Password Protected - Version 2.2.3

Version Description

  • Restrict REST-API-access only if password protection is active.
  • Added viewport meta tag to login page.
  • Added password_protected_show_login filter.
  • Cookie name is not editable in the admin so display just for reference.
  • Use default WordPress text domain for Remember Me and Log In buttons.
Download this release

Release Info

Developer husobj
Plugin Icon 128x128 Password Protected
Version 2.2.3
Comparing to
See all releases

Code changes from version 2.2.2 to 2.2.3

Files changed (7) hide show
  1. CHANGELOG.md +15 -1
  2. README.md +3 -0
  3. admin/admin-caching.php +3 -3
  4. admin/admin.php +16 -0
  5. password-protected.php +10 -8
  6. readme.txt +11 -1
  7. theme/password-protected-login.php +16 -3
CHANGELOG.md CHANGED
@@ -4,6 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
4
 
5
  ## [Unreleased]
6
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  ## [2.2.2] - 2018-05-29
8
 
9
  ### Changed
@@ -199,7 +212,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
199
  ### Added
200
  - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
201
 
202
- [Unreleased]: https://github.com/benhuson/password-protected/compare/2.2.2...HEAD
 
203
  [2.2.2]: https://github.com/benhuson/password-protected/compare/2.2.1...2.2.2
204
  [2.2.1]: https://github.com/benhuson/password-protected/compare/2.2...2.2.1
205
  [2.2]: https://github.com/benhuson/password-protected/compare/2.1...2.2
4
 
5
  ## [Unreleased]
6
 
7
+ ## [2.2.3] - 2019-01-10
8
+
9
+ ### Fixed
10
+ - Restrict REST-API-access only if password protection is active.
11
+
12
+ ### Added
13
+ - Added viewport meta tag to login page.
14
+ - Added `password_protected_show_login` filter.
15
+
16
+ ### Changed
17
+ - Cookie name is not editable in the admin so display just for reference.
18
+ - Use default WordPress text domain for “Remember Me” and “Log In” buttons.
19
+
20
  ## [2.2.2] - 2018-05-29
21
 
22
  ### Changed
212
  ### Added
213
  - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
214
 
215
+ [Unreleased]: https://github.com/benhuson/password-protected/compare/2.2.3...HEAD
216
+ [2.2.3]: https://github.com/benhuson/password-protected/compare/2.2.2...2.2.3
217
  [2.2.2]: https://github.com/benhuson/password-protected/compare/2.2.1...2.2.2
218
  [2.2.1]: https://github.com/benhuson/password-protected/compare/2.2...2.2.1
219
  [2.2]: https://github.com/benhuson/password-protected/compare/2.1...2.2
README.md CHANGED
@@ -71,6 +71,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
71
  Upgrade Notice
72
  --------------
73
 
 
 
 
74
  ### 2.2.2
75
  Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
76
 
71
  Upgrade Notice
72
  --------------
73
 
74
+ ### 2.2.3
75
+ Restrict REST-API-access only if password protection is active. Added viewport meta tag to login page.
76
+
77
  ### 2.2.2
78
  Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
79
 
admin/admin-caching.php CHANGED
@@ -54,7 +54,7 @@ class Password_Protected_Admin_Caching {
54
  // Cookies
55
  add_settings_field(
56
  'password_protected_compat_caching_cookie',
57
- __( 'Cookies', 'password-protected' ),
58
  array( $this, 'field_cookies' ),
59
  'password-protected-compat',
60
  'password_protected_compat_caching'
@@ -96,7 +96,7 @@ class Password_Protected_Admin_Caching {
96
  public function section_caching() {
97
 
98
  echo '<p>' . __( 'Password Protected does not always work well with sites that use caching.', 'password-protected' ) . '<br />
99
- ' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
100
 
101
  }
102
 
@@ -107,7 +107,7 @@ class Password_Protected_Admin_Caching {
107
  */
108
  public function field_cookies() {
109
 
110
- echo '<p><input type="text" value="' . esc_attr( $this->plugin->cookie_name() ) . '" class="regular-text code" /></p>';
111
 
112
  }
113
 
54
  // Cookies
55
  add_settings_field(
56
  'password_protected_compat_caching_cookie',
57
+ __( 'Cookie Name', 'password-protected' ),
58
  array( $this, 'field_cookies' ),
59
  'password-protected-compat',
60
  'password_protected_compat_caching'
96
  public function section_caching() {
97
 
