Skip to content

Commit 90aed19

Browse files
miguelpeixemiguelpeixe
authored
fix(content-gate): prevent metering from bypassing account verification requirement (#4459)
1 parent 224a15a commit 90aed19

3 files changed

Lines changed: 579 additions & 2 deletions

File tree

includes/content-gate/class-content-gate.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -822,6 +822,21 @@ public static function get_registration_settings( $gate_id ) {
822822
];
823823
}
824824

825+
/**
826+
* Whether the gate requires account verification.
827+
*
828+
* @param int $gate_id Optional gate ID. Default is the current gate.
829+
*
830+
* @return bool Whether the gate requires account verification.
831+
*/
832+
public static function requires_account_verification( $gate_id = null ) {
833+
if ( ! $gate_id ) {
834+
$gate_id = self::get_gate_post_id();
835+
}
836+
$registration = self::get_registration_settings( $gate_id );
837+
return $registration['require_verification'];
838+
}
839+
825840
/**
826841
* Update registration settings for a gate.
827842
*

includes/content-gate/class-metering.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -361,14 +361,20 @@ public static function is_logged_in_metering_allowed( $post_id = null ) {
361361
return false;
362362
}
363363

364+
// Bail if the gate requires account verification and the reader is not verified.
365+
// Non-reader users (admins, editors) are exempt - they have full access through other means.
366+
$user = \wp_get_current_user();
367+
if ( Content_Gate::requires_account_verification() && Reader_Activation::is_user_reader( $user ) && ! Reader_Activation::is_reader_verified( $user ) ) {
368+
return false;
369+
}
370+
364371
// Not in checkout modals.
365372
if ( method_exists( 'Newspack_Blocks\Modal_Checkout', 'is_modal_checkout' ) && \Newspack_Blocks\Modal_Checkout::is_modal_checkout() ) {
366373
return false;
367374
}
368375

369376
$gate_post_id = Content_Gate::get_gate_post_id();
370377
$settings = self::get_registered_settings( $gate_post_id );
371-
$priority = \get_post_meta( $gate_post_id, 'gate_priority', true );
372378

373379
// Bail if metering is not enabled.
374380
if ( ! $settings['enabled'] || $settings['count'] <= 0 ) {
@@ -380,7 +386,6 @@ public static function is_logged_in_metering_allowed( $post_id = null ) {
380386
return self::$logged_in_metering_cache[ $post_id ];
381387
}
382388

383-
// Aggregate metering by gate priority, if available.
384389
$user_meta_key = self::METERING_META_KEY . '_' . $gate_post_id;
385390

386391
$updated_user_data = false;

0 commit comments

Comments
 (0)