From 5b903274ee196915e672b16ee1c97d4ca259bba0 Mon Sep 17 00:00:00 2001
From: Silvan Calarco <silvan.calarco@mambasoft.it>
Date: Mon, 2 Aug 2021 09:56:47 +0200
Subject: [PATCH] functions.php: security check on wp-json; set global images
 display mode default

---
 functions.php | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/functions.php b/functions.php
index 16785fc..0b2c2e7 100644
--- a/functions.php
+++ b/functions.php
@@ -5,6 +5,8 @@ if ( !defined( 'ABSPATH' ) ) {
 	exit;
 }
 
+//add_action( 'login_init', 'send_frame_options_header', 10, 0 );
+
 function openmamba_breadcrumbs() {
    $text['category'] = '';
 }
@@ -409,4 +411,23 @@ function hook_cookielaw()
 
 }
 
-*/
\ No newline at end of file
+*/
+
+function wpb_imagelink_setup() {
+    $image_set = get_option( 'image_default_link_type' );
+
+    if ($image_set !== 'none') {
+        update_option('image_default_link_type', 'none');
+    }
+}
+add_action('admin_init', 'wpb_imagelink_setup', 10);
+
+/* Security: restrict access to wp-json */
+function restrict_rest_api_to_localhost() {
+    $whitelist = [ '127.0.0.1', "::1" ];
+
+    if( ! in_array($_SERVER['REMOTE_ADDR'], $whitelist ) ){
+        die( 'REST API is disabled.' );
+    }
+}
+add_action( 'rest_api_init', 'restrict_rest_api_to_localhost', 0 );