Apply post-type and -status validation before redirecting

If the plugin won't generate a shortlink for a given ID, it shouldn't perform a redirect either. Filters are provided to restore the pre-0.6 behaviour.

Apply post-type and -status validation before redirecting
ef0dd400 · Erick Hitter · 094011a5 · ef0dd400 · ef0dd400 · ef0dd400
Commit ef0dd400 authored 6 years ago by Erick Hitter
--- a/.editorconfig
+++ b/.editorconfig
@@ -17,6 +17,3 @@ indent_size = 4
 [{.jshintrc,*.json,*.yml}]
 indent_style = space
 indent_size = 2
-
-[{*.txt,wp-config-sample.php}]
-end_of_line = crlf
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 **Tags:** seo, meta tags  
 **Requires at least:** 4.4  
 **Tested up to:** 5.2  
-**Stable tag:** 0.5  
+**Stable tag:** 0.6  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  

@@ -30,8 +30,25 @@ For example, http://example.com/?p=123 becomes http://example.com/p/123/.

 No, shortlinks use the posts' IDs, so aren't available for modification.

+### Why aren't redirects validated? ###
+
+Sites may use plugins that allow a post object's permalink to be set to an external URL, and this plugin is designed to respect those plugins.
+
+If you wish to validate the redirects issued by this plugin, you can use the `eth_simple_shortlinks_redirect_url` filter to apply `wp_validate_redirect()` to the destination URL.
+
+### After upgrading to 0.6, redirects stopped working ###
+
+Beginning with release 0.6, before performing a redirect, the plugin checks that the post type and post status are supported. Previously, these checks were only applied when overriding an object's shortlink.
+
+If, after upgrading, redirects stop working, use the `eth_simple_shortlinks_allowed_post_types` and `eth_simple_shortlinks_allowed_post_statuses` filters to permit additional types and statuses, or use the `eth_simple_shortlinks_verify_requested_post_support` filter to disable the supports checks.
+
 ## Changelog ##

+### 0.6 ###
+* Introduce filters in redirection handling.
+* Apply supported post-type and post-status checks before redirecting.
+* Conform to WordPress VIP's Coding Standards.
+
 ### 0.5 ###
 * Admin notices when permalinks won't support the plugin
 * Disable plugin functionality when permalink structure is incompatible
@@ -39,3 +56,9 @@ No, shortlinks use the posts' IDs, so aren't available for modification.

 ### 0.4 ###
 * Initial release
+
+## Upgrade Notice ##
+
+### 0.6 ###
+
+Applies supported post-type and post-status checks before performing redirect. If, after upgrading, redirects stop working, see the "After upgrading to 0.6, redirects stopped working" section of the FAQ.
--- a/eth-simple-shortlinks.php
+++ b/eth-simple-shortlinks.php
@@ -10,7 +10,7 @@
 * Plugin URI: https://ethitter.com/plugins/
 * Description: Simple non-GET shortlinks using post IDs
 * Author: Erick Hitter
- * Version: 0.5
+ * Version: 0.6
 * Author URI: https://ethitter.com/
 * Text Domain: eth_simple_shortlinks
 * Domain Path: /languages/

--- a/inc/class-eth-simple-shortlinks.php
+++ b/inc/class-eth-simple-shortlinks.php
@@ -275,25 +275,56 @@ class ETH_Simple_Shortlinks {
 			return;
 		}

-		$dest = get_permalink( $request->query_vars['p'] );
+		$post_object = get_post( $request->query_vars['p'] );
+
+		if ( ! $post_object instanceof WP_Post ) {
+			return;
+		}
+
+		/**
+		 * Filters if post type and status should be validated.
+		 *
+		 * @since 0.6
+		 *
+		 * @param bool     $validate   Perform validation.
+		 * @param WP_Post $post_object Post being redirected to.
+		 * @param WP      $request     WP object.
+		 */
+		if (
+			apply_filters( 'eth_simple_shortlinks_verify_requested_post_support', true, $post_object, $request ) &&
+			(
+				! $this->is_supported_post_type( $post_object->post_type ) ||
+				! $this->is_supported_post_status( $post_object->post_status )
+			)
+		) {
+			return;
+		}
+
+		$dest = get_permalink( $post_object );

 		/**
 		 * Filters the redirect URL.
 		 *
-		 * @param string $dest    Redirect destination.
-		 * @param WP    $request WP object.
+		 * @since 0.6
+		 *
+		 * @param string  $dest        Redirect destination.
+		 * @param WP_Post $post_object Post being redirected to.
+		 * @param WP      $request     WP object.
 		 */
-		$dest = apply_filters( 'eth_simple_shortlinks_redirect_url', $dest, $request );
+		$dest = apply_filters( 'eth_simple_shortlinks_redirect_url', $dest, $post_object, $request );

 		if ( $dest ) {
 			/**
 			 * Filters the redirect status code.
 			 *
-			 * @param int    $status_code Redirect status code.
-			 * @param string $dest        Redirect destination.
-			 * @param WP     $request     WP object.
+			 * @since 0.6
+			 *
+			 * @param int     $status_code Redirect status code.
+			 * @param string  $dest        Redirect destination.
+			 * @param WP_Post $post_object Post being redirected to.
+			 * @param WP      $request     WP object.
 			 */
-			$status_code = (int) apply_filters( 'eth_simple_shortlinks_redirect_status', 301, $dest, $request );
+			$status_code = (int) apply_filters( 'eth_simple_shortlinks_redirect_status', 301, $dest, $post_object, $request );

