Merge dev to main

Author: tfirdaus

LICENSE

@@ -6,6 +6,7 @@
 
 use SSFV\Codex\Contracts\Hookable;
 use SSFV\Codex\Facades\App;
+use SSFV\Codex\Facades\Config;
 use SSFV\Codex\Foundation\Hooks\Hook;
 use WP_Scripts;
 
@@ -23,11 +24,13 @@ public function hook(Hook $hook): void
 
 	public function disables(Hook $hook): void
 	{
+		// phpcs:disable
 		/** @var WP $wp */
 		$wp = $GLOBALS['wp'];
-		// phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
 		$wp->public_query_vars = array_diff($wp->public_query_vars, ['embed']);
+		// phpcs:enable
 
+		$hook->addAction('update_option_' . Config::get('app.option_prefix') . 'cron', [$this, 'flushPermalinks']);
 		$hook->addAction('enqueue_block_editor_assets', [$this, 'disableOnBlockEditor']);
 		$hook->addAction('wp_default_scripts', [$this, 'disableScriptDependencies']);
 		$hook->addFilter('embed_oembed_discover', '__return_false');
@@ -42,6 +45,11 @@ public function disables(Hook $hook): void
 		$hook->removeFilter('pre_oembed_result', 'wp_filter_pre_oembed_result', 10);
 	}
 
+	public function flushPermalinks(): void
+	{
+		flush_rewrite_rules(false);
+	}
+
 	/**
 	 * @param array<mixed> $data
 	 *

app/Features/Embeds.php

@@ -21,6 +21,8 @@ public function getInstances(ContainerInterface $container): iterable
 		yield new Switches\Assets();
 		yield new Switches\General();
 		yield new Switches\Media();
+		yield new Switches\Security();
+		yield new Switches\Webpage();
 
 		// Mark as initilized.
 		do_action('syntatis/feature-flipper/init', $container);

app/Plugin.php

@@ -28,9 +28,9 @@ public function hook(Hook $hook): void
 			return;
 		}
 
-		$hook->addAction('admin_init', static function (): void {
-			remove_action('admin_notices', 'update_nag', 3);
-			remove_action('network_admin_notices', 'update_nag', 3);
+		$hook->addAction('admin_init', static function () use ($hook): void {
+			$hook->removeAction('admin_notices', 'update_nag', 3);
+			$hook->removeAction('network_admin_notices', 'update_nag', 3);
 		}, 99);
 	}
 }

app/Switches/Admin.php

@@ -23,13 +23,13 @@ public function hook(Hook $hook): void
 			 *
 			 * @see https://make.wordpress.org/core/2023/10/17/replacing-hard-coded-style-tags-with-wp_add_inline_style/
 			 */
-			remove_action('wp_print_styles', 'print_emoji_styles');
-			remove_action('wp_head', 'print_emoji_detection_script', 7);
-			remove_action('admin_print_scripts', 'print_emoji_detection_script');
-			remove_action('admin_print_styles', 'print_emoji_styles');
-			remove_filter('the_content_feed', 'wp_staticize_emoji');
-			remove_filter('comment_text_rss', 'wp_staticize_emoji');
-			remove_filter('wp_mail', 'wp_staticize_emoji_for_email');
+			$hook->removeAction('wp_print_styles', 'print_emoji_styles');
+			$hook->removeAction('wp_head', 'print_emoji_detection_script', 7);
+			$hook->removeAction('admin_print_scripts', 'print_emoji_detection_script');
+			$hook->removeAction('admin_print_styles', 'print_emoji_styles');
+			$hook->removeFilter('the_content_feed', 'wp_staticize_emoji');
+			$hook->removeFilter('comment_text_rss', 'wp_staticize_emoji');
+			$hook->removeFilter('wp_mail', 'wp_staticize_emoji_for_email');
 		}
 
 		// 2. Scripts Version.
@@ -41,11 +41,11 @@ public function hook(Hook $hook): void
 			$hook->addFilter('style_loader_src', $callback);
 		}
 
+		// 3. jQuery Migrate.
 		if (Option::get('jquery_migrate')) {
 			return;
 		}
 
-		// 3. jQuery Migrate.
 		$hook->addAction('wp_default_scripts', static function (WP_Scripts $scripts): void {
 			if (empty($scripts->registered['jquery'])) {
 				return;

app/Switches/Assets.php

@@ -6,10 +6,52 @@
 
 use SSFV\Codex\Contracts\Hookable;
 use SSFV\Codex\Foundation\Hooks\Hook;
+use Syntatis\FeatureFlipper\Option;
+use WP_Error;
+
+use function define;
+use function defined;
 
 class Security implements Hookable
 {
 	public function hook(Hook $hook): void
 	{
+		// 1. Disable XML-RPC.
+		if (! Option::get('xmlrpc')) {
+			$hook->addFilter('pings_open', '__return_false');
+			$hook->addFilter('xmlrpc_enabled', '__return_false');
+			$hook->addFilter('xmlrpc_methods', '__return_empty_array');
+			$hook->removeAction('wp_head', 'rsd_link');
+		}
+
+		// 2. Disable file editor.
+		if (! Option::get('file_edit') && ! defined('DISALLOW_FILE_EDIT')) {
+			define('DISALLOW_FILE_EDIT', true);
+		}
+
+		// 3. Disable public REST API.
+		if (! Option::get('authenticated_rest_api')) {
+			return;
+		}
+
+		$hook->addFilter('rest_authentication_errors', [$this, 'apiForceAuthentication']);
+	}
+
+	/**
+	 * @param WP_Error|true|null $access
+	 *
+	 * @return WP_Error|true|null
+	 */
+	public function apiForceAuthentication($access)
+	{
+		return is_user_logged_in()
+			? $access
+			: new WP_Error(
+				'rest_login_required',
+				__('You must be logged in to access this resource.', 'syntatis-feature-flipper'),
+				[
+					'status' => rest_authorization_required_code(),
+				],
+			);
 	}
 }

app/Switches/Security.php

@@ -6,10 +6,28 @@
 
 use SSFV\Codex\Contracts\Hookable;
 use SSFV\Codex\Foundation\Hooks\Hook;
+use Syntatis\FeatureFlipper\Option;
 
 class Webpage implements Hookable
 {
 	public function hook(Hook $hook): void
 	{
+		// 1. RSD Link.
+		if (! Option::get('rsd_link')) {
+			$hook->removeAction('wp_head', 'rsd_link');
+		}
+
+		// 2. WordPress Generator meta tag.
+		if (! Option::get('generator_tag')) {
+			$hook->removeAction('wp_head', 'wp_generator');
+		}
+
+		// 3. Shortlink.
+		if (Option::get('shortlink')) {
+			return;
+		}
+
+		$hook->removeAction('wp_head', 'wp_shortlink_wp_head');
+		$hook->removeAction('wp_head', 'wp_shortlink_header');
 	}
 }

app/Switches/Webpage.php

@@ -18,7 +18,7 @@
             "homepage": "https://github.com/tfirdaus"
         }
     ],
-    "license": "GPL-2.0-or-later",
+    "license": "GPL-3.0",
     "autoload": {
         "psr-4": {
             "Syntatis\\FeatureFlipper\\": [

composer.json

@@ -50,19 +50,19 @@
 	(new Setting('jquery_migrate', 'boolean'))
 		->withDefault(true),
 
-	// Webpage
+	// Webpage.
 	(new Setting('rsd_link', 'boolean'))
 		->withDefault(true),
-	(new Setting('wordpress_generator', 'boolean'))
+	(new Setting('generator_tag', 'boolean'))
 		->withDefault(true),
 	(new Setting('shortlink', 'boolean'))
 		->withDefault(true),
-	(new Setting('rest_api_link', 'boolean'))
-		->withDefault(true),
 
