Monday, June 6, 2022
HomeWordPress DevelopmentAuthenticate relaxation API aside from contact-form-7

Authenticate relaxation API aside from contact-form-7


I’ve a contact-form plugin that requires entry to the remaining api. My unique settings have been to disallow entry to relaxation api aside from directors and editors.

Nonetheless, to permit the contact-form to work I have to take away relaxation api authentication for contact-form therefore I modified the authentication code such that authentication is not going to be required if request url contains the next string <wp-json/contact-form-7> [this string is part of the request url address, the full address is https://mywebsite.com/wp-json/contact-form-7/v1/contact-forms/18047]

My query is whether or not this can be a flawed methodology from a safety stand level and whether it is, is there a beneficial different.

Appreciating your suggestions

add_filter('rest_authentication_errors', operate ($errors) {
    if (!is_wp_error($errors)) { // do nothing if there's already an error
        if ($can_access = is_user_logged_in()) {
            $roles = (array)wp_get_current_user()->roles;
            $can_access = in_array('administrator', $roles); // permits solely the Administrator position
            $can_access2 = in_array('editor', $roles); // permits solely the editor position
        }
        
        #*** Checking if url is for contact-form
        international $wp;
        $url_home22=home_url( $wp->request );

        if (strpos($url_home22, 'wp-json/contact-form-7')) {
            $contact_form=True;
        }else{
            $contact_form=False;
        }

        #*** If consumer is admin or editor or if url is contact type then enable entry to api, in any other case, deny entry

        if (!$can_access and !$can_access2 and $contact_form==False) {
            return new WP_Error('user_not_allowed',
                'Sorry, you aren't allowed to entry the REST API.',
                array('standing' => rest_authorization_required_code())
            );
        }
        
    }

    return $errors;
});

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments