From 413e87a61e37a8a788e163968d8b0cb383e205ef Mon Sep 17 00:00:00 2001 From: Tetrakern <26898880+Tetrakern@users.noreply.github.com> Date: Thu, 17 Aug 2023 21:30:42 +0200 Subject: [PATCH] Properly gate unpublished posts And associated chapters. I hope this is the last iteration. --- DEVELOPMENT.md | 2 +- includes/functions/_utility.php | 43 ++++++---------------- includes/functions/_wordpress_mods.php | 50 ++++++++++++++++++++++++++ single-fcn_chapter.php | 23 +++++------- single-fcn_collection.php | 3 -- single-fcn_recommendation.php | 3 -- single-fcn_story.php | 3 -- single-post.php | 3 -- singular-titleless.php | 3 -- singular.php | 3 -- 10 files changed, 70 insertions(+), 66 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 94f952de..5a3ecb10 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -238,7 +238,7 @@ Fictioneer customizes WordPress by using as many standard action and filter hook | `save_post` | `fictioneer_create_sitemap`, `fictioneer_refresh_chapters_schema`, `fictioneer_refresh_chapter_schema`, `fictioneer_refresh_collections_schema`, `fictioneer_refresh_post_caches`, `fictioneer_refresh_post_schema`, `fictioneer_refresh_recommendations_schema`, `fictioneer_refresh_recommendation_schema`, `fictioneer_refresh_stories_schema`, `fictioneer_refresh_story_schema`, `fictioneer_save_seo_metabox`, `fictioneer_save_word_count`, `fictioneer_track_chapter_and_story_updates`, `fictioneer_update_modified_date_on_story_for_chapter`, `fictioneer_update_shortcode_relationships`, `fictioneer_purge_cache_transients`, `fictioneer_restrict_page_templates`, `fictioneer_flush_object_cache`, `fictioneer_append_chapter_to_story`, `fictioneer_post_story_to_discord`, `fictioneer_post_chapter_to_discord` | `show_user_profile` | `fictioneer_custom_profile_fields` | `switch_theme` | `fictioneer_theme_deactivation` -| `template_redirect` | `fictioneer_disable_date_archives`, `fictioneer_generate_epub`, `fictioneer_handle_oauth`, `fictioneer_logout`, `fictioneer_disable_attachment_pages` +| `template_redirect` | `fictioneer_disable_date_archives`, `fictioneer_generate_epub`, `fictioneer_handle_oauth`, `fictioneer_logout`, `fictioneer_disable_attachment_pages`, `fictioneer_gate_unpublished_content` | `trashed_post` | `fictioneer_refresh_post_caches`, `fictioneer_track_chapter_and_story_updates`, `fictioneer_update_modified_date_on_story_for_chapter`, `fictioneer_purge_cache_transients`, `fictioneer_flush_object_cache` | `untrash_post` | `fictioneer_refresh_post_caches`, `fictioneer_track_chapter_and_story_updates`, `fictioneer_update_modified_date_on_story_for_chapter`, `fictioneer_purge_cache_transients`, `fictioneer_flush_object_cache` | `wp_ajax_*` | `fictioneer_ajax_clear_my_checkmarks`, `fictioneer_ajax_clear_my_comments`, `fictioneer_ajax_clear_my_comment_subscriptions`, `fictioneer_ajax_clear_my_follows`, `fictioneer_ajax_clear_my_reminders`, `fictioneer_ajax_delete_epub`, `fictioneer_ajax_delete_my_account`, `fictioneer_ajax_delete_my_comment`, `fictioneer_ajax_edit_comment`, `fictioneer_ajax_get_avatar`, `fictioneer_ajax_get_bookmarks`, `fictioneer_ajax_get_checkmarks`, `fictioneer_ajax_get_comment_form`, `fictioneer_ajax_get_comment_section`, `fictioneer_ajax_get_fingerprint`, `fictioneer_ajax_get_finished_list`, `fictioneer_ajax_get_follows`, `fictioneer_ajax_get_follows_list`, `fictioneer_ajax_get_follows_notifications`, `fictioneer_ajax_get_nonce`, `fictioneer_ajax_get_reminders`, `fictioneer_ajax_get_reminders_list`, `fictioneer_ajax_is_user_logged_in`, `fictioneer_ajax_mark_follows_read`, `fictioneer_ajax_moderate_comment`, `fictioneer_ajax_purge_schema`, `fictioneer_ajax_report_comment`, `fictioneer_ajax_save_bookmarks`, `fictioneer_ajax_set_checkmark`, `fictioneer_ajax_submit_comment`, `fictioneer_ajax_toggle_follow`, `fictioneer_ajax_toggle_reminder`, `fictioneer_ajax_unset_my_oauth`, `fictioneer_request_story_comments` diff --git a/includes/functions/_utility.php b/includes/functions/_utility.php index a34614aa..853c3548 100644 --- a/includes/functions/_utility.php +++ b/includes/functions/_utility.php @@ -1810,46 +1810,25 @@ if ( ! function_exists( 'fictioneer_redirect_to_404' ) ) { function fictioneer_redirect_to_404() { global $wp_query; + // Remove scripts to avoid errors + add_action( 'wp_print_scripts', function() { + wp_dequeue_script( 'fictioneer-chapter-scripts' ); + wp_dequeue_script( 'fictioneer-suggestion-scripts' ); + wp_dequeue_script( 'fictioneer-tts-scripts' ); + wp_dequeue_script( 'fictioneer-story-scripts' ); + }, 99 ); + + // Set query to 404 $wp_query->set_404(); status_header( 404 ); + nocache_headers(); get_template_part( 404 ); + // Terminate exit(); } } -// ============================================================================= -// UNPUBLISHED ACCESS -// ============================================================================= - -if ( ! function_exists( 'fictioneer_gate_unpublished_posts' ) ) { - /** - * Restrict access to unpublished posts - * - * This is meant for sites with public caching, which could otherwise - * accidentally expose private posts or drafts. It ignored the current - * user in favor of preview query vars via `fictioneer_verify_preview_access()`. - * - * @param int|null $post_id Optional. The current post ID. Defaults to the - * currently queried object ID. - */ - - function fictioneer_gate_unpublished_posts( $post_id = null ) { - // Setup - $post_id = empty( $post_id ) ? get_queried_object_id() : $post_id; - $post_status = get_post_status( $post_id ); - - // 404 if access not allowed - if ( - fictioneer_caching_active() && - $post_status !== 'publish' && - ! fictioneer_verify_preview_access() - ) { - fictioneer_redirect_to_404(); - } - } -} - // ============================================================================= // PREVIEW ACCESS VERIFICATION // ============================================================================= diff --git a/includes/functions/_wordpress_mods.php b/includes/functions/_wordpress_mods.php index 3322bc59..d4b10971 100644 --- a/includes/functions/_wordpress_mods.php +++ b/includes/functions/_wordpress_mods.php @@ -1202,4 +1202,54 @@ function fictioneer_see_some_evil( $data, $postarr, $unsanitized_postarr ) { } add_filter( 'wp_insert_post_data', 'fictioneer_see_some_evil', 1, 3 ); +// ============================================================================= +// GATE UNPUBLISHED CONTENT +// ============================================================================= + +/** + * Gates access to unpublished posts + * + * This is meant for sites with public caching, which could otherwise + * accidentally expose private posts or drafts. It ignored the user in + * favor of preview query vars via `fictioneer_verify_preview_access()`. + * + * @global WP_Post $post The current WordPress post object. + */ + +function fictioneer_gate_unpublished_content() { + global $post; + + // Do nothing if... + if ( + ! is_singular() || + ( $post->post_status === 'publish' && $post->post_type !