Changeset 3404635
- Timestamp:
- 11/28/2025 05:47:27 AM (3 months ago)
- Location:
- secured-wp
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
secured-wp/tags/2.2.4/classes/Controllers/Modules/class-wp-secured.php
r3404364 r3404635 79 79 80 80 if ( ! empty( $options['disable_rest'] ) ) { 81 if ( false === \has_filter( 'rest_enabled', '__return_false' ) ) { 82 \add_filter( 'rest_enabled', '__return_false' ); 81 // The `rest_enabled` hook is deprecated. Use `rest_authentication_errors` 82 // to restrict access to the REST API. Here we restrict access to 83 // authenticated (logged-in) users only. If another filter already 84 // set an authentication error, respect it. 85 if ( false === \has_filter( 'rest_authentication_errors', array( __CLASS__, 'restrict_rest_authentication' ) ) ) { 86 // Attach after core authentication checks (core uses priorities 90/100). 87 \add_filter( 'rest_authentication_errors', array( __CLASS__, 'restrict_rest_authentication' ), 110 ); 83 88 } 84 89 } … … 146 151 public static function strip_version_query( string $src ): string { 147 152 return remove_query_arg( 'ver', $src ); 153 } 154 155 /** 156 * Restrict REST API access to authenticated users when enabled. 157 * 158 * @param null|\WP_Error $result Previous authentication result. 159 * @return null|\WP_Error 160 */ 161 public static function restrict_rest_authentication( $result ) { 162 if ( $result instanceof \WP_Error ) { 163 return $result; 164 } 165 166 // Allow authenticated users (including REST auth via cookies). 167 if ( \is_user_logged_in() ) { 168 return null; 169 } 170 171 // For unauthenticated requests deny access. 172 return new \WP_Error( 173 'rest_disabled', 174 \__( 'REST API access restricted by WP Secured', 'secured-wp' ), 175 array( 'status' => 403 ) 176 ); 148 177 } 149 178 -
secured-wp/trunk/classes/Controllers/Modules/class-wp-secured.php
r3404364 r3404635 79 79 80 80 if ( ! empty( $options['disable_rest'] ) ) { 81 if ( false === \has_filter( 'rest_enabled', '__return_false' ) ) { 82 \add_filter( 'rest_enabled', '__return_false' ); 81 // The `rest_enabled` hook is deprecated. Use `rest_authentication_errors` 82 // to restrict access to the REST API. Here we restrict access to 83 // authenticated (logged-in) users only. If another filter already 84 // set an authentication error, respect it. 85 if ( false === \has_filter( 'rest_authentication_errors', array( __CLASS__, 'restrict_rest_authentication' ) ) ) { 86 // Attach after core authentication checks (core uses priorities 90/100). 87 \add_filter( 'rest_authentication_errors', array( __CLASS__, 'restrict_rest_authentication' ), 110 ); 83 88 } 84 89 } … … 146 151 public static function strip_version_query( string $src ): string { 147 152 return remove_query_arg( 'ver', $src ); 153 } 154 155 /** 156 * Restrict REST API access to authenticated users when enabled. 157 * 158 * @param null|\WP_Error $result Previous authentication result. 159 * @return null|\WP_Error 160 */ 161 public static function restrict_rest_authentication( $result ) { 162 if ( $result instanceof \WP_Error ) { 163 return $result; 164 } 165 166 // Allow authenticated users (including REST auth via cookies). 167 if ( \is_user_logged_in() ) { 168 return null; 169 } 170 171 // For unauthenticated requests deny access. 172 return new \WP_Error( 173 'rest_disabled', 174 \__( 'REST API access restricted by WP Secured', 'secured-wp' ), 175 array( 'status' => 403 ) 176 ); 148 177 } 149 178
Note: See TracChangeset
for help on using the changeset viewer.