diff --git a/composer.json b/composer.json
index 7550dfd..49a7a03 100644
--- a/composer.json
+++ b/composer.json
@@ -5,8 +5,7 @@
},
"require-dev": {
"dxw/phar-install": "^1.1",
- "friendsofphp/php-cs-fixer": "^2.0",
- "kahlan/kahlan": "^4.7"
+ "friendsofphp/php-cs-fixer": "^2.0"
},
"scripts": {
"post-update-cmd": "vendor/bin/phar-install"
diff --git a/composer.lock b/composer.lock
index 1659194..9903df5 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "f107bed3e3c35b450083dab8d33539d3",
+ "content-hash": "352f63c59b2bf1b4f66ffc43b3b8a947",
"packages": [
{
"name": "dxw/cidr",
@@ -820,64 +820,6 @@
],
"time": "2021-11-15T17:17:55+00:00"
},
- {
- "name": "kahlan/kahlan",
- "version": "4.7.7",
- "source": {
- "type": "git",
- "url": "https://github.com/kahlan/kahlan.git",
- "reference": "36ec916f7c7b067239431d3da0dc1da172bc98bb"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/kahlan/kahlan/zipball/36ec916f7c7b067239431d3da0dc1da172bc98bb",
- "reference": "36ec916f7c7b067239431d3da0dc1da172bc98bb",
- "shasum": ""
- },
- "require": {
- "php": ">=5.5"
- },
- "require-dev": {
- "squizlabs/php_codesniffer": "^3.4"
- },
- "bin": [
- "bin/kahlan"
- ],
- "type": "library",
- "autoload": {
- "files": [
- "src/functions.php"
- ],
- "psr-4": {
- "Kahlan\\": "src/"
- }
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "CrysaLEAD"
- }
- ],
- "description": "The PHP Test Framework for Freedom, Truth and Justice.",
- "keywords": [
- "BDD",
- "Behavior-Driven Development",
- "Monkey Patching",
- "TDD",
- "mock",
- "stub",
- "testing",
- "unit test"
- ],
- "support": {
- "issues": "https://github.com/kahlan/kahlan/issues",
- "source": "https://github.com/kahlan/kahlan/tree/4.7.7"
- },
- "time": "2020-10-17T08:37:23+00:00"
- },
{
"name": "php-cs-fixer/diff",
"version": "v1.3.1",
diff --git a/dxw-members-only.php b/dxw-members-only.php
index 23ade10..4a94df0 100644
--- a/dxw-members-only.php
+++ b/dxw-members-only.php
@@ -3,7 +3,7 @@
* Plugin Name: dxw Members Only
* Plugin URI: http://dxw.com
* Description: Make your WordPress site visible to signed-in users only with the added ability to whitelist specific content for access by all users.
- * Version: 4.0.4
+ * Version: 4.1.0
* Author: dxw
* Author URI: http://dxw.com
* Text Domain: dxwmembersonly
diff --git a/redirect.php b/redirect.php
index c2038a6..bce57dc 100644
--- a/redirect.php
+++ b/redirect.php
@@ -83,6 +83,36 @@ function dxw_members_only_current_ip_in_whitelist()
return false;
}
+function dxw_members_only_referrer_in_allow_list()
+{
+ $referrer_list = explode("\n", get_option('dxw_members_only_referrer_allow_list'));
+ /*
+ * If there is no referrer header, or if we have no configured referrers to
+ * whitelist we can stop here.
+ */
+ if (isset($_SERVER['HTTP_REFERER'])) {
+ foreach ($referrer_list as $referrer) {
+ if (!empty($referrer)) {
+ /*
+ * Add the site url to the referrer string to ensure that external
+ * referrers can't be used here.
+ */
+ $whitelisted_referrer = get_site_url() . $referrer;
+ $referrer_check = strpos($_SERVER['HTTP_REFERER'], $whitelisted_referrer);
+ /*
+ * Check that there is a match, and that match is at the start of the referrer string.
+ * This is to ensure that the referrer being whitelisted can't be fooled by having
+ * a whitelisted referrer passed in as a parameter on the referrer string.
+ */
+ if ($referrer_check !== false && $referrer_check == 0) {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+}
+
add_action('init', function () {
// Fix for wp-cli
if (defined('WP_CLI_ROOT')) {
@@ -122,6 +152,13 @@ function dxw_members_only_current_ip_in_whitelist()
return;
}
+ // Referrer whitelist
+ if (dxw_members_only_referrer_in_allow_list()) {
+ header('Cache-Control: private, max-age=' . $max_age);
+ dxw_members_only_serve_uploads();
+ return;
+ }
+
// List
$hit = false;
$list = explode("\n", get_option('dxw_members_only_list_content'));
diff --git a/settings.php b/settings.php
index c157c1d..6b4a142 100644
--- a/settings.php
+++ b/settings.php
@@ -5,7 +5,7 @@
function dxw_members_only_metasettings()
{
$ms = new dmometasettings(__FILE__, 'dxw_members_only');
- $ms->add_settings(__('dxw Members Only', 'dxwmembersonly'), ['list_type', 'list_content', 'ip_whitelist', 'redirect', 'redirect_root', 'upload_default', 'max_age'], 'dxw_members_only_options_page');
+ $ms->add_settings(__('dxw Members Only', 'dxwmembersonly'), ['list_type', 'list_content', 'ip_whitelist', 'referrer_allow_list', 'redirect', 'redirect_root', 'upload_default', 'max_age'], 'dxw_members_only_options_page');
}
/**
@@ -53,6 +53,24 @@ function dxw_members_only_options_page()
+
+
+
+
+
+
+
%return_path% will be converted to the URL that was originally visited. i.e. /wp-login.php?redirect_to=http://example.com/private-page', 'dxwmembersonly') ?>
diff --git a/vendor.phar b/vendor.phar
index e5c5d55..11ed871 100644
Binary files a/vendor.phar and b/vendor.phar differ