Protect Endpoints bug with Whitelisted and Protected endpoints #14
Comments
|
I confirm. I use apache userdir and my address is: So, a possible route is At this time only the domain is considered and not the siteurl or home as written in the db options. The comparison fails, as stripping out the wp-json is equal comparing: So I commented out the line: It would be useful to have the full flow by removing not only the domain but the whole siteurl. Thank you, ps. how to retrieve the user id from the authorized endpoint? |
|
I'm sorry, I tried several options but I can't figure out what should I write in the Protected endpoints (using Apply only on Specific REST endpoints option) if I want to protect this endpoint: Thank you, |
|
Hello @canonex, In the protect endpoints, you neet to add
|
Proposed fix for Protect endpoints issue #14
Bug Description
Hello!
Trying the new feature Protect Endpoints in the 3.4.0 version I've found a bug with whitelisted or protected endpoints.
I'm working in a subfolder WP install like www.mysite/subfolder
I'm looking in function isEndpointProtected($endpoint) in file ProtectEndpointService.php
The removeWpJsonFromEndpoint function called in lines 82 and 102 strips /wp-json from the strings:
if my string is www.mysite/**subfolder**/wp-json/endpoint the comparison is always wrong
The function removeWpJsonFromEndpoint changes the string in: www.mysite/subfolder/endpoint and on line 91 or 106 this string is compared with strpos() to www.mysite/subfolder/wp-json/endpoint and retrieves a wrong result
Environment
The text was updated successfully, but these errors were encountered: