WordPress.org
Get WordPress

Plugin Directory

Changeset 1880949


Ignore:
Timestamp:
05/24/2018 04:28:47 PM (8 years ago)
Author:
iteras
Message:

New release with support for disabling server-side validation

Location:
iteras/trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • iteras/trunk/README.txt

    r1880671 r1880949  
    33Requires at least: 3.5.1
    44Tested up to: 4.9.6
    5 Stable tag: 1.1.1
     5Stable tag: 1.2
    66License: GPLv2 or later
    77License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    7070
    7171== Changelog ==
     72= 1.2 =
     73* Output paywall pass cookie check result to be able to detect missing cookies
     74* New setting to disable server-side validation of paywall pass cookies
    7275
    7376= 1.1.2 =

  • iteras/trunk/admin/iteras-admin.php

    r1872759 r1880949  
    279279      'paywall_snippet_size' => sanitize_text_field($_POST['paywall_snippet_size']),
    280280      'paywall_integration_method' => sanitize_text_field($_POST['paywall_integration_method']),
     281      'paywall_server_side_validation' => isset($_POST['paywall_server_side_validation']),
    281282    );
    282283

  • iteras/trunk/admin/views/admin.php

    r1880222 r1880949  
    105105
    106106      <tr>
     107        <th scope="row"><label for="paywall_server_side_validation"><?php _e('Validation method', $domain); ?></label></th>
     108        <td>
     109          <label><input type="checkbox" name="paywall_server_side_validation" id="paywall_server_side_validation" <?php if ($settings['paywall_server_side_validation']) print("checked"); ?>><?php _e('Enable server-side validation of access pass cookie', $domain); ?></label>
     110          </select>
     111
     112          <p class="description"><?php _e("With server-side validation, the ITERAS API key will be used to check the signature of access pass cookies. This effectively prevents leaking paywalled content even for visitors trying to circumvent the paywall. However, in some cases a caching front-end service may strip the cookie before it reaches the WordPress server or only allow it through for logged-in WordPress users. In case it's not possible to reconfigure the service, you can disable server-side validation.", $domain); ?></p>
     113        </td>
     114      </tr>
     115
     116      <tr>
    107117        <th scope="row"><label for="paywall_integration_method"><?php _e('Paywall integration method', $domain); ?></label></th>
    108118        <td>

  • iteras/trunk/iteras.php

    r1880671 r1880949  
    1313 * Plugin URI:        https://app.iteras.dk
    1414 * Description:       Integration with ITERAS, a cloud-based state-of-the-art system for managing subscriptions/memberships and payments.
    15  * Version:           1.1.2
     15 * Version:           1.2
    1616 * Author:            ITERAS
    1717 * Author URI:        https://www.iteras.dk

  • iteras/trunk/languages/iteras-da_DK.po

    r1880222 r1880949  
    66"Project-Id-Version: iteras\n"
    77"Report-Msgid-Bugs-To: team@iteras.dk\n"
    8 "POT-Creation-Date: 2018-05-23 18:57+0200\n"
    9 "PO-Revision-Date: 2018-05-23 18:57+0200\n"
     8"POT-Creation-Date: 2018-05-24 18:24+0200\n"
     9"PO-Revision-Date: 2018-05-24 18:24+0200\n"
    1010"Last-Translator: Ole Laursen <olau@iteras.dk>\n"
    1111"Language-Team: da\n"
     
    209209
    210210#: admin/views/admin.php:107
     211msgid "Validation method"
     212msgstr "Verifikationsmåde"
     213
     214#: admin/views/admin.php:109
     215msgid "Enable server-side validation of access pass cookie"
     216msgstr "Aktiver serverkontrol af adgangstegn-cookie"
     217
     218#: admin/views/admin.php:112
     219msgid ""
     220"With server-side validation, the ITERAS API key will be used to check the "
     221"signature of access pass cookies. This effectively prevents leaking "
     222"paywalled content even for visitors trying to circumvent the paywall. "
     223"However, in some cases a caching front-end service may strip the cookie "
     224"before it reaches the WordPress server or only allow it through for logged-"
     225"in WordPress users. In case it's not possible to reconfigure the service, "
     226"you can disable server-side validation."
     227msgstr ""
     228"Med serverkontrol aktiveret bliver ITERAS API-nøglen brugt til at "
     229"kontrollere om signaturen på adgangstegn-cookies er ægte. Det forhindrer "
     230"effektivt at indhold bag betalingsmuren bliver lækket, selv for besøgende "
     231"som forsøger at omgå betalingsmuren. I nogle tilfælde sidder der dog en "
     232"cache-service forrest som fjerner cookien før den når WordPress-serveren "
     233"eller kun lader den komme igennem for WordPress-brugere der er logget ind. "
     234"Hvis det ikke er muligt at omkonfigurere sådan en service, kan du deaktivere "
     235"serverkontrol."
     236
     237#: admin/views/admin.php:117
    211238msgid "Paywall integration method"
    212239msgstr "Integrationsmåde for betalingsmur"
    213240
    214 #: admin/views/admin.php:115
     241#: admin/views/admin.php:125
    215242msgid ""
    216243"For custom integration use either <code>[iteras-paywall-content]...[/iteras-"
     
    222249"<code>Iteras::get_instance().potentially_paywall_content(...)</code>."
    223250
    224 #: admin/views/admin.php:127
     251#: admin/views/admin.php:137
    225252msgid ""
    226253"For more information about the ITERAS API check out the <a target=\"_blank\" "
     
    251278"%'>siden med indstillinger</a> for at rette dem."
    252279
    253 #: public/iteras-public.php:395
     280#: public/iteras-public.php:402
    254281msgid "ITERAS plugin improperly configured. Paywall box content is missing"
    255282msgstr ""

  • iteras/trunk/public/iteras-public.php

    r1880671 r1880949  
    1616class Iteras {
    1717
    18   const VERSION = '1.1.2';
     18  const VERSION = '1.2';
    1919
    2020  const SETTINGS_KEY = "iteras_settings";
     
    186186        $settings['api_key'] = '';
    187187        $settings['paywalls'] = array();
     188      }
     189      if (version_compare($old_version, "1.2", "lt")) {
     190        $settings['paywall_server_side_validation'] = true;
    188191      }
    189192
     
    262265        'paywalls' => array(),
    263266        'paywall_integration_method' => "auto",
     267        'paywall_server_side_validation' => true,
    264268        'paywall_display_type' => "redirect",
    265269        'paywall_box' => "",
     
    411415
    412416      $truncate_class = "";
    413       if (!(isset($_COOKIE['iteraspass']) && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['api_key']))) {
     417      if ($this->settings['paywall_server_side_validation'] &&
     418          !(isset($_COOKIE['iteraspass'])
     419            && $this->pass_authorized($_COOKIE['iteraspass'], $paywall_ids, $this->settings['api_key']))) {
    414420        $content = truncate_html($content, array_get($this->settings, 'paywall_snippet_size', self::DEFAULT_ARTICLE_SNIPPET_SIZE));
    415421        $truncate_class = "iteras-content-truncated";
     422        if (!isset($_COOKIE['iteraspass']))
     423          $truncate_class .= " iteras-no-pass";
     424        else
     425          $truncate_class .= " iteras-invalid-pass";
    416426      }
    417427
Note: See TracChangeset for help on using the changeset viewer.