From fe5476dacb48dab92ebda1413c77c3ebf34d40c6 Mon Sep 17 00:00:00 2001
From: Kash Mowatt <Kasheen@idxbroker.com>
Date: Thu, 12 Feb 2026 09:07:59 -0800
Subject: [PATCH] IMPB-1588: Add more aggressive gaurd rails for 412 requests

---
 README.md               |  7 +++++--
 idx-broker-platinum.php |  4 ++--
 idx/idx-api.php         | 36 +++++++++++++++++++++++++++++-------
 readme.txt              |  7 +++++--
 4 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index b85dd072..7037d112 100755
--- a/README.md
+++ b/README.md
@@ -4,8 +4,8 @@ Author: IDX, LLC
 Author URL: https://idxbroker.com
 **Tags:** IDX, MLS, multiple listing service, impress, idx impress, impress for idx broker, IDX plugin, idx broker, idxbroker, idx broker platinum, idx wordpress, idx wordpress plugin, integrated idx, real estate, real estate wordpress, RETS, wordpress idx, wordpress mls, WordPress Plugin, platinum, realtor, idx broker lite, idx lite, idxbroker lite, crm
 **Requires at least:** 5.3
-**Tested up to:** 6.9
-**Stable tag:** 3.2.7
+**Tested up to:** 6.9.1
+**Stable tag:** 3.2.8
 **Minimum PHP:** 7.1.8
 **License:** GPLv2 or later
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html
@@ -112,6 +112,9 @@ For users with IMPress 3.0+ who have legacy versions of IMPress Listings and/or
 
 ## Changelog ##
 
+### 3.2.8 ###
+* Fix : Handle for 412 response for the accountType request
+
 ### 3.2.7 ###
 * Fix : Removed the manual transient caching
 
diff --git a/idx-broker-platinum.php b/idx-broker-platinum.php
index e65f5adc..2b72cdbb 100644
--- a/idx-broker-platinum.php
+++ b/idx-broker-platinum.php
@@ -3,7 +3,7 @@
 Plugin Name: IMPress for IDX Broker
 Plugin URI: https://idxbroker.com
 Description: Over 600 IDX/MLS feeds serviced. The #1 IDX/MLS solution just got even better!
-Version: 3.2.7
+Version: 3.2.8
 Author: IDX Broker
 Contributors: IDX, LLC
 Author URI: https://idxbroker.com
@@ -18,7 +18,7 @@
 class Idx_Broker_Plugin {
 
 	// Placed here for convenient updating.
-	const IDX_WP_PLUGIN_VERSION = '3.2.7';
+	const IDX_WP_PLUGIN_VERSION = '3.2.8';
 	const VUE_DEV_MODE          = false;
 
 	/**
diff --git a/idx/idx-api.php b/idx/idx-api.php
index 60be9917..c54d58f0 100755
--- a/idx/idx-api.php
+++ b/idx/idx-api.php
@@ -116,10 +116,14 @@ public function idx_api(
 			return [];
 		}
 
-		$cache_key = 'idx_' . $level . '_' . $method . '_cache';
+		$cache_key            = 'idx_' . $level . '_' . $method . '_cache';
+		$api_maybe_exceeded   = get_option( 'idx_api_limit_exceeded' );
+		$limit_window_active  = $api_maybe_exceeded && time() <= ( (int) $api_maybe_exceeded + ( 60 * 60 ) );
+		$is_cacheable_request = 'POST' !== $request_type && 'PUT' !== $request_type;
+		$main_site_cache      = is_multisite() && $this->api_key === get_blog_option( get_main_site_id(), 'idx_broker_apikey' );
 
 		// Check cache
-		if ( is_multisite() && $this->api_key === get_blog_option( get_main_site_id(), 'idx_broker_apikey' ) ) {
+		if ( $main_site_cache ) {
 			$cached = get_blog_option( get_main_site_id(), $cache_key );
 		} else {
 			$cached = get_option( $cache_key );
@@ -133,12 +137,11 @@ public function idx_api(
 
 			if ( is_array( $cached ) && isset( $cached['data'] ) && isset( $cached['expiration'] ) ) {
 				$expiration         = $cached['expiration'];
-				$api_maybe_exceeded = get_option( 'idx_api_limit_exceeded' );
 
