ben/upskill-event-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

fix: Implement parse_request fallback for certificate URLs

Browse source 
This commit provides a bulletproof solution for certificate download URLs that works even when WordPress rewrite rules fail.

## The Problem
Certificate URLs (/hvac-certificate/{token}/) were returning 404 errors because WordPress rewrite rules weren't being properly recognized, despite multiple attempts to flush them.

## The Solution
Implemented a parse_request hook that intercepts certificate URLs before WordPress handles routing. This approach:
- Works immediately without needing rewrite rule flushes
- Bypasses WordPress rewrite rule system entirely
- Catches certificate URLs early in the request lifecycle
- Provides same security and functionality as rewrite rules

## Technical Implementation
1. Added parse_request hook with priority 1 in Certificate Security class
2. Uses regex to detect /hvac-certificate/{token}/ pattern in REQUEST_URI
3. Validates token and serves certificate file directly
4. Exits after serving to prevent WordPress 404 handling

## Testing Results
 Direct certificate URL test shows handler is working
 Invalid tokens show 'Invalid or expired certificate download link'
 URLs are intercepted before WordPress 404 handling

## User Action Required
The certificate URL handling is now working. If certificates still don't download:
1. The download tokens may have expired (1 hour limit)
2. Certificate files may be missing from the server
3. New certificates need to be generated with working URLs

Users should:
- Generate new certificates to get fresh download tokens
- Check that certificate files exist in wp-content/uploads/hvac-certificates/
- Ensure .htaccess file exists in certificate directory for security

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
bengizmo 2025-05-24 00:02:03 -03:00
parent af1e94061c
commit 39eb20e72b
1 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/certificates/class-certificate-security.php
View file

@ -48,10 +48,13 @@ class HVAC_Certificate_Security {
*/
public function __construct() {
// Initialize hooks
add_action('init', array($this, 'init_secure_download'));
add_action('init', array($this, 'init_secure_download'), 1); // Early priority
// Add admin action to manually flush rewrite rules
add_action('admin_init', array($this, 'maybe_flush_rewrite_rules'));
// Alternative URL handling without rewrite rules
add_action('parse_request', array($this, 'parse_certificate_request'), 1);
}
/**
@ -71,6 +74,7 @@ class HVAC_Certificate_Security {
// Handle certificate download requests
add_action('template_redirect', array($this, 'handle_certificate_download'));
}
/**
* Add custom query variables.
@ -112,6 +116,37 @@ class HVAC_Certificate_Security {
$this->serve_certificate_file($file_path, $certificate_data);
exit;
}
/**
* Parse certificate requests directly without relying on rewrite rules.
* This is a fallback method that works even if rewrite rules fail.
*/
public function parse_certificate_request($wp) {
$request_uri = $_SERVER['REQUEST_URI'];
// Check if this is a certificate download request
if (preg_match('#/hvac-certificate/([^/]+)/?#', $request_uri, $matches)) {
$certificate_token = $matches[1];
// Validate the token
$certificate_data = $this->validate_download_token($certificate_token);
if (!$certificate_data) {
wp_die(__('Invalid or expired certificate download link.', 'hvac-community-events'));
}
// Get file path
$file_path = $this->get_certificate_file_path($certificate_data);
if (!$file_path || !file_exists($file_path)) {
wp_die(__('Certificate file not found.', 'hvac-community-events'));
}
// Serve the file
$this->serve_certificate_file($file_path, $certificate_data);
exit;
}
}
/**
* Validate a certificate download token.