Merge pull request #8 from dwnload/develop

Version 1.3

Author: thefrosty

CHANGELONG.md

@@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 1.3.0 - 2018-07-27
+### Updated
+- Removed the `helper.php` file.
+- Updated all the functions that were using the helper functions.
+- Update [thefrosty/wp-utilities](https://github.com/thefrosty/wp-utilities) to 1.2.2.
+- Fix save settings on admin page, (POST array key was incorrect).
+- Add confirm to clear all cache button on settings page.
+- Only load the Admin class in the admin.
+
+### Changed
+- Added a new capability (`manage_wp_rest_api_cache`) to view the settings page and/or admin bar which
+is (mapped to `delete_users`).
+- The `Dwnload\WpRestApi\RestApi\RestDispatch::FILTER_CACHE_EXPIRE` filters expire sanitize function was changed from
+`absint` to `inval` function to allow for zero and negative numbers.
+- Pass `is_admin_bar_showing()` into FILTER_SHOW_ADMIN_BAR_MENU.
+
+### Added
+- Added `wpCacheReplace()` to the `CacheApiTrait`.
+
 ## 1.2.3 - 2018-05-30
 ### Updated
 - Added permission check (`delete_users`) before adding admin bar node.

README.md

@@ -12,10 +12,10 @@ Enable object caching for WordPress' REST API. Aids in increased response times
 
 To install this package, edit your `composer.json` file:
 
