From a93c42d9ae993709c43d7fa76f06a573599f3353 Mon Sep 17 00:00:00 2001
From: Austin Passy <austin@passy.co>
Date: Tue, 15 May 2018 11:00:33 -0700
Subject: [PATCH 1/4] Fix spacing format.

---
 wp-rest-api-cache.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-rest-api-cache.php b/wp-rest-api-cache.php
index accd8a0..14f9157 100644
--- a/wp-rest-api-cache.php
+++ b/wp-rest-api-cache.php
@@ -19,7 +19,7 @@
 
 PluginFactory::create('rest-api-object-cache')
     ->addOnHook(RestDispatch::class)
-	->addOnHook(Admin::class)
+    ->addOnHook(Admin::class)
     ->initialize();
 
 call_user_func_array(

From cd2b03ae6c7dcf51674072a72f17bc48c07877de Mon Sep 17 00:00:00 2001
From: Austin Passy <austin@passy.co>
Date: Wed, 30 May 2018 15:23:46 -0700
Subject: [PATCH 2/4] - Added permission check (`delete_users`) before adding
 admin bar node. - Change permission check on settings page from
 `manage_options` to `delete_users`. - Removed nonce check after successful
 cache flush for admin notice.

---
 src/WpAdmin/Admin.php | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/src/WpAdmin/Admin.php b/src/WpAdmin/Admin.php
index 742b334..e427231 100644
--- a/src/WpAdmin/Admin.php
+++ b/src/WpAdmin/Admin.php
@@ -75,7 +75,7 @@ protected function adminMenu()
             'options-general.php',
             \esc_html__('WP REST API Cache', 'wp-rest-api-cache'),
             \esc_html__('REST API Cache', 'wp-rest-api-cache'),
-            'manage_options',
+            'delete_users',
             self::MENU_SLUG,
             function () {
                 $this->renderPage();
@@ -90,12 +90,14 @@ function () {
      */
     protected function adminBarMenu(WP_Admin_Bar $wp_admin_bar)
     {
-        $args = [
+        if (! is_user_logged_in() || ! current_user_can('delete_users') || ! is_admin_bar_showing()) {
+            return;
+        }
+
+        $wp_admin_bar->add_node([
             'id' => WpRestApiCache::ID,
             'title' => \esc_html__('REST API Cache', 'wp-rest-api-cache'),
-        ];
-
-        $wp_admin_bar->add_node($args);
+        ]);
         $wp_admin_bar->add_menu([
             'parent' => WpRestApiCache::ID,
             'id' => self::MENU_ID,
@@ -111,16 +113,12 @@ protected function adminAction()
     {
         $this->requestCallback();
 
-        $url = \wp_nonce_url(
-            \add_query_arg(
-                [self::NOTICE => 1],
-                \remove_query_arg(
-                    [RestDispatch::QUERY_CACHE_DELETE, RestDispatch::QUERY_CACHE_REFRESH],
-                    \wp_get_referer()
-                )
-            ),
-            self::NONCE_ACTION,
-            self::NONCE_NAME
+        $url = \add_query_arg(
+            [self::NOTICE => 1],
+            \remove_query_arg(
+                [RestDispatch::QUERY_CACHE_DELETE, RestDispatch::QUERY_CACHE_REFRESH],
+                \wp_get_referer()
+            )
         );
         \wp_safe_redirect($url);
         exit;
@@ -131,9 +129,7 @@ protected function adminAction()
      */
     protected function adminNotices()
     {
-        if (! empty($_REQUEST[self::NONCE_NAME]) &&
-            \wp_verify_nonce($_REQUEST[self::NONCE_NAME], self::NONCE_ACTION) &&
-            ! empty($_GET[self::NOTICE]) &&
+        if (! empty($_GET[self::NOTICE]) &&
             filter_var_int($_GET[self::NOTICE]) === 1
         ) {
             $message = \esc_html__('The cache has been successfully cleared.', 'wp-rest-api-cache');

From 81450d4257031ddc730e9170512ab239b554bd80 Mon Sep 17 00:00:00 2001
From: Austin Passy <austin@passy.co>
Date: Wed, 30 May 2018 15:24:03 -0700
Subject: [PATCH 3/4] Added PHP 7.2 to Travis CI.

---
 .travis.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index c568657..0f5ea14 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,8 +1,9 @@
 language: php
 
 php:
-  - '7.1'
   - '7.0'
+  - '7.1'
+  - '7.2'
 
 install: composer install
 

From d360cafccac4f67886c841700a3833495be6dd4e Mon Sep 17 00:00:00 2001
From: Austin Passy <austin@passy.co>
Date: Wed, 30 May 2018 15:24:15 -0700
Subject: [PATCH 4/4] Version 1.2.3 bump.

---
 CHANGELONG.md         | 9 +++++++++
 composer.json         | 2 +-
 wp-rest-api-cache.php | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGELONG.md b/CHANGELONG.md
index 134a168..909a388 100755
--- a/CHANGELONG.md
+++ b/CHANGELONG.md
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 1.2.3 - 2018-05-30
+### Updated
+- Added permission check (`delete_users`) before adding admin bar node.
+- Change permission check on settings page from `manage_options` to `delete_users`.
+- Removed nonce check after successful cache flush for admin notice.
+
+### Added
+- PHP 7.2 to the Travis build.
+
 ## 1.2.2 - 2018-04-30
 ### Fixed
 - When endpoints have multiple posts, the request bubbles up and appends the results which leads to a body size X's the
diff --git a/composer.json b/composer.json
index 169187d..51ce4f3 100755
--- a/composer.json
+++ b/composer.json
@@ -2,7 +2,7 @@
   "name": "dwnload/wp-rest-api-object-cache",
   "description": "Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.",
   "type": "wordpress-plugin",
-  "version": "1.2.2",
+  "version": "1.2.3",
   "license": "MIT",
   "authors": [
     {
diff --git a/wp-rest-api-cache.php b/wp-rest-api-cache.php
index 14f9157..8719b36 100644
--- a/wp-rest-api-cache.php
+++ b/wp-rest-api-cache.php
@@ -4,7 +4,7 @@
  * Description: Enable object caching for WordPress' REST API. Aids in increased response times of your applications endpoints.
  * Author: Austin Passy
  * Author URI: http://github.com/thefrosty
- * Version: 1.2.2
+ * Version: 1.2.3
  * Requires at least: 4.9
  * Tested up to: 4.9
  * Requires PHP: 7.0