-	// Security
+	// Security.
 	(new Setting('xmlrpc', 'boolean'))
 		->withDefault(true),
-	(new Setting('unauthenticated_rest_api', 'boolean'))
+	(new Setting('file_edit', 'boolean'))
+		->withDefault(true),
+	(new Setting('authenticated_rest_api', 'boolean'))
 		->withDefault(false),
 ];

inc/settings/all.php

@@ -1,13 +1,13 @@
 {
-    "name": "@syntatis/wp-feature-flipper",
-    "version": "0.1.0",
+    "name": "syntatis-feature-flipper",
+    "version": "1.0.0",
     "description": "Easily switch some features in WordPress, on and off",
     "author": {
         "name": "Thoriq Firdaus",
         "url": "https://github.com/tfirdaus"
     },
     "private": true,
-    "license": "GPL-2.0-or-later",
+    "license": "GPL-3.0",
     "keywords": [
         "wordpress",
         "plugin",
@@ -22,7 +22,7 @@
         "inc",
         "dist",
         "*.php",
-        "!*.*.php"
+        "!**/*.*.php"
     ],
     "dependencies": {
         "@syntatis/kubrick": "^0.1.0-beta.3",

package.json

@@ -1,16 +1,42 @@
 === Feature Flipper ===
 
 Contributors: tfirdaus
-Tags: wordpress, plugin, boilerplate
+Tags:  disable, rss, emojis, xmlrpc, rest-api, security, gutenberg
 Requires at least: 5.8
 Tested up to: 6.6
-Stable tag: 0.1
+Stable tag: 1.0
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
-Easily switch WordPress feature on and off.
+Easily switch some features in WordPress, on and off.
 
 == Description ==
 
-The plugin long description.
+WordPress comes with a lot of features. Some of them are useful and essential, while there are probably some that you do not need. This plugin allows you to switch some of these features, on and off, easily. Several features that this plugin supports are:
+
+- **Gutenberg**: Gutenberg has become the default editor in WordPress on both Page and Post type. But if you are not using it, you can disable it to switch back to the Classic Editor.
+- **Emojis**: Emojis are fun. But WordPress loads some scripts to support rendering emojis. If you do not use Emojis in your content, you can disable them to remove the additional weight from the scripts.
+- **XML-RPC**: XML-RPC is a remote procedure call protocol that allows you to communicate with your WordPress site. If you do not use any services that require XML-RPC, you can disable it which helps reducing the attack surface of your site.
+- **jQuery Migrate**: jQuery Migrate is a JavaScript library that helps you to migrate your jQuery code to the latest version. If you are not using any old jQuery code, you can disable it to remove the additional weight of the library from your site.
+- **Post Embeds**: Post Embeds allow you to embed posts from your site into another site, or within your own site. If you do not use this feature, you can disable it to prevent others from embedding your posts.
+- **Attachment Slug**: WordPress, by default, will automaically create a slug for your attachment URLs from the media file name. This could cause issues when the slug is conflicting with your post or page slug. To avoid attchment reserving the slug, you can disable this default behaviour. This plugin will randomly generate a unique slug for your attachment URLs.
+- And more...
+
+== Installation ==
+
+1. Upload the plugin files to the `/wp-content/plugins/feature-flipper` directory, or install the plugin through the WordPress plugins screen directly.
+2. Activate the plugin through the 'Plugins' screen in WordPress.
+3. Use the Settings -> Flipper screen to configure the plugin.
+
+[More info on installing plugins](https://wordpress.org/documentation/article/manage-plugins/#installing-plugins)
+
+== Frequently Asked Questions ==
+
+= How do I disable a feature? =
+
+To disable a feature, you can go to the Settings -> Flipper screen in your WordPress admin dashboard. You will see a list of features that you can enable or disable. Simply click the toggle button to switch the feature on or off.
+
+= How do I suggest a new feature? =
+
+You can suggest a new feature by creating a new issue in the [plugin's GitHub repository](https://github.com/syntatis/wp-feature-flipper).

