From f987c2a3167c31f85b72d96c7e9440253f581e90 Mon Sep 17 00:00:00 2001 From: asus Date: Thu, 4 Apr 2024 22:54:28 +0200 Subject: [PATCH] - fixed error partner page draft redirection with post id - fixed error all logged in user could see partner post in draft --- .../cipf_plugin/php/_utils_checks_roles.php | 46 ++--- .../cipf_plugin/php/_utils_redirections.php | 24 ++- plugins/cipf_plugin/php/partners_form.php | 4 +- plugins/cipf_plugin/php/partners_page.php | 180 +++++++++++++----- plugins/custer/admin_menu.html | 1 + plugins/custer/admin_menu.php | 4 +- 6 files changed, 180 insertions(+), 79 deletions(-) create mode 100644 plugins/custer/admin_menu.html diff --git a/plugins/cipf_plugin/php/_utils_checks_roles.php b/plugins/cipf_plugin/php/_utils_checks_roles.php index 98c61cb..c38bae1 100644 --- a/plugins/cipf_plugin/php/_utils_checks_roles.php +++ b/plugins/cipf_plugin/php/_utils_checks_roles.php @@ -76,7 +76,7 @@ function current_user_can_CIPF($capability) { /* -* checks if current user is partner +* checks if current user is role * works as soon as 'init' hook * * first hook to use is...() is parse_query @@ -85,43 +85,37 @@ function current_user_can_CIPF($capability) { * but 'init' already has set user, so we can recreate the functions * */ -function is_partner() { +function is_role_CIPF($role) { Plgntls::debug_infos(); - $role_partner = Cipf::ROLE_PARTNER; if (!is_user_logged_in_CIPF()) { return false; } - if (!current_user_can_CIPF($role_partner)) { + if (!current_user_can_CIPF($role)) { return false; } return true; } - - - -/* -* checks if current user is prof -* works as soon as 'init' hook -* -* first hook to use is...() is parse_query -* -> https://developer.wordpress.org/apis/hooks/action-reference/ -* - after 'init', before 'wp' -* but 'init' already has set user, so we can recreate the functions -* -*/ -function is_prof() { +function is_admin_CIPF() { + Plgntls::debug_infos(); + $role_admin = Cipf::ROLE_ADMIN; + return is_role_CIPF($role_admin); +} +function is_fipf_CIPF() { + Plgntls::debug_infos(); + $role_fipf = Cipf::ROLE_FIPF; + return is_role_CIPF($role_fipf); +} +function is_partner_CIPF() { + Plgntls::debug_infos(); + $role_partner = Cipf::ROLE_PARTNER; + return is_role_CIPF($role_partner); +} +function is_prof_CIPF() { Plgntls::debug_infos(); $role_prof = Cipf::ROLE_PROF; - - if (!is_user_logged_in_CIPF()) { - return false; - } - if (!current_user_can_CIPF($role_prof)) { - return false; - } - return true; + return is_role_CIPF($role_prof); } diff --git a/plugins/cipf_plugin/php/_utils_redirections.php b/plugins/cipf_plugin/php/_utils_redirections.php index a56f312..79f32c1 100644 --- a/plugins/cipf_plugin/php/_utils_redirections.php +++ b/plugins/cipf_plugin/php/_utils_redirections.php @@ -85,7 +85,7 @@ function redirection_profil_CIPF(){ $redirect_url = $partner_page_creation; } else { - $redirect_url = get_permalink($partner_post->ID); + $redirect_url = get_post_url_CIPF($partner_post->ID); } // Set up nocache headers before redirecting : https://developer.wordpress.org/reference/functions/wp_safe_redirect/#user-contributed-notes nocache_headers(); @@ -99,6 +99,28 @@ function redirection_profil_CIPF(){ +/* +* get the