search

anttiviljami / wp-pdf-templates

Add PDF templates to your WordPress theme
https://wordpress.org/plugins/wp-pdf-templates
GNU General Public License v3.0
42 stars 18 forks source link

Caching issues #12

Open adaptifyDesigns opened 9 years ago

adaptifyDesigns commented 9 years ago

@anttiviljami

I discovered an issue with the caching functionality.

First of all the post title needs to sanitized, or the post permalink should be used when creating the cached filename, otherwise, special characters in the post title (like /) will cause issues with the file_put_contents function (because it ends up trying to put the contents into multiple directories that do not exist).

But also, if cookies are enabled, allowing me to query $user info and restrict content based on user role, BUT caching is also enabled, the cached file gets served to the user, regardless of their role.

I would like to propose the addition of another configuration setting to the plugin which would restrict PDF templates only to logged in users, or only to users of a certain role/capability.

It could look something like this:

Add Conditional to PDF Templates function _use_pdf_template() to check if user is logged in: i.e.

if ( isset($wp_query->query_vars['pdf-template']) && is_user_logged_in() && current_user_can('manage_options') ) {
    //... normal functionality runs
} else {
    // Redirect them to the my-account/login page:
    wp_redirect( home_url() . '/my-account/' ); 
    exit;
}

Let me know what you think about that. I'd love for there to be a filter for this, allowing me to turn on/off the restriction in my theme's functions, rather than having to edit the plugin files.

anttiviljami commented 9 years ago

You would just have to disable caching anyways if the content is dynamic based on cookies. We don't really need additional logic to restrict user from accessing pdf templates. WordPress already does that for you and PDF templates will just not work if the content is not available. (except when caching is turned on)

Thanks for the cache special characters note. I'll take a look at that.

adaptifyDesigns commented 9 years ago

Ya, I guess you're right about that. The first person to access the PDF would have to be a logged-in user in order for the correct PDF to be cached.

I guess I just want a way to prevent logged out users from being able to access the PDF at all. Instead of making the template dynamically serve content based on user role/capability, I wish there was a way I could cancel the PDF generation completely for logged-out users, in order to cut down on bandwidth usage, because generating the PDF seems like a pretty heavy task for the server.

If you were me, trying to prevent logged-out users from triggering the PDF generation (by going directly to the /pdf endpoint of any URL), is there a point in wp-pdf-templates.php where I could run a is_user_logged_in() test and cancel the whole thing if they aren't?

Thanks for any help/advice.

simison commented 8 years ago

@adaptifyDesigns

First of all the post title needs to sanitized,

Check out WP's sanitize_file_name() https://codex.wordpress.org/Function_Reference/sanitize_file_name

anttiviljami commented 8 years ago

@simison: could you do a PR for this? :)