readme.txt

@@ -1,4 +1,4 @@
-import { createContext, useEffect, useRef, useState } from 'react';
+import { createContext, useEffect, useRef, useState } from '@wordpress/element';
 import { SubmitButton } from './SubmitButton';
 import { useSettingsContext } from './useSettingsContext';
 import { FormNotice } from './FormNotice';

src/setting-page/components/form/Form.jsx

@@ -15,6 +15,7 @@ export const SettingsProvider = ( { children } ) => {
 		submitValues,
 		getOption,
 		initialValues,
+		updatedValues,
 	} = useSettings();
 
 	return (
@@ -28,6 +29,7 @@ export const SettingsProvider = ( { children } ) => {
 				setStatus,
 				submitValues,
 				initialValues,
+				updatedValues,
 				setValues: ( name, value ) => {
 					setValues( {
 						...values,

src/setting-page/components/form/SettingsProvider.jsx

@@ -20,6 +20,7 @@ function parseExceptionMessage( errorString ) {
 export const useSettings = () => {
 	const [ values, setValues ] = useState( preloaded );
 	const [ status, setStatus ] = useState();
+	const [ updatedValues, setUpdatedValues ] = useState();
 	const [ updating, setUpdating ] = useState( false );
 	const [ errorMessages, setErrorMessages ] = useState( {} );
 	const filterValues = ( v ) => {
@@ -70,6 +71,7 @@ export const useSettings = () => {
 				setStatus( 'error' );
 			} )
 			.finally( () => {
+				setUpdatedValues( data );
 				setUpdating( false );
 			} );
 	};
@@ -84,5 +86,6 @@ export const useSettings = () => {
 		setStatus,
 		getOption,
 		initialValues: preloaded,
+		updatedValues,
 	};
 };

src/setting-page/components/form/useSettings.js

@@ -6,6 +6,17 @@ export const SecurityTab = () => {
 	return (
 		<Form>
 			<Fieldset>
+				<SwitchInput
+					name="file_edit"
+					id="file-edit"
+					label={ __( 'File Edit', 'syntatis-feature-flipper' ) }
+					description={ __(
+						'When set to "off", it will disable the file editor for themes and plugins.',
+						'syntatis-feature-flipper'
+					) }
+				>
+					{ __( 'Enable File Editor', 'syntatis-feature-flipper' ) }
+				</SwitchInput>
 				<SwitchInput
 					name="xmlrpc"
 					id="xmlrpc"
@@ -18,8 +29,8 @@ export const SecurityTab = () => {
 					{ __( 'Enable XML-RPC', 'syntatis-feature-flipper' ) }
 				</SwitchInput>
 				<SwitchInput
-					name="unauthenticated_rest_api"
-					id="xmlrpc"
+					name="authenticated_rest_api"
+					id="authenticated-rest-api"
 					label={ __(
 						'REST API Authentication',
 						'syntatis-feature-flipper'

src/setting-page/tabs/SecurityTab.jsx

@@ -24,8 +24,8 @@ export const WebpageTab = () => {
 					{ __( 'Add RSD link', 'syntatis-feature-flipper' ) }
 				</SwitchInput>
 				<SwitchInput
-					name="wordpress_generator"
-					id="wordpress-generator"
+					name="generator_tag"
+					id="generator-tag"
 					label={ __(
 						'Generator Meta Tag',
 						'syntatis-feature-flipper'
@@ -51,17 +51,6 @@ export const WebpageTab = () => {
 				>
 					{ __( 'Add Shortlink', 'syntatis-feature-flipper' ) }
 				</SwitchInput>
-				<SwitchInput
-					name="rest_api_link"
-					id="rest_api_link"
-					label={ __( 'REST API Link', 'syntatis-feature-flipper' ) }
-					description={ __(
-						'When set to "off", it will remove the REST API link from the webpage head.',
-						'syntatis-feature-flipper'
-					) }
-				>
-					{ __( 'Add REST API link', 'syntatis-feature-flipper' ) }
-				</SwitchInput>
 			</Fieldset>
 		</Form>
 	);