url from a post_id +* dont use permalink since it returns an url with post_id in case post is draft : +* ex: https://site.com/?p=40772 +* +*/ +function get_post_url_CIPF($post_id = null) { + Plgntls::debug_infos(2); + if (empty($post_id)) { + return; + } + $post = get_post($post_id); + if (empty($post)) { + return; + } + $post_url = home_url($post->post_name); + return $post_url; +} + + + + /* * redirects when trying to access the page with SLUG_PAGE_REDIRECTION diff --git a/plugins/cipf_plugin/php/partners_form.php b/plugins/cipf_plugin/php/partners_form.php index eac06e7..180533a 100644 --- a/plugins/cipf_plugin/php/partners_form.php +++ b/plugins/cipf_plugin/php/partners_form.php @@ -42,7 +42,7 @@ function is_partner_form_creation_page_CIPF() { function partner_form_creation_page_init_CIPF() { Plgntls::debug_infos(2); - if (!is_partner()) { + if (!is_partner_CIPF()) { return; } Plgntls::debug_infos(); @@ -63,7 +63,7 @@ add_action('init','partner_form_creation_page_init_CIPF'); function partner_form_creation_page_CIPF() { Plgntls::debug_infos(2); - if (!is_partner()) { + if (!is_partner_CIPF()) { return; } if (!is_partner_form_creation_page_CIPF()) { diff --git a/plugins/cipf_plugin/php/partners_page.php b/plugins/cipf_plugin/php/partners_page.php index 88dd995..2c059eb 100644 --- a/plugins/cipf_plugin/php/partners_page.php +++ b/plugins/cipf_plugin/php/partners_page.php @@ -19,7 +19,7 @@ function is_own_partner_CIPF() { Plgntls::debug_infos(2); $role_partner = Cipf::ROLE_PARTNER; - if (!is_partner()) { + if (!is_partner_CIPF()) { return false; } if (!is_single()) { @@ -51,7 +51,7 @@ function is_own_partner_CIPF() { function partner_page_init_CIPF() { Plgntls::debug_infos(2); - if (!is_partner()) { + if (!is_partner_CIPF()) { return; } Plgntls::debug_infos(); @@ -105,6 +105,63 @@ add_action('wp_enqueue_scripts', 'partner_page_scripts_CIPF', 11); +/* +* prevent access to the post if in draft +* +*/ +function restrict_partner_page_draft_CIPF() { + Plgntls::debug_infos(2); + + /* + * the restrictions only concerns logged in users + * and on post (partner pages) + * -> own partners are not restricted + * -> also not admin and fipf + * + */ + if (!is_single()) { + return; + } + if (!is_user_logged_in()) { + return; + } + if (is_fipf_CIPF()) { + return; + } + if (is_admin_CIPF()) { + return; + } + if (is_own_partner_CIPF()) { + return; + } + Plgntls::debug_infos(); + + /* + * get the post id and object + * + */ + $post_id = get_the_ID(); + $current_post = get_post($post_id); + if (is_null($current_post)) { + return; + } + + /* + * if post is draft, nobody should see it, + * except own partner (but they are already out this function) + * + */ + if ($current_post->post_status === 'draft') { + redirect_home_CIPF(); + } +} +add_action('template_redirect', 'restrict_partner_page_draft_CIPF'); + + + + + + /* * listen to the front button to toggle page publish/draft * @@ -174,56 +231,81 @@ add_action('template_redirect', 'toggle_partner_page_CIPF'); /* -* if url uses post id : /?p=40772 -* make redirects to its post_name version : /la-fipf +* if url uses post id, ex: /?p=40772 +* make redirects to its post_name version, ex: /la-fipf * */ -//function