Improve unpublished post access gate

2023-08-17 18:55:36 +02:00 · 2023-08-17 18:55:36 +02:00 · b4917ec34e
commit b4917ec34e
parent 43b2a8f9c7
8 changed files with 57 additions and 76 deletions
--- a/includes/functions/_utility.php
+++ b/includes/functions/_utility.php
@ -1816,4 +1816,33 @@ function fictioneer_redirect_to_404() {
  exit();
 }

+// =============================================================================
+// UNPUBLISHED ACCESS
+// =============================================================================
+
+/**
+ * Restrict access to unpublished posts
+ *
+ * This is meant for sites with public caching, which could otherwise
+ * accidentally expose private posts or drafts.
+ *
+ * @global int|null $post_id  Optional. The current post ID. Defaults to the
+ *                            currently queried object ID.
+ */
+
+function fictioneer_gate_unpublished_posts( $post_id = null ) {
+  // Setup
+  $post_id = empty( $post_id ) ? get_queried_object_id() : $post_id;
+  $post_status = get_post_status( $post_id );
+
+  // 404 if access not allowed
+  if (
+    fictioneer_caching_active() &&
+    $post_status !== 'publish' &&
+    ! fictioneer_verify_preview_access()
+  ) {
+    fictioneer_redirect_to_404();
+  }
+}
+
 ?>
--- a/single-fcn_chapter.php
+++ b/single-fcn_chapter.php
@ -14,7 +14,7 @@
 <?php

 // Header
-$is_hidden = fictioneer_get_field( 'fictioneer_chapter_hidden', get_the_ID() ) ?: 0;
+$is_hidden = fictioneer_get_field( 'fictioneer_chapter_hidden', get_queried_object_id() ) ?: 0;
 $header_args = array(
  'type' => 'fcn_chapter'
 );
@ -25,17 +25,25 @@ if ( ! empty( $is_hidden ) ) {

 get_header( null, $header_args );

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
+// Gate access
+fictioneer_gate_unpublished_posts();

-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
+// Story (if any)
+$story_id = fictioneer_get_field( 'fictioneer_chapter_story', get_queried_object_id() );
+$story_data = null;
+$story_post = null;
+
+// 404 if story set but not published
+// if ( ! empty( $story_id ) && get_post_status( $story_id ) === 'publish' ) {
+//   $story_post = empty( $story_id ) ? null : get_post( $story_id );
+// }
+
+if ( ! empty( $story_id ) && get_post_status( $story_id ) !== 'publish' ) {
  fictioneer_redirect_to_404();
 }

+$story_post = empty( $story_id ) ? null : get_post( $story_id );
+
 ?>

 <div class="progress">
@ -53,19 +61,11 @@ if (

      <?php
        // Setup
-        $story_data = null;
-        $story_post = null;
-        $story_id = fictioneer_get_field( 'fictioneer_chapter_story' );
        $chapter_ids = [];
        $password_class = ! empty( $post->post_password ) ? 'password' : '';
        $title = fictioneer_get_safe_title( get_the_ID() );
        $this_breadcrumb = [$title, get_the_permalink()];

-        // Story published?
-        if ( ! empty( $story_id ) && get_post_status( $story_id ) === 'publish' ) {
-          $story_post = empty( $story_id ) ? null : get_post( $story_id );
-        }
-
        // Story data
        if ( $story_post ) {
          $story_data = fictioneer_get_story_data( $story_id, false ); // Does not refresh comment count!
--- a/single-fcn_collection.php
+++ b/single-fcn_collection.php
@ -20,16 +20,8 @@
 // Header
 get_header( null, array( 'type' => 'fcn_collection' ) );

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
-
-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
-  fictioneer_redirect_to_404();
-}
+// Gate access
+fictioneer_gate_unpublished_posts();

 ?>

--- a/single-fcn_recommendation.php
+++ b/single-fcn_recommendation.php
@ -16,16 +16,8 @@
 // Header
 get_header( null, array( 'type' => 'fcn_recommendation' ) );

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
-
-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
-  fictioneer_redirect_to_404();
-}
+// Gate access
+fictioneer_gate_unpublished_posts();

 ?>

--- a/single-fcn_story.php
+++ b/single-fcn_story.php
@ -26,16 +26,8 @@ if ( ! empty( $is_hidden ) ) {

 get_header( null, $header_args );

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
-
-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
-  fictioneer_redirect_to_404();
-}
+// Gate access
+fictioneer_gate_unpublished_posts();

 ?>

--- a/single-post.php
+++ b/single-post.php
@ -13,16 +13,8 @@
 // Header
 get_header();

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
-
-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
-  fictioneer_redirect_to_404();
-}
+// Gate access
+fictioneer_gate_unpublished_posts();

 ?>

--- a/singular-titleless.php
+++ b/singular-titleless.php
@ -14,16 +14,8 @@
 // Header
 get_header();

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
-
-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
-  fictioneer_redirect_to_404();
-}
+// Gate access
+fictioneer_gate_unpublished_posts();

 ?>

--- a/singular.php
+++ b/singular.php
@ -14,16 +14,8 @@
 // Header
 get_header();

-// Draft or private (if caching is on)?
-$post_status = get_post_status( get_queried_object_id() );
-
-if (
-  fictioneer_caching_active() &&
-  $post_status !== 'publish' &&
-  ( $_GET['preview'] ?? 0 ) !== 'true'
-) {
-  fictioneer_redirect_to_404();
-}
+// Gate access
+fictioneer_gate_unpublished_posts();

 ?>