Commit ef0dd400 authored by Erick Hitter's avatar Erick Hitter

Apply post-type and -status validation before redirecting

If the plugin won't generate a shortlink for a given ID, it shouldn't
perform a redirect either.

Filters are provided to restore the pre-0.6 behaviour.
parent 094011a5
......@@ -17,6 +17,3 @@ indent_size = 4
[{.jshintrc,*.json,*.yml}]
indent_style = space
indent_size = 2
[{*.txt,wp-config-sample.php}]
end_of_line = crlf
......@@ -4,7 +4,7 @@
**Tags:** seo, meta tags
**Requires at least:** 4.4
**Tested up to:** 5.2
**Stable tag:** 0.5
**Stable tag:** 0.6
**License:** GPLv2 or later
**License URI:** http://www.gnu.org/licenses/gpl-2.0.html
......@@ -30,8 +30,25 @@ For example, http://example.com/?p=123 becomes http://example.com/p/123/.
No, shortlinks use the posts' IDs, so aren't available for modification.
### Why aren't redirects validated? ###
Sites may use plugins that allow a post object's permalink to be set to an external URL, and this plugin is designed to respect those plugins.
If you wish to validate the redirects issued by this plugin, you can use the `eth_simple_shortlinks_redirect_url` filter to apply `wp_validate_redirect()` to the destination URL.
### After upgrading to 0.6, redirects stopped working ###
Beginning with release 0.6, before performing a redirect, the plugin checks that the post type and post status are supported. Previously, these checks were only applied when overriding an object's shortlink.
If, after upgrading, redirects stop working, use the `eth_simple_shortlinks_allowed_post_types` and `eth_simple_shortlinks_allowed_post_statuses` filters to permit additional types and statuses, or use the `eth_simple_shortlinks_verify_requested_post_support` filter to disable the supports checks.
## Changelog ##
### 0.6 ###
* Introduce filters in redirection handling.
* Apply supported post-type and post-status checks before redirecting.
* Conform to WordPress VIP's Coding Standards.
### 0.5 ###
* Admin notices when permalinks won't support the plugin
* Disable plugin functionality when permalink structure is incompatible
......@@ -39,3 +56,9 @@ No, shortlinks use the posts' IDs, so aren't available for modification.
### 0.4 ###
* Initial release
## Upgrade Notice ##
### 0.6 ###
Applies supported post-type and post-status checks before performing redirect. If, after upgrading, redirects stop working, see the "After upgrading to 0.6, redirects stopped working" section of the FAQ.
......@@ -10,7 +10,7 @@
* Plugin URI: https://ethitter.com/plugins/
* Description: Simple non-GET shortlinks using post IDs
* Author: Erick Hitter
* Version: 0.5
* Version: 0.6
* Author URI: https://ethitter.com/
* Text Domain: eth_simple_shortlinks
* Domain Path: /languages/
......
......@@ -275,25 +275,56 @@ class ETH_Simple_Shortlinks {
return;
}
$dest = get_permalink( $request->query_vars['p'] );
$post_object = get_post( $request->query_vars['p'] );
if ( ! $post_object instanceof WP_Post ) {
return;
}
/**
* Filters if post type and status should be validated.
*
* @since 0.6
*
* @param bool $validate Perform validation.
* @param WP_Post $post_object Post being redirected to.
* @param WP $request WP object.
*/
if (
apply_filters( 'eth_simple_shortlinks_verify_requested_post_support', true, $post_object, $request ) &&
(
! $this->is_supported_post_type( $post_object->post_type ) ||
! $this->is_supported_post_status( $post_object->post_status )
)
) {
return;
}
$dest = get_permalink( $post_object );
/**
* Filters the redirect URL.
*
* @param string $dest Redirect destination.
* @param WP $request WP object.
* @since 0.6
*
* @param string $dest Redirect destination.
* @param WP_Post $post_object Post being redirected to.
* @param WP $request WP object.
*/
$dest = apply_filters( 'eth_simple_shortlinks_redirect_url', $dest, $request );
$dest = apply_filters( 'eth_simple_shortlinks_redirect_url', $dest, $post_object, $request );
if ( $dest ) {
/**
* Filters the redirect status code.
*
* @param int $status_code Redirect status code.
* @param string $dest Redirect destination.
* @param WP $request WP object.
* @since 0.6
*
* @param int $status_code Redirect status code.
* @param string $dest Redirect destination.
* @param WP_Post $post_object Post being redirected to.
