From 31d4d03967172945ffbd001008f82f6995ac6717 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 09:48:30 +0000 Subject: [PATCH 01/15] Work in progress commit. --- public/app/mu-plugins/moj-auth/verify.php | 5 + public/app/themes/justice/inc/search.php | 88 ++++++++++++++++-- public/app/themes/justice/inc/security.php | 101 ++++++++++++++++++++- 3 files changed, 185 insertions(+), 9 deletions(-) diff --git a/public/app/mu-plugins/moj-auth/verify.php b/public/app/mu-plugins/moj-auth/verify.php index ad03d203..f3e426b1 100644 --- a/public/app/mu-plugins/moj-auth/verify.php +++ b/public/app/mu-plugins/moj-auth/verify.php @@ -17,6 +17,11 @@ http_response_code(401) && exit(); } +if (isset($_ENV['MOJ_AUTH_ENABLED']) && $_ENV['MOJ_AUTH_ENABLED'] === 'false') { + error_log('MOJ_AUTH_ENABLED is false - skipping auth check.'); + http_response_code(200) && exit(); +} + require_once $autoload; require_once 'traits/jwt.php'; require_once 'traits/utils.php'; diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index 61b48a82..18665eca 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -15,28 +15,28 @@ public function __construct() public function addHooks() { // Add a rewrite rule to handle an empty search. - add_action('init', fn () => add_rewrite_rule('search/?$', 'index.php?s=', 'bottom')); + add_action('init', fn() => add_rewrite_rule('search/?$', 'index.php?s=', 'bottom')); // Add a rewrite rule to handle the old search urls. add_action('template_redirect', [$this, 'redirectOldSearchUrls']); // Add a rewrite rule to handle the search string. add_filter('posts_search', [$this, 'handleEmptySearch'], 10, 2); // Add a query var for the parent page. This will be handled in relevanssiParentFilter. - add_filter('query_vars', fn ($qv) => array_merge($qv, array('parent'))); + add_filter('query_vars', fn($qv) => array_merge($qv, array('parent'))); // Update the search query. add_action('pre_get_posts', [$this, 'searchFilter']); // Relevanssi - prevent sending documents to the Relevanssi API. - add_filter('option_relevanssi_do_not_call_home', fn () => 'on'); - add_filter('default_option_relevanssi_do_not_call_home', fn () => 'on'); + add_filter('option_relevanssi_do_not_call_home', fn() => 'on'); + add_filter('default_option_relevanssi_do_not_call_home', fn() => 'on'); // Relevanssi - prevent click tracking. We don't need it and it makes the search results url messy. - add_filter('option_relevanssi_click_tracking', fn () => 'off'); - add_filter('default_option_relevanssi_click_tracking', fn () => 'off'); + add_filter('option_relevanssi_click_tracking', fn() => 'off'); + add_filter('default_option_relevanssi_click_tracking', fn() => 'off'); // Relevanssi - filters the did you mean url, to use /search instead of s=. add_filter('relevanssi_didyoumean_url', [$this, 'didYouMeanUrl'], 10, 3); // Relevanssi - add numbers to the did you mean alphabet. - add_filter('relevanssi_didyoumean_alphabet', fn ($alphabet) => $alphabet . '0123456789'); + add_filter('relevanssi_didyoumean_alphabet', fn($alphabet) => $alphabet . '0123456789'); // Relevanssi - filters the search results to only include the descendants. add_filter('relevanssi_hits_filter', [$this, 'relevanssiParentFilter']); @@ -47,6 +47,12 @@ public function addHooks() // Relevanssi - remove searches submenus for non-admins. add_filter('admin_menu', [$this, 'removeSearchesSubMenus'], 999); + + // Redirect the user to the search page if the URI contains multiple pages. + add_action('init', [$this, 'redirectMultiplePageInURI'], 1); + + // Run redirectIfQueryStringHasArrays early to avoid any issues with the query string. + add_action('init', [$this, 'redirectIfQueryStringHasArrays'], 1); } /** @@ -327,4 +333,72 @@ public function removeSearchesSubMenus() remove_submenu_page('index.php', 'relevanssi_admin_search'); } } + + /** + * Handle malformed search URLs where the path has multiple pages. + * + * e.g /search/the/page/page/11 + */ + + public function redirectMultiplePageInURI() + { + $uri = $_SERVER['REQUEST_URI']; + // Trim the first and last slash + $uri = trim($uri, '/'); + // Split the URI by '/' + $uri_parts = explode('/', $uri); + + // Check if the URI has at least 4 parts and the first part is 'search' + if (sizeof($uri_parts) < 4 || $uri_parts[0] !