Jetpack_Frame_Nonce_Preview

Allows viewing posts on the frontend when the user is not logged in.

Defined (1)

The class is defined in the following location(s).

/class.frame-nonce-preview.php  
  1. class Jetpack_Frame_Nonce_Preview { 
  2. static $instance = null; 
  3.  
  4. /** 
  5. * Returns the single instance of the Jetpack_Frame_Nonce_Preview object 
  6. * @since 4.3.0 
  7. * @return Jetpack_Frame_Nonce_Preview 
  8. **/ 
  9. public static function get_instance() { 
  10. if ( ! is_null( self::$instance ) ) { 
  11. return self::$instance; 
  12.  
  13. return self::$instance = new Jetpack_Frame_Nonce_Preview(); 
  14.  
  15. function __construct() { 
  16. if ( isset( $_GET['frame-nonce'] ) && ! is_admin() ) { 
  17. add_filter( 'pre_get_posts', array( $this, 'maybe_display_post' ) ); 
  18.  
  19. // autosave previews are validated differently 
  20. if ( isset( $_GET[ 'frame-nonce' ] ) && isset( $_GET[ 'preview_id' ] ) && isset( $_GET[ 'preview_nonce' ] ) ) { 
  21. remove_action( 'init', '_show_post_preview' ); 
  22. add_action( 'init', array( $this, 'handle_autosave_nonce_validation' ) ); 
  23.  
  24. /** 
  25. * Verify that frame nonce exists, and if so, validate the nonce by calling WP.com. 
  26. * @since 4.3.0 
  27. * @return bool 
  28. */ 
  29. public function is_frame_nonce_valid() { 
  30. if ( empty( $_GET[ 'frame-nonce' ] ) ) { 
  31. return false; 
  32.  
  33. Jetpack::load_xml_rpc_client(); 
  34. $xml = new Jetpack_IXR_Client(); 
  35. $xml->query( 'jetpack.verifyFrameNonce', sanitize_key( $_GET['frame-nonce'] ) ); 
  36.  
  37. if ( $xml->isError() ) { 
  38. return false; 
  39.  
  40. return (bool) $xml->getResponse(); 
  41.  
  42. /** 
  43. * Conditionally add a hook on posts_results if this is the main query, a preview, and singular. 
  44. * @since 4.3.0 
  45. * @param WP_Query $query 
  46. * @return WP_Query 
  47. */ 
  48. public function maybe_display_post( $query ) { 
  49. if ( 
  50. $query->is_main_query() && 
  51. $query->is_preview() && 
  52. $query->is_singular() 
  53. ) { 
  54. add_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 ); 
  55.  
  56. return $query; 
  57.  
  58. /** 
  59. * Conditionally set the first post to 'publish' if the frame nonce is valid and there is a post. 
  60. * @since 4.3.0 
  61. * @param array $posts 
  62. * @return array 
  63. */ 
  64. public function set_post_to_publish( $posts ) { 
  65. remove_filter( 'posts_results', array( $this, 'set_post_to_publish' ), 10, 2 ); 
  66.  
  67. if ( empty( $posts ) || is_user_logged_in() || ! $this->is_frame_nonce_valid() ) { 
  68. return $posts; 
  69.  
  70. $posts[0]->post_status = 'publish'; 
  71.  
  72. // Disable comments and pings for this post. 
  73. add_filter( 'comments_open', '__return_false' ); 
  74. add_filter( 'pings_open', '__return_false' ); 
  75.  
  76. return $posts; 
  77.  
  78. /** 
  79. * Handle validation for autosave preview request 
  80. * @since 4.7.0 
  81. */ 
  82. public function handle_autosave_nonce_validation() { 
  83. if ( ! $this->is_frame_nonce_valid() ) { 
  84. wp_die( __( 'Sorry, you are not allowed to preview drafts.', 'jetpack' ) ); 
  85. add_filter( 'the_preview', '_set_preview' );