safe-mode.php — WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager 2.2.4

insert-headers-and-footers / includes / safe-mode.php

insert-headers-and-footers / includes Last commit date

admin 1 year ago auto-insert 1 year ago conditional-logic 1 year ago execute 1 year ago generator 2 years ago lite 1 year ago capabilities.php 2 years ago class-wpcode-admin-bar-info.php 2 years ago class-wpcode-auto-insert.php 1 year ago class-wpcode-capabilities.php 3 years ago class-wpcode-conditional-logic.php 1 year ago class-wpcode-error.php 2 years ago class-wpcode-file-cache.php 1 year ago class-wpcode-file-logger.php 3 years ago class-wpcode-generator.php 3 years ago class-wpcode-install.php 2 years ago class-wpcode-library-auth.php 1 year ago class-wpcode-library.php 1 year ago class-wpcode-settings.php 2 years ago class-wpcode-smart-tags.php 2 years ago class-wpcode-snippet-cache.php 2 years ago class-wpcode-snippet-execute.php 1 year ago class-wpcode-snippet.php 1 year ago compat.php 2 years ago global-output.php 2 years ago helpers.php 1 year ago icons.php 1 year ago ihaf.php 3 years ago legacy.php 3 years ago pluggable.php 2 years ago post-type.php 1 year ago safe-mode.php 2 years ago shortcode.php 2 years ago

safe-mode.php

136 lines

1	<?php
2	/**
3	* Safe mode query var logic.
4	*
5	* @package WPCode
6	*/
7
8	if ( ! defined( 'ABSPATH' ) ) {
9	exit;
10	}
11
12	add_action( 'plugins_loaded', 'wpcode_maybe_enable_safe_mode' );
13	add_filter( 'wpcode_do_auto_insert', 'wpcode_maybe_prevent_execution' );
14
15	/**
16	* Simple check to see if we should be adding safe-mode logic.
17	*
18	* @return void
19	*/
20	function wpcode_maybe_enable_safe_mode() {
21	if ( ! isset( $_GET['wpcode-safe-mode'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
22	return;
23	}
24
25	// If we're in safe mode, let's make sure all URLs keep the param until we are safe to get out.
26	add_filter( 'home_url', 'wpcode_keep_safe_mode' );
27	add_filter( 'admin_url', 'wpcode_keep_safe_mode' );
28	add_filter( 'site_url', 'wpcode_keep_safe_mode_login', 10, 3 );
29	// The admin menu doesn't offer a hook to change all the menu links so we do it with JS.
30	add_action( 'admin_footer', 'wpcode_keep_safe_mode_admin_menu' );
31	// Show a notice informing the user we're in safe mode and offer a way to get out.
32	add_action( 'admin_notices', 'wpcode_safe_mode_notice' );
33	add_action( 'wpcode_admin_notices', 'wpcode_safe_mode_notice' );
34	}
35
36	/**
37	* Make sure the URL keeps the safe mode variable.
38	*
39	* @param string $url The home or admin base URL.
40	*
41	* @return string
42	*/
43	function wpcode_keep_safe_mode( $url ) {
44	return add_query_arg( 'wpcode-safe-mode', 1, $url );
45	}
46
47	/**
48	* Force safe mode to all URLs displayed in the admin so we can keep navigating
49	* using safe mode as there's no hook in WP to change the main admin menu.
50	*
51	* @return void
52	*/
53	function wpcode_keep_safe_mode_admin_menu() {
54	// There's no reliable way to filter all the admin menu links so we have to force them via JS.
55	// There's also a notice being added to allow users to "exit" safe mode.
56	?>
57	<script type="text/javascript">
58	[...document.querySelectorAll( 'a:not(.wpcode-safe-mode)' )].forEach( e => {
59	const url = new URL( e.href );
60	url.searchParams.set( 'wpcode-safe-mode', '1' );
61	e.href = url.toString();
62	} );
63	</script>
64	<?php
65	}
66
67	/**
68	* Show a notice informing the user we're in safe mode and offer a way to get out.
69	*
70	* @return void
71	*/
72	function wpcode_safe_mode_notice() {
73	?>
74	<div class="notice notice-warning">
75	<p><?php esc_html_e( 'WPCode is in Safe Mode which means no snippets are getting executed. Please disable any snippets that have caused errors and when done click the button below to exit safe mode.', 'insert-headers-and-footers' ); ?></p>
76	<p><?php esc_html_e( 'The link will open in a new window so if you are still encountering issues you safely can return to this tab and make further adjustments', 'insert-headers-and-footers' ); ?></p>
77	<p>
78	<a class="button button-secondary wpcode-safe-mode" href="<?php echo esc_url( remove_query_arg( 'wpcode-safe-mode' ) ); ?>" target="_blank"><?php esc_html_e( 'Exit safe mode', 'insert-headers-and-footers' ); ?></a>
79	</p>
80	</div>
81	<?php
82	}
83
84	/**
85	* Let's check if we're in the admin or if the current user can manage
86	* snippets before allowing them to see the site with snippets disabled.
87	*
88	* @param bool $execute Execute snippets or not.
89	*
90	* @return mixed
91	*/
92	function wpcode_maybe_prevent_execution( $execute ) {
93	if ( ! isset( $_GET['wpcode-safe-mode'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
94	return $execute;
95	}
96
97	if ( wpcode_is_wplogin() \|\| current_user_can( 'wpcode_activate_snippets' ) ) {
98	return false;
99	}
100
101	return $execute;
102	}
103
104	/**
105	* Checks schema passed to site_url and adds the safe mode query param
106	* so we can login using safe mode.
107	*
108	* @param string $url The site_url already processed.
109	* @param string $path The path that was added to the URL.
110	* @param string $scheme The scheme that was requested.
111	*
112	* @return string
113	*/
114	function wpcode_keep_safe_mode_login( $url, $path, $scheme ) {
115	if ( 'login_post' !== $scheme ) {
116	return $url;
117	}
118
119	return add_query_arg( 'wpcode-safe-mode', 1, $url );
120	}
121
122	/**
123	* Helper function that checks if we are on the login screen
124	* to allow admins to attempt to log in and disable snippets
125	* without having to edit code.
126	*
127	* @return bool
128	*/
129	function wpcode_is_wplogin() {
130	if ( empty( $_SERVER['REQUEST_URI'] ) ) {
131	return false;
132	}
133
134	return false !== stripos( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ), strrchr( wp_login_url(), '/' ) );
135	}
136