== 'search') { + return; + } + + // Remove the first 2 from the array + $uri_parts = array_slice($uri_parts, 2); + + // Count the number of times 'page' appears in the $uri_parts + $pages_count = array_count_values($uri_parts)['page']; + + if ($pages_count > 1) { + // Redirect to the search page + $url = home_url('/search'); + wp_redirect($url); + exit; + } + } + + + /** + * Handle malformed search URLs with arrays in the query string. + * + * This function will redirect the user to the search page if the query string contains arrays. + * e.g. /search?audience[$testing]=1 or /search?audience%5B%24testing%5D=1 + * + * @return void + */ + + public function redirectIfQueryStringHasArrays() + { + // Are we on a search page? The URI starts with /search + if (strpos($_SERVER['REQUEST_URI'], '/search') === false) { + return; + } + + $query_string = $_SERVER['QUERY_STRING']; + $query_string = explode('&', $query_string); + + foreach ($query_string as $query) { + error_log($query); + // Get key and value + [$key] = explode('=', $query); + + // Use regex to see if the key contains any of the invalid strings + if (preg_match('/(%5B|%5D|\[|\])/', $key)) { + // Redirect to the search page + $url = home_url('/search'); + wp_redirect($url); + exit; + } + } + } } diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 254b6f07..f00ca009 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -2,30 +2,63 @@ namespace MOJ\Justice; +use WP_Error; + /** * Add a little security for WordPress */ class Security { + + private $wp_version; + private $hashed_wp_version; + /** - * Loads up actions that are called when WordPress initialises + * Set properties and run actions. */ public function __construct() { + // Get the WordPress version. + $this->wp_version = get_bloginfo('version'); + // Hash the WP version number with a salt - let's borrow AUTH_SALT for this. + // This way a we get a unique hash per WP version but it's not reversible. + $this->hashed_wp_version = substr(md5($this->wp_version . AUTH_SALT), 0, 6); + $this->actions(); } /** + * Loads up actions that are called when WordPress initialises + * * @return void */ public function actions(): void { - // no generator meta tag in the head + // No generator meta tag in the head remove_action('wp_head', 'wp_generator'); add_filter('redirect_canonical', [$this, 'noRedirect404']); + add_filter('xmlrpc_enabled', '__return_false'); add_filter('wp_headers', [$this, 'headerMods']); add_filter('auth_cookie_expiration', [$this, 'setLoginPeriod'], 10, 0); + + // Handle malformed URLs with arrays in the query string. + add_filter('login_init', [$this, 'validateLoginRequest'], 10, 0); + + // Remove emoji support. + remove_action('wp_head', 'print_emoji_detection_script', 7); + remove_action('wp_print_styles', 'print_emoji_styles'); + + // Strip the WP version number from enqueued asset URLs. + add_filter('style_loader_tag', [$this, 'filterAssetQueryString'], 10, 1); + // change the url with script_loader_tag + add_filter('script_loader_tag', [$this, 'filterAssetQueryString'], 10, 1); + + // Hide the WP version number from the feeds. + add_filter('the_generator', '__return_empty_string'); + + // Disable REST API for non-logged in users. + add_filter('rest_authentication_errors', [$this, 'restAuth']); } /** @@ -69,4 +102,68 @@ public function setLoginPeriod(): float|int { return 7 * DAY_IN_SECONDS; // Cookies set to expire in 7 days. } + + /** + * Handle malformed URLs with arrays in the query string. + * + * This function will return a 404 if the query string contains arrays for wp_lang. + * e.g. /wp/wp-login.php?wp_lang%5B%24testing%5D=1 + * + * @return void + */ + + public function validateLoginRequest() + { + // TODO - fix this! + // https://justice.docker/wp/wp-login.php?wp_lang%5B%24testing%5D=1 + error_log('In validateLoginRequest'); + if (isset($_GET['wp_lang']) && is_array($_GET['wp_lang'])) { + wp_safe_redirect(wp_login_url()); + exit; + } + } + + /** + * Change the URL of the style tag + * + * @param $html string The HTML string of a link or script tag. + * @return string The modified HTML string. + */ + + public function filterAssetQueryString($html): string + { + return str_replace('ver=' . $this->wp_version, 'ver=' . $this->hashed_wp_version, $html); + } + + + /** + * Disable REST API for non-logged in users. + * + * @see https://developer.wordpress.org/reference/hooks/rest_authentication_errors/ + * + * @param WP_Error|null|true $result + * @return WP_Error|null|true + */ + public function restAuth(WP_Error|null|true $result): WP_Error|null|true + { + // If a previous authentication check was applied, + // pass that result along without modification. + if (true === $result || is_wp_error($result)) { + return $result; + } + + // No authentication has been performed yet. + // Return an error if user is not logged in. + if (! is_user_logged_in()) { + return new WP_Error( + 'rest_not_logged_in', + __('You are not currently logged in.'), + array('status' => 401) + ); + } + + // Our custom authentication check should have no effect + // on logged-in requests + return $result; + } } From 507e457aff7adbe97292d8efa416dbdbfe49880a Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 15:38:27 +0000 Subject: [PATCH 02/15] Update security.php --- public/app/themes/justice/inc/security.php | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index f00ca009..6b204627 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -103,26 +103,6 @@ public function setLoginPeriod(): float|int return 7 * DAY_IN_SECONDS; // Cookies set to expire in 7 days. } - /** - * Handle malformed URLs with arrays in the query string. - * - * This function will return a 404 if the query string contains arrays for wp_lang. - * e.g. /wp/wp-login.php?wp_lang%5B%24testing%5D=1 - * - * @return void - */ - - public function validateLoginRequest() - { - // TODO - fix this! - // https://justice.docker/wp/wp-login.php?wp_lang%5B%24testing%5D=1 - error_log('In validateLoginRequest'); - if (isset($_GET['wp_lang']) && is_array($_GET['wp_lang'])) { - wp_safe_redirect(wp_login_url()); - exit; - } - } - /** * Change the URL of the style tag * From 4519b9c749574d2801e8e5b4b6c2fdc15a36ff78 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:12:52 +0000 Subject: [PATCH 03/15] Fix formatting --- public/app/themes/justice/inc/search.php | 14 -------------- public/app/themes/justice/inc/security.php | 1 - 2 files changed, 15 deletions(-) diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index 18665eca..00f851bd 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -60,7 +60,6 @@ public function addHooks() * * @return bool True if the search query is empty, false otherwise. */ - public function hasEmptyQuery(): bool { return empty(get_search_query()); @@ -71,7 +70,6 @@ public function hasEmptyQuery(): bool * * @return int|null The number of search results. */ - public function getResultCount(): ?int { if (empty(get_search_query())) { @@ -89,7 +87,6 @@ public function getResultCount(): ?int * @param array $args An array of query parameters to add or modify. * @return string The URL for the search results. */ - public function getSearchUrl($search, $args = []) { $url_append = ''; @@ -127,7 +124,6 @@ public function getSearchUrl($search, $args = []) * * @return array An array of sort options. */ - public function getSortOptions(): array { $orderby = get_query_var('orderby'); @@ -151,7 +147,6 @@ public function getSortOptions(): array * * @return void */ - public function redirectOldSearchUrls() { // Don't redirect if we're in the admin. @@ -184,7 +179,6 @@ public function redirectOldSearchUrls() * @param \WP_Query $q The main WordPress query. * @return string The modified search query. */ - public function handleEmptySearch($search, \WP_Query $q) { if (!is_admin() && empty($search) && $q->is_search() && $q->is_main_query()) { @@ -203,7 +197,6 @@ public function handleEmptySearch($search, \WP_Query $q) * @param \WP_Query $query The main WordPress query. * @return void */ - public function searchFilter($query) { if (!is_admin() && $query->is_main_query() && $query->is_search) { @@ -217,7 +210,6 @@ public function searchFilter($query) * @param string $url The URL to format. * @return string The formatted URL. */ - public function formattedUrl(string $url): string { $split_length = 80; @@ -247,7 +239,6 @@ public function formattedUrl(string $url): string * @param string $suggestion The suggested search query. * @return string The filtered URL. */ - public function didYouMeanUrl($url, $query, $suggestion): string { return empty($suggestion) ? $url : $this->getSearchUrl($suggestion); @@ -263,7 +254,6 @@ public function didYouMeanUrl($url, $query, $suggestion): string * @param array $hits The search results. * @return array The filtered search results. */ - public function relevanssiParentFilter(array $hits): array { global $wp_query; @@ -306,7 +296,6 @@ public function relevanssiParentFilter(array $hits): array * @param array $columns The columns for the admin screen. * @return array The columns after removing any un-necessary ones. */ - public function removeColumns(array $columns): array { if (!current_user_can('manage_options')) { @@ -325,7 +314,6 @@ public function removeColumns(array $columns): array * * @return void */ - public function removeSearchesSubMenus() { if (!current_user_can('manage_options')) { @@ -339,7 +327,6 @@ public function removeSearchesSubMenus() * * e.g /search/the/page/page/11 */ - public function redirectMultiplePageInURI() { $uri = $_SERVER['REQUEST_URI']; @@ -376,7 +363,6 @@ public function redirectMultiplePageInURI() * * @return void */ - public function redirectIfQueryStringHasArrays() { // Are we on a search page? The URI starts with /search diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 6b204627..7456ecfe 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -109,7 +109,6 @@ public function setLoginPeriod(): float|int * @param $html string The HTML string of a link or script tag. * @return string The modified HTML string. */ - public function filterAssetQueryString($html): string { return str_replace('ver=' . $this->wp_version, 'ver=' . $this->hashed_wp_version, $html); From b2ce6c93249dafb5474e6ba025695704e6491b1f Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:18:53 +0000 Subject: [PATCH 04/15] Upgrade hash algo. --- public/app/themes/justice/inc/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 7456ecfe..89d9b058 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -22,7 +22,7 @@ public function __construct() $this->wp_version = get_bloginfo('version'); // Hash the WP version number with a salt - let's borrow AUTH_SALT for this. // This way a we get a unique hash per WP version but it's not reversible. - $this->hashed_wp_version = substr(md5($this->wp_version . AUTH_SALT), 0, 6); + $this->hashed_wp_version = substr(hash('sha256', $this->wp_version . AUTH_SALT), 0, 6); $this->actions(); } From d4a18e4760785d0c2864aa577dfa6703a0b48c46 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:21:37 +0000 Subject: [PATCH 05/15] Update search.php --- public/app/themes/justice/inc/search.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index 00f851bd..b8a67f19 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -326,8 +326,10 @@ public function removeSearchesSubMenus() * Handle malformed search URLs where the path has multiple pages. * * e.g /search/the/page/page/11 + * + * @return void */ - public function redirectMultiplePageInURI() + public function redirectMultiplePageInURI(): void { $uri = $_SERVER['REQUEST_URI']; // Trim the first and last slash @@ -363,7 +365,7 @@ public function redirectMultiplePageInURI() * * @return void */ - public function redirectIfQueryStringHasArrays() + public function redirectIfQueryStringHasArrays(): void { // Are we on a search page? The URI starts with /search if (strpos($_SERVER['REQUEST_URI'], '/search') === false) { From 982329f0b56cce0bde4cc122da7d872dc3ec13d7 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:24:38 +0000 Subject: [PATCH 06/15] Update search.php --- public/app/themes/justice/inc/search.