-```js
+```json
 {
     "require": {
-        "dwnload/wp-rest-api-object-cache": "^1.2.0"
+        "dwnload/wp-rest-api-object-cache": "^1.3.0"
     }
 }
 ```

composer.json

@@ -2,7 +2,7 @@
   "name": "dwnload/wp-rest-api-object-cache",
   "description": "Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.",
   "type": "wordpress-plugin",
-  "version": "1.2.3",
+  "version": "1.3.0",
   "license": "MIT",
   "authors": [
     {
@@ -14,7 +14,7 @@
   ],
   "require": {
     "composer/installers": "~1.0",
-    "thefrosty/wp-utilities": "^1.1.3",
+    "thefrosty/wp-utilities": "^1.2.2",
     "php": ">=7.0.4"
   },
   "require-dev": {
@@ -30,8 +30,7 @@
   "autoload": {
     "psr-4": {
       "Dwnload\\WpRestApi\\": "src"
-    },
-    "files": ["helpers.php"]
+    }
   },
   "autoload-dev": {
     "psr-4": {

helpers.php

@@ -2,7 +2,6 @@
 
 namespace Dwnload\WpRestApi\RestApi;
 
-use function Dwnload\WpRestApi\Helpers\filter_var_string;
 use WP_REST_Request;
 use WP_REST_Server;
 
@@ -44,7 +43,7 @@ protected function getCacheKey(
             }
         }
 
-        return filter_var_string(\apply_filters(RestDispatch::FILTER_API_KEY, $request_uri, $server, $request));
+        return $this->sanitize(\apply_filters(RestDispatch::FILTER_API_KEY, $request_uri, $server, $request));
     }
 
     /**
@@ -54,7 +53,7 @@ protected function getCacheKey(
      */
     protected function getCacheGroup() : string
     {
-        return filter_var_string(\apply_filters(RestDispatch::FILTER_API_GROUP, RestDispatch::CACHE_GROUP));
+        return $this->sanitize(\apply_filters(RestDispatch::FILTER_API_GROUP, RestDispatch::CACHE_GROUP));
     }
 
     /**
@@ -68,11 +67,23 @@ protected function wpCacheFlush() : bool
         return \wp_cache_flush();
     }
 
+    /**
+     * Empty all cache.
+     *
+     * @uses wp_cache_replace()
+     * @param string $key The key under which the value is stored.
+     * @return bool Returns TRUE on success or FALSE on failure.
+     */
+    protected function wpCacheReplace(string $key) : bool
+    {
+        return \wp_cache_replace($this->cleanKey($key), false, $this->getCacheGroup(), -1);
+    }
+
     /**
      * Empty all cache.
      *
      * @uses wp_cache_delete()
-     * @param string $key The key under which to store the value.
+     * @param string $key The key under which the value is stored.
      * @return bool Returns TRUE on success or FALSE on failure.
      */
     protected function wpCacheDeleteByKey(string $key) : bool
@@ -104,6 +115,16 @@ protected function cleanKey(string $key) : string
      */
     protected function getRequestUri() : string
     {
-        return filter_var_string(wp_unslash($_SERVER['REQUEST_URI']));
+        return $this->sanitize(\wp_unslash($_SERVER['REQUEST_URI']));
+    }
+
+    /**
+     * Sanitize incoming variables as a string value.
+     * @param mixed $variable
+     * @return string|false
+     */
+    private function sanitize($variable)
+    {
+        return \filter_var($variable, FILTER_SANITIZE_STRING);
     }
 }

src/RestApi/CacheApiTrait.php

@@ -2,8 +2,6 @@
 
 namespace Dwnload\WpRestApi\RestApi;
 
-use function Dwnload\WpRestApi\Helpers\filter_var_bool;
-use function Dwnload\WpRestApi\Helpers\filter_var_int;
 use Dwnload\WpRestApi\WpAdmin\Admin;
 use Dwnload\WpRestApi\WpAdmin\Settings;
 use Dwnload\WpRestApi\WpRestApiCache;
@@ -105,7 +103,7 @@ protected function preDispatch($result, WP_REST_Server $server, WP_REST_Request
         }
 
         // Cache is refreshed (cached below).
-        $refresh = filter_var_bool($request->get_param(self::QUERY_CACHE_REFRESH));
+        $refresh = \filter_var($request->get_param(self::QUERY_CACHE_REFRESH), FILTER_VALIDATE_BOOLEAN);
         if ($refresh) {
             $server->send_header(
                 self::CACHE_HEADER,
@@ -128,8 +126,9 @@ protected function preDispatch($result, WP_REST_Server $server, WP_REST_Request
             );
         }
 
-        $skip = filter_var_bool(
-            \apply_filters(self::FILTER_CACHE_SKIP, WP_DEBUG, $request_uri, $server, $request)
+        $skip = \filter_var(
+            \apply_filters(self::FILTER_CACHE_SKIP, WP_DEBUG, $request_uri, $server, $request),
+            FILTER_VALIDATE_BOOLEAN
         );
         if ($skip) {
             $server->send_header(
@@ -237,7 +236,7 @@ protected function getCachedResult(
                 $this->cleanKey($key),
                 $result,
                 $group,
-                \absint($expire)
+                \intval($expire)
             );
 
             return $result;
@@ -324,7 +323,7 @@ private function dispatchShutdownAction(string $key)
     private function validateQueryParam(WP_REST_Request $request, string $key) : bool
     {
         return \array_key_exists($key, $request->get_query_params()) &&
-            filter_var_int($request->get_query_params()[$key]) === 1;
+            \filter_var($request->get_query_params()[$key], FILTER_VALIDATE_INT) === 1;
     }
 
     /**
@@ -336,10 +335,8 @@ private function validateQueryParam(WP_REST_Request $request, string $key) : boo
      */
     private function queryParamContextIsEdit(WP_REST_Request $request) : bool
     {
-        return (
-            array_key_exists('context', $request->get_query_params()) &&
-            $request->get_query_params()['context'] === 'edit'
-        );
+        return \array_key_exists('context', $request->get_query_params()) &&
+            $request->get_query_params()['context'] === 'edit';
     }
 
     /**

src/RestApi/RestDispatch.php

@@ -2,7 +2,6 @@
 
 namespace Dwnload\WpRestApi\WpAdmin;
 
-use function Dwnload\WpRestApi\Helpers\filter_var_int;
 use Dwnload\WpRestApi\RestApi\CacheApiTrait;
 use Dwnload\WpRestApi\RestApi\RestDispatch;
 use Dwnload\WpRestApi\WpRestApiCache;
@@ -21,6 +20,7 @@ class Admin implements WpHooksInterface
 
     const ACTION_REQUEST_FLUSH_CACHE = WpRestApiCache::FILTER_PREFIX . 'request_flush_cache';
     const ADMIN_ACTION = WpRestApiCache::FILTER_PREFIX . 'flush';
+    const CAPABILITY = 'manage_wp_rest_api_cache';
     const FILTER_SHOW_ADMIN = WpRestApiCache::FILTER_PREFIX . 'show_admin';
