Merge pull request #36 from soderlind/abort/early

Add permission checks and strict types
soderlind · Jan 13, 2025 · 15f509f · 15f509f
2 parents c0d1d4a + 316bfc0
commit 15f509f
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Changelog
 
+All notable changes to this project will be documented in this file.
+
+### 1.8.2
+
+- Abort early if the user does not have the required permissions
+- Security: Added endpoint verification for REST API requests
+- Bug fix: Added rest endpoint permission check
+- Code improvement: Added strict types declaration
+- Code improvement: Added return type declarations
+
 ### 1.8.1
 
 - Remove duplicate code.

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
   "name": "soderlind/super-admin-all-sites-menu",
   "description": "For the super admin, replace WP Admin Bar My Sites menu with an All Sites menu.",
-  "version": "1.8.1",
+  "version": "1.8.2",
   "keywords": [
     "wordpress",
     "multisite",

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "super-admin-all-sites-menu",
-	"version": "1.8.1",
+	"version": "1.8.2",
 	"description": "For the super admin, replace WP Admin Bar My Sites menu with an All Sites menu.",
 	"main": "index.js",
 	"scripts": {

diff --git a/readme.txt b/readme.txt
@@ -1,5 +1,5 @@
 === Super Admin All Sites Menu ===
-Stable tag: 1.8.1
+Stable tag: 1.8.2
 Requires at least: 5.6  
 Tested up to: 6.7  
 Requires PHP: 8.0  
@@ -108,6 +108,14 @@ You can use the following filters to override the defaults:
 
 == Changelog ==
 
+
+= 1.8.2 =
+* Abort early if the user does not have the required permissions
+* Security: Added endpoint verification for REST API requests
+* Bug fix: Added rest endpoint permission check
+* Code improvement: Added strict types declaration
+* Code improvement: Added return type declarations
+
 = 1.8.1 =
 
 * Remove duplicate code

diff --git a/super-admin-all-sites-menu.php b/super-admin-all-sites-menu.php
@@ -12,7 +12,7 @@
  * Plugin URI: https://github.com/soderlind/super-admin-all-sites-menu
  * GitHub Plugin URI: https://github.com/soderlind/super-admin-all-sites-menu
  * Description: For the super admin, replace WP Admin Bar My Sites menu with an All Sites menu.
- * Version:     1.8.1
+ * Version:     1.8.2
  * Author:      Per Soderlind
  * Network:     true
  * Author URI:  https://soderlind.no
@@ -55,10 +55,22 @@ public function __construct(
 	) {}
 
 	public function init(): void {
+
+		// Only for super admins and REST API requests.
+		if ( ! is_super_admin() && ! wp_is_rest_endpoint() ) {
+			return;
+		}
+
+		// Only for multisite.
 		if ( ! is_multisite() ) {
 			return;
 		}
 
+		// Only for REST API requests to the correct endpoint.
+		if ( wp_is_rest_endpoint() && false === strpos( get_rest_url(), Config::REST_ENDPOINT ) ) {
+			return;
+		}
+
 		$this->set_properties();
 		$this->register_hooks();
 	}
@@ -509,5 +521,8 @@ private function remove_timestamp(): void {
 
 }
 
-// Initialize plugin
-( new SuperAdminAllSitesMenu() )->init();
+add_action( 'plugins_loaded', function () {
+	// Initialize plugin
+	( new SuperAdminAllSitesMenu() )->init();
+} );
+