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index b8a67f19..7f83f4ca 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -372,8 +372,7 @@ public function redirectIfQueryStringHasArrays(): void return; } - $query_string = $_SERVER['QUERY_STRING']; - $query_string = explode('&', $query_string); + $query_string = explode('&', $_SERVER['QUERY_STRING'] ?? ''); foreach ($query_string as $query) { error_log($query); From 7171ced8942837222d297f7f2572b8d4b493ef67 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:27:14 +0000 Subject: [PATCH 07/15] Update security.php --- public/app/themes/justice/inc/security.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 89d9b058..03b9f65c 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -106,12 +106,12 @@ public function setLoginPeriod(): float|int /** * Change the URL of the style tag * - * @param $html string The HTML string of a link or script tag. + * @param $tag string The HTML string of a link or script tag. * @return string The modified HTML string. */ - public function filterAssetQueryString($html): string + public function filterAssetQueryString(string $tag): string { - return str_replace('ver=' . $this->wp_version, 'ver=' . $this->hashed_wp_version, $html); + return str_replace('ver=' . $this->wp_version, 'ver=' . $this->hashed_wp_version, $tag); } From c8b8462e81e3ac5b9c309fb842b16a4967d6594f Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:28:06 +0000 Subject: [PATCH 08/15] Update security.php --- public/app/themes/justice/inc/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 03b9f65c..c2d2bef7 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -104,7 +104,7 @@ public function setLoginPeriod(): float|int } /** - * Change the URL of the style tag + * Change the URL of the script or style tags. * * @param $tag string The HTML string of a link or script tag. * @return string The modified HTML string. From f6d94ad72d23f463e29f25373207c4b5a3f0fdc4 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:28:30 +0000 Subject: [PATCH 09/15] Update security.php --- public/app/themes/justice/inc/security.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index c2d2bef7..45b3c4b1 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -105,6 +105,8 @@ public function setLoginPeriod(): float|int /** * Change the URL of the script or style tags. + * + * @see https://developer.wordpress.org/reference/hooks/style_loader_tag/ * * @param $tag string The HTML string of a link or script tag. * @return string The modified HTML string. From 4e72b87a5480e4c4cb44d85a08d07c9e0980fcb9 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:31:24 +0000 Subject: [PATCH 10/15] Update security.php --- public/app/themes/justice/inc/security.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 45b3c4b1..70498625 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -22,7 +22,7 @@ public function __construct() $this->wp_version = get_bloginfo('version'); // Hash the WP version number with a salt - let's borrow AUTH_SALT for this. // This way a we get a unique hash per WP version but it's not reversible. - $this->hashed_wp_version = substr(hash('sha256', $this->wp_version . AUTH_SALT), 0, 6); + $this->hashed_wp_version = substr(hash('sha256', $this->wp_version . AUTH_SALT), 0, 6); $this->actions(); } From c84cc2a7f9dbf907c9e0479f87264618670d071a Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:32:19 +0000 Subject: [PATCH 11/15] Update search.php --- public/app/themes/justice/inc/search.