partner_page_check_url_CIPF() { -// Plgntls::debug_infos(2); -// if (!is_own_partner_CIPF()) { -// return; -// } -// Plgntls::debug_infos(); -// -// /* -// * get the post name -// * -// */ -// $post_id = get_the_ID(); -// $current_post = get_post($post_id); -// if (is_null($current_post)) { -// return; -// } -// -// /* -// * -// * -// $is_query_id = get_query_var('p', false); -// if (false === $is_query_id) { -// return; -// } -// else { -// wp_safe_redirect(home_url($current_post->post_name)); -// } -// */ -// $current_url = untrailingslashit(get_permalink()); -// if (false === $current_url) { -// return; -// } -// $url = untrailingslashit(home_url($current_post->post_name)); -//global $wp; -//error_log("wp: " . json_encode($wp)); -//error_log("wp->request: " . json_encode($wp->request)); -//error_log("url: " . json_encode($url)); -//error_log("current_url: " . json_encode($current_url)); -//error_log("current_post->post_name: " . json_encode($current_post->post_name)); -// if ($url !== $current_url) { -// wp_safe_redirect(home_url($current_post->post_name)); -// exit; -// } -//} -//add_action('template_redirect', 'partner_page_check_url_CIPF'); +function partner_page_check_url_CIPF() { + Plgntls::debug_infos(2); + if (!is_own_partner_CIPF()) { + return; + } + Plgntls::debug_infos(); + /* + * get the post name + * + */ + $post_id = get_the_ID(); + $current_post = get_post($post_id); + if (is_null($current_post)) { + return; + } + + /* + * + * + */ + $current_slug = trim($_SERVER['REQUEST_URI'], '/'); + $slug = trim($current_post->post_name, '/'); + + if ($slug !== $current_slug) { + wp_safe_redirect(home_url($slug)); + exit; + } +} +add_action('template_redirect', 'partner_page_check_url_CIPF', 9); + +/* + +global $wp; +error_log("wp: " . json_encode($wp)); +error_log("wp->request: " . json_encode($wp->request)); +error_log("url: " . json_encode($url)); +error_log("current_url: " . json_encode($current_url)); +error_log("current_post->post_name: " . json_encode($current_post->post_name)); +error_log("get_page_uri: " . json_encode(get_page_uri())); +error_log("_SERVER: " . json_encode($_SERVER)); +error_log("_SERVER[REQUEST_URI]: " . json_encode(trim($_SERVER['REQUEST_URI'], '/'))); +error_log("_REQUEST: " . json_encode($_REQUEST)); +error_log("_GET: " . json_encode($_GET)); +error_log("_POST: " . json_encode($_POST)); + +wp: {"public_query_vars":{"0":"m","1":"p","2":"posts","3":"w","4":"cat","5":"withcomments","6":"withoutcomments","7":"s","8":"search","9":"exact","10":"sentence","11":"calendar","12":"page","13":"paged","14":"more","15":"tb","16":"pb","17":"author","18":"order","19":"orderby","20":"year","21":"monthnum","22":"day","23":"hour","24":"minute","25":"second","26":"name","27":"category_name","28":"tag","29":"feed","30":"author_name","31":"pagename","32":"page_id","33":"error","34":"attachment","35":"attachment_id","36":"subpost","37":"subpost_id","38":"preview","39":"robots","40":"favicon","41":"taxonomy","42":"term","43":"cpage","44":"post_type","45":"embed","46":"post_format","50":"test","51":"rest_route","52":"sitemap","53":"sitemap-subtype","54":"sitemap-stylesheet","55":"action","56":"pid","57":"et_code_snippet_type","58":"et_pb_preview"},"private_query_vars":["offset","posts_per_page","posts_per_archive_page","showposts","nopaging","post_type","post_status","category__in","category__not_in","category__and","tag__in","tag__not_in","tag__and","tag_slug__in","tag_slug__and","tag_id","post_mime_type","perm","comments_per_page","post__in","post__not_in","post_parent","post_parent__in","post_parent__not_in","title","fields"],"extra_query_vars":[],"query_vars":{"page":"","name":"la-fipf"},"query_string":"name=la-fipf","request":"la-fipf","matched_rule":"([^\/]+)(?:\/([0-9]+))?\/?$","matched_query":"name=la-fipf&page=","did_permalink":true} +wp->request: "la-fipf" +url: "https:\/\/local-cipf-plugin.com\/la-fipf" +current_url: "https:\/\/local-cipf-plugin.com\/?p=40772" +current_post->post_name: "la-fipf" +get_page_uri: "la-fipf" +_SERVER: {"SERVER_SOFTWARE":"nginx\/1.20.2","REQUEST_URI":"\/la-fipf","USER":"www-data","HOME":"\/home\/www-data","HTTP_SEC_FETCH_SITE":"cross-site","HTTP_SEC_FETCH_MODE":"navigate","HTTP_SEC_FETCH_DEST":"document","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_COOKIE":"wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_351da2be51e3820c1ef099eec9d2e669=La%20FIPF%7C1712428136%7CJuUiFWt1MLm3wKin6FPTbhpC3ivFGEEYerG8UHAQHeR%7Cf4901ba90d872ab24ae82115df09f1a978fc56fc647d40a6422a369eacd3a571; mjx.menu=renderer%3ANativeMML%26%3Bsemantics%3Atrue%26%3Bcontext%3ABrowser%26%3Bzoom%3ANone","HTTP_CONNECTION":"keep-alive","HTTP_SEC_GPC":"1","HTTP_DNT":"1","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","HTTP_ACCEPT_LANGUAGE":"en-US,en;q=0.5","HTTP_ACCEPT":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,*\/*;q=0.8","HTTP_USER_AGENT":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko\/20100101 Firefox\/124.0","HTTP_HOST":"local-cipf-plugin.com","REDIRECT_STATUS":"200","SERVER_NAME":"local-cipf-plugin.com","SERVER_PORT":"443","SERVER_ADDR":"172.20.0.4","REMOTE_PORT":"51368","REMOTE_ADDR":"172.20.0.1","GATEWAY_INTERFACE":"CGI\/1.1","HTTPS":"on","REQUEST_SCHEME":"https","SERVER_PROTOCOL":"HTTP\/1.1","DOCUMENT_ROOT":"\/var\/www\/html","DOCUMENT_URI":"\/index.php","SCRIPT_NAME":"\/index.php","CONTENT_LENGTH":"","CONTENT_TYPE":"","REQUEST_METHOD":"GET","QUERY_STRING":"q=\/la-fipf","SCRIPT_FILENAME":"\/var\/www\/html\/index.php","FCGI_ROLE":"RESPONDER","PHP_SELF":"\/index.php","REQUEST_TIME_FLOAT":1712259286.018937,"REQUEST_TIME":1712259286} +_SERVER[REQUEST_URI]: "la-fipf" +_REQUEST: {"q":"\/la-fipf"} +_GET: {"q":"\/la-fipf"} +_POST: [] + +wp: {"public_query_vars":{"0":"m","1":"p","2":"posts","3":"w","4":"cat","5":"withcomments","6":"withoutcomments","7":"s","8":"search","9":"exact","10":"sentence","11":"calendar","12":"page","13":"paged","14":"more","15":"tb","16":"pb","17":"author","18":"order","19":"orderby","20":"year","21":"monthnum","22":"day","23":"hour","24":"minute","25":"second","26":"name","27":"category_name","28":"tag","29":"feed","30":"author_name","31":"pagename","32":"page_id","33":"error","34":"attachment","35":"attachment_id","36":"subpost","37":"subpost_id","38":"preview","39":"robots","40":"favicon","41":"taxonomy","42":"term","43":"cpage","44":"post_type","45":"embed","46":"post_format","50":"test","51":"rest_route","