WordPress.org
Get WordPress

Making WordPress.org

Changeset 9666


Ignore:
Timestamp:
04/01/2020 02:23:09 AM (5 years ago)
Author:
dd32
Message:

Plugin Directory: When the Favourite/Unfavourite button is clicked after the rest api nonce has expired (or their login session has expired) redirect back to the plugin page.

Fixes #5102.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-plugin-favorites.php

    r6287 r9666  
    3434            'permission_callback' => 'is_user_logged_in',
    3535        ) );
     36
     37        add_filter( 'rest_pre_echo_response', [ $this, 'override_cookie_expired_message' ], 10, 3 );
     38    }
     39
     40    /**
     41     * Redirect back to the plugins page when this endpoint is accessed with an invalid nonce.
     42     */
     43    function override_cookie_expired_message( $result, $obj, $request ) {
     44        if (
     45            is_array( $result ) && isset( $result['code'] ) &&
     46            'rest_cookie_invalid_nonce' == $result['code'] &&
     47            preg_match( '!^/plugins/v1/plugin/([^/]+)/favorite$!', $request->get_route(), $m )
     48        ) {
     49            $location = get_permalink( Plugin_Directory::get_plugin_post( $m[1] ) ) ?: home_url( '/' );
     50            header( "Location: $location" );
     51            // Still allow the REST API response to be rendered, browsers will follow the location header though.
     52        }
     53
     54        return $result;
    3655    }
    3756
Note: See TracChangeset for help on using the changeset viewer.