From 3145b6065be18e095e58e4a70b8744b85f6afd41 Mon Sep 17 00:00:00 2001 From: cwells-mm Date: Mon, 31 Oct 2022 09:44:23 +0000 Subject: [PATCH 1/7] Removing crowdhandler specific query parameters and redirect to sanatized url --- crowdhandler.php | 4 +- includes/class-crowdhandler-gatekeeper.php | 4 +- includes/class-wordpress-gatekeeper.php | 78 ++++++++++++++++++++++ 3 files changed, 82 insertions(+), 4 deletions(-) create mode 100644 includes/class-wordpress-gatekeeper.php diff --git a/crowdhandler.php b/crowdhandler.php index aa83b8f..c003805 100644 --- a/crowdhandler.php +++ b/crowdhandler.php @@ -16,7 +16,7 @@ * Plugin Name: CrowdHandler virtual waiting room * Plugin URI: https://signup.crowdhandler.com/?utm_source=WordPress&utm_medium=Plugin_Dir * Description: During periods of heavy traffic, our queue management solution helps safeguard your website from crashing and protects your sales. - * Version: 1.1.8 + * Version: 1.1.9 * Author: CROWDHANDLER LTD * License: GPL-2.0+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt @@ -38,7 +38,7 @@ * Start at version 0.1.0 and use SemVer - https://semver.org * Rename this for your plugin and update it as you release new versions. */ -define('CROWDHANDLER_VERSION', '1.1.8'); +define('CROWDHANDLER_VERSION', '1.1.9'); /** * The code that runs during plugin activation. diff --git a/includes/class-crowdhandler-gatekeeper.php b/includes/class-crowdhandler-gatekeeper.php index 0aafecc..e265783 100644 --- a/includes/class-crowdhandler-gatekeeper.php +++ b/includes/class-crowdhandler-gatekeeper.php @@ -6,7 +6,7 @@ class CrowdHandlerGateKeeper { /** - * @var GateKeeper + * @var CrowdHandlerWordPressGateKeeper */ private $gateKeeper; @@ -44,7 +44,7 @@ public function checkRequest() } $api = new PublicClient($this->options['crowdhandler_settings_field_public_key']); - $this->gateKeeper = new GateKeeper($api); + $this->gateKeeper = new CrowdHandlerWordPressGateKeeper($api); $this->gateKeeper->setIgnoreUrls( "/^((?!.*\?).*(\.(avi|css|eot|gif|ico|jpg|jpeg|js|json|mov|mp4|mpeg|mpg|og[g|v]|pdf|png|svg|ttf|txt|wmv|woff|woff2|xml))$)|(?!.*\?.*w[c|p]-.+).*(^.*w[c|p]-.+)|^((?!.*\?.*xmlrpc\.php).*xmlrpc.php)|\?rest_route=.+/" diff --git a/includes/class-wordpress-gatekeeper.php b/includes/class-wordpress-gatekeeper.php new file mode 100644 index 0000000..e913c06 --- /dev/null +++ b/includes/class-wordpress-gatekeeper.php @@ -0,0 +1,78 @@ +getQueryParams(); + } else { + $get_params = $_GET; + } + + $this->sanitizePromotedRedirect($this->url, $get_params); + + } + + /** + * Removes crowdhandler specific query parameters on promotion + * @param string $url The url that is currently being requested + * @param array $get An array of the current query sring parameters + */ + private function sanitizePromotedRedirect ($url, $get) + { + + if ($get[parent::TOKEN_URL]) { + + $parsed_url = parse_url($url); + $filtered_url = "https://" . $parsed_url["host"] . $parsed_url["path"]; + + // create an array of crowdhandler query paramaters to remove + $ch_params_to_remove = array(); + for ($i=0; $i < Count(self::CROWDHANDLER_PARAMS); $i++) { + if ($get[self::CROWDHANDLER_PARAMS[$i]] || $get[self::CROWDHANDLER_PARAMS[$i]]== "") + { + array_push($ch_params_to_remove, $get[self::CROWDHANDLER_PARAMS[$i]]); + } + } + + // create an array without the crowdhandler parameters + $existing_query_parameters = array_diff($get, $ch_params_to_remove); + + // if we have any existing query paramters then re-add them to the url + if (Count($existing_query_parameters) > 0) { + $redirectUrl = $filtered_url .= '?' . http_build_query($existing_query_parameters); + } else { + $redirectUrl = $filtered_url; + } + + // and redirect + header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); + header('location: '.