From 97e79010bb89d2777e77f065532d978f5f335518 Mon Sep 17 00:00:00 2001 From: devinwalker Date: Tue, 2 Jan 2024 20:56:46 -0800 Subject: [PATCH 1/4] Fix REST API nonce issue and permission callback --- src/admin.js | 10 ++++++---- wp-rollback.php | 29 +++++++++++++++++------------ 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/src/admin.js b/src/admin.js index 9523ecb..34a8f6a 100644 --- a/src/admin.js +++ b/src/admin.js @@ -25,11 +25,13 @@ const AdminPage = () => { useEffect( () => { - let restUrl = `${wprData.baseUrl}/wp-json/wp-rollback/v1/fetch-info/?type=${queryArgs.type}&slug=${queryArgs.type === 'theme' ? queryArgs.theme_file : queryArgs.plugin_slug}`; + let restUrl = `${wprData.restUrl}wp-rollback/v1/fetch-info/?type=${queryArgs.type}&slug=${queryArgs.type === 'theme' ? queryArgs.theme_file : queryArgs.plugin_slug}`; + const headers = new Headers({ + 'X-WP-Nonce': wprData.restApiNonce // Assuming nonce is stored in wprData.nonce + }); - - fetch( restUrl ) + fetch( restUrl, { headers: headers } ) .then( ( response ) => response.json() ) .then( ( data ) => { setRollbackInfo( data ); @@ -38,7 +40,7 @@ const AdminPage = () => { .catch( ( error ) => { console.error( 'Error fetching data:', error ); } ); - }, [] ); + }, [wprData] ); useEffect( () => { if ( rollbackInfo && rollbackInfo.slug ) { // Check if rollbackInfo is loaded and has a slug diff --git a/wp-rollback.php b/wp-rollback.php index 7a5f14e..0fa4801 100644 --- a/wp-rollback.php +++ b/wp-rollback.php @@ -226,12 +226,14 @@ private function hooks(): void { * @return void */ public function scripts( $hook ): void { + + // Theme's listing page JS if ( 'themes.php' === $hook ) { $theme_script_asset = require WP_ROLLBACK_PLUGIN_DIR . '/build/themes.asset.php'; wp_enqueue_script( 'wp-rollback-themes-script', - plugin_dir_url( __FILE__ ) . 'build/themes.js', + WP_ROLLBACK_PLUGIN_URL . 'build/themes.js', $theme_script_asset['dependencies'], $theme_script_asset['version'] ); @@ -239,10 +241,9 @@ public function scripts( $hook ): void { wp_localize_script( 'wp-rollback-themes-script', 'wprData', [ 'ajaxurl' => admin_url(), - 'logo' => plugins_url( 'src/assets/logo.svg', __FILE__ ), - 'avatarFallback' => plugins_url( 'src/assets/avatar-plugin-fallback.jpg', __FILE__ ), 'rollback_nonce' => wp_create_nonce( 'wpr_rollback_nonce' ), - 'apiNonce' => wp_create_nonce( 'wpr_rollback_api_nonce' ), + 'logo' => plugins_url( 'src/assets/logo.svg', WP_ROLLBACK_PLUGIN_FILE ), + 'avatarFallback' => plugins_url( 'src/assets/avatar-plugin-fallback.jpg', WP_ROLLBACK_PLUGIN_FILE ), 'text_rollback_label' => __( 'Rollback', 'wp-rollback' ), 'text_not_rollbackable' => __( 'No Rollback Available: This is a non-WordPress.org theme.', @@ -272,13 +273,14 @@ public function scripts( $hook ): void { // Localize the script with vars for JS. wp_localize_script( 'wp-rollback-plugin-admin-editor', 'wprData', [ 'rollback_nonce' => wp_create_nonce( 'wpr_rollback_nonce' ), + 'restApiNonce' => wp_create_nonce( 'wp_rest' ), 'adminUrl' => admin_url( 'index.php' ), - 'baseUrl' => get_site_url(), - 'logo' => plugins_url( 'src/assets/logo.svg', __FILE__ ), - 'avatarFallback' => plugins_url( 'src/assets/avatar-plugin-fallback.jpg', __FILE__ ), + 'restUrl' => esc_url_raw( rest_url() ), + 'logo' => plugins_url( 'src/assets/logo.svg', WP_ROLLBACK_PLUGIN_FILE ), + 'avatarFallback' => plugins_url( 