     const FILTER_SHOW_ADMIN_BAR_MENU = WpRestApiCache::FILTER_PREFIX . 'show_admin_bar_menu';
     const FILTER_SHOW_ADMIN_MENU = WpRestApiCache::FILTER_PREFIX . 'show_admin_menu';
@@ -59,11 +59,33 @@ public function addHooks()
                 $this->addAction('admin_action_' . self::ADMIN_ACTION, [$this, 'adminAction']);
                 $this->addAction('admin_notices', [$this, 'adminNotices']);
             }
-
             if ($this->showAdminMenuBar()) {
                 $this->addAction('admin_bar_menu', [$this, 'adminBarMenu'], 999);
             }
+            if ($this->showAdminMenu() || $this->showAdminMenuBar()) {
+                $this->addFilter('map_meta_cap', [$this, 'mapMetaCap'], 10, 2);
+            }
+        }
+    }
+
+
+    /**
+     * Map `self::CAPABILITY` capability.
+     *
+     * @param array $caps Returns the user's actual capabilities.
+     * @param string $cap Capability name.
+     * @return array
+     */
+    protected function mapMetaCap(array $caps, string $cap) : array
+    {
+        // Map single-site cap check to 'manage_options'
+        if ($cap === self::CAPABILITY) {
+            if (! \is_multisite()) {
+                $caps = ['delete_users'];
+            }
         }
+
+        return $caps;
     }
 
     /**
@@ -75,7 +97,7 @@ protected function adminMenu()
             'options-general.php',
             \esc_html__('WP REST API Cache', 'wp-rest-api-cache'),
             \esc_html__('REST API Cache', 'wp-rest-api-cache'),
-            'delete_users',
+            self::CAPABILITY,
             self::MENU_SLUG,
             function () {
                 $this->renderPage();
@@ -90,7 +112,7 @@ function () {
      */
     protected function adminBarMenu(WP_Admin_Bar $wp_admin_bar)
     {
-        if (! is_user_logged_in() || ! current_user_can('delete_users') || ! is_admin_bar_showing()) {
+        if (! \is_user_logged_in() || ! \current_user_can(self::CAPABILITY) || ! \is_admin_bar_showing()) {
             return;
         }
 
@@ -103,6 +125,9 @@ protected function adminBarMenu(WP_Admin_Bar $wp_admin_bar)
             'id' => self::MENU_ID,
             'title' => \esc_html__('Empty all cache', 'wp-rest-api-cache'),
             'href' => \esc_url($this->getEmptyCacheUrl()),
+            'meta' => [
+                'onclick' => 'return confirm("This will clear ALL cache, continue?")'
+            ]
         ]);
     }
 
@@ -130,7 +155,7 @@ protected function adminAction()
     protected function adminNotices()
     {
         if (! empty($_GET[self::NOTICE]) &&
-            filter_var_int($_GET[self::NOTICE]) === 1
+            \filter_var($_GET[self::NOTICE], FILTER_VALIDATE_INT) === 1
         ) {
             $message = \esc_html__('The cache has been successfully cleared.', 'wp-rest-api-cache');
             echo "<div class='notice updated is-dismissible'><p>{$message}</p></div>"; // PHPCS: XSS OK.
@@ -178,7 +203,7 @@ private function requestCallback()
             \wp_verify_nonce($_REQUEST[self::NONCE_NAME], 'rest_cache_options') !== false
         ) {
             if (! empty($_GET['rest_cache_empty']) &&
-                filter_var_int($_GET['rest_cache_empty']) === 1
+                \filter_var($_GET['rest_cache_empty'], FILTER_VALIDATE_INT) === 1
             ) {
                 if ($this->wpCacheFlush()) {
                     $type = 'updated';
@@ -196,7 +221,7 @@ private function requestCallback()
                  */
                 \do_action(self::ACTION_REQUEST_FLUSH_CACHE, $message, $type, \wp_get_current_user());
             } elseif (! empty($_POST[self::OPTION_KEY])) {
-                if ($this->updateOptions($_POST['rest_cache_options'])) {
+                if ($this->updateOptions($_POST[self::OPTION_KEY])) {
                     $type = 'updated';
                     $message = \esc_html__('The cache time has been updated', 'wp-rest-api-cache');
                 } else {
@@ -280,6 +305,6 @@ private function showAdminMenu() : bool
      */
     private function showAdminMenuBar() : bool
     {
-        return \apply_filters(self::FILTER_SHOW_ADMIN_BAR_MENU, true) === true;
+        return \apply_filters(self::FILTER_SHOW_ADMIN_BAR_MENU, \is_admin_bar_showing()) === true;
     }
 }

src/WpAdmin/Admin.php

@@ -26,12 +26,13 @@
             <tr>
                 <th scope="row"><?php esc_html_e( 'Empty all cache', 'wp-rest-api-cache' ); ?></th>
                 <td><a href="<?php echo esc_url( $cache_url->invoke( $this ) ); ?>"
+                       onclick="return confirm('This will clear ALL cache, continue?')"
                        class="button button-primary"><?php esc_html_e( 'empty cache', 'wp-rest-api-cache' ); ?></a></td>
             </tr>
             <tr>
                 <th scope="row"><?php esc_html_e( 'Cache time', 'wp-rest-api-cache' ); ?></th>
                 <td>
-                    <input type="number" id="fld-cache-time" min="1" style="width: 70px;"
+                    <input type="number" min="1" style="width: 70px;"
                            name="<?php printf( '%s[%s][%s]', Admin::OPTION_KEY, Settings::EXPIRATION, Settings::LENGTH ); ?>"
                            value="<?php echo absint( $options[ Settings::EXPIRATION ][ Settings::LENGTH ] ); ?>">
                     <?php $period = absint( $options[ Settings::EXPIRATION ][ Settings::PERIOD ] ); ?>

views/settings.php

@@ -4,7 +4,7 @@
  * Description: Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.
  * Author: Austin Passy
  * Author URI: http://github.com/thefrosty
- * Version: 1.2.3
+ * Version: 1.3.0
  * Requires at least: 4.9
  * Tested up to: 4.9
  * Requires PHP: 7.0
@@ -17,10 +17,12 @@
 use Dwnload\WpRestApi\WpAdmin\Admin;
 use TheFrosty\WpUtilities\Plugin\PluginFactory;
 
-PluginFactory::create('rest-api-object-cache')
-    ->addOnHook(RestDispatch::class)
-    ->addOnHook(Admin::class)
-    ->initialize();
+$plugin = PluginFactory::create('rest-api-object-cache');
+$plugin->addOnHook(RestDispatch::class, 'rest_api_init')->initialize();
+
+if (is_admin()) {
+    $plugin->add(new Admin())->initialize();
+}
 
 call_user_func_array(
     function ($filter) {