== 'fcn_chapter' ) + ) { + return; + } + + // 404 if access is not allowed + if ( + fictioneer_caching_active() && + $post->post_status !== 'publish' && + ! fictioneer_verify_preview_access() + ) { + fictioneer_redirect_to_404(); + } + + // 404 chapter of unpublished story + if ( $post->post_type === 'fcn_chapter' ) { + $story_id = fictioneer_get_field( 'fictioneer_chapter_story', $post->ID ); + + if ( + ! empty( $story_id ) && + get_post_status( $story_id ) !== 'publish' && + ! fictioneer_verify_preview_access() + ) { + // 404 + fictioneer_redirect_to_404(); + } + } +} +add_action( 'template_redirect', 'fictioneer_gate_unpublished_content' ); + ?> diff --git a/single-fcn_chapter.php b/single-fcn_chapter.php index f46de583..6b450b58 100644 --- a/single-fcn_chapter.php +++ b/single-fcn_chapter.php @@ -25,21 +25,6 @@ if ( ! empty( $is_hidden ) ) { get_header( null, $header_args ); -// Gate access -fictioneer_gate_unpublished_posts(); - -// Story (if any) -$story_id = fictioneer_get_field( 'fictioneer_chapter_story', get_queried_object_id() ); -$story_data = null; -$story_post = null; - -// Gate if story is unpublished -if ( ! empty( $story_id ) && get_post_status( $story_id ) === 'publish' ) { - $story_post = empty( $story_id ) ? null : get_post( $story_id ); -} elseif ( ! empty( $story_id ) && ! fictioneer_verify_preview_access() ) { - fictioneer_redirect_to_404(); -} - ?>
@@ -62,6 +47,14 @@ if ( ! empty( $story_id ) && get_post_status( $story_id ) === 'publish' ) { $title = fictioneer_get_safe_title( get_the_ID() ); $this_breadcrumb = [$title, get_the_permalink()]; + $story_id = fictioneer_get_field( 'fictioneer_chapter_story', get_queried_object_id() ); + $story_data = null; + $story_post = null; + + if ( get_post_status( $story_id ) === 'publish' ) { + $story_post = empty( $story_id ) ? null : get_post( $story_id ); + } + // Story data if ( $story_post ) { $story_data = fictioneer_get_story_data( $story_id, false ); // Does not refresh comment count! diff --git a/single-fcn_collection.php b/single-fcn_collection.php index 5b1bbf7a..01c51146 100644 --- a/single-fcn_collection.php +++ b/single-fcn_collection.php @@ -20,9 +20,6 @@ // Header get_header( null, array( 'type' => 'fcn_collection' ) ); -// Gate access -fictioneer_gate_unpublished_posts(); - ?>
diff --git a/single-fcn_recommendation.php b/single-fcn_recommendation.php index 4d4ac78e..85dee2e8 100644 --- a/single-fcn_recommendation.php +++ b/single-fcn_recommendation.php @@ -16,9 +16,6 @@ // Header get_header( null, array( 'type' => 'fcn_recommendation' ) ); -// Gate access -fictioneer_gate_unpublished_posts(); - ?>
diff --git a/single-fcn_story.php b/single-fcn_story.php index 150f07d7..73e2991f 100644 --- a/single-fcn_story.php +++ b/single-fcn_story.php @@ -26,9 +26,6 @@ if ( ! empty( $is_hidden ) ) { get_header( null, $header_args ); -// Gate access -fictioneer_gate_unpublished_posts(); - ?>
diff --git a/single-post.php b/single-post.php index 3886e1a6..a5cec62a 100644 --- a/single-post.php +++ b/single-post.php @@ -13,9 +13,6 @@ // Header get_header(); -// Gate access -fictioneer_gate_unpublished_posts(); - ?>
diff --git a/singular-titleless.php b/singular-titleless.php index 96d62a7f..0391c496 100644 --- a/singular-titleless.php +++ b/singular-titleless.php @@ -14,9 +14,6 @@ // Header get_header(); -// Gate access -fictioneer_gate_unpublished_posts(); - ?>
diff --git a/singular.php b/singular.php index 12059ddd..4d19e476 100644 --- a/singular.php +++ b/singular.php @@ -14,9 +14,6 @@ // Header get_header(); -// Gate access -fictioneer_gate_unpublished_posts(); - ?>