Validate BMLT root server on save (reject invalid/unreachable hostnames) [#282]#283
Merged
Merged
Conversation
…es [#282] The BMLT root server URL was previously saved with only sanitize_text_field(), so a typo, a non-URL string, an http:// server, or a URL that isn't a BMLT root server was persisted silently and only surfaced later as broken/empty event lookups. Add RootServerValidator with layered checks (format -> https scheme -> live GetServerInfo handshake with a bounded 10s timeout). Wire it into the settings save path so an invalid or unreachable root server is rejected with a clear error before anything is persisted, preserving the previously stored value. Validation runs only when the value actually changes, so saving unrelated settings never triggers a network call. Also add an admin-only /validate-root-server REST endpoint and a "Test connection" button in the Settings UI to verify without saving, and surface REST error messages in the apiFetch wrapper. Covered by new unit tests for the validator (valid/reachable, malformed, non-https, unreachable, non-200, reachable-but-not-BMLT) and the save path (reject + previous-value-preserved) and the new endpoint. 🐦⬛ Generated with Claude Code, orchestrated by Crow Co-Authored-By: Claude <noreply@anthropic.com> Crow-Session: 202F8173-BB91-4E6F-B986-1CE19C339F1A
…282] Place the BMLT root server URL input and the Test connection button in a single flex row (button vertically centered on the input) instead of stacking the button below the field. 🐦⬛ Generated with Claude Code, orchestrated by Crow Co-Authored-By: Claude <noreply@anthropic.com> Crow-Session: 202F8173-BB91-4E6F-B986-1CE19C339F1A
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #282
Problem
The BMLT root server URL in Mayo settings was saved with only
sanitize_text_field()— no check that it's a well-formed URL, let alone a real, reachable BMLT root server. A typo, a non-URL string, anhttp://server, or a URL that isn't a BMLT root server was persisted silently and only surfaced later as broken/empty event lookups, with no indication that the root server was the cause.Changes
RootServerValidatorhelper (includes/Rest/Helpers/RootServerValidator.php) — layered checks, cheapest first:esc_url_raw()+wp_http_validate_url()), normalized with no trailing slash.https://(mirrors the existing client-side rule).GET {url}/client_interface/json/?switcher=GetServerInfoviawp_remote_get()with a bounded 10s timeout; require HTTP 200 + JSON that looks like BMLT server info (aversionfield).SettingsController::update_settings) — validates only when the value changes, and returns early on failure before anyupdate_option(), so the previously stored value is preserved. Saving unrelated settings never triggers a network call; clearing to empty is allowed.POST /validate-root-server(admin-only) + a "Test connection" button in the Settings UI to verify without saving.apiFetchnow surfaces the REST errormessageso the clear validation error reaches the user.readme.txt; regeneratedlanguages/mayo-events-manager.potfor the new strings.Acceptance criteria
bmlt_root_serveris rejected with a clear error; previous value preserved.Testing
composer test— 526 tests pass (12 new).composer lint— clean.npm run build— compiles successfully.🤖 Generated with Claude Code