Add nginx X-Accel-Redirect support, Redis cache provider, and author access fix#433
Open
Erik-NA wants to merge 6 commits intoGM-Alex:nextfrom
Open
Add nginx X-Accel-Redirect support, Redis cache provider, and author access fix#433Erik-NA wants to merge 6 commits intoGM-Alex:nextfrom
Erik-NA wants to merge 6 commits intoGM-Alex:nextfrom
Conversation
Bump version 2.3.11
**nginx file delivery (X-Accel-Redirect)**
- FileHandler: send X-Accel-Redirect header on nginx instead of
X-Sendfile, which nginx does not support natively
- SettingsController: enable xsendfile option on nginx without
running the HTTP test (X-Accel-Redirect is always available)
- SettingsController: show lock_file_types setting on nginx (was
incorrectly hidden)
- NginxFileProtection: add ~ flag and quote regex in location
directive to produce valid nginx config when pattern contains
curly braces (e.g. [0-9]{4})
**Redis cache provider**
- Add RedisCacheProvider implementing CacheProviderInterface,
backed by the WordPress object cache API (wp_cache_*)
- Register provider automatically when wp_using_ext_object_cache()
is true (i.e. a persistent backend such as Redis is active)
- Add language strings and update .pot file
… prefix
[0-9]{4} in a nginx location directive fails to match even when quoted,
because nginx's PCRE engine does not interpret character classes with
quantifiers correctly in this context. Replace with \d{4}/\d{2} which
works reliably.
Also prefix X-Accel-Redirect URI with /uam-files/ to avoid an internal
redirect loop: without this, nginx redirects back to the UAM location
block, which rewrites to index.php again, causing a rewrite cycle.
When a post has post_author=0 (e.g. imported without an author), unauthenticated users (also ID=0) were incorrectly treated as the post author, bypassing all group-based access restrictions. Guard against userId=0 so that the author-access shortcut never fires for unauthenticated visitors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…lback The download-type selector always showed "X-Sendfile" regardless of web server. This was misleading and confusing on nginx. - On nginx the option is relabelled to "X-Accel-Redirect" and stays enabled, because X-Accel-Redirect is always available on nginx without any extra module. - On Apache the existing HTTP round-trip test still runs; if mod_xsendfile is absent the option is disabled as before. - Added runtime fallback in FileHandler: if "xsendfile" is saved in the database but Apache's mod_xsendfile is not loaded at request time (e.g. after a server migration), delivery silently falls back to fopen instead of returning an empty response. - Added LabelTrait::setLabel() to allow relabelling form values. - Added TXT_UAM_DOWNLOAD_TYPE_XACCELREDIRECT language string and .pot entry. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This was referenced Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
FileHandlersendsX-Accel-Redirectinstead ofX-Sendfileon nginx, with a/uam-files/internal location prefix to avoid redirect loops.SettingsController::isXSendFileAvailable()returns true on nginx and shows the correct server-specific label in the UI (X-Accel-RedirectvsX-Sendfile). Apache gets a runtime fallback viaapache_get_modules()if mod_xsendfile is absent.FileProtection::getDirectoryMatch()uses\d{4}instead of[0-9]{4}— nginx cannot parse character classes with quantifiers in location directives.RedisCacheProviderusing the WordPress object cache API (wp_cache_*). Registered automatically whenwp_using_ext_object_cache()is true. No configuration needed beyond a standard Redis Object Cache plugin.AccessHandler::hasAuthorAccess()now guards against$currentUserId === 0, preventing unauthenticated users from gaining access to posts imported without an author (post_author = 0).nginx configuration required
Replaces #432 (splitting as requested).