From 1c5c9dd7c9416514acb2ad40b092788e20178e2e Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Tue, 29 May 2018 22:37:15 +0100
Subject: [PATCH 1/9] Add privacy policy message about Password Protected
 cookies.

Signed-off-by: Ben Huson <ben@thewhiteroom.net>
---
 admin/admin.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/admin/admin.php b/admin/admin.php
index 93033ed..2b929e1 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -13,6 +13,7 @@ public function __construct() {
 		global $wp_version;
 
 		add_action( 'admin_init', array( $this, 'password_protected_settings' ), 5 );
+		add_action( 'admin_init', array( $this, 'add_privacy_policy' ) );
 		add_action( 'admin_menu', array( $this, 'admin_menu' ) );
 		add_action( 'password_protected_help_tabs', array( $this, 'help_tabs' ), 5 );
 		add_action( 'admin_notices', array( $this, 'password_protected_admin_notices' ) );
@@ -22,6 +23,21 @@ public function __construct() {
 
 	}
 
+	/**
+	 * Add Privacy Policy
+	 */
+	public function add_privacy_policy() {
+
+		if ( ! function_exists( 'wp_add_privacy_policy_content' ) ) {
+			return;
+		}
+
+		$content = _x( 'The Password Protected plugin stores a cookie on successful password login containing a hashed version of the entered password. It does not store any information about the user. The cookie stored is named <code>bid_n_password_protected_auth</code> where <code>n</code> is the blog ID in a multisite network', 'privacy policy content', 'password-protected' );
+
+		wp_add_privacy_policy_content( __( 'Password Protected Plugin', 'password-protected' ), wp_kses_post( wpautop( $content, false ) ) );
+
+	}
+
 	/**
 	 * Admin Menu
 	 */

From 6f11efcda495f72dd9b07b1b3f14a5dde0dd8341 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20R=C3=BCggeberg?=
 <arkonisus@arkonisus-iMac.local>
Date: Thu, 16 Aug 2018 19:43:20 +0200
Subject: [PATCH 2/9] Added 'is_active()' condition

Restrict REST-API-access only if password protection is active
---
 password-protected.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/password-protected.php b/password-protected.php
index 63e4a17..fd2e0ee 100644
--- a/password-protected.php
+++ b/password-protected.php
@@ -802,7 +802,7 @@ static function is_plugin_supported() {
 	public function only_allow_logged_in_rest_access( $access ) {
 
 		// If user is not logged in
-		if ( ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {
+		if ( $this->is_active() && ! $this->is_user_logged_in() && ! is_user_logged_in() && ! (bool) get_option( 'password_protected_rest' ) ) {
 			return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'password-protected' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 

From e3bbf6f52fa99c737632aed9f2e9270f621f312c Mon Sep 17 00:00:00 2001
From: msassmann <mario@sassmann.ch>
Date: Wed, 21 Nov 2018 00:05:18 +0100
Subject: [PATCH 3/9] Added filter to maybe_show_login

Applying a filter and using $show_login variable allows to add exceptions in themes' functions.php e.g.
---
 password-protected.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/password-protected.php b/password-protected.php
index 63e4a17..bcbfddb 100644
--- a/password-protected.php
+++ b/password-protected.php
@@ -344,14 +344,22 @@ public function is_user_logged_in() {
 	 * Maybe Show Login
 	 */
 	public function maybe_show_login() {
-
+		$show_login = true;
+		
 		// Don't show login if not enabled
 		if ( ! $this->is_active() ) {
-			return;
+			$show_login = false;
 		}
-
+				
+		// Filter for adding exceptions.
+		$show_login = apply_filters( 'password_protected_show_login', $show_login );
+		
 		// Logged in
-		if ( $this->is_user_logged_in() ) {
+		if ( $this->is_user_logged_in() )  {
+			$show_login = false;
+		}
+		
+		if ( ! $show_login ) {
 			return;
 		}
 

From a2b4d330857b7559741a1194d4f143b0ee1c9e15 Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Tue, 27 Nov 2018 07:15:51 +0000
Subject: [PATCH 4/9] Simplify `password_protected_show_login` filter code.

---
 password-protected.php | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/password-protected.php b/password-protected.php
index bcbfddb..bb0c878 100644
--- a/password-protected.php
+++ b/password-protected.php
@@ -344,21 +344,15 @@ public function is_user_logged_in() {
 	 * Maybe Show Login
 	 */
 	public function maybe_show_login() {
-		$show_login = true;
-		
-		// Don't show login if not enabled
-		if ( ! $this->is_active() ) {
-			$show_login = false;
-		}
-				
+
 		// Filter for adding exceptions.
-		$show_login = apply_filters( 'password_protected_show_login', $show_login );
-		
+		$show_login = apply_filters( 'password_protected_show_login', $this->is_active() );
+
 		// Logged in
 		if ( $this->is_user_logged_in() )  {
 			$show_login = false;
 		}
-		
+
 		if ( ! $show_login ) {
 			return;
 		}

From 8a6daf404a3367932d95317669fab67c7b0fb54e Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Tue, 27 Nov 2018 07:22:36 +0000
Subject: [PATCH 5/9] Cookie name is not editable in the admin so display just
 for reference.