 			// URLs aren't validated in case plugins filter permalinks to point to external URLs.
 			// phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect

--- a/languages/eth-simple-shortlinks.pot
+++ b/languages/eth-simple-shortlinks.pot
@@ -2,10 +2,10 @@
 # This file is distributed under the same license as the ETH Simple Shortlinks package.
 msgid ""
 msgstr ""
-"Project-Id-Version: ETH Simple Shortlinks 0.5\n"
+"Project-Id-Version: ETH Simple Shortlinks 0.6\n"
 "Report-Msgid-Bugs-To: "
 "https://wordpress.org/support/plugin/eth-simple-shortlinks\n"
-"POT-Creation-Date: 2019-04-14 04:31:11+00:00\n"
+"POT-Creation-Date: 2019-05-12 21:28:24+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -25,31 +25,35 @@ msgstr ""
 "X-Poedit-Bookmarks: \n"
 "X-Textdomain-Support: yes\n"

-#: eth-simple-shortlinks.php:51 eth-simple-shortlinks.php:52
+#: inc/class-eth-simple-shortlinks.php:38
+#: inc/class-eth-simple-shortlinks.php:45
 msgid "Cheatin&#8217; uh?"
 msgstr ""

-#: eth-simple-shortlinks.php:138
+#: inc/class-eth-simple-shortlinks.php:191
+#. translators: 1: URL of permalink options page.
 msgid ""
 "Please visit the <a href=\"%1$s\">Permalinks</a> settings page to refresh "
 "your permalinks. Doing so will add the rules this plugin requires."
 msgstr ""

-#: eth-simple-shortlinks.php:141
+#: inc/class-eth-simple-shortlinks.php:201
+#. translators: 1: URL of permalink options page.
 msgid ""
 "Please enable <a href=\"%1$s\">pretty permalinks</a>, otherwise disable "
 "this plugin as it is not compatible with \"Plain\" permalinks."
 msgstr ""

-#: eth-simple-shortlinks.php:146
+#: inc/class-eth-simple-shortlinks.php:213
+#. translators: 1: Plugin name, 2: Notice text.
 msgid "<strong>%1$s</strong>: %2$s"
 msgstr ""

-#: eth-simple-shortlinks.php:251
+#: inc/class-eth-simple-shortlinks.php:402
 msgid "Shortlink"
 msgstr ""

-#: eth-simple-shortlinks.php:293
+#: inc/class-eth-simple-shortlinks.php:459
 msgid ""
 "Shortlinks cannot be generated until after <code>wp_loaded</code>; this "
 "ensures that all post types are registered."

--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://ethitter.com/donate/
 Tags: seo, meta tags
 Requires at least: 4.4
 Tested up to: 5.2
-Stable tag: 0.5
+Stable tag: 0.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

@@ -30,8 +30,25 @@ For example, http://example.com/?p=123 becomes http://example.com/p/123/.

 No, shortlinks use the posts' IDs, so aren't available for modification.

+= Why aren't redirects validated? =
+
+Sites may use plugins that allow a post object's permalink to be set to an external URL, and this plugin is designed to respect those plugins.
+
+If you wish to validate the redirects issued by this plugin, you can use the `eth_simple_shortlinks_redirect_url` filter to apply `wp_validate_redirect()` to the destination URL.
+
+= After upgrading to 0.6, redirects stopped working =
+
+Beginning with release 0.6, before performing a redirect, the plugin checks that the post type and post status are supported. Previously, these checks were only applied when overriding an object's shortlink.
+
+If, after upgrading, redirects stop working, use the `eth_simple_shortlinks_allowed_post_types` and `eth_simple_shortlinks_allowed_post_statuses` filters to permit additional types and statuses, or use the `eth_simple_shortlinks_verify_requested_post_support` filter to disable the supports checks.
+
 == Changelog ==

+= 0.6 =
+* Introduce filters in redirection handling.
+* Apply supported post-type and post-status checks before redirecting.
+* Conform to WordPress VIP's Coding Standards.
+
 = 0.5 =
 * Admin notices when permalinks won't support the plugin
 * Disable plugin functionality when permalink structure is incompatible
@@ -39,3 +56,9 @@ No, shortlinks use the posts' IDs, so aren't available for modification.

 = 0.4 =
 * Initial release
+
+== Upgrade Notice ==
+
+= 0.6 =
+
+Applies supported post-type and post-status checks before performing redirect. If, after upgrading, redirects stop working, see the "After upgrading to 0.6, redirects stopped working" section of the FAQ.