From 6e1ac727be9213ef44b94995ef3a682798fa9065 Mon Sep 17 00:00:00 2001
From: Nate Weller <nate.weller@automattic.com>
Date: Thu, 18 Jan 2024 14:06:01 -0700
Subject: [PATCH] WAF: Prevent unnecessary database updates to
 NEEDS_UPDATE_OPTION_NAME (#34820)

* Use a boolean value for Waf_Initializer::NEEDS_UPDATE_OPTION_NAME and update call logic
* Remove default update option value, as it is set with a filter
---
 projects/packages/waf/changelog/fix-waf-update-option | 4 ++++
 projects/packages/waf/src/class-compatibility.php     | 4 ++--
 projects/packages/waf/src/class-waf-initializer.php   | 5 +++--
 3 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 projects/packages/waf/changelog/fix-waf-update-option

diff --git a/projects/packages/waf/changelog/fix-waf-update-option b/projects/packages/waf/changelog/fix-waf-update-option
new file mode 100644
index 0000000000000..d3d2b2a7e1897
--- /dev/null
+++ b/projects/packages/waf/changelog/fix-waf-update-option
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Optimize how the web application firewall checks for updates on admin screens.
diff --git a/projects/packages/waf/src/class-compatibility.php b/projects/packages/waf/src/class-compatibility.php
index 682a26f8ddabe..1adc7e94ae760 100644
--- a/projects/packages/waf/src/class-compatibility.php
+++ b/projects/packages/waf/src/class-compatibility.php
@@ -186,7 +186,7 @@ public static function filter_option_waf_ip_allow_list( $waf_allow_list ) {
 		$brute_force_allow_list = Jetpack_Options::get_raw_option( 'jetpack_protect_whitelist', false );
 		if ( false !== $brute_force_allow_list ) {
 			$waf_allow_list = self::merge_ip_allow_lists( $waf_allow_list, $brute_force_allow_list );
-			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, 1 );
+			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, true );
 		}
 
 		return $waf_allow_list;
@@ -213,7 +213,7 @@ public static function default_option_waf_ip_allow_list( $default, $option, $pas
 		$brute_force_allow_list = Jetpack_Options::get_raw_option( 'jetpack_protect_whitelist', false );
 		if ( false !== $brute_force_allow_list ) {
 			$waf_allow_list = self::merge_ip_allow_lists( $waf_allow_list, $brute_force_allow_list );
-			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, 1 );
+			update_option( Waf_Initializer::NEEDS_UPDATE_OPTION_NAME, true );
 		}
 
 		return $waf_allow_list;
diff --git a/projects/packages/waf/src/class-waf-initializer.php b/projects/packages/waf/src/class-waf-initializer.php
index 11891fe34910b..ffe2d8b0ec6ad 100644
--- a/projects/packages/waf/src/class-waf-initializer.php
+++ b/projects/packages/waf/src/class-waf-initializer.php
@@ -155,7 +155,7 @@ public static function update_waf_after_plugin_upgrade( $upgrader, $hook_extra )
 			return;
 		}
 
-		update_option( self::NEEDS_UPDATE_OPTION_NAME, 1 );
+		update_option( self::NEEDS_UPDATE_OPTION_NAME, true );
 	}
 
 	/**
@@ -197,9 +197,10 @@ public static function check_for_updates() {
 				// just migrate the IP allow list used by brute force protection.
 				Waf_Compatibility::migrate_brute_force_protection_ip_allow_list();
 			}
+
+			update_option( self::NEEDS_UPDATE_OPTION_NAME, false );
 		}
 
-		update_option( self::NEEDS_UPDATE_OPTION_NAME, 0 );
 		return true;
 	}