$redirectUrl, true, self::HTTP_REDIRECT_CODE); + exit; + } + } + + + + +} \ No newline at end of file From f608157efcf2b7f36b4e175277f70f197bbad31a Mon Sep 17 00:00:00 2001 From: cwells-mm Date: Wed, 16 Nov 2022 15:33:21 +0000 Subject: [PATCH 2/7] Updating plugin to use latest crowdhandler-php-sdk release --- README.txt | 4 +- includes/class-crowdhandler-diagnostics.php | 31 ++++++++ includes/class-crowdhandler-gatekeeper.php | 3 +- includes/class-crowdhandler.php | 3 + includes/class-wordpress-gatekeeper.php | 78 --------------------- 5 files changed, 38 insertions(+), 81 deletions(-) create mode 100644 includes/class-crowdhandler-diagnostics.php delete mode 100644 includes/class-wordpress-gatekeeper.php diff --git a/README.txt b/README.txt index b9224b7..801bb63 100644 --- a/README.txt +++ b/README.txt @@ -2,7 +2,7 @@ Contributors: rickmutt Tags: waiting room, traffic management, queue management, ecommerce, CrowdHandler, Tested up to: 6.0 -Stable tag: 1.1.8 +Stable tag: 1.1.9 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -89,6 +89,8 @@ You can uninstall the plugin at any time to remove CrowdHandler from your site. == Changelog == += 1.1.9 = +* Compatibility change for crowdhHandler-php-skd release 1.05 = 1.1.8 = * Compatible with WP v6.0 = 1.1.7 = diff --git a/includes/class-crowdhandler-diagnostics.php b/includes/class-crowdhandler-diagnostics.php new file mode 100644 index 0000000..05a85e1 --- /dev/null +++ b/includes/class-crowdhandler-diagnostics.php @@ -0,0 +1,31 @@ +options = get_option('crowdhandler_settings'); + } + } + + /** + * Adds a crowdhandler header to the request + */ + public function addCHDiagnostics($headers) + { + if($this->options){ + $indexOverride = (isset($this->options['crowdhandler_settings_field_override_index'])) ? '1' : '0'; + $timestamp = new DateTime(); + $formatedTime = $timestamp->format(DateTime::ISO8601); + $headers['x-crowdhandler-info'] = $this->options['crowdhandler_settings_field_public_key'] . '::' . $indexOverride . '::' . $formatedTime; + } + return $headers; + } +} \ No newline at end of file diff --git a/includes/class-crowdhandler-gatekeeper.php b/includes/class-crowdhandler-gatekeeper.php index e265783..f86cc14 100644 --- a/includes/class-crowdhandler-gatekeeper.php +++ b/includes/class-crowdhandler-gatekeeper.php @@ -44,7 +44,7 @@ public function checkRequest() } $api = new PublicClient($this->options['crowdhandler_settings_field_public_key']); - $this->gateKeeper = new CrowdHandlerWordPressGateKeeper($api); + $this->gateKeeper = new GateKeeper($api); $this->gateKeeper->setIgnoreUrls( "/^((?!.*\?).*(\.(avi|css|eot|gif|ico|jpg|jpeg|js|json|mov|mp4|mpeg|mpg|og[g|v]|pdf|png|svg|ttf|txt|wmv|woff|woff2|xml))$)|(?!.*\?.*w[c|p]-.+).*(^.*w[c|p]-.+)|^((?!.*\?.*xmlrpc\.php).*xmlrpc.php)|\?rest_route=.+/" @@ -55,7 +55,6 @@ public function checkRequest() if (!$isHostServer) { $this->gateKeeper->setFailTrust(true); $this->gateKeeper->checkRequest(); - $this->gateKeeper->setCookie(); $this->gateKeeper->redirectIfNotPromoted(); } diff --git a/includes/class-crowdhandler.php b/includes/class-crowdhandler.php index 563949e..7f908bf 100644 --- a/includes/class-crowdhandler.php +++ b/includes/class-crowdhandler.php @@ -169,6 +169,9 @@ private function define_public_hooks() $this->loader->add_action('plugins_loaded', $plugin_public, 'checkRequest'); $this->loader->add_action('shutdown', $plugin_public, 'recordPerformance'); } + + $diagnostics = new CrowdhandlerDiagnostics(); + $this->loader->add_filter('wp_headers', $diagnostics, 'addCHDiagnostics', 999); } /** diff --git a/includes/class-wordpress-gatekeeper.php b/includes/class-wordpress-gatekeeper.php deleted file mode 100644 index e913c06..0000000 --- a/includes/class-wordpress-gatekeeper.php +++ /dev/null @@ -1,78 +0,0 @@ -getQueryParams(); - } else { - $get_params = $_GET; - } - - $this->sanitizePromotedRedirect($this->url, $get_params); - - } - - /** - * Removes crowdhandler specific query parameters on promotion - * @param string $url The url that is currently being requested - * @param array $get An array of the current query sring parameters - */ - private function sanitizePromotedRedirect ($url, $get) - { - - if ($get[parent::TOKEN_URL]) { - - $parsed_url = parse_url($url); - $filtered_url = "https://" . $parsed_url["host"] . $parsed_url["path"]; - - // create an array of crowdhandler query paramaters to remove - $ch_params_to_remove = array(); - for ($i=0; $i < Count(self::CROWDHANDLER_PARAMS); $i++) { - if ($get[self::CROWDHANDLER_PARAMS[$i]] || $get[self::CROWDHANDLER_PARAMS[$i]]== "") - { - array_push($ch_params_to_remove, $get[self::CROWDHANDLER_PARAMS[$i]]); - } - } - - // create an array without the crowdhandler parameters - $existing_query_parameters = array_diff($get, $ch_params_to_remove); - - // if we have any existing query paramters then re-add them to the url - if (Count($existing_query_parameters) > 0) { - $redirectUrl = $filtered_url .= '?' . http_build_query($existing_query_parameters); - } else { - $redirectUrl = $filtered_url; - } - - // and redirect - header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); - header('location: '.$redirectUrl, true, self::HTTP_REDIRECT_CODE); - exit; - } - } - - - - -} \ No newline at end of file From 6c04c87200480131de0c7693e662d51bb4cfee7c Mon Sep 17 00:00:00 2001 From: cwells-mm Date: Wed, 16 Nov 2022 15:47:53 +0000 Subject: [PATCH 3/7] Fixed incorrect private var type definition --- includes/class-crowdhandler-gatekeeper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/class-crowdhandler-gatekeeper.php b/includes/class-crowdhandler-gatekeeper.php index f86cc14..205be0a 100644 --- a/includes/class-crowdhandler-gatekeeper.php +++ b/includes/class-crowdhandler-gatekeeper.php @@ -6,7 +6,7 @@ class CrowdHandlerGateKeeper { /** - * @var CrowdHandlerWordPressGateKeeper + * @var GateKeeper */ private $gateKeeper; From b3d443234fb4527ddc7b83431d4cd4cc978203a5 Mon Sep 17 00:00:00 2001 From: cwells-mm Date: Wed, 16 Nov 2022 15:49:13 +0000 Subject: [PATCH 4/7] Updated readme changelog --- README.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.txt b/README.txt index 801bb63..c349d02 100644 --- a/README.txt +++ b/README.txt @@ -90,7 +90,7 @@ You can uninstall the plugin at any time to remove CrowdHandler from your site. == Changelog == = 1.1.9 = -* Compatibility change for crowdhHandler-php-skd release 1.05 +* Compatibility change for crowdhHandler-php-skd release 1.05 and added crowdhandler diagnostics = 1.1.8 = * Compatible with WP v6.0 = 1.1.7 = From 822633f0f0f7ec19a27f42fb4931632ad2faa67e Mon Sep 17 00:00:00 2001 From: lukeowen89 Date: Tue, 22 Nov 2022 17:03:05 +0000 Subject: [PATCH 5/7] Revised bypass regex --- includes/class-crowdhandler-gatekeeper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/class-crowdhandler-gatekeeper.php b/includes/class-crowdhandler-gatekeeper.php index 0aafecc..8570de9 100644 --- a/includes/class-crowdhandler-gatekeeper.php +++ b/includes/class-crowdhandler-gatekeeper.php @@ -47,7 +47,7 @@ public function checkRequest() $this->gateKeeper = new GateKeeper($api); $this->gateKeeper->setIgnoreUrls( - "/^((?!.*\?).*(\.(avi|css|eot|gif|ico|jpg|jpeg|js|json|mov|mp4|mpeg|mpg|og[g|v]|pdf|png|svg|ttf|txt|wmv|woff|woff2|xml))$)|(?!.*\?.*w[c|p]-.+).*(^.*w[c|p]-.+)|^((?!.*\?.*xmlrpc\.php).*xmlrpc.php)|\?rest_route=.+/" + "/^((?!.*\?).*(\.(avi|css|eot|gif|ico|jpg|jpeg|js|json|mov|mp4|mpeg|mpg|og[g|v]|pdf|png|svg|tiff|ttf|txt|wmv|woff|woff2|xml))$)|.*(^.*w[c|p]-.+)|^((?!.*\?.*xmlrpc\.php).*xmlrpc.php)|\?rest_route=.