'src/assets/avatar-plugin-fallback.jpg', WP_ROLLBACK_PLUGIN_FILE ), 'referrer' => wp_get_referer(), 'text_no_changelog_found' => isset( $_GET['plugin_slug'] ) ? sprintf( - // translators: %s Link. + // translators: %s Link. __( 'Sorry, we couldn\'t find a changelog entry found for this version. Try checking the developer log on WP.org.', 'wp-rollback' @@ -332,13 +334,16 @@ public function register_rest_route() { include WP_ROLLBACK_PLUGIN_DIR . '/src/class-rollback-api-requests.php'; register_rest_route( 'wp-rollback/v1', '/fetch-info/', [ - 'methods' => 'GET', - 'callback' => function ( WP_REST_Request $request ) { + 'methods' => 'GET', + 'callback' => function ( WP_REST_Request $request ) { $fetcher = new WP_Rollback_API_Fetcher(); return $fetcher->fetch_plugin_or_theme_info( $request['type'], $request['slug'] ); }, - 'args' => [ + 'permission_callback' => function () { + return current_user_can( 'update_plugins' ); + }, + 'args' => [ 'type' => [ 'required' => true, 'type' => 'string', @@ -477,7 +482,7 @@ public function plugin_action_links( $actions, $plugin_file, $plugin_data, $cont // If plugin is missing package data do not output Rollback option. if ( ! isset( $plugin_data['package'] ) || - (strpos($plugin_data['package'], 'downloads.wordpress.org') === false) ) { + ( strpos( $plugin_data['package'], 'downloads.wordpress.org' ) === false ) ) { return $actions; } From 5c613b4c2f9ac9d20ce47d6155836a5c2ae50a84 Mon Sep 17 00:00:00 2001 From: devinwalker Date: Wed, 3 Jan 2024 12:39:48 -0800 Subject: [PATCH 2/4] Resolve multisite compatibility issue with latest updates --- src/admin.js | 3 --- src/themes-wp-rollback.js | 1 + wp-rollback.php | 19 +++++++++---------- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/admin.js b/src/admin.js index 34a8f6a..8f92ecd 100644 --- a/src/admin.js +++ b/src/admin.js @@ -140,9 +140,6 @@ const AdminPage = () => { } } - console.log(rollbackInfo); - console.log(queryArgs); - return (
diff --git a/src/themes-wp-rollback.js b/src/themes-wp-rollback.js index c912422..25d36ca 100644 --- a/src/themes-wp-rollback.js +++ b/src/themes-wp-rollback.js @@ -63,6 +63,7 @@ const wprThemeRollback = theme => { const wprGetThemeData = theme => { const themeData = wp.themes?.data?.themes; + if (!Array.isArray(themeData)) { console.error('Invalid theme data'); return null; diff --git a/wp-rollback.php b/wp-rollback.php index 0fa4801..ceefbae 100644 --- a/wp-rollback.php +++ b/wp-rollback.php @@ -188,13 +188,7 @@ private function setup_constants(): void { private function hooks(): void { // Multisite compatibility: only loads on main site. - if ( is_network_admin() ) { - $this->multisite_compatibility = new WP_Rollback_Multisite_Compatibility( $this ); - } - - if ( is_multisite() && ! is_network_admin() ) { - return; - } + $this->multisite_compatibility = new WP_Rollback_Multisite_Compatibility( $this ); // i18n add_action( 'plugins_loaded', [ self::$instance, 'load_textdomain' ] ); @@ -228,7 +222,7 @@ private function hooks(): void { public function scripts( $hook ): void { // Theme's listing page JS - if ( 'themes.php' === $hook ) { + if ( 'themes.php' === $hook && !is_multisite() ) { $theme_script_asset = require WP_ROLLBACK_PLUGIN_DIR . '/build/themes.asset.php'; wp_enqueue_script( @@ -477,6 +471,11 @@ private function setup_plugin_vars() { * @return array $actions */ public function plugin_action_links( $actions, $plugin_file, $plugin_data, $context ): array { + + if ( !is_network_admin()) { + return $actions; + } + // Filter for other devs. $plugin_data = apply_filters( 'wpr_plugin_data', $plugin_data ); @@ -492,7 +491,7 @@ public function plugin_action_links( $actions, $plugin_file, $plugin_data, $cont } // Base rollback URL - $rollback_url = admin_url( 'index.php' ); + $rollback_url = is_network_admin() ? network_admin_url( 'index.php' ) : admin_url( 'index.php' ); $rollback_url = add_query_arg( apply_filters( @@ -688,7 +687,7 @@ public function wpr_prepare_themes_js( $prepared_themes ): array { // Loop through themes and provide a 'hasRollback' boolean key for JS. foreach ( $prepared_themes as $key => $value ) { - $themes[ $key ] = $prepared_themes[ $key ]; + $themes[ $key ] = $value; $themes[ $key ]['hasRollback'] = isset( $rollbacks[ $key ] ); } From b44f2d891a6715f1adc2c66f086eff3769651ec6 Mon Sep 17 00:00:00 2001 From: devinwalker Date: Wed, 3 Jan 2024 12:45:34 -0800 Subject: [PATCH 3/4] Improve conditional to fix "rollback" link display for plugin listing screen on single site installs --- wp-rollback.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wp-rollback.php b/wp-rollback.php index ceefbae..a86c566 100644 --- a/wp-rollback.php +++ b/wp-rollback.php @@ -472,7 +472,7 @@ private function setup_plugin_vars() { */ public function plugin_action_links( $actions, $plugin_file, $plugin_data, $context ): array { - if ( !is_network_admin()) { + if ( is_multisite() && !is_network_admin()) { return $actions; } From 8c316e63a189e85b7bdfd6d972580f4a05cdfe57 Mon Sep 17 00:00:00 2001 From: devinwalker Date: Wed, 3 Jan 2024 12:51:12 -0800 Subject: [PATCH 4/4] Added changelog for 2.0.4 release --- readme.txt | 10 +++++++--- wp-rollback.php | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/readme.txt b/readme.txt index 7547676..032416a 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Requires at least: 4.8 Donate Link: https://givewp.com/ Tested up to: 6.5 Requires PHP: 7.4 -Stable tag: 2.0.3 +Stable tag: 2.0.4 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html @@ -43,8 +43,8 @@ We do have documentation on the plugin [GitHub Wiki](https://github.com/impress- = Minimum Requirements = -* WordPress 4.8 or greater -* PHP version 5.3 or greater +* WordPress 5.5 or greater +* PHP version 7.4 or greater * MySQL version 5.0 or greater = Automatic installation = @@ -106,6 +106,10 @@ This is the first version of this plugin. It is a tool for your convenience. Rol == Changelog == += 2.0.4 = +* Fix: Resolved issue REST route not including proper permission callback which created a PHP notice. Thanks, @rom1our for submitting the issue. +* Fix: Resolve issue with REST API and multisite installs not being able to properly communicate with the endpoint. + = 2.0.3 = * Fix: A few additional strings in JavaScript needed to be internationalized. Thanks, @pedro-mendonca for contributing the fix. diff --git a/wp-rollback.php b/wp-rollback.php index a86c566..fff9093 100644 --- a/wp-rollback.php +++ b/wp-rollback.php @@ -5,7 +5,7 @@ * Description: Rollback (or forward) any WordPress.org plugin, theme or block like a boss. * Author: WP Rollback * Author URI: https://wprollback.com/ - * Version: 2.0.3 + * Version: 2.0.4 * Text Domain: wp-rollback * Domain Path: /languages *