From 9505d59284c8bf5412c3c16e410c8a8a1be038d0 Mon Sep 17 00:00:00 2001 From: abouaksa-beapi Date: Fri, 12 Sep 2025 10:39:07 +0200 Subject: [PATCH 1/3] fix: add basic auth headers for non-production environments --- includes/Blocks/SharedBlock.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/includes/Blocks/SharedBlock.php b/includes/Blocks/SharedBlock.php index 7a4dcca..0b48905 100644 --- a/includes/Blocks/SharedBlock.php +++ b/includes/Blocks/SharedBlock.php @@ -288,7 +288,21 @@ private function get_rendered_block( int $site_id, int $post_id, string $block_i sprintf( '/multisite-shared-blocks/v1/renderer/%d/%s', $post_id, $block_id ) ); - $response = wp_safe_remote_get( $rest_url ); + // Prepare request arguments + $request_args = []; + + // Add authentication headers if in non-production environment and credentials are defined + if ( defined( 'WP_ENV' ) && 'production' !== WP_ENV && defined( 'MULTISITE_BLOCKS_AUTH_USER' ) && defined( 'MULTISITE_BLOCKS_AUTH_PWD' ) && ! empty( MULTISITE_BLOCKS_AUTH_USER ) && ! empty( MULTISITE_BLOCKS_AUTH_PWD ) ) { + $request_args = [ + 'headers' => [ + 'Authorization' => 'Basic ' . base64_encode( MULTISITE_BLOCKS_AUTH_USER . ':' . MULTISITE_BLOCKS_AUTH_PWD ), + ], + ]; + } + + // Make the request with authentication if available + $response = wp_safe_remote_get( $rest_url, $request_args ); + if ( is_wp_error( $response ) || 200 !== (int) wp_remote_retrieve_response_code( $response ) ) { return $block_data; } From 8a90f733a4c30a1c38b237a77c52de3f61668740 Mon Sep 17 00:00:00 2001 From: abouaksa-beapi Date: Fri, 12 Sep 2025 11:20:43 +0200 Subject: [PATCH 2/3] fix: remove WP_ENV check, use auth based on constants only --- includes/Blocks/SharedBlock.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Blocks/SharedBlock.php b/includes/Blocks/SharedBlock.php index 0b48905..bb65837 100644 --- a/includes/Blocks/SharedBlock.php +++ b/includes/Blocks/SharedBlock.php @@ -292,7 +292,7 @@ private function get_rendered_block( int $site_id, int $post_id, string $block_i $request_args = []; // Add authentication headers if in non-production environment and credentials are defined - if ( defined( 'WP_ENV' ) && 'production' !== WP_ENV && defined( 'MULTISITE_BLOCKS_AUTH_USER' ) && defined( 'MULTISITE_BLOCKS_AUTH_PWD' ) && ! empty( MULTISITE_BLOCKS_AUTH_USER ) && ! empty( MULTISITE_BLOCKS_AUTH_PWD ) ) { + if ( defined( 'MULTISITE_BLOCKS_AUTH_USER' ) && defined( 'MULTISITE_BLOCKS_AUTH_PWD' ) && ! empty( MULTISITE_BLOCKS_AUTH_USER ) && ! empty( MULTISITE_BLOCKS_AUTH_PWD ) ) { $request_args = [ 'headers' => [ 'Authorization' => 'Basic ' . base64_encode( MULTISITE_BLOCKS_AUTH_USER . ':' . MULTISITE_BLOCKS_AUTH_PWD ), From b86f32f27d43a65dc09512209404818266c429dd Mon Sep 17 00:00:00 2001 From: abouaksa-beapi Date: Fri, 12 Sep 2025 11:26:33 +0200 Subject: [PATCH 3/3] fix: add PHPCS ignore for base64_encode usage --- includes/Blocks/SharedBlock.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/includes/Blocks/SharedBlock.php b/includes/Blocks/SharedBlock.php index bb65837..a364006 100644 --- a/includes/Blocks/SharedBlock.php +++ b/includes/Blocks/SharedBlock.php @@ -290,12 +290,11 @@ private function get_rendered_block( int $site_id, int $post_id, string $block_i // Prepare request arguments $request_args = []; - // Add authentication headers if in non-production environment and credentials are defined if ( defined( 'MULTISITE_BLOCKS_AUTH_USER' ) && defined( 'MULTISITE_BLOCKS_AUTH_PWD' ) && ! empty( MULTISITE_BLOCKS_AUTH_USER ) && ! empty( MULTISITE_BLOCKS_AUTH_PWD ) ) { $request_args = [ 'headers' => [ - 'Authorization' => 'Basic ' . base64_encode( MULTISITE_BLOCKS_AUTH_USER . ':' . MULTISITE_BLOCKS_AUTH_PWD ), + 'Authorization' => 'Basic ' . base64_encode( MULTISITE_BLOCKS_AUTH_USER . ':' . MULTISITE_BLOCKS_AUTH_PWD ), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode ], ]; }