Merge pull request #7 from dwnload/develop

Version 1.2.3

Author: thefrosty

.travis.yml

@@ -1,8 +1,9 @@
 language: php
 
 php:
-  - '7.1'
   - '7.0'
+  - '7.1'
+  - '7.2'
 
 install: composer install
 

CHANGELONG.md

@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 1.2.3 - 2018-05-30
+### Updated
+- Added permission check (`delete_users`) before adding admin bar node.
+- Change permission check on settings page from `manage_options` to `delete_users`.
+- Removed nonce check after successful cache flush for admin notice.
+
+### Added
+- PHP 7.2 to the Travis build.
+
 ## 1.2.2 - 2018-04-30
 ### Fixed
 - When endpoints have multiple posts, the request bubbles up and appends the results which leads to a body size X's the

composer.json

@@ -2,7 +2,7 @@
   "name": "dwnload/wp-rest-api-object-cache",
   "description": "Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.",
   "type": "wordpress-plugin",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "license": "MIT",
   "authors": [
     {

src/WpAdmin/Admin.php

@@ -75,7 +75,7 @@ protected function adminMenu()
             'options-general.php',
             \esc_html__('WP REST API Cache', 'wp-rest-api-cache'),
             \esc_html__('REST API Cache', 'wp-rest-api-cache'),
-            'manage_options',
+            'delete_users',
             self::MENU_SLUG,
             function () {
                 $this->renderPage();
@@ -90,12 +90,14 @@ function () {
      */
     protected function adminBarMenu(WP_Admin_Bar $wp_admin_bar)
     {
-        $args = [
+        if (! is_user_logged_in() || ! current_user_can('delete_users') || ! is_admin_bar_showing()) {
+            return;
+        }
+
+        $wp_admin_bar->add_node([
             'id' => WpRestApiCache::ID,
             'title' => \esc_html__('REST API Cache', 'wp-rest-api-cache'),
-        ];
-
-        $wp_admin_bar->add_node($args);
+        ]);
         $wp_admin_bar->add_menu([
             'parent' => WpRestApiCache::ID,
             'id' => self::MENU_ID,
@@ -111,16 +113,12 @@ protected function adminAction()
     {
         $this->requestCallback();
 
-        $url = \wp_nonce_url(
-            \add_query_arg(
-                [self::NOTICE => 1],
-                \remove_query_arg(
-                    [RestDispatch::QUERY_CACHE_DELETE, RestDispatch::QUERY_CACHE_REFRESH],
-                    \wp_get_referer()
-                )
-            ),
-            self::NONCE_ACTION,
-            self::NONCE_NAME
+        $url = \add_query_arg(
+            [self::NOTICE => 1],
+            \remove_query_arg(
+                [RestDispatch::QUERY_CACHE_DELETE, RestDispatch::QUERY_CACHE_REFRESH],
+                \wp_get_referer()
+            )
         );
         \wp_safe_redirect($url);
         exit;
@@ -131,9 +129,7 @@ protected function adminAction()
      */
     protected function adminNotices()
     {
-        if (! empty($_REQUEST[self::NONCE_NAME]) &&
-            \wp_verify_nonce($_REQUEST[self::NONCE_NAME], self::NONCE_ACTION) &&
-            ! empty($_GET[self::NOTICE]) &&
+        if (! empty($_GET[self::NOTICE]) &&
             filter_var_int($_GET[self::NOTICE]) === 1
         ) {
             $message = \esc_html__('The cache has been successfully cleared.', 'wp-rest-api-cache');

wp-rest-api-cache.php

@@ -4,7 +4,7 @@
  * Description: Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.
  * Author: Austin Passy
  * Author URI: http://github.com/thefrosty
- * Version: 1.2.2
+ * Version: 1.2.3
  * Requires at least: 4.9
  * Tested up to: 4.9
  * Requires PHP: 7.0
@@ -19,7 +19,7 @@
 
 PluginFactory::create('rest-api-object-cache')
     ->addOnHook(RestDispatch::class)
-	->addOnHook(Admin::class)
+    ->addOnHook(Admin::class)
     ->initialize();
 
 call_user_func_array(