98
  echo '<p>' . __( 'Password Protected does not always work well with sites that use caching.', 'password-protected' ) . '<br />
99
+ ' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your caching setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
100
 
101
  }
102
 
107
  */
108
  public function field_cookies() {
109
 
110
+ echo '<p><code>' . esc_html( $this->plugin->cookie_name() ) . '</code></p>';
111
 
112
  }
113
 
admin/admin.php CHANGED
@@ -13,6 +13,7 @@ class Password_Protected_Admin {
13
  global $wp_version;
14
 
15
  add_action( 'admin_init', array( $this, 'password_protected_settings' ), 5 );
 
16
  add_action( 'admin_menu', array( $this, 'admin_menu' ) );
17
  add_action( 'password_protected_help_tabs', array( $this, 'help_tabs' ), 5 );
18
  add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
@@ -22,6 +23,21 @@ class Password_Protected_Admin {
22
 
23
  }
24
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
25
  /**
26
  * Admin Menu
27
  */
13
  global $wp_version;
14
 
15
  add_action( 'admin_init', array( $this, 'password_protected_settings' ), 5 );
16
+ add_action( 'admin_init', array( $this, 'add_privacy_policy' ) );
17
  add_action( 'admin_menu', array( $this, 'admin_menu' ) );
18
  add_action( 'password_protected_help_tabs', array( $this, 'help_tabs' ), 5 );
19
  add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
23
 
24
  }
25
 
26
+ /**
27
+ * Add Privacy Policy
28
+ */
29
+ public function add_privacy_policy() {
30
+
31
+ if ( ! function_exists( 'wp_add_privacy_policy_content' ) ) {
32
+ return;
33
+ }
34
+
35
+ $content = _x( 'The Password Protected plugin stores a cookie on successful password login containing a hashed version of the entered password. It does not store any information about the user. The cookie stored is named <code>bid_n_password_protected_auth</code> where <code>n</code> is the blog ID in a multisite network', 'privacy policy content', 'password-protected' );
36
+
37
+ wp_add_privacy_policy_content( __( 'Password Protected Plugin', 'password-protected' ), wp_kses_post( wpautop( $content, false ) ) );
38
+
39
+ }
40
+
41
  /**
42
  * Admin Menu
43
  */
password-protected.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
7
- Version: 2.2.2
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
@@ -42,7 +42,7 @@ $Password_Protected = new Password_Protected();
42
 
43
  class Password_Protected {
44
 
45
- var $version = '2.2.2';
46
  var $admin = null;
47
  var $errors = null;
48
 
@@ -345,13 +345,15 @@ class Password_Protected {
345
  */
346
  public function maybe_show_login() {
347
 
348
- // Don't show login if not enabled
349
- if ( ! $this->is_active() ) {
350
- return;
351
- }
352
 
353
  // Logged in
354
- if ( $this->is_user_logged_in() ) {
 
 
 
 
355
  return;
356
  }
357
 
@@ -802,7 +804,7 @@ class Password_Protected {
802
  public function only_allow_logged_in_rest_access( $access ) {
803
 
804
  // If user is not logged in
805
- if ( ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {
806
  return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'password-protected' ), array( 'status' => rest_authorization_required_code() ) );
807
  }
808
 
4
  Plugin Name: Password Protected
5
  Plugin URI: https://wordpress.org/plugins/password-protected/
6
  Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
7
+ Version: 2.2.3
8
  Author: Ben Huson
9
  Text Domain: password-protected
10
  Author URI: http://github.com/benhuson/password-protected/
42
 
43
  class Password_Protected {
44
 
45
+ var $version = '2.2.3';
46
  var $admin = null;
47
  var $errors = null;
48
 
345
  */
346
  public function maybe_show_login() {
347
 
348
+ // Filter for adding exceptions.
349
+ $show_login = apply_filters( 'password_protected_show_login', $this->is_active() );
 
 
350
 
351
  // Logged in
352
+ if ( $this->is_user_logged_in() ) {
353
+ $show_login = false;
354
+ }
355
+
356
+ if ( ! $show_login ) {
357
  return;
358
  }
359
 
804
  public function only_allow_logged_in_rest_access( $access ) {
805
 
806
  // If user is not logged in
807
+ if ( $this->is_active() && ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {
808
  return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'password-protected' ), array( 'status' => rest_authorization_required_code() ) );
809
  }
810
 