* @param WP $request WP object.
*/
$status_code = (int) apply_filters( 'eth_simple_shortlinks_redirect_status', 301, $dest, $request );
$status_code = (int) apply_filters( 'eth_simple_shortlinks_redirect_status', 301, $dest, $post_object, $request );
// URLs aren't validated in case plugins filter permalinks to point to external URLs.
// phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
......
......@@ -2,10 +2,10 @@
# This file is distributed under the same license as the ETH Simple Shortlinks package.
msgid ""
msgstr ""
"Project-Id-Version: ETH Simple Shortlinks 0.5\n"
"Project-Id-Version: ETH Simple Shortlinks 0.6\n"
"Report-Msgid-Bugs-To: "
"https://wordpress.org/support/plugin/eth-simple-shortlinks\n"
"POT-Creation-Date: 2019-04-14 04:31:11+00:00\n"
"POT-Creation-Date: 2019-05-12 21:28:24+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
......@@ -25,31 +25,35 @@ msgstr ""
"X-Poedit-Bookmarks: \n"
"X-Textdomain-Support: yes\n"
#: eth-simple-shortlinks.php:51 eth-simple-shortlinks.php:52
#: inc/class-eth-simple-shortlinks.php:38
#: inc/class-eth-simple-shortlinks.php:45
msgid "Cheatin’ uh?"
msgstr ""
#: eth-simple-shortlinks.php:138
#: inc/class-eth-simple-shortlinks.php:191
#. translators: 1: URL of permalink options page.
msgid ""
"Please visit the <a href=\"%1$s\">Permalinks</a> settings page to refresh "
"your permalinks. Doing so will add the rules this plugin requires."
msgstr ""
#: eth-simple-shortlinks.php:141
#: inc/class-eth-simple-shortlinks.php:201
#. translators: 1: URL of permalink options page.
msgid ""
"Please enable <a href=\"%1$s\">pretty permalinks</a>, otherwise disable "
"this plugin as it is not compatible with \"Plain\" permalinks."
msgstr ""
#: eth-simple-shortlinks.php:146
#: inc/class-eth-simple-shortlinks.php:213
#. translators: 1: Plugin name, 2: Notice text.
msgid "<strong>%1$s</strong>: %2$s"
msgstr ""
#: eth-simple-shortlinks.php:251
#: inc/class-eth-simple-shortlinks.php:402
msgid "Shortlink"
msgstr ""
#: eth-simple-shortlinks.php:293
#: inc/class-eth-simple-shortlinks.php:459
msgid ""
"Shortlinks cannot be generated until after <code>wp_loaded</code>; this "
"ensures that all post types are registered."
......
......@@ -4,7 +4,7 @@ Donate link: https://ethitter.com/donate/
Tags: seo, meta tags
Requires at least: 4.4
Tested up to: 5.2
Stable tag: 0.5
Stable tag: 0.6
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
......@@ -30,8 +30,25 @@ For example, http://example.com/?p=123 becomes http://example.com/p/123/.
No, shortlinks use the posts' IDs, so aren't available for modification.
= Why aren't redirects validated? =
Sites may use plugins that allow a post object's permalink to be set to an external URL, and this plugin is designed to respect those plugins.
If you wish to validate the redirects issued by this plugin, you can use the `eth_simple_shortlinks_redirect_url` filter to apply `wp_validate_redirect()` to the destination URL.
= After upgrading to 0.6, redirects stopped working =
Beginning with release 0.6, before performing a redirect, the plugin checks that the post type and post status are supported. Previously, these checks were only applied when overriding an object's shortlink.
If, after upgrading, redirects stop working, use the `eth_simple_shortlinks_allowed_post_types` and `eth_simple_shortlinks_allowed_post_statuses` filters to permit additional types and statuses, or use the `eth_simple_shortlinks_verify_requested_post_support` filter to disable the supports checks.
== Changelog ==
= 0.6 =
* Introduce filters in redirection handling.
* Apply supported post-type and post-status checks before redirecting.
* Conform to WordPress VIP's Coding Standards.
= 0.5 =
* Admin notices when permalinks won't support the plugin
* Disable plugin functionality when permalink structure is incompatible
......@@ -39,3 +56,9 @@ No, shortlinks use the posts' IDs, so aren't available for modification.
= 0.4 =
* Initial release
== Upgrade Notice ==
= 0.6 =
Applies supported post-type and post-status checks before performing redirect. If, after upgrading, redirects stop working, see the "After upgrading to 0.6, redirects stopped working" section of the FAQ.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment