From 8b6daef748323b29d8ee55659918a88b7e68ec7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C5=A1a=20Todorovi=C4=87?=
 <15647032+stodorovic@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:37:02 -0500
Subject: [PATCH 1/3] fix: improve rejected pages config handling and nonce
 verification

---
 wp-cache.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/wp-cache.php b/wp-cache.php
index e5ffa9fd..1f1f1812 100644
--- a/wp-cache.php
+++ b/wp-cache.php
@@ -1718,17 +1718,17 @@ function wpsc_edit_rejected_ua() {
 }
 
 function wp_cache_update_rejected_pages() {
-	global $wp_cache_config_file, $valid_nonce, $wp_cache_pages;
+	global $wp_cache_config_file, $wp_cache_pages;
 
-	if ( isset( $_POST[ 'wp_edit_rejected_pages' ] ) && $valid_nonce ) {
+	if ( isset( $_POST['wp_edit_rejected_pages'], $_POST['_wpnonce'] )
+		&& wp_verify_nonce( $_POST['_wpnonce'], 'wp-cache' )
+	) {
 		$pages = array( 'single', 'pages', 'archives', 'tag', 'frontpage', 'home', 'category', 'feed', 'author', 'search' );
-		foreach( $pages as $page ) {
-			if ( isset( $_POST[ 'wp_cache_pages' ][ $page ] ) ) {
-				$value = 1;
-			} else {
-				$value = 0;
-			}
-			wp_cache_replace_line('^ *\$wp_cache_pages\[ "' . $page . '" \]', "\$wp_cache_pages[ \"{$page}\" ] = $value;", $wp_cache_config_file);
+		foreach ( $pages as $page ) {
+			$value = empty( $_POST['wp_cache_pages'][ $page ] ) ? 0 : 1;
+
+			$page_regexp = '\s*(' . preg_quote( "'" . $page . "'" ) . '|' . preg_quote( '"' . $page . '"' ) . ')\s*';
+			wp_cache_replace_line( '^\s*\$wp_cache_pages\[' . $page_regexp . '\]', "\$wp_cache_pages[ \"{$page}\" ] = $value;", $wp_cache_config_file );
 			$wp_cache_pages[ $page ] = $value;
 		}
 	}

From a6c765139ae782cdfef3170e1136cef7225163f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C5=A1a=20Todorovi=C4=87?=
 <15647032+stodorovic@users.noreply.github.com>
Date: Tue, 7 Apr 2026 17:15:36 -0500
Subject: [PATCH 2/3] fix: address PHPCS warnings in rejected pages handler

---
 wp-cache.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-cache.php b/wp-cache.php
index 1f1f1812..e54090d8 100644
--- a/wp-cache.php
+++ b/wp-cache.php
@@ -1720,14 +1720,14 @@ function wpsc_edit_rejected_ua() {
 function wp_cache_update_rejected_pages() {
 	global $wp_cache_config_file, $wp_cache_pages;
 
-	if ( isset( $_POST['wp_edit_rejected_pages'], $_POST['_wpnonce'] )
-		&& wp_verify_nonce( $_POST['_wpnonce'], 'wp-cache' )
+	if ( isset( $_POST['wp_edit_rejected_pages'] ) && isset( $_POST['_wpnonce'] )
+		&& wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) ), 'wp-cache' )
 	) {
 		$pages = array( 'single', 'pages', 'archives', 'tag', 'frontpage', 'home', 'category', 'feed', 'author', 'search' );
 		foreach ( $pages as $page ) {
 			$value = empty( $_POST['wp_cache_pages'][ $page ] ) ? 0 : 1;
 
-			$page_regexp = '\s*(' . preg_quote( "'" . $page . "'" ) . '|' . preg_quote( '"' . $page . '"' ) . ')\s*';
+			$page_regexp = '\s*(' . preg_quote( "'" . $page . "'", '/' ) . '|' . preg_quote( '"' . $page . '"', '/' ) . ')\s*';
 			wp_cache_replace_line( '^\s*\$wp_cache_pages\[' . $page_regexp . '\]', "\$wp_cache_pages[ \"{$page}\" ] = $value;", $wp_cache_config_file );
 			$wp_cache_pages[ $page ] = $value;
 		}

From be8e5d52d600b34779a80f041565346744fa273c Mon Sep 17 00:00:00 2001
From: Brandon Kraft <public@brandonkraft.com>
Date: Tue, 7 Apr 2026 17:17:26 -0500
Subject: [PATCH 3/3] fix: restore valid_nonce fallback for REST API
 compatibility

---
 wp-cache.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wp-cache.php b/wp-cache.php
index e54090d8..218ea525 100644
--- a/wp-cache.php
+++ b/wp-cache.php
@@ -1718,11 +1718,11 @@ function wpsc_edit_rejected_ua() {
 }
 
 function wp_cache_update_rejected_pages() {
-	global $wp_cache_config_file, $wp_cache_pages;
+	global $wp_cache_config_file, $wp_cache_pages, $valid_nonce;
 
-	if ( isset( $_POST['wp_edit_rejected_pages'] ) && isset( $_POST['_wpnonce'] )
-		&& wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) ), 'wp-cache' )
-	) {
+	$nonce_ok = $valid_nonce || ( isset( $_POST['_wpnonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) ), 'wp-cache' ) );
+
+	if ( isset( $_POST['wp_edit_rejected_pages'] ) && $nonce_ok ) {
 		$pages = array( 'single', 'pages', 'archives', 'tag', 'frontpage', 'home', 'category', 'feed', 'author', 'search' );
 		foreach ( $pages as $page ) {
 			$value = empty( $_POST['wp_cache_pages'][ $page ] ) ? 0 : 1;