Merge pull request #16 from alleyinteractive/hotfix/15-split

Fix issue splitting lines by platform

.github/workflows/coding-standards.yml

@@ -5,8 +5,6 @@ on:
     branches:
       - main
   pull_request:
-  schedule:
-    - cron: '0 0 * * *'
 
 jobs:
   coding-standards:

.github/workflows/unit-test.yml

@@ -5,9 +5,7 @@ on:
     branches:
       - main
   pull_request:
-  schedule:
-    - cron: '0 0 * * *'
 
 jobs:
-  coding-standards:
+  unit-test:
     uses: alleyinteractive/.github/.github/workflows/php-tests.yml@main

CHANGELOG.md

@@ -2,6 +2,23 @@
 
 All notable changes to `wp-rest-guard` will be documented in this file.
 
-## 0.1.0 - 202X-XX-XX
+## v1.0.4 - 2024-01-12
 
-- Initial release
+- Fixing an issue splitting lines by `\n` instead of `\r\n` on Windows.
+- Allow `/wp-json/` to be included in the allow/deny lists.
+
+## v1.0.3 - 2023-08-28
+
+- Bumping tested version to 6.3
+
+## v1.0.2 - 2022-11-03
+
+- Fixing another typo in the plugin name.
+
+## v1.0.1 - 2022-10-26
+
+- Fixing a typo on the settings page.
+
+## v1.0.0 - 2022-10-19
+
+- Stable re-release 🎊

README.md

@@ -1,6 +1,6 @@
 # REST API Guard
 
-Stable tag: 1.0.2
+Stable tag: 1.0.4
 
 Requires at least: 6.0
 

composer.json

@@ -20,9 +20,9 @@
         "php": "^7.4|^8.0"
     },
     "require-dev": {
-        "alleyinteractive/alley-coding-standards": "^1.0",
+        "alleyinteractive/alley-coding-standards": "^2.0",
         "alleyinteractive/composer-wordpress-autoloader": "^1.0",
-        "mantle-framework/testkit": "^0.7",
+        "mantle-framework/testkit": "^0.12",
         "nunomaduro/collision": "^5.0"
     },
     "config": {

plugin.php

@@ -3,7 +3,7 @@
  * Plugin Name: REST API Guard
  * Plugin URI: https://github.com/alleyinteractive/wp-rest-api-guard
  * Description: Restrict and control access to the REST API
- * Version: 1.0.3
+ * Version: 1.0.4
  * Author: Sean Fisher
  * Author URI: https://alley.co/
  * Requires at least: 6.0
@@ -92,8 +92,6 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques
 		return true;
 	}
 
-	// todo: check settings.
-
 	/**
 	 * Filter the allowlist for allowed anonymous requests.
 	 *
@@ -104,10 +102,15 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques
 
 	if ( ! empty( $allowlist ) ) {
 		if ( ! is_array( $allowlist ) ) {
-			$allowlist = explode( "\n", $allowlist );
+			$allowlist = preg_split( '/\r\n|\r|\n/', $allowlist );
 		}
 
 		foreach ( $allowlist as $allowlist_endpoint ) {
+			// Strip off /wp-json from the beginning of the endpoint if it was included.
+			if ( 0 === strpos( $allowlist_endpoint, '/wp-json' ) ) {
+				$allowlist_endpoint = substr( $allowlist_endpoint, 8 );
+			}
+
 			if ( preg_match( '/' . str_replace( '\*', '.*', preg_quote( $allowlist_endpoint, '/' ) ) . '/', $endpoint ) ) {
 				return false;
 			}
@@ -127,10 +130,15 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques
 
 	if ( ! empty( $denylist ) ) {
 		if ( ! is_array( $denylist ) ) {
-			$denylist = explode( "\n", $denylist );
+			$denylist = preg_split( '/\r\n|\r|\n/', $denylist );
 		}
 
 		foreach ( $denylist as $denylist_endpoint ) {
+			// Strip off /wp-json from the beginning of the endpoint if it was included.
+			if ( 0 === strpos( $denylist_endpoint, '/wp-json' ) ) {
+				$denylist_endpoint = substr( $denylist_endpoint, 8 );
+			}
+
 			if ( preg_match( '/' . str_replace( '\*', '.*', preg_quote( $denylist_endpoint, '/' ) ) . '/', $endpoint ) ) {
 				return true;
 			}

readme.txt

@@ -1,5 +1,5 @@
 === REST API Guard ===
-Stable tag: 1.0.3
+Stable tag: 1.0.4
 Requires at least: 6.0
 Tested up to: 6.3
 Requires PHP: 7.4