diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml index c336407..ea8e102 100644 --- a/.github/workflows/coding-standards.yml +++ b/.github/workflows/coding-standards.yml @@ -5,8 +5,6 @@ on: branches: - main pull_request: - schedule: - - cron: '0 0 * * *' jobs: coding-standards: diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index ece6829..155e250 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -5,9 +5,7 @@ on: branches: - main pull_request: - schedule: - - cron: '0 0 * * *' jobs: - coding-standards: + unit-test: uses: alleyinteractive/.github/.github/workflows/php-tests.yml@main diff --git a/CHANGELOG.md b/CHANGELOG.md index d8e5f18..a3dc604 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,23 @@ All notable changes to `wp-rest-guard` will be documented in this file. -## 0.1.0 - 202X-XX-XX +## v1.0.4 - 2024-01-12 -- Initial release +- Fixing an issue splitting lines by `\n` instead of `\r\n` on Windows. +- Allow `/wp-json/` to be included in the allow/deny lists. + +## v1.0.3 - 2023-08-28 + +- Bumping tested version to 6.3 + +## v1.0.2 - 2022-11-03 + +- Fixing another typo in the plugin name. + +## v1.0.1 - 2022-10-26 + +- Fixing a typo on the settings page. + +## v1.0.0 - 2022-10-19 + +- Stable re-release 🎊 diff --git a/README.md b/README.md index 73d219c..0ea7b48 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # REST API Guard -Stable tag: 1.0.2 +Stable tag: 1.0.4 Requires at least: 6.0 diff --git a/composer.json b/composer.json index fda088f..3725ab2 100644 --- a/composer.json +++ b/composer.json @@ -20,9 +20,9 @@ "php": "^7.4|^8.0" }, "require-dev": { - "alleyinteractive/alley-coding-standards": "^1.0", + "alleyinteractive/alley-coding-standards": "^2.0", "alleyinteractive/composer-wordpress-autoloader": "^1.0", - "mantle-framework/testkit": "^0.7", + "mantle-framework/testkit": "^0.12", "nunomaduro/collision": "^5.0" }, "config": { diff --git a/plugin.php b/plugin.php index 3424cd9..41b7564 100644 --- a/plugin.php +++ b/plugin.php @@ -3,7 +3,7 @@ * Plugin Name: REST API Guard * Plugin URI: https://github.com/alleyinteractive/wp-rest-api-guard * Description: Restrict and control access to the REST API - * Version: 1.0.3 + * Version: 1.0.4 * Author: Sean Fisher * Author URI: https://alley.co/ * Requires at least: 6.0 @@ -92,8 +92,6 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques return true; } - // todo: check settings. - /** * Filter the allowlist for allowed anonymous requests. * @@ -104,10 +102,15 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques if ( ! empty( $allowlist ) ) { if ( ! is_array( $allowlist ) ) { - $allowlist = explode( "\n", $allowlist ); + $allowlist = preg_split( '/\r\n|\r|\n/', $allowlist ); } foreach ( $allowlist as $allowlist_endpoint ) { + // Strip off /wp-json from the beginning of the endpoint if it was included. + if ( 0 === strpos( $allowlist_endpoint, '/wp-json' ) ) { + $allowlist_endpoint = substr( $allowlist_endpoint, 8 ); + } + if ( preg_match( '/' . str_replace( '\*', '.*', preg_quote( $allowlist_endpoint, '/' ) ) . '/', $endpoint ) ) { return false; } @@ -127,10 +130,15 @@ function should_prevent_anonymous_access( WP_REST_Server $server, WP_REST_Reques if ( ! empty( $denylist ) ) { if ( ! is_array( $denylist ) ) { - $denylist = explode( "\n", $denylist ); + $denylist = preg_split( '/\r\n|\r|\n/', $denylist ); } foreach ( $denylist as $denylist_endpoint ) { + // Strip off /wp-json from the beginning of the endpoint if it was included. + if ( 0 === strpos( $denylist_endpoint, '/wp-json' ) ) { + $denylist_endpoint = substr( $denylist_endpoint, 8 ); + } + if ( preg_match( '/' . str_replace( '\*', '.*', preg_quote( $denylist_endpoint, '/' ) ) . '/', $endpoint ) ) { return true; } diff --git a/readme.txt b/readme.txt index 6440980..3466a6f 100644 --- a/readme.txt +++ b/readme.txt @@ -1,5 +1,5 @@ === REST API Guard === -Stable tag: 1.0.3 +Stable tag: 1.0.4 Requires at least: 6.0 Tested up to: 6.3 Requires PHP: 7.4