AdminerMiddleware
extends AbstractMiddleware
in package
Table of Contents
- $configs : Configs
- $isAdminKiosk : bool|null
- $isMultitenant : bool|null
- $isShortInit : bool|null
- $services : Container
- $logger : LoggerInterface
- __construct() : mixed
- matchPaths() : bool
- Matches two URL paths, considering optional trailing slashes.
- process() : ResponseInterface
- Process the database administration panel request routes.
- getAllowedAccessPaths() : null|array<string|int, mixed>
- Retrieve allowed access paths for wp-admin routes.
- getSubdomain() : null|array<string|int, string>
- isAdminRoute() : mixed
- isAdminRouteRestricted() : bool
- Check if a given URL or route matches the WordPress admin route pattern.
- isHybridMode() : bool
- isMultitenantApp() : bool
- Determines if the application is configured to operate in multi-tenant mode.
- isSecureMode() : bool
- isValidTenantId() : false|int
- log() : LoggerInterface
- multiMerge() : array<string|int, mixed>
- Merges two multi-dimensional arrays recursively.
- when() : void
Properties
$configs
protected
Configs
$configs
$isAdminKiosk
protected
bool|null
$isAdminKiosk
$isMultitenant
protected
bool|null
$isMultitenant
$isShortInit
protected
bool|null
$isShortInit
$services
protected
Container
$services
$logger
private
LoggerInterface
$logger
Methods
__construct()
public
__construct([Container $serviceContainer = null ]) : mixed
Parameters
- $serviceContainer : Container = null
Return values
mixed —matchPaths()
Matches two URL paths, considering optional trailing slashes.
public
static matchPaths(string $uriPath, string $dbadminUrlPath) : bool
Parameters
- $uriPath : string
- $dbadminUrlPath : string
Return values
bool —process()
Process the database administration panel request routes.
public
process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
Handles requests related to the database administration panel by validating user access and serving the appropriate content or delegating further processing.
Parameters
- $request : ServerRequestInterface
- $handler : RequestHandlerInterface
Tags
Return values
ResponseInterface —getAllowedAccessPaths()
Retrieve allowed access paths for wp-admin routes.
protected
getAllowedAccessPaths() : null|array<string|int, mixed>
This method fetches a list of allowed paths for the wp-admin directory based on configuration. It is designed to ensure that critical functionality like AJAX handling can operate without unnecessary restrictions while still securing other sensitive admin functionalities.
Configuration behavior:
-
security.restrict_wpadmin.enabled: Enables or disables the restriction mechanism (disabled by default). -
security.restrict_wpadmin.secure: If true, applies stricter matching for wp-admin paths. -
security.restrict_wpadmin.allowed: An array of specific paths to allow, e.g.,['admin-ajax.php'].
Example Usage:
- Allow
admin-ajax.phpfor AJAX requests to ensure plugins function correctly. - Restrict paths like
theme-editor.phpor custom plugin endpoints unless explicitly allowed. - Ensure security while allowing flexibility for specific use cases.
Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, 'secure' => false, 'allowed' => [ 'admin-ajax.php' ] ];
Tags
Return values
null|array<string|int, mixed> —Returns an array of allowed paths if restriction is enabled, null otherwise.
getSubdomain()
protected
getSubdomain(ServerRequestInterface $request) : null|array<string|int, string>
Parameters
- $request : ServerRequestInterface
Tags
Return values
null|array<string|int, string> —isAdminRoute()
protected
isAdminRoute(ServerRequestInterface $request) : mixed
Parameters
- $request : ServerRequestInterface
Return values
mixed —isAdminRouteRestricted()
Check if a given URL or route matches the WordPress admin route pattern.
protected
isAdminRouteRestricted(ServerRequestInterface $request) : bool
This method ensures that only specified paths within the wp-admin directory are allowed based on configurations. This is crucial for security as it prevents unauthorized access to sensitive WordPress admin functionalities.
Context:
When the restrict_wpadmin configuration is enabled (disabled by default), all requests to paths
under /wp/wp-admin will be restricted with a 401 response unless explicitly allowed.
The isAdminRouteRestricted method determines whether a request matches restricted
wp-admin routes and handles the restriction logic upstream.
Examples of wp-admin paths to consider:
-
wp-admin/admin-ajax.php: Frequently used by plugins for AJAX requests, should generally be allowed. -
wp-admin/theme-editor.php: Sensitive path that should typically be restricted. -
wp-admin/options.php: Core settings path that requires strict access control. -
wp-admin/admin-post.php: A common custom plugin endpoint that may require special handling.
Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, // Enables or disables wp-admin restrictions (disabled by default) 'secure' => false, // Enables stricter matching for wp-admin paths 'allowed' => [ 'admin-ajax.php' // Paths allowed even when restrictions are enabled ] ];
Parameters
- $request : ServerRequestInterface
-
The server request instance.
Return values
bool —Returns true if the route matches a restricted wp-admin route, false otherwise.
isHybridMode()
protected
static isHybridMode() : bool
Return values
bool —isMultitenantApp()
Determines if the application is configured to operate in multi-tenant mode.
protected
static isMultitenantApp(mixed $composerConfig) : bool
Parameters
- $composerConfig : mixed
Return values
bool —Returns true if the application is in multi-tenant mode, otherwise false.
isSecureMode()
protected
static isSecureMode() : bool
Return values
bool —isValidTenantId()
protected
isValidTenantId(string $tenantId) : false|int
Parameters
- $tenantId : string
Tags
Return values
false|int —log()
protected
log() : LoggerInterface
Return values
LoggerInterface —multiMerge()
Merges two multi-dimensional arrays recursively.
protected
static multiMerge(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : array<string|int, mixed>
This function will recursively merge the values of $array2 into $array1.
If the same key exists in both arrays, and both corresponding values are arrays,
the values are recursively merged.
Otherwise, values from $array2 will overwrite those in $array1.
Parameters
- $array1 : array<string|int, mixed>
-
The base array that will be merged into.
- $array2 : array<string|int, mixed>
-
The array with values to merge into
$array1.
Return values
array<string|int, mixed> —The merged array.
when()
protected
when() : void