From 4bde40e2dcf5f06636c7638b5ac0cfa9a51bae1e Mon Sep 17 00:00:00 2001
From: Scott Kingsley Clark <lol@scottkclark.com>
Date: Tue, 1 Mar 2022 18:44:41 -0600
Subject: [PATCH] Pods Alternative Cache 2.1.3

---
 assets/.htaccess                        |  3 +++
 classes/Pods/Alternative/Cache/File.php | 35 +++++++++++++++++++++++--
 pods-alternative-cache.php              |  4 +--
 readme.txt                              | 10 ++++---
 4 files changed, 45 insertions(+), 7 deletions(-)
 create mode 100644 assets/.htaccess

diff --git a/assets/.htaccess b/assets/.htaccess
new file mode 100644
index 00000000..608da1a6
--- /dev/null
+++ b/assets/.htaccess
@@ -0,0 +1,3 @@
+order deny,allow
+deny from all
+allow from 127.0.0.1
\ No newline at end of file
diff --git a/classes/Pods/Alternative/Cache/File.php b/classes/Pods/Alternative/Cache/File.php
index 2c02cb8c..9600266f 100644
--- a/classes/Pods/Alternative/Cache/File.php
+++ b/classes/Pods/Alternative/Cache/File.php
@@ -16,15 +16,34 @@ class Pods_Alternative_Cache_File extends Pods_Alternative_Cache_Storage {
 	public function __construct() {
 		parent::__construct();
 
-		// Set cache directory path
+		// Set cache directory path.
 		if ( ! defined( 'PODS_ALT_FILE_CACHE_DIR' ) ) {
 			define( 'PODS_ALT_FILE_CACHE_DIR', WP_CONTENT_DIR . DIRECTORY_SEPARATOR . 'podscache' );
 		}
 
-		// Tell Pods 2.4.1+ that we can prime the Pods cache after flushing it
+		// Tell Pods 2.4.1+ that we can prime the Pods cache after flushing it.
 		if ( ! defined( 'PODS_PRELOAD_CONFIG_AFTER_FLUSH' ) ) {
 			define( 'PODS_PRELOAD_CONFIG_AFTER_FLUSH', true );
 		}
+
+		add_filter( 'robots_txt', [ $this, 'robots_txt' ] );
+	}
+
+	/**
+	 * Filter the robots.txt contents and add the podscache directory to the list of disallowed options.
+	 *
+	 * @since 2.1.3
+	 *
+	 * @param string $robots_txt The robots.txt contents.
+	 *
+	 * @return string The robots.txt contents.
+	 */
+	public function robots_txt( $robots_txt ) {
+		$podscache_path = str_replace( ABSPATH, '', PODS_ALT_FILE_CACHE_DIR );
+		$podscache_path = str_replace( DIRECTORY_SEPARATOR, '/', $podscache_path );
+		$podscache_path = trim( $podscache_path, '/' );
+
+		return $robots_txt . "\n" . 'Disallow: */' . $podscache_path . '/*';
 	}
 
 	/**
@@ -49,6 +68,9 @@ public function activate( $network_wide = false ) {
 			if ( ! defined( 'FS_CHMOD_DIR' ) || ! $wp_filesystem->mkdir( PODS_ALT_FILE_CACHE_DIR, FS_CHMOD_DIR ) ) {
 				return false;
 			}
+
+			// Create the .htaccess file to protect the directory.
+			$wp_filesystem->put_contents( PODS_ALT_FILE_CACHE_DIR . DIRECTORY_SEPARATOR . '.htaccess', $wp_filesystem->get_contents( PODS_ALT_CACHE_DIR . 'assets/.htaccess' ), FS_CHMOD_FILE );
 		}
 
 		return true;
@@ -86,6 +108,9 @@ public function clear() {
 		// Delete all files in directory
 		$this->delete_files_in_directory( PODS_ALT_FILE_CACHE_DIR );
 
+		// Create the .htaccess file to protect the directory.
+		$wp_filesystem->put_contents( PODS_ALT_FILE_CACHE_DIR . DIRECTORY_SEPARATOR . '.htaccess', $wp_filesystem->get_contents( PODS_ALT_CACHE_DIR . 'assets/.htaccess' ), FS_CHMOD_FILE );
+
 		pods_alternative_cache_log_message( 'Files deleted in Pods cache dir', __METHOD__, [
 			'PODS_ALT_FILE_CACHE_DIR' => PODS_ALT_FILE_CACHE_DIR,
 		] );
@@ -103,6 +128,9 @@ public function delete_files_in_directory( $directory = null ) {
 			$directory = PODS_ALT_FILE_CACHE_DIR;
 		}
 
+		// Remove the trailing slash.
+		$directory = untrailingslashit( $directory );
+
 		require_once ABSPATH . 'wp-admin/includes/file.php';
 
 		/**
@@ -285,6 +313,9 @@ public function get_path_for_file( $file, $mkdir = false ) {
 			$path_dir = dirname( $path_dir );
 		}
 
+		// Remove the trailing slash.
+		$path_dir = untrailingslashit( $path_dir );
+
 		require_once ABSPATH . 'wp-admin/includes/file.php';
 
 		/**
diff --git a/pods-alternative-cache.php b/pods-alternative-cache.php
index bd982713..f0083b6f 100644
--- a/pods-alternative-cache.php
+++ b/pods-alternative-cache.php
@@ -3,12 +3,12 @@
 Plugin Name: Pods Alternative Cache
 Plugin URI: https://pods.io/2014/04/16/introducing-pods-alternative-cache/
 Description: Alternative caching engine for Pods for large sites on hosts with hard limits on how much you can store in the object cache
-Version: 2.1.2
+Version: 2.1.3
 Author: Pods Framework Team
 Author URI: https://pods.io/
 */
 
-define( 'PODS_ALT_CACHE_VERSION', '2.1.2' );
+define( 'PODS_ALT_CACHE_VERSION', '2.1.3' );
 define( 'PODS_ALT_CACHE_DIR', plugin_dir_path( __FILE__ ) );
 
 /**
diff --git a/readme.txt b/readme.txt
index 3c79818c..f1229618 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,11 +1,11 @@
 === Pods Alternative Cache ===
 Contributors: sc0ttkclark
-Donate link: https://pods.io/friends-of-pods/
+Donate link: https://friends.pods.io/
 Tags: pods, cache, wpengine
 Requires at least: 3.8
-Tested up to: 5.8
+Tested up to: 5.9
 Requires PHP: 5.6
-Stable tag: 2.1.2
+Stable tag: 2.1.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -76,6 +76,10 @@ Disable object cache fallback, when File writes fail:
 
 == Changelog ==
 
+= [2.1.3] March 1st, 2022 =
+* Fixed: Ensure that the podscache file directory is excluded from search engine indexing and deny direct browser access on Apache environments.
+* Fixed: Help resolve potential PHP warnings on certain setups when looking to see if a folder exists and getting files from it.
+
 = [2.1.2] September 4th, 2021 =
 * Fixed: Now compatible with PHP 8.0+