Hide Protected Files from On-site Search

Once a file is protected by our Prevent Direct Access (PDA) Gold plugin, those without permission won’t be able to access the file directly through its URL. They will be redirected to your “No Access” page instead.

However, that protected file is still searchable by unauthorized users via on-site search. This accidentally reveals your protected file to unwanted users. That’s why we’ve developed a new feature that allows you to prevent unauthorized users from searching your protected files.

Requirements:

Once you’ve installed our PDA plugins, simply add the following code snippet to your (child) theme functions.php file or plugins like Code Snippets.

function pda_gold_cs_is_protected_file( $file, $baseurl ) 
{
    $gold_helpers = new Pda_v3_Gold_Helper();
    $gold_repo    = new PDA_v3_Gold_Repository();
    // Split url path and query parameters.
    $url_pattern = explode( '?', $file );

    // Get URL Path without query parameters.
    $url         = $url_pattern[0];
    $pda_baseurl = rtrim( $baseurl, '/' ) . '/_pda';

    // Check pda_folder have in url.
    if ( false !== strpos( $file, $pda_baseurl ) ) {
        return true;
    }

    // Get attachment object by original url.
    $protected_attached_file = str_replace( $baseurl . '/', '', $url );
    $file_path               = '_pda/' . $protected_attached_file;
    
    $attachment = $gold_helpers->attachment_image_url_to_post( $baseurl . '/', $file_path );
    if ( empty( $attachment ) ) {
        return false;
    }
    $attachment_id = $attachment->post_id;

    // Check post is protected.
    return $gold_repo->is_protected_file( $attachment_id );
}

add_filter(
    'the_posts',
    function ( $posts, $query ) {
        if ( is_admin() ) {
            return $posts;
        }

        if ( ! class_exists( 'Pda_v3_Gold_Helper' ) ) {
            return $posts;
        }

        if ( empty( $posts ) ) {
            return $posts;
        }

        if ( ! is_search() || ! $query->is_main_query() ) {
            return $posts;
        }

        // Validate role to filter search post.
        $whitelist_roles = [
            'administrator',
            'logged_in_user',
        ];

        if ( in_array( 'logged_in_user', $whitelist_roles ) && is_user_logged_in() ) {
            return $posts;
        }

        $current_user_roles = Pda_v3_Gold_Helper::get_current_role();
        $has_roles          = array_intersect( $current_user_roles, $whitelist_roles );
        if ( count( $has_roles ) > 0 ) {
            return $posts;
        }

        // Filter post which has not protected file.
        $wp_upload_dir = wp_upload_dir();
        $baseurl       = $wp_upload_dir['baseurl'];
        $gold_helpers  = new Pda_v3_Gold_Helper();

        return array_filter(
            $posts,
            function ( $post ) use ( $baseurl, $gold_helpers ) {
                $content = $post->post_content;
                $urls    = $gold_helpers->extract_url_from_raw_data( $content );
                list ( $urls ) = $gold_helpers->filter_internal_url( $urls, $content );
                $has_protected_file = false;
                foreach ( $urls as $url ) {
                    $is_protected = pda_gold_cs_is_protected_file( $url, $baseurl );
                    if ( $is_protected ) {
                        $has_protected_file = true;
                        break;
                    }
                }

                if ( ! $has_protected_file ) {
                    return true;
                    }
                    return false;
            }
        );
    },
    10,
    2
);

Please note that the selected user roles can search all protected files on your site on the custom codes regardless of file access permission.

Lasted updated on January 10, 2022