Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/jetpack
File: class.frame-nonce-preview.php
<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
[0] Fix | Delete
/**
[1] Fix | Delete
* Allows viewing posts on the frontend when the user is not logged in.
[2] Fix | Delete
*
[3] Fix | Delete
* @package automattic/jetpack
[4] Fix | Delete
*/
[5] Fix | Delete
[6] Fix | Delete
// phpcs:disable WordPress.Security.NonceVerification.Recommended -- This is _implementing_ cross-site nonce handling, no need for WordPress's nonces.
[7] Fix | Delete
[8] Fix | Delete
/**
[9] Fix | Delete
* Allows viewing posts on the frontend when the user is not logged in.
[10] Fix | Delete
*/
[11] Fix | Delete
class Jetpack_Frame_Nonce_Preview {
[12] Fix | Delete
/**
[13] Fix | Delete
* Static instance.
[14] Fix | Delete
*
[15] Fix | Delete
* @todo This should be private.
[16] Fix | Delete
* @var self
[17] Fix | Delete
*/
[18] Fix | Delete
public static $instance = null;
[19] Fix | Delete
[20] Fix | Delete
/**
[21] Fix | Delete
* Returns the single instance of the Jetpack_Frame_Nonce_Preview object
[22] Fix | Delete
*
[23] Fix | Delete
* @since 4.3.0
[24] Fix | Delete
*
[25] Fix | Delete
* @return Jetpack_Frame_Nonce_Preview
[26] Fix | Delete
**/
[27] Fix | Delete
public static function get_instance() {
[28] Fix | Delete
if ( null === self::$instance ) {
[29] Fix | Delete
self::$instance = new Jetpack_Frame_Nonce_Preview();
[30] Fix | Delete
}
[31] Fix | Delete
[32] Fix | Delete
return self::$instance;
[33] Fix | Delete
}
[34] Fix | Delete
[35] Fix | Delete
/**
[36] Fix | Delete
* Constructor.
[37] Fix | Delete
*
[38] Fix | Delete
* @todo This should be private.
[39] Fix | Delete
*/
[40] Fix | Delete
public function __construct() {
[41] Fix | Delete
if ( isset( $_GET['frame-nonce'] ) && ! is_admin() ) {
[42] Fix | Delete
add_filter( 'pre_get_posts', array( $this, 'maybe_display_post' ) );
[43] Fix | Delete
}
[44] Fix | Delete
[45] Fix | Delete
// autosave previews are validated differently.
[46] Fix | Delete
if ( isset( $_GET['frame-nonce'] ) && isset( $_GET['preview_id'] ) && isset( $_GET['preview_nonce'] ) ) {
[47] Fix | Delete
remove_action( 'init', '_show_post_preview' );
[48] Fix | Delete
add_action( 'init', array( $this, 'handle_autosave_nonce_validation' ) );
[49] Fix | Delete
}
[50] Fix | Delete
}
[51] Fix | Delete
[52] Fix | Delete
/**
[53] Fix | Delete
* Verify that frame nonce exists, and if so, validate the nonce by calling WP.com.
[54] Fix | Delete
*
[55] Fix | Delete
* @since 4.3.0
[56] Fix | Delete
*
[57] Fix | Delete
* @return bool
[58] Fix | Delete
*/
[59] Fix | Delete
public function is_frame_nonce_valid() {
[60] Fix | Delete
if ( empty( $_GET['frame-nonce'] ) ) {
[61] Fix | Delete
return false;
[62] Fix | Delete
}
[63] Fix | Delete
[64] Fix | Delete
$xml = new Jetpack_IXR_Client();
[65] Fix | Delete
$xml->query( 'jetpack.verifyFrameNonce', sanitize_key( $_GET['frame-nonce'] ) );
[66] Fix | Delete
[67] Fix | Delete
if ( $xml->isError() ) {
[68] Fix | Delete
return false;
[69] Fix | Delete
}
[70] Fix | Delete
[71] Fix | Delete
return (bool) $xml->getResponse();
[72] Fix | Delete
}
[73] Fix | Delete
[74] Fix | Delete
/**
[75] Fix | Delete
* Conditionally add a hook on posts_results if this is the main query, a preview, and singular.
[76] Fix | Delete
*
[77] Fix | Delete
* @since 4.3.0
[78] Fix | Delete
*
[79] Fix | Delete
* @param WP_Query $query Query.
[80] Fix | Delete
* @return WP_Query
[81] Fix | Delete
*/
[82] Fix | Delete
public function maybe_display_post( $query ) {
[83] Fix | Delete
if (
[84] Fix | Delete
$query->is_main_query() &&
[85] Fix | Delete
$query->is_preview() &&
[86] Fix | Delete
$query->is_singular()
[87] Fix | Delete
) {
[88] Fix | Delete
add_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 );
[89] Fix | Delete
}
[90] Fix | Delete
[91] Fix | Delete
return $query;
[92] Fix | Delete
}
[93] Fix | Delete
[94] Fix | Delete
/**
[95] Fix | Delete
* Conditionally set the first post to 'publish' if the frame nonce is valid and there is a post.
[96] Fix | Delete
*
[97] Fix | Delete
* @since 4.3.0
[98] Fix | Delete
*
[99] Fix | Delete
* @param array $posts Posts.
[100] Fix | Delete
* @return array
[101] Fix | Delete
*/
[102] Fix | Delete
public function set_post_to_publish( $posts ) {
[103] Fix | Delete
remove_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10 );
[104] Fix | Delete
[105] Fix | Delete
if ( empty( $posts ) || is_user_logged_in() || ! $this->is_frame_nonce_valid() ) {
[106] Fix | Delete
return $posts;
[107] Fix | Delete
}
[108] Fix | Delete
[109] Fix | Delete
$posts[0]->post_status = 'publish';
[110] Fix | Delete
[111] Fix | Delete
// Disable comments and pings for this post.
[112] Fix | Delete
add_filter( 'comments_open', '__return_false' );
[113] Fix | Delete
add_filter( 'pings_open', '__return_false' );
[114] Fix | Delete
[115] Fix | Delete
return $posts;
[116] Fix | Delete
}
[117] Fix | Delete
[118] Fix | Delete
/**
[119] Fix | Delete
* Handle validation for autosave preview request
[120] Fix | Delete
*
[121] Fix | Delete
* @since 4.7.0
[122] Fix | Delete
*/
[123] Fix | Delete
public function handle_autosave_nonce_validation() {
[124] Fix | Delete
if ( ! $this->is_frame_nonce_valid() ) {
[125] Fix | Delete
wp_die( esc_html__( 'Sorry, you are not allowed to preview drafts.', 'jetpack' ) );
[126] Fix | Delete
}
[127] Fix | Delete
add_filter( 'the_preview', '_set_preview' );
[128] Fix | Delete
}
[129] Fix | Delete
}
[130] Fix | Delete
[131] Fix | Delete
Jetpack_Frame_Nonce_Preview::get_instance();
[132] Fix | Delete
[133] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function