---
 admin/admin-caching.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin/admin-caching.php b/admin/admin-caching.php
index db34b88..ddcd450 100644
--- a/admin/admin-caching.php
+++ b/admin/admin-caching.php
@@ -54,7 +54,7 @@ public function cache_settings_info() {
 		// Cookies
 		add_settings_field(
 			'password_protected_compat_caching_cookie',
-			__( 'Cookies', 'password-protected' ),
+			__( 'Cookie Name', 'password-protected' ),
 			array( $this, 'field_cookies' ),
 			'password-protected-compat',
 			'password_protected_compat_caching'
@@ -96,7 +96,7 @@ public function cache_settings_info() {
 	public function section_caching() {
 
 		echo '<p>' . __( 'Password Protected does not always work well with sites that use caching.', 'password-protected' ) . '<br />
-			' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
+			' . __( 'If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your caching setup to disable caching for the Password Protected cookie:', 'password-protected' ) . '</p>';
 
 	}
 
@@ -107,7 +107,7 @@ public function section_caching() {
 	 */
 	public function field_cookies() {
 
-		echo '<p><input type="text" value="' . esc_attr( $this->plugin->cookie_name() ) . '" class="regular-text code" /></p>';
+		echo '<p><code>' . esc_html( $this->plugin->cookie_name() ) . '</code></p>';
 
 	}
 

From ab0afe8d8ec7b1dce6deb2e346a05e26732769a9 Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Thu, 10 Jan 2019 07:11:14 +0000
Subject: [PATCH 6/9] Mobile viewport tag.

---
 theme/password-protected-login.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/theme/password-protected-login.php b/theme/password-protected-login.php
index 491ddf4..ab3fd0c 100644
--- a/theme/password-protected-login.php
+++ b/theme/password-protected-login.php
@@ -28,6 +28,17 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 	}
 }
 
+/**
+ * @since 3.7.0
+ */
+if ( ! function_exists( 'wp_login_viewport_meta' ) ) {
+	function wp_login_viewport_meta() {
+		?>
+		<meta name="viewport" content="width=device-width" />
+		<?php
+	}
+}
+
 nocache_headers();
 header( 'Content-Type: ' . get_bloginfo( 'html_type' ) . '; charset=' . get_bloginfo( 'charset' ) );
 
@@ -51,6 +62,8 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 // Obey privacy setting
 add_action( 'password_protected_login_head', 'noindex' );
 
+add_action( 'password_protected_login_head', 'wp_login_viewport_meta' );
+
 ?>
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>

From cd4bad7e682a4b64a2dc5cd03d7d1c4dacfaa4c6 Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Thu, 10 Jan 2019 07:12:35 +0000
Subject: [PATCH 7/9] Change `noindex` action to `wp_no_robots`.

---
 theme/password-protected-login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/theme/password-protected-login.php b/theme/password-protected-login.php
index 491ddf4..29ff777 100644
--- a/theme/password-protected-login.php
+++ b/theme/password-protected-login.php
@@ -49,7 +49,7 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 }
 
 // Obey privacy setting
-add_action( 'password_protected_login_head', 'noindex' );
+add_action( 'password_protected_login_head', 'wp_no_robots' );
 
 ?>
 <!DOCTYPE html>

From 7fb0aeaff86a0200fe4dae9612898bae48adab18 Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Thu, 10 Jan 2019 07:14:04 +0000
Subject: [PATCH 8/9] =?UTF-8?q?Remove=20text=20domain=20from=20=E2=80=9CRe?=
 =?UTF-8?q?member=20Me=E2=80=9D=20and=20=E2=80=9CLog=20In=E2=80=9D=20butto?=
 =?UTF-8?q?ns.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use default WordPress translations.
---
 theme/password-protected-login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/theme/password-protected-login.php b/theme/password-protected-login.php
index 491ddf4..e31e646 100644
--- a/theme/password-protected-login.php
+++ b/theme/password-protected-login.php
@@ -110,12 +110,12 @@ function shake(id,a,d){c=a.shift();s(id,c);if(a.length>0){setTimeout(function(){
 
 		<?php if ( $Password_Protected->allow_remember_me() ) : ?>
 			<p class="forgetmenot">
-				<label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me', 'password-protected' ); ?></label>
+				<label for="password_protected_rememberme"><input name="password_protected_rememberme" type="checkbox" id="password_protected_rememberme" value="1" tabindex="90" /> <?php esc_attr_e( 'Remember Me' ); ?></label>
 			</p>
 		<?php endif; ?>
 
