued their styles 
    13         add_action( 'wp_head',            array( $this, 'render_dynamic_styles' ) ); 
    14         add_filter( 'template_include',   array( $this, 'override_theme_template' ) ); 
    15         add_action( 'template_redirect',  array( $this, 'disable_jetpacks_open_graph' ) ); 
    16         add_action( 'admin_bar_menu',     array( $this, 'admin_bar_menu_item' ), 1000 ); 
    17         add_action( 'admin_head',         array( $this, 'admin_bar_styling' ) ); 
    18         add_action( 'wp_head',            array( $this, 'admin_bar_styling' ) ); 
    19         add_action( 'admin_notices',      array( $this, 'block_new_post_admin_notice' ) ); 
    20         add_filter( 'get_post_metadata',  array( $this, 'jetpack_dont_email_post_to_subs' ), 10, 4 ); 
     11        add_action( 'init',                       array( $this, 'init' ), 11 );                               // after WCCSP_Settings::init() 
     12        add_action( 'wp_enqueue_scripts',         array( $this, 'manage_plugin_theme_stylesheets' ), 99 );    // (hopefully) after all plugins/themes have enqueued their styles 
     13        add_action( 'wp_head',                    array( $this, 'render_dynamic_styles' ) ); 
     14        add_filter( 'template_include',           array( $this, 'override_theme_template' ) ); 
     15        add_action( 'template_redirect',          array( $this, 'disable_jetpacks_open_graph' ) ); 
     16        add_filter( 'rest_authentication_errors', array( $this, 'disable_rest_endpoints' ) ); 
     17        add_action( 'admin_bar_menu',             array( $this, 'admin_bar_menu_item' ), 1000 ); 
     18        add_action( 'admin_head',                 array( $this, 'admin_bar_styling' ) ); 
     19        add_action( 'wp_head',                    array( $this, 'admin_bar_styling' ) ); 
     20        add_action( 'admin_notices',              array( $this, 'block_new_post_admin_notice' ) ); 
     21        add_filter( 'get_post_metadata',          array( $this, 'jetpack_dont_email_post_to_subs' ), 10, 4 ); 
    2122 
    2223        add_image_size( 'wccsp_image_medium_rectangle', 500, 300 ); 
     
    117118            add_filter( 'jetpack_enable_open_graph', '__return_false' ); 
    118119        } 
     120    } 
     121 
     122    /** 
     123     * Disable the REST API for unauthenticated requests when the Coming Soon page is active. 
     124     */ 
     125    public function disable_rest_endpoints( $access ) { 
     126        if ( $this->override_theme_template ) { 
     127            return new WP_Error( 
     128                'rest_cannot_access', 
     129                __( 'The REST API is not available while the site is in Coming Soon mode.', 'wordcamporg' ), 
     130                array( 'status' => 403 ) 
     131            ); 
     132        } 
     133 
     134        return $access; 
    119135    } 
    120136 
Note: See TracChangeset for help on using the changeset viewer.