ConstMiddleware
extends AbstractMiddleware
in package
Table of Contents
- $configs : Configs
- $isAdminKiosk : bool|null
- $isMultitenant : bool|null
- $isShortInit : bool|null
- $services : Container
- $constManager : mixed
- $logger : LoggerInterface
- $siteManager : mixed
- __construct() : mixed
- matchPaths() : bool
- Matches two URL paths, considering optional trailing slashes.
- process() : ResponseInterface
- Process an incoming server request.
- getAllowedAccessPaths() : null|array<string|int, mixed>
- Retrieve allowed access paths for wp-admin routes.
- getSubdomain() : null|array<string|int, string>
- isAdminRoute() : mixed
- isAdminRouteRestricted() : bool
- Check if a given URL or route matches the WordPress admin route pattern.
- isHybridMode() : bool
- isMultitenantApp() : bool
- Determines if the application is configured to operate in multi-tenant mode.
- isSecureMode() : bool
- isValidTenantId() : false|int
- log() : LoggerInterface
- multiMerge() : array<string|int, mixed>
- Merges two multi-dimensional arrays recursively.
- when() : void
- isProd() : bool
- isValidHomeUrl() : bool
- Validates the `WP_HOME` and `WP_SITEURL` constants.
Properties
$configs
protected
Configs
$configs
$isAdminKiosk
protected
bool|null
$isAdminKiosk
$isMultitenant
protected
bool|null
$isMultitenant
$isShortInit
protected
bool|null
$isShortInit
$services
protected
Container
$services
$constManager
private
mixed
$constManager
$logger
private
LoggerInterface
$logger
$siteManager
private
mixed
$siteManager
Methods
__construct()
public
__construct([Container $serviceContainer = null ]) : mixed
Parameters
- $serviceContainer : Container = null
Return values
mixed —matchPaths()
Matches two URL paths, considering optional trailing slashes.
public
static matchPaths(string $uriPath, string $dbadminUrlPath) : bool
Parameters
- $uriPath : string
- $dbadminUrlPath : string
Return values
bool —process()
Process an incoming server request.
public
process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
Parameters
- $request : ServerRequestInterface
- $handler : RequestHandlerInterface
Return values
ResponseInterface —getAllowedAccessPaths()
Retrieve allowed access paths for wp-admin routes.
protected
getAllowedAccessPaths() : null|array<string|int, mixed>
This method fetches a list of allowed paths for the wp-admin directory based on configuration. It is designed to ensure that critical functionality like AJAX handling can operate without unnecessary restrictions while still securing other sensitive admin functionalities.
Configuration behavior:
-
security.restrict_wpadmin.enabled: Enables or disables the restriction mechanism (disabled by default). -
security.restrict_wpadmin.secure: If true, applies stricter matching for wp-admin paths. -
security.restrict_wpadmin.allowed: An array of specific paths to allow, e.g.,['admin-ajax.php'].
Example Usage:
- Allow
admin-ajax.phpfor AJAX requests to ensure plugins function correctly. - Restrict paths like
theme-editor.phpor custom plugin endpoints unless explicitly allowed. - Ensure security while allowing flexibility for specific use cases.
Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, 'secure' => false, 'allowed' => [ 'admin-ajax.php' ] ];
Tags
Return values
null|array<string|int, mixed> —Returns an array of allowed paths if restriction is enabled, null otherwise.
getSubdomain()
protected
getSubdomain(ServerRequestInterface $request) : null|array<string|int, string>
Parameters
- $request : ServerRequestInterface
Tags
Return values
null|array<string|int, string> —isAdminRoute()
protected
isAdminRoute(ServerRequestInterface $request) : mixed
Parameters
- $request : ServerRequestInterface
Return values
mixed —isAdminRouteRestricted()
Check if a given URL or route matches the WordPress admin route pattern.
protected
isAdminRouteRestricted(ServerRequestInterface $request) : bool
This method ensures that only specified paths within the wp-admin directory are allowed based on configurations. This is crucial for security as it prevents unauthorized access to sensitive WordPress admin functionalities.
Context:
When the restrict_wpadmin configuration is enabled (disabled by default), all requests to paths
under /wp/wp-admin will be restricted with a 401 response unless explicitly allowed.
The isAdminRouteRestricted method determines whether a request matches restricted
wp-admin routes and handles the restriction logic upstream.
Examples of wp-admin paths to consider:
-
wp-admin/admin-ajax.php: Frequently used by plugins for AJAX requests, should generally be allowed. -
wp-admin/theme-editor.php: Sensitive path that should typically be restricted. -
wp-admin/options.php: Core settings path that requires strict access control. -
wp-admin/admin-post.php: A common custom plugin endpoint that may require special handling.
Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, // Enables or disables wp-admin restrictions (disabled by default) 'secure' => false, // Enables stricter matching for wp-admin paths 'allowed' => [ 'admin-ajax.php' // Paths allowed even when restrictions are enabled ] ];
Parameters
- $request : ServerRequestInterface
-
The server request instance.
Return values
bool —Returns true if the route matches a restricted wp-admin route, false otherwise.
isHybridMode()
protected
static isHybridMode() : bool
Return values
bool —isMultitenantApp()
Determines if the application is configured to operate in multi-tenant mode.
protected
static isMultitenantApp(mixed $composerConfig) : bool
Parameters
- $composerConfig : mixed
Return values
bool —Returns true if the application is in multi-tenant mode, otherwise false.
isSecureMode()
protected
static isSecureMode() : bool
Return values
bool —isValidTenantId()
protected
isValidTenantId(string $tenantId) : false|int
Parameters
- $tenantId : string
Tags
Return values
false|int —log()
protected
log() : LoggerInterface
Return values
LoggerInterface —multiMerge()
Merges two multi-dimensional arrays recursively.
protected
static multiMerge(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : array<string|int, mixed>
This function will recursively merge the values of $array2 into $array1.
If the same key exists in both arrays, and both corresponding values are arrays,
the values are recursively merged.
Otherwise, values from $array2 will overwrite those in $array1.
Parameters
- $array1 : array<string|int, mixed>
-
The base array that will be merged into.
- $array2 : array<string|int, mixed>
-
The array with values to merge into
$array1.
Return values
array<string|int, mixed> —The merged array.
when()
protected
when() : void
Return values
void —isProd()
private
isProd() : bool
Return values
bool —isValidHomeUrl()
Validates the `WP_HOME` and `WP_SITEURL` constants.
private
static isValidHomeUrl() : bool
This method ensures that both WP_HOME and WP_SITEURL are strictly validated
to prevent ambiguous error messages caused by invalid configurations.
It checks whether these constants are defined and whether they contain
valid URL formats. If either validation fails, an error message is logged.
Notes:
- Issues can arise if
.envfile values are incorrectly set. For example:-
HOME_URL='http://localhost/' -
WP_SITEURL="${WP_HOME}/wp"should be "${HOME_URL}/wp"
-
- Ensure that these values are properly configured and point to valid, resolvable URLs.
Return values
bool —True if both WP_HOME and WP_SITEURL (if defined) are valid URLs, false otherwise.