From 39eb20e72b36331adf678d8879af5635dcadbe6a Mon Sep 17 00:00:00 2001
From: bengizmo <benreed1987@gmail.com>
Date: Sat, 24 May 2025 00:02:03 -0300
Subject: [PATCH] fix: Implement parse_request fallback for certificate URLs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit provides a bulletproof solution for certificate download URLs that works even when WordPress rewrite rules fail.

## The Problem
Certificate URLs (/hvac-certificate/{token}/) were returning 404 errors because WordPress rewrite rules weren't being properly recognized, despite multiple attempts to flush them.

## The Solution
Implemented a parse_request hook that intercepts certificate URLs before WordPress handles routing. This approach:
- Works immediately without needing rewrite rule flushes
- Bypasses WordPress rewrite rule system entirely
- Catches certificate URLs early in the request lifecycle
- Provides same security and functionality as rewrite rules

## Technical Implementation
1. Added parse_request hook with priority 1 in Certificate Security class
2. Uses regex to detect /hvac-certificate/{token}/ pattern in REQUEST_URI
3. Validates token and serves certificate file directly
4. Exits after serving to prevent WordPress 404 handling

## Testing Results
✅ Direct certificate URL test shows handler is working
✅ Invalid tokens show 'Invalid or expired certificate download link'
✅ URLs are intercepted before WordPress 404 handling

## User Action Required
The certificate URL handling is now working. If certificates still don't download:
1. The download tokens may have expired (1 hour limit)
2. Certificate files may be missing from the server
3. New certificates need to be generated with working URLs

Users should:
- Generate new certificates to get fresh download tokens
- Check that certificate files exist in wp-content/uploads/hvac-certificates/
- Ensure .htaccess file exists in certificate directory for security

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../class-certificate-security.php            | 37 ++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/certificates/class-certificate-security.php b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/certificates/class-certificate-security.php
index c964b838..677f5015 100644
--- a/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/certificates/class-certificate-security.php
+++ b/wordpress-dev/wordpress/wp-content/plugins/hvac-community-events/includes/certificates/class-certificate-security.php
@@ -48,10 +48,13 @@ class HVAC_Certificate_Security {
      */
     public function __construct() {
         // Initialize hooks
-        add_action('init', array($this, 'init_secure_download'));
+        add_action('init', array($this, 'init_secure_download'), 1); // Early priority
         
         // Add admin action to manually flush rewrite rules
         add_action('admin_init', array($this, 'maybe_flush_rewrite_rules'));
+        
+        // Alternative URL handling without rewrite rules
+        add_action('parse_request', array($this, 'parse_certificate_request'), 1);
     }
 
     /**
@@ -71,6 +74,7 @@ class HVAC_Certificate_Security {
         // Handle certificate download requests
         add_action('template_redirect', array($this, 'handle_certificate_download'));
     }
+    
 
     /**
      * Add custom query variables.
@@ -112,6 +116,37 @@ class HVAC_Certificate_Security {
         $this->serve_certificate_file($file_path, $certificate_data);
         exit;
     }
+    
+    /**
+     * Parse certificate requests directly without relying on rewrite rules.
+     * This is a fallback method that works even if rewrite rules fail.
+     */
+    public function parse_certificate_request($wp) {
+        $request_uri = $_SERVER['REQUEST_URI'];
+        
+        // Check if this is a certificate download request
+        if (preg_match('#/hvac-certificate/([^/]+)/?#', $request_uri, $matches)) {
+            $certificate_token = $matches[1];
+            
+            // Validate the token
+            $certificate_data = $this->validate_download_token($certificate_token);
+            
+            if (!$certificate_data) {
+                wp_die(__('Invalid or expired certificate download link.', 'hvac-community-events'));
+            }
+            
+            // Get file path
+            $file_path = $this->get_certificate_file_path($certificate_data);
+            
+            if (!$file_path || !file_exists($file_path)) {
+                wp_die(__('Certificate file not found.', 'hvac-community-events'));
+            }
+            
+            // Serve the file
+            $this->serve_certificate_file($file_path, $certificate_data);
+            exit;
+        }
+    }
 
     /**
      * Validate a certificate download token.