52":"sitemap","53":"sitemap-subtype","54":"sitemap-stylesheet","55":"action","56":"pid","57":"et_code_snippet_type","58":"et_pb_preview"},"private_query_vars":["offset","posts_per_page","posts_per_archive_page","showposts","nopaging","post_type","post_status","category__in","category__not_in","category__and","tag__in","tag__not_in","tag__and","tag_slug__in","tag_slug__and","tag_id","post_mime_type","perm","comments_per_page","post__in","post__not_in","post_parent","post_parent__in","post_parent__not_in","title","fields"],"extra_query_vars":[],"query_vars":{"p":"40772"},"query_string":"p=40772","request":"","matched_rule":"","matched_query":"","did_permalink":false} +wp->request: "" +url: "https:\/\/local-cipf-plugin.com\/la-fipf" +current_url: "https:\/\/local-cipf-plugin.com\/?p=40772" +current_post->post_name: "la-fipf" +get_page_uri: "la-fipf" +_SERVER: {"SERVER_SOFTWARE":"nginx\/1.20.2","REQUEST_URI":"\/?p=40772","USER":"www-data","HOME":"\/home\/www-data","HTTP_SEC_FETCH_USER":"?1","HTTP_SEC_FETCH_SITE":"same-origin","HTTP_SEC_FETCH_MODE":"navigate","HTTP_SEC_FETCH_DEST":"document","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_COOKIE":"wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_351da2be51e3820c1ef099eec9d2e669=La%20FIPF%7C1712428136%7CJuUiFWt1MLm3wKin6FPTbhpC3ivFGEEYerG8UHAQHeR%7Cf4901ba90d872ab24ae82115df09f1a978fc56fc647d40a6422a369eacd3a571; mjx.menu=renderer%3ANativeMML%26%3Bsemantics%3Atrue%26%3Bcontext%3ABrowser%26%3Bzoom%3ANone","HTTP_CONNECTION":"keep-alive","HTTP_SEC_GPC":"1","HTTP_DNT":"1","HTTP_REFERER":"https:\/\/local-cipf-plugin.com\/la-fipf","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","HTTP_ACCEPT_LANGUAGE":"en-US,en;q=0.5","HTTP_ACCEPT":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,*\/*;q=0.8","HTTP_USER_AGENT":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko\/20100101 Firefox\/124.0","HTTP_HOST":"local-cipf-plugin.com","REDIRECT_STATUS":"200","SERVER_NAME":"local-cipf-plugin.com","SERVER_PORT":"443","SERVER_ADDR":"172.20.0.4","REMOTE_PORT":"51368","REMOTE_ADDR":"172.20.0.1","GATEWAY_INTERFACE":"CGI\/1.1","HTTPS":"on","REQUEST_SCHEME":"https","SERVER_PROTOCOL":"HTTP\/1.1","DOCUMENT_ROOT":"\/var\/www\/html","DOCUMENT_URI":"\/index.php","SCRIPT_NAME":"\/index.php","CONTENT_LENGTH":"","CONTENT_TYPE":"","REQUEST_METHOD":"GET","QUERY_STRING":"p=40772","SCRIPT_FILENAME":"\/var\/www\/html\/index.php","FCGI_ROLE":"RESPONDER","PHP_SELF":"\/index.php","REQUEST_TIME_FLOAT":1712259296.724377,"REQUEST_TIME":1712259296} +_SERVER[REQUEST_URI]: "?p=40772" +_REQUEST: {"p":"40772"} +_GET: {"p":"40772"} +_POST: [] + +*/ diff --git a/plugins/custer/admin_menu.html b/plugins/custer/admin_menu.html new file mode 100644 index 0000000..6b51c70 --- /dev/null +++ b/plugins/custer/admin_menu.html @@ -0,0 +1 @@ +

heloooo

diff --git a/plugins/custer/admin_menu.php b/plugins/custer/admin_menu.php index 3b04a26..5089baf 100644 --- a/plugins/custer/admin_menu.php +++ b/plugins/custer/admin_menu.php @@ -17,7 +17,9 @@ if (!defined('ABSPATH')) { * */ function custer_plugin_content() { - echo "

hello

"; + ob_start(); + include_once(plugin_dir_path(__FILE__) . '/admin_menu.html'); + echo ob_get_clean(); }