Changeset 3483325
- Timestamp:
- 03/15/2026 10:34:35 PM (2 weeks ago)
- Location:
- flowsystems-webhook-actions/trunk
- Files:
-
- 4 edited
-
README.txt (modified) (2 diffs)
-
flowsystems-webhook-actions.php (modified) (2 diffs)
-
src/Api/AuthHelper.php (modified) (1 diff)
-
src/Api/WebhooksController.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
flowsystems-webhook-actions/trunk/README.txt
r3483320 r3483325 5 5 Tested up to: 6.9 6 6 Requires PHP: 8.0 7 Stable tag: 1.3. 17 Stable tag: 1.3.2 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html … … 270 270 271 271 == Changelog == 272 273 = 1.3.2 — 2026-03-15 = 274 - Fixed `auth_header` field being exposed to API tokens without `full` scope — read and operational tokens now receive a permission notice instead 272 275 273 276 = 1.3.1 — 2026-03-15 = -
flowsystems-webhook-actions/trunk/flowsystems-webhook-actions.php
r3483320 r3483325 4 4 * Plugin URI: https://flowsystems.pl/wordpress-webhook-actions 5 5 * Description: Trigger HTTP webhooks from WordPress actions (do_action). Easily connect WordPress with n8n, Zapier, Make, or custom workflows. 6 * Version: 1.3. 16 * Version: 1.3.2 7 7 * Author: Mateusz Skorupa 8 8 * Author URI: https://flowsystems.pl … … 17 17 defined('ABSPATH') || exit; 18 18 19 define('FSWA_VERSION', '1.3. 1');19 define('FSWA_VERSION', '1.3.2'); 20 20 define('FSWA_FILE', __FILE__); 21 21 -
flowsystems-webhook-actions/trunk/src/Api/AuthHelper.php
r3483307 r3483325 55 55 return true; 56 56 } 57 58 /** 59 * Check if the current request has at least the given scope (or is an admin session). 60 * Use this for response shaping — does not send errors. 61 */ 62 public static function requestHasScope(WP_REST_Request $request, string $scope): bool { 63 if (current_user_can('manage_options')) { 64 return true; 65 } 66 67 $service = new ApiTokenService(); 68 $token = $service->validateFromRequest($request); 69 70 if ($token === false) { 71 return false; 72 } 73 74 return $service->tokenHasScope($token, $scope); 75 } 57 76 } -
flowsystems-webhook-actions/trunk/src/Api/WebhooksController.php
r3483307 r3483325 107 107 108 108 /** 109 * Strip auth_header for non-full-scope callers. 110 */ 111 private function prepareWebhook(array $webhook, WP_REST_Request $request): array { 112 if (!AuthHelper::requestHasScope($request, AuthHelper::SCOPE_FULL)) { 113 $webhook['auth_header'] = __('You don\'t have permissions to see it.', 'flowsystems-webhook-actions'); 114 } 115 return $webhook; 116 } 117 118 /** 109 119 * Get all webhooks 110 120 */ 111 121 public function getItems($request): WP_REST_Response { 112 122 $webhooks = $this->repository->getAll(); 123 $webhooks = array_map(fn($w) => $this->prepareWebhook($w, $request), $webhooks); 113 124 114 125 return rest_ensure_response($webhooks); … … 130 141 } 131 142 132 return rest_ensure_response($ webhook);143 return rest_ensure_response($this->prepareWebhook($webhook, $request)); 133 144 } 134 145 … … 185 196 $webhook = $this->repository->find($webhookId); 186 197 187 return rest_ensure_response($ webhook);198 return rest_ensure_response($this->prepareWebhook($webhook, $request)); 188 199 } 189 200 … … 245 256 $webhook = $this->repository->find($id); 246 257 247 return rest_ensure_response($ webhook);258 return rest_ensure_response($this->prepareWebhook($webhook, $request)); 248 259 } 249 260 … … 304 315 $webhook = $this->repository->find($id); 305 316 306 return rest_ensure_response($ webhook);317 return rest_ensure_response($this->prepareWebhook($webhook, $request)); 307 318 } 308 319
Note: See TracChangeset
for help on using the changeset viewer.