 				// If the data is past expiration, but we've currently exceeded the API limit,
 				// let's return the cached data so we don't continue to call the API until
 				// after one hour since the first 412 error.
-				if ( $api_maybe_exceeded && time() <= $api_maybe_exceeded + ( 60 * 60 ) && $expiration < time() ) {
+				if ( $limit_window_active && $expiration < time() ) {
 					return $cached['data'];
 				} elseif ( $expiration >= time() ) {
 					return $cached['data'];
@@ -146,6 +149,12 @@ public function idx_api(
 			}
 		}
 
+		// If we are currently in the 412 cooldown window and there was no usable cache,
+		// avoid making another API request and return a safe default response.
+		if ( $is_cacheable_request && $limit_window_active ) {
+			return array();
+		}
+
 		$headers = array(
 			'Content-Type'  => 'application/x-www-form-urlencoded',
 			'accesskey'     => $this->api_key,
@@ -182,12 +191,25 @@ public function idx_api(
 		if ( isset( $error ) && $error !== false ) {
 			if ( $code == 401 ) {
 				// Delete cache on 401 error
-				if ( is_multisite() && $this->api_key === get_blog_option( get_main_site_id(), 'idx_broker_apikey' ) ) {
+				if ( $main_site_cache ) {
 					delete_blog_option( get_main_site_id(), $cache_key );
 				} else {
 					delete_option( $cache_key );
 				}
 			}
+			if ( $code == 412 && $is_cacheable_request ) {
+				$limit_exceeded_at   = (int) get_option( 'idx_api_limit_exceeded' );
+				$fallback_expiration = ( $limit_exceeded_at > 0 ? $limit_exceeded_at : time() ) + ( 60 * 60 );
+				$fallback_cache_data = array(
+					'data'       => array(),
+					'expiration' => $fallback_expiration,
+				);
+				if ( $main_site_cache ) {
+					update_blog_option( get_main_site_id(), $cache_key, $fallback_cache_data );
+				} else {
+					update_option( $cache_key, $fallback_cache_data, false );
+				}
+			}
 			return new \WP_Error(
 				'idx_api_error',
 				__( 'Error ' ) . $code . __( ': ' ) . $error,
@@ -198,13 +220,13 @@ public function idx_api(
 			);
 		} else {
 			$data = (array) json_decode( (string) $response['body'], $json_decode_type );
-			if ( 'POST' !== $request_type && 'PUT' !== $request_type ) {
+			if ( $is_cacheable_request ) {
 				// Store in cache
 				$cache_data = array(
 					'data'       => $data,
 					'expiration' => time() + $expiration,
 				);
-				if ( is_multisite() && $this->api_key === get_blog_option( get_main_site_id(), 'idx_broker_apikey' ) ) {
+				if ( $main_site_cache ) {
 					update_blog_option( get_main_site_id(), $cache_key, $cache_data );
 				} else {
 					update_option( $cache_key, $cache_data, false );
diff --git a/readme.txt b/readme.txt
index 95e5e86b..de936b81 100644
--- a/readme.txt
+++ b/readme.txt
@@ -4,8 +4,8 @@ Contributors: idxco
 Author URL: https://idxbroker.com
 Tags: IDX, MLS, multiple listing service, impress, idx impress, impress for idx broker, IDX plugin, idx broker, idxbroker, idx broker platinum, idx wordpress, idx wordpress plugin, integrated idx, real estate, real estate wordpress, RETS, wordpress idx, wordpress mls, WordPress Plugin, platinum, realtor, idx broker lite, idx lite, idxbroker lite, crm
 Requires at least: 5.3
-Tested up to: 6.9
-Stable tag: 3.2.7
+Tested up to: 6.9.1
+Stable tag: 3.2.8
 Requires PHP: 7.1.8
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -133,6 +133,9 @@ For users with IMPress 3.0+ who have legacy versions of IMPress Listings and/or
 
 == Changelog ==
 
+= 3.2.8 =
+* Fix : Handle for 412 response for the accountType request
+
 = 3.2.7 =
 * Fix : Removed the manual transient caching