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: password, protect, password protect, login
5
  Requires at least: 3.9
6
  Tested up to: 4.9.6
7
  Requires PHP: 5.6
8
- Stable tag: 2.2.2
9
  License: GPLv2 or later
10
 
11
  A very simple way to quickly password protect your WordPress site with a single password.
@@ -82,6 +82,13 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
82
 
83
  == Changelog ==
84
 
 
 
 
 
 
 
 
85
  = 2.2.2 =
86
  - Change locked admin bar icon to green.
87
  - Fix REST option and always allow access to REST API for logged in users.
@@ -199,6 +206,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
199
 
200
  == Upgrade Notice ==
201
 
 
 
 
202
  = 2.2.2 =
203
  Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
204
 
5
  Requires at least: 3.9
6
  Tested up to: 4.9.6
7
  Requires PHP: 5.6
8
+ Stable tag: 2.2.3
9
  License: GPLv2 or later
10
 
11
  A very simple way to quickly password protect your WordPress site with a single password.
82
 
83
  == Changelog ==
84
 
85
+ = 2.2.3 =
86
+ - Restrict REST-API-access only if password protection is active.
87
+ - Added viewport meta tag to login page.
88
+ - Added `password_protected_show_login` filter.
89
+ - Cookie name is not editable in the admin so display just for reference.
90
+ - Use default WordPress text domain for “Remember Me” and “Log In” buttons.
91
+
92
  = 2.2.2 =
93
  - Change locked admin bar icon to green.
94
  - Fix REST option and always allow access to REST API for logged in users.
206
 
207
  == Upgrade Notice ==
208
 
209
+ = 2.2.3 =
210
+ Restrict REST-API-access only if password protection is active. Added viewport meta tag to login page.
211
+
212
  = 2.2.2 =
213
  Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
214
 
theme/password-protected-login.php CHANGED
@@ -28,6 +28,17 @@ if ( ! function_exists( 'wp_shake_js' ) ) {
28
  }
29
  }
30
 
 
 
 
 
 
 
 
 
 
 
 
31
  nocache_headers();
32
  header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) );
33
 
@@ -49,7 +60,9 @@ if ( $Password_Protected->errors->get_error_code() && in_array( $Password_Protec
49
  }
50
 
51
  // Obey privacy setting
52
- add_action( 'password_protected_login_head', 'noindex' );
 
 
53
 
54
  ?>
55
  <!DOCTYPE html>
@@ -110,12 +123,12 @@ do_action( 'password_protected_login_head' );
110
 
111
  <?php if ( $Password_Protected->allow_remember_me() ) : ?>
112
  <p class="forgetmenot">
113
- <label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me', 'password-protected' ); ?></label>
114
  </p>
115
  <?php endif; ?>
116
 
117
  <p class="submit">
118
- <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In', 'password-protected' ); ?>" tabindex="100" />
119
  <input type="hidden" name="testcookie" value="1" />
120
  <input type="hidden" name="password-protected" value="login" />
121
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $_REQUEST['redirect_to'] ); ?>" />
28
  }
29
  }
30
 
31
+ /**
32
+ * @since 3.7.0
33
+ */
34
+ if ( ! function_exists( 'wp_login_viewport_meta' ) ) {
35
+ function wp_login_viewport_meta() {
36
+ ?>
37
+ <meta name="viewport" content="width=device-width" />
38
+ <?php
39
+ }
40
+ }
41
+
42
  nocache_headers();
43
  header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) );
44
 
60
  }
61
 
62
  // Obey privacy setting
63
+ add_action( 'password_protected_login_head', 'wp_no_robots' );
64
+
65
+ add_action( 'password_protected_login_head', 'wp_login_viewport_meta' );
66
 
67
  ?>
68
  <!DOCTYPE html>
123
 
124
  <?php if ( $Password_Protected->allow_remember_me() ) : ?>
125
  <p class="forgetmenot">
126
+ <label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me' ); ?></label>
127
  </p>
128
  <?php endif; ?>
129
 
130
  <p class="submit">
131
+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" tabindex="100" />
132
  <input type="hidden" name="testcookie" value="1" />
133
  <input type="hidden" name="password-protected" value="login" />
134
  <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $_REQUEST['redirect_to'] ); ?>" />