Merge branch 'release/2.2.3'

CHANGELOG.md

@@ -4,6 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [2.2.3] - 2019-01-10
+
+### Fixed
+- Restrict REST-API-access only if password protection is active.
+
+### Added
+- Added viewport meta tag to login page.
+- Added `password_protected_show_login` filter.
+
+### Changed
+- Cookie name is not editable in the admin so display just for reference.
+- Use default WordPress text domain for “Remember Me” and “Log In” buttons.
+
 ## [2.2.2] - 2018-05-29
 
 ### Changed
@@ -199,7 +212,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
 
-[Unreleased]: https://github.com/benhuson/password-protected/compare/2.2.2...HEAD
+[Unreleased]: https://github.com/benhuson/password-protected/compare/2.2.3...HEAD
+[2.2.3]: https://github.com/benhuson/password-protected/compare/2.2.2...2.2.3
 [2.2.2]: https://github.com/benhuson/password-protected/compare/2.2.1...2.2.2
 [2.2.1]: https://github.com/benhuson/password-protected/compare/2.2...2.2.1
 [2.2]: https://github.com/benhuson/password-protected/compare/2.1...2.2

README.md

@@ -71,6 +71,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
 Upgrade Notice
 --------------
 
+### 2.2.3
+Restrict REST-API-access only if password protection is active. Added viewport meta tag to login page.
+
 ### 2.2.2
 Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
 

admin/admin-caching.php

@@ -54,7 +54,7 @@ public function cache_settings_info() {
 		// Cookies
 		add_settings_field(
 			'password_protected_compat_caching_cookie',
-			__( 'Cookies', 'password-protected' ),
+			__( 'Cookie Name', 'password-protected' ),
 			array( $this, 'field_cookies' ),
 			'password-protected-compat',
 			'password_protected_compat_caching'
@@ -96,7 +96,7 @@ public function cache_settings_info() {
 	public function section_caching() {
 
 		echo '<p>' . __( 'Password Protected does not always work well with sites that use caching.', 'password-protected' ) . '<br />
-			' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
+			' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your caching setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
 
 	}
 
@@ -107,7 +107,7 @@ public function section_caching() {
 	 */
 	public function field_cookies() {
 
-		echo '<p><input type="text" value="' . esc_attr( $this->plugin->cookie_name() ) . '" class="regular-text code" /></p>';
+		echo '<p><code>' . esc_html( $this->plugin->cookie_name() ) . '</code></p>';
 
 	}
 

admin/admin.php

@@ -13,6 +13,7 @@ public function __construct() {
 		global $wp_version;
 
 		add_action( 'admin_init', array( $this, 'password_protected_settings' ), 5 );
+		add_action( 'admin_init', array( $this, 'add_privacy_policy' ) );
 		add_action( 'admin_menu', array( $this, 'admin_menu' ) );
 		add_action( 'password_protected_help_tabs', array( $this, 'help_tabs' ), 5 );
 		add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
@@ -22,6 +23,21 @@ public function __construct() {
 
 	}
 
+	/**
+	 * Add Privacy Policy
+	 */
+	public function add_privacy_policy() {
+
+		if ( ! function_exists( 'wp_add_privacy_policy_content' ) ) {
+			return;
+		}
+
+		$content = _x( 'The Password Protected plugin stores a cookie on successful password login containing a hashed version of the entered password. It does not store any information about the user. The cookie stored is named <code>bid_n_password_protected_auth</code> where <code>n</code> is the blog ID in a multisite network', 'privacy policy content', 'password-protected' );
+
+		wp_add_privacy_policy_content( __( 'Password Protected Plugin', 'password-protected' ), wp_kses_post( wpautop( $content, false ) ) );
+
+	}
+
 	/**
 	 * Admin Menu
 	 */

password-protected.php

@@ -4,7 +4,7 @@
 Plugin Name: Password Protected
 Plugin URI: https://wordpress.org/plugins/password-protected/
 Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
-Version: 2.2.2
+Version: 2.2.3
 Author: Ben Huson
 Text Domain: password-protected
 Author URI: http://github.com/benhuson/password-protected/
@@ -42,7 +42,7 @@
 
 class Password_Protected {
 
-	var $version = '2.2.2';
+	var $version = '2.2.3';
 	var $admin   = null;
 	var $errors  = null;
 
@@ -345,13 +345,15 @@ public function is_user_logged_in() {
 	 */
 	public function maybe_show_login() {
 
-		// Don't show login if not enabled
-		if ( ! $this->is_active() ) {
-			return;
-		}
+		// Filter for adding exceptions.
+		$show_login = apply_filters( 'password_protected_show_login', $this->is_active() );
 
 		// Logged in
-		if ( $this->is_user_logged_in() ) {
+		if ( $this->is_user_logged_in() )  {
+			$show_login = false;
+		}
+
+		if ( ! $show_login ) {
 			return;
 		}
 
@@ -802,7 +804,7 @@ static function is_plugin_supported() {
 	public function only_allow_logged_in_rest_access( $access ) {
 
 		// If user is not logged in
-		if ( ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {
+		if ( $this->is_active() && ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {
 			return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'password-protected' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 

readme.txt

@@ -5,7 +5,7 @@ Tags: password, protect, password protect, login
 Requires at least: 3.9
 Tested up to: 4.9.6
 Requires PHP: 5.6
-Stable tag: 2.2.2
+Stable tag: 2.2.3
 License: GPLv2 or later
 
 A very simple way to quickly password protect your WordPress site with a single password.
@@ -82,6 +82,13 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
 
 == Changelog ==
 
+= 2.2.3 =
+- Restrict REST-API-access only if password protection is active.
+- Added viewport meta tag to login page.
+- Added `password_protected_show_login` filter.
+- Cookie name is not editable in the admin so display just for reference.
+- Use default WordPress text domain for “Remember Me” and “Log In” buttons.
+
 = 2.2.2 =
 - Change locked admin bar icon to green.
 - Fix REST option and always allow access to REST API for logged in users.
@@ -199,6 +206,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
 
 == Upgrade Notice ==
 
+= 2.2.3 =
+Restrict REST-API-access only if password protection is active. Added viewport meta tag to login page.
+
 = 2.2.2 =
 Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
 

theme/password-protected-login.php

@@ -28,6 +28,17 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 	}
 }
 
+/**
+ * @since 3.7.0
+ */
+if ( ! function_exists( 'wp_login_viewport_meta' ) ) {
+	function wp_login_viewport_meta() {
+		?>
+		<meta name="viewport" content="width=device-width" />
+		<?php
+	}
+}
+
 nocache_headers();
 header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) );
 
@@ -49,7 +60,9 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 }
 
 // Obey privacy setting
-add_action( 'password_protected_login_head', 'noindex' );
+add_action( 'password_protected_login_head', 'wp_no_robots' );
+
+add_action( 'password_protected_login_head', 'wp_login_viewport_meta' );
 
 ?>
 <!DOCTYPE html>
@@ -110,12 +123,12 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 
 		<?php if ( $Password_Protected->allow_remember_me() ) : ?>
 			<p class="forgetmenot">
-				<label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me', 'password-protected' ); ?></label>
+				<label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me' ); ?></label>
 			</p>
 		<?php endif; ?>
 
 		<p class="submit">
-			<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In', 'password-protected' ); ?>" tabindex="100" />
+			<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" tabindex="100" />
 			<input type="hidden" name="testcookie" value="1" />
 			<input type="hidden" name="password-protected" value="login" />
 			<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $_REQUEST['redirect_to'] ); ?>" />