Cli multisite

cli/purge.cls.php

@@ -166,7 +166,30 @@ public function url($args)
 		}
 
 		if (is_multisite()) {
-			if (get_blog_id_from_url($deconstructed['host'], '/') === 0) {
+			$current_blog = get_current_blog_id();
+			$path = '/';
+			// If subfolder install test if we can identify the blog from url.
+			// If subdomain install: $path needs to remain '/'.
+			if(!SUBDOMAIN_INSTALL){
+				// Get subfolder blog link. Try to match to a blog id.
+				$temp_path = explode('/', $deconstructed['path']);
+				if(!empty($temp_path[1])){
+					$path = '/'.$temp_path[1].'/'; // need / at beginning and end.
+				}
+			}
+
+			// Attempt to get blog id from URL.
+			$url_blog = get_blog_id_from_url($deconstructed['host'], $path);
+			if($url_blog && $url_blog !== $current_blog){
+				// If blog found will switch to it.
+				switch_to_blog($url_blog);
+			}
+			else{
+				$path = '/';
+			}
+
+			// Test if link can be found.
+			if (get_blog_id_from_url($deconstructed['host'], $path) === 0) {
 				WP_CLI::error('Multisite url passed in is invalid.');
 				return;
 			}
@@ -177,6 +200,8 @@ public function url($args)
 				return;
 			}
 		}
+		// Create security hash.
+		$data[Router::VALIDATE_PURGE] = Router::get_hash(Router::VALIDATE_PURGE);
 
 		WP_CLI::debug('url is ' . $url);
 

src/core.cls.php

@@ -320,6 +320,9 @@ public function proceed_action($action)
 		switch ($action) {
 			case self::ACTION_QS_PURGE:
 				Purge::set_purge_related();
+				$full_url = (\is_ssl() ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+				$full_url_no_query = strtok($full_url, '?');
+				$this->cls('Purge')->purge_url( $full_url_no_query, false, true );
 				break;
 
 			case self::ACTION_QS_SHOW_HEADERS:

src/purge.cls.php

@@ -773,7 +773,7 @@ public function purge_tag($val)
 	 * @since 1.0.7
 	 * @access public
 	 */
-	public function purge_url($url, $purge2 = false, $quite = false)
+	public function purge_url($url, $purge2 = false, $quiet = false)
 	{
 		$val = trim($url);
 		if (empty($val)) {
@@ -796,7 +796,7 @@ public function purge_url($url, $purge2 = false, $quite = false)
 
 		self::add($hash, $purge2);
 
-		!$quite && !defined('LITESPEED_PURGE_SILENT') && Admin_Display::succeed(sprintf(__('Purge url %s', 'litespeed-cache'), $val));
+		!$quiet && !defined('LITESPEED_PURGE_SILENT') && Admin_Display::succeed(sprintf(__('Purge url %s', 'litespeed-cache'), $val));
 	}
 
 	/**

src/router.cls.php

@@ -14,6 +14,7 @@ class Router extends Base
 {
 	const NONCE = 'LSCWP_NONCE';
 	const ACTION = 'LSCWP_CTRL';
+	const VALIDATE_PURGE = 'VALIDATE_PURGE';
 
 	const ACTION_SAVE_SETTINGS_NETWORK = 'save-settings-network';
 	const ACTION_DB_OPTM = 'db_optm';
@@ -268,18 +269,35 @@ public function is_role_simulation()
 	/**
 	 * Get a security hash
 	 *
+	 * @since  6.3 - Added parameters $item_name and $blog_id.
 	 * @since  3.3
 	 */
-	public static function get_hash()
+	public static function get_hash($item_name = null, $blog_id = null)
 	{
+		$save_blog = get_current_blog_id();
+		// Switch to blog if sent.
+		if($blog_id && $save_blog != $blog_id ){
+			switch_to_blog($blog_id);
+		}
+
+		// Change item name if sent.
+		if(!$item_name){
+			$item_name = self::ITEM_HASH;
+		}
+
 		// Reuse previous hash if existed
-		$hash = self::get_option(self::ITEM_HASH);
+		$hash = self::get_option($item_name);
 		if ($hash) {
 			return $hash;
 		}
 
 		$hash = Str::rrand(6);
-		self::update_option(self::ITEM_HASH, $hash);
+		self::update_option($item_name, $hash);
+		// If needed shitch back to the saved blog.
+		if($blog_id && $save_blog != $blog_id ){
+			switch_to_blog($save_blog);
+		}
+
 		return $hash;
 	}
 
@@ -501,12 +519,20 @@ private function verify_action()
 		// Each action must have a valid nonce unless its from admin ip and is public action
 		// Validate requests nonce (from admin logged in page or cli)
 		if (!$this->verify_nonce($action)) {
-			// check if it is from admin ip
-			if (!$this->is_admin_ip()) {
+			// check if action is from admin ip. skip test for action Core::ACTION_QS_PURGE.
+			if ( $action != Core::ACTION_QS_PURGE && !$this->is_admin_ip()) {
 				Debug2::debug('[Router] LSCWP_CTRL query string - did not match admin IP: ' . $action);
 				return;
 			}
 
+			$hash = Router::get_hash(self::VALIDATE_PURGE);
+
+			// Validate request for action Core::ACTION_QS_PURGE. test if request parameter isset and is correct.
+			if( $action == Core::ACTION_QS_PURGE && ( !isset($_REQUEST[Router::VALIDATE_PURGE]) || $_REQUEST[Router::VALIDATE_PURGE] != $hash ) ){
+				Debug2::debug('[Router] LSCWP_CTRL query string - could not validate request for: ' . $action);
+				return;
+			}
+
 			// check if it is public action
 			if (
 				!in_array($action, array(
@@ -518,7 +544,7 @@ private function verify_action()
 					Core::ACTION_QS_PURGE_EMPTYCACHE,
 				))
 			) {
-				Debug2::debug('[Router] LSCWP_CTRL query string - did not match admin IP Actions: ' . $action);
+				Debug2::debug('[Router] LSCWP_CTRL query string - did not match public action: ' . $action);
 				return;
 			}
 
@@ -764,4 +790,4 @@ public function handler($cls)
 
 		return $this->cls($cls)->handler();
 	}
-}
+}

src/vary.cls.php

@@ -667,7 +667,7 @@ public function finalize()
 		$tp_cookies = $this->_finalize_curr_vary_cookies();
 
 		if (!$tp_cookies) {
-			Debug2::debug2('[Vary] no custimzed vary');
+			Debug2::debug2('[Vary] no customized vary');
 			return;
 		}