 		<p class="submit">
-			<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In', 'password-protected' ); ?>" tabindex="100" />
+			<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" tabindex="100" />
 			<input type="hidden" name="testcookie" value="1" />
 			<input type="hidden" name="password-protected" value="login" />
 			<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $_REQUEST['redirect_to'] ); ?>" />

From efe8e26a999c8e7dc9c27393cc5ddb20d8cfef49 Mon Sep 17 00:00:00 2001
From: Ben Huson <ben@thewhiteroom.net>
Date: Thu, 10 Jan 2019 07:53:16 +0000
Subject: [PATCH 9/9] Version 2.2.3

---
 CHANGELOG.md           | 16 +++++++++++++++-
 README.md              |  3 +++
 password-protected.php |  4 ++--
 readme.txt             | 12 +++++++++++-
 4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac27d73..6f2c359 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [2.2.3] - 2019-01-10
+
+### Fixed
+- Restrict REST-API-access only if password protection is active.
+
+### Added
+- Added viewport meta tag to login page.
+- Added `password_protected_show_login` filter.
+
+### Changed
+- Cookie name is not editable in the admin so display just for reference.
+- Use default WordPress text domain for “Remember Me” and “Log In” buttons.
+
 ## [2.2.2] - 2018-05-29
 
 ### Changed
@@ -199,7 +212,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Added
 - First Release. If you spot any bugs or issues please [log them here](https://github.com/benhuson/password-protected/issues).
 
-[Unreleased]: https://github.com/benhuson/password-protected/compare/2.2.2...HEAD
+[Unreleased]: https://github.com/benhuson/password-protected/compare/2.2.3...HEAD
+[2.2.3]: https://github.com/benhuson/password-protected/compare/2.2.2...2.2.3
 [2.2.2]: https://github.com/benhuson/password-protected/compare/2.2.1...2.2.2
 [2.2.1]: https://github.com/benhuson/password-protected/compare/2.2...2.2.1
 [2.2]: https://github.com/benhuson/password-protected/compare/2.1...2.2
diff --git a/README.md b/README.md
index 253c3d5..083cd23 100644
--- a/README.md
+++ b/README.md
@@ -71,6 +71,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
 Upgrade Notice
 --------------
 
+### 2.2.3
+Restrict REST-API-access only if password protection is active. Added viewport meta tag to login page.
+
 ### 2.2.2
 Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.
 
diff --git a/password-protected.php b/password-protected.php
index ff925e5..39af025 100644
--- a/password-protected.php
+++ b/password-protected.php
@@ -4,7 +4,7 @@
 Plugin Name: Password Protected
 Plugin URI: https://wordpress.org/plugins/password-protected/
 Description: A very simple way to quickly password protect your WordPress site with a single password. Please note: This plugin does not restrict access to uploaded files and images and does not work with some caching setups.
-Version: 2.2.2
+Version: 2.2.3
 Author: Ben Huson
 Text Domain: password-protected
 Author URI: http://github.com/benhuson/password-protected/
@@ -42,7 +42,7 @@
 
 class Password_Protected {
 
-	var $version = '2.2.2';
+	var $version = '2.2.3';
 	var $admin   = null;
 	var $errors  = null;
 
diff --git a/readme.txt b/readme.txt
index 05206c6..f13c47e 100644
--- a/readme.txt
+++ b/readme.txt
@@ -5,7 +5,7 @@ Tags: password, protect, password protect, login
 Requires at least: 3.9
 Tested up to: 4.9.6
 Requires PHP: 5.6
-Stable tag: 2.2.2
+Stable tag: 2.2.3
 License: GPLv2 or later
 
 A very simple way to quickly password protect your WordPress site with a single password.
@@ -82,6 +82,13 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
 
 == Changelog ==
 
+= 2.2.3 =
+- Restrict REST-API-access only if password protection is active.
+- Added viewport meta tag to login page.
+- Added `password_protected_show_login` filter.
+- Cookie name is not editable in the admin so display just for reference.
+- Use default WordPress text domain for “Remember Me” and “Log In” buttons.
+
 = 2.2.2 =
 - Change locked admin bar icon to green.
 - Fix REST option and always allow access to REST API for logged in users.
@@ -199,6 +206,9 @@ More instructions can be found at [wp-translations.org](http://wp-translations.o
 
 == Upgrade Notice ==
 
+= 2.2.3 =
+Restrict REST-API-access only if password protection is active. Added viewport meta tag to login page.
+
 = 2.2.2 =
 Fix REST option and always allow access to REST API for logged in users. Change locked admin bar icon to green.