Completed
Push — update/yarn-lock ( a94fb1 )
by
unknown
65:41 queued 58:19
created

Jetpack_Frame_Nonce_Preview::maybe_display_post()   A

Complexity

Conditions 4
Paths 2

Size

Total Lines 11
Code Lines 7

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 4
eloc 7
nc 2
nop 1
dl 0
loc 11
rs 9.2
c 0
b 0
f 0
1
<?php
2
3
/**
4
 * Allows viewing posts on the frontend when the user is not logged in.
5
 */
6
class Jetpack_Frame_Nonce_Preview {
7
	static $instance = null;
0 ignored issues
show
Coding Style introduced by
The visibility should be declared for property $instance.

The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using

class A {
    var $property;
}

the property is implicitly global.

To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2.

Loading history...
8
9
	/**
10
	 * Returns the single instance of the Jetpack_Frame_Nonce_Preview object
11
	 *
12
	 * @since 4.3.0
13
	 *
14
	 * @return Jetpack_Frame_Nonce_Preview
15
	 **/
16
	public static function get_instance() {
17
		if ( ! is_null( self::$instance ) ) {
18
			return self::$instance;
19
		}
20
21
		return self::$instance = new Jetpack_Frame_Nonce_Preview();
22
	}
23
24
	function __construct() {
25
		if ( isset( $_GET['frame-nonce'] ) && ! is_admin() ) {
26
			add_filter( 'pre_get_posts', array( $this, 'maybe_display_post' ) );
27
		}
28
	}
29
30
	/**
31
	 * Verify that frame nonce exists, and if so, validate the nonce by calling WP.com.
32
	 *
33
	 * @since 4.3.0
34
	 *
35
	 * @return bool
36
	 */
37
	public function is_frame_nonce_valid() {
38
		if ( empty( $_GET[ 'frame-nonce' ] ) ) {
39
			return false;
40
		}
41
42
		Jetpack::load_xml_rpc_client();
43
		$xml = new Jetpack_IXR_Client();
44
		$xml->query( 'jetpack.verifyFrameNonce', sanitize_key( $_GET['frame-nonce'] ) );
45
46
		if ( $xml->isError() ) {
47
			return false;
48
		}
49
50
		return (bool) $xml->getResponse();
51
	}
52
53
	/**
54
	 * Conditionally add a hook on posts_results if this is the main query, a preview, and singular.
55
	 *
56
	 * @since 4.3.0
57
	 *
58
	 * @param WP_Query $query
59
	 *
60
	 * @return WP_Query
61
	 */
62
	public function maybe_display_post( $query ) {
63
		if (
64
			$query->is_main_query() &&
65
			$query->is_preview() &&
66
			$query->is_singular()
67
		) {
68
			add_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 );
69
		}
70
71
		return $query;
72
	}
73
74
	/**
75
	 * Conditionally set the first post to 'publish' if the frame nonce is valid and there is a post.
76
	 *
77
	 * @since 4.3.0
78
	 *
79
	 * @param array $posts
80
	 *
81
	 * @return array
82
	 */
83
	public function set_post_to_publish( $posts ) {
84
		remove_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 );
85
86
		if ( empty( $posts ) || is_user_logged_in() || ! $this->is_frame_nonce_valid() ) {
87
			return $posts;
88
		}
89
90
		$posts[0]->post_status = 'publish';
91
92
		// Disable comments and pings for this post.
93
		add_filter( 'comments_open', '__return_false' );
94
		add_filter( 'pings_open', '__return_false' );
95
96
		return $posts;
97
	}
98
}
99
100
Jetpack_Frame_Nonce_Preview::get_instance();
101