 Automattic    /
                    jetpack
                      Automattic    /
                    jetpack
                
                            These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
| 1 | <?php | ||
| 2 | |||
| 3 | /** | ||
| 4 | * Allows viewing posts on the frontend when the user is not logged in. | ||
| 5 | */ | ||
| 6 | class Jetpack_Frame_Nonce_Preview { | ||
| 7 | static $instance = null; | ||
| 0 ignored issues–
                            show | |||
| 8 | |||
| 9 | /** | ||
| 10 | * Returns the single instance of the Jetpack_Frame_Nonce_Preview object | ||
| 11 | * | ||
| 12 | * @since 4.3.0 | ||
| 13 | * | ||
| 14 | * @return Jetpack_Frame_Nonce_Preview | ||
| 15 | **/ | ||
| 16 | 	public static function get_instance() { | ||
| 17 | 		if ( ! is_null( self::$instance ) ) { | ||
| 18 | return self::$instance; | ||
| 19 | } | ||
| 20 | |||
| 21 | return self::$instance = new Jetpack_Frame_Nonce_Preview(); | ||
| 22 | } | ||
| 23 | |||
| 24 | 	function __construct() { | ||
| 25 | 		if ( isset( $_GET['frame-nonce'] ) && ! is_admin() ) { | ||
| 26 | add_filter( 'pre_get_posts', array( $this, 'maybe_display_post' ) ); | ||
| 27 | } | ||
| 28 | } | ||
| 29 | |||
| 30 | /** | ||
| 31 | * Verify that frame nonce exists, and if so, validate the nonce by calling WP.com. | ||
| 32 | * | ||
| 33 | * @since 4.3.0 | ||
| 34 | * | ||
| 35 | * @return bool | ||
| 36 | */ | ||
| 37 | 	public function is_frame_nonce_valid() { | ||
| 38 | 		if ( empty( $_GET[ 'frame-nonce' ] ) ) { | ||
| 39 | return false; | ||
| 40 | } | ||
| 41 | |||
| 42 | Jetpack::load_xml_rpc_client(); | ||
| 43 | $xml = new Jetpack_IXR_Client(); | ||
| 44 | $xml->query( 'jetpack.verifyFrameNonce', sanitize_key( $_GET['frame-nonce'] ) ); | ||
| 45 | |||
| 46 | 		if ( $xml->isError() ) { | ||
| 47 | return false; | ||
| 48 | } | ||
| 49 | |||
| 50 | return (bool) $xml->getResponse(); | ||
| 51 | } | ||
| 52 | |||
| 53 | /** | ||
| 54 | * Conditionally add a hook on posts_results if this is the main query, a preview, and singular. | ||
| 55 | * | ||
| 56 | * @since 4.3.0 | ||
| 57 | * | ||
| 58 | * @param WP_Query $query | ||
| 59 | * | ||
| 60 | * @return WP_Query | ||
| 61 | */ | ||
| 62 | 	public function maybe_display_post( $query ) { | ||
| 63 | if ( | ||
| 64 | $query->is_main_query() && | ||
| 65 | $query->is_preview() && | ||
| 66 | $query->is_singular() | ||
| 67 | 		) { | ||
| 68 | add_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 ); | ||
| 69 | } | ||
| 70 | |||
| 71 | return $query; | ||
| 72 | } | ||
| 73 | |||
| 74 | /** | ||
| 75 | * Conditionally set the first post to 'publish' if the frame nonce is valid and there is a post. | ||
| 76 | * | ||
| 77 | * @since 4.3.0 | ||
| 78 | * | ||
| 79 | * @param array $posts | ||
| 80 | * | ||
| 81 | * @return array | ||
| 82 | */ | ||
| 83 | 	public function set_post_to_publish( $posts ) { | ||
| 84 | remove_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 ); | ||
| 85 | |||
| 86 | 		if ( empty( $posts ) || is_user_logged_in() || ! $this->is_frame_nonce_valid() ) { | ||
| 87 | return $posts; | ||
| 88 | } | ||
| 89 | |||
| 90 | $posts[0]->post_status = 'publish'; | ||
| 91 | |||
| 92 | // Disable comments and pings for this post. | ||
| 93 | add_filter( 'comments_open', '__return_false' ); | ||
| 94 | add_filter( 'pings_open', '__return_false' ); | ||
| 95 | |||
| 96 | return $posts; | ||
| 97 | } | ||
| 98 | } | ||
| 99 | |||
| 100 | Jetpack_Frame_Nonce_Preview::get_instance(); | ||
| 101 | 
 
                                
The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using
the property is implicitly global.
To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2.