+/" ); $isHostServer = $this->gateKeeper->ip === $_SERVER["SERVER_ADDR"]; From ca1664f9f5e7a889ea61adc77b32319345bb6f06 Mon Sep 17 00:00:00 2001 From: cwells-mm Date: Tue, 29 Nov 2022 10:48:33 +0000 Subject: [PATCH 6/7] Upgrading crowdhandler sdk --- composer.lock | 34 +++++++++++----------------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/composer.lock b/composer.lock index ca0a909..9deabb0 100644 --- a/composer.lock +++ b/composer.lock @@ -12,13 +12,14 @@ "source": { "type": "git", "url": "https://github.com/crowdhandler/crowdhandler-php-sdk.git", - "reference": "1fde6f878ebda934b8b41cb6471f0ca48c82539c" + "reference": "b98a024c1a387268501fb6a0b44fa3788f7242aa" }, "require": { "ext-curl": "*", "ext-json": "*", "php": ">= 5.3" }, + "default-branch": true, "type": "library", "autoload": { "psr-4": { @@ -44,43 +45,29 @@ ], "description": "A PHP library for interacting with CrowdHandler", "homepage": "https://www.crowdhandler.com/", - "time": "2021-12-23T11:51:44+00:00" + "time": "2022-11-29T10:27:32+00:00" } ], "packages-dev": [ { "name": "wordpress/wordpress", - "version": "5.8.2", + "version": "5.9.5", "source": { "type": "git", "url": "https://github.com/WordPress/wordpress-develop.git", - "reference": "a592701df3bc2f55d8035d041bda711e05403148" + "reference": "7268fe465f2589a7dc793e3f93aceea763f1aded" }, "require": { "php": ">=5.6" }, "require-dev": { - "dealerdirect/phpcodesniffer-composer-installer": "^0.6.2 || ^0.7.0", - "phpcompatibility/phpcompatibility-wp": "^2.1.0", - "phpunit/phpunit": "^7.5", + "dealerdirect/phpcodesniffer-composer-installer": "^0.7.0", + "phpcompatibility/phpcompatibility-wp": "~2.1.3", + "squizlabs/php_codesniffer": "3.6.0", "wp-coding-standards/wpcs": "~2.3.0", "yoast/phpunit-polyfills": "^1.0.1" }, "type": "library", - "autoload-dev": { - "files": [ - "tests/phpunit/includes/phpunit7/MockObject/Builder/NamespaceMatch.php", - "tests/phpunit/includes/phpunit7/MockObject/Builder/ParametersMatch.php", - "tests/phpunit/includes/phpunit7/MockObject/InvocationMocker.php", - "tests/phpunit/includes/phpunit7/MockObject/MockMethod.php" - ], - "exclude-from-classmap": [ - "vendor/phpunit/phpunit/src/Framework/MockObject/Builder/NamespaceMatch.php", - "vendor/phpunit/phpunit/src/Framework/MockObject/Builder/ParametersMatch.php", - "vendor/phpunit/phpunit/src/Framework/MockObject/InvocationMocker.php", - "vendor/phpunit/phpunit/src/Framework/MockObject/MockMethod.php" - ] - }, "scripts": { "compat": [ "@php ./vendor/squizlabs/php_codesniffer/bin/phpcs --standard=phpcompat.xml.dist --report=summary,source" @@ -112,7 +99,7 @@ "support": { "issues": "https://core.trac.wordpress.org/" }, - "time": "2021-11-10T17:14:24+00:00" + "time": "2022-10-17T20:16:15+00:00" } ], "aliases": [], @@ -125,5 +112,6 @@ "platform": { "php": ">=5.3" }, - "platform-dev": [] + "platform-dev": [], + "plugin-api-version": "2.3.0" } From d44c867f189fd6d598dcf6b1b68d796f68a76750 Mon Sep 17 00:00:00 2001 From: cwells-mm Date: Tue, 29 Nov 2022 11:01:57 +0000 Subject: [PATCH 7/7] Fixed typo and updated compatibility version number --- README.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.txt b/README.txt index c349d02..176f3f5 100644 --- a/README.txt +++ b/README.txt @@ -1,7 +1,7 @@ === CrowdHandler virtual waiting room === Contributors: rickmutt Tags: waiting room, traffic management, queue management, ecommerce, CrowdHandler, -Tested up to: 6.0 +Tested up to: 6.1.1 Stable tag: 1.1.9 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -90,7 +90,7 @@ You can uninstall the plugin at any time to remove CrowdHandler from your site. == Changelog == = 1.1.9 = -* Compatibility change for crowdhHandler-php-skd release 1.05 and added crowdhandler diagnostics +* Compatibility change for crowdhHandler-php-skd release 1.0.5 and added crowdhandler diagnostics = 1.1.8 = * Compatible with WP v6.0 = 1.1.7 =