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index 7f83f4ca..2637f037 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -331,9 +331,8 @@ public function removeSearchesSubMenus() */ public function redirectMultiplePageInURI(): void { - $uri = $_SERVER['REQUEST_URI']; // Trim the first and last slash - $uri = trim($uri, '/'); + $uri = trim($_SERVER['REQUEST_URI'], '/'); // Split the URI by '/' $uri_parts = explode('/', $uri); From fae7c2d956d2bdb863edfdb4381cddb41ff33649 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:34:36 +0000 Subject: [PATCH 12/15] Update search.php --- public/app/themes/justice/inc/search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index 2637f037..907bd6f2 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -51,7 +51,7 @@ public function addHooks() // Redirect the user to the search page if the URI contains multiple pages. add_action('init', [$this, 'redirectMultiplePageInURI'], 1); - // Run redirectIfQueryStringHasArrays early to avoid any issues with the query string. + // Redirect the user to the search page if there are arrays in the the query string. add_action('init', [$this, 'redirectIfQueryStringHasArrays'], 1); } From 65c29dd082baf1278e60ab374ca6c3d65e0f830f Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:37:52 +0000 Subject: [PATCH 13/15] Run `phpcbf` --- public/app/themes/justice/inc/search.php | 2 +- public/app/themes/justice/inc/security.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/public/app/themes/justice/inc/search.php b/public/app/themes/justice/inc/search.php index 907bd6f2..5e55d624 100644 --- a/public/app/themes/justice/inc/search.php +++ b/public/app/themes/justice/inc/search.php @@ -326,7 +326,7 @@ public function removeSearchesSubMenus() * Handle malformed search URLs where the path has multiple pages. * * e.g /search/the/page/page/11 - * + * * @return void */ public function redirectMultiplePageInURI(): void diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 70498625..62225f48 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -105,7 +105,7 @@ public function setLoginPeriod(): float|int /** * Change the URL of the script or style tags. - * + * * @see https://developer.wordpress.org/reference/hooks/style_loader_tag/ * * @param $tag string The HTML string of a link or script tag. From 3a8eba636696b2bd57cbdeaf8cdac88d03a26a04 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 12 Dec 2024 16:47:14 +0000 Subject: [PATCH 14/15] Update security.php --- public/app/themes/justice/inc/security.php | 1 - 1 file changed, 1 deletion(-) diff --git a/public/app/themes/justice/inc/security.php b/public/app/themes/justice/inc/security.php index 62225f48..a4fd344f 100644 --- a/public/app/themes/justice/inc/security.php +++ b/public/app/themes/justice/inc/security.php @@ -116,7 +116,6 @@ public function filterAssetQueryString(string $tag): string return str_replace('ver=' . $this->wp_version, 'ver=' . $this->hashed_wp_version, $tag); } - /** * Disable REST API for non-logged in users. * From e8e575c74fc3a45a4bc3270f3c0d1dbc0b6d70ed Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Fri, 13 Dec 2024 09:40:23 +0000 Subject: [PATCH 15/15] Update verify.php --- public/app/mu-plugins/moj-auth/verify.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/public/app/mu-plugins/moj-auth/verify.php b/public/app/mu-plugins/moj-auth/verify.php index f3e426b1..45070c52 100644 --- a/public/app/mu-plugins/moj-auth/verify.php +++ b/public/app/mu-plugins/moj-auth/verify.php @@ -8,6 +8,12 @@ http_response_code(401) && exit(); } +// Return 200 if MOJ_AUTH_ENABLED is exactly equal to false, useful when working locally. +if (isset($_ENV['MOJ_AUTH_ENABLED']) && $_ENV['MOJ_AUTH_ENABLED'] === 'false') { + error_log('MOJ_AUTH_ENABLED is false - skipping auth check.'); + http_response_code(200) && exit(); +} + define('DOING_STANDALONE_VERIFY', true); $autoload = '../../../../vendor/autoload.php'; @@ -17,11 +23,6 @@ http_response_code(401) && exit(); } -if (isset($_ENV['MOJ_AUTH_ENABLED']) && $_ENV['MOJ_AUTH_ENABLED'] === 'false') { - error_log('MOJ_AUTH_ENABLED is false - skipping auth check.'); - http_response_code(200) && exit(); -} - require_once $autoload; require_once 'traits/jwt.php'; require_once 'traits/utils.php';