[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-settings-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Settings_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class used to manage a site's settings via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Settings_Controller extends WP_REST_Controller {
  18  
  19      /**
  20       * Constructor.
  21       *
  22       * @since 4.7.0
  23       */
  24  	public function __construct() {
  25          $this->namespace = 'wp/v2';
  26          $this->rest_base = 'settings';
  27      }
  28  
  29      /**
  30       * Registers the routes for the objects of the controller.
  31       *
  32       * @since 4.7.0
  33       *
  34       * @see register_rest_route()
  35       */
  36  	public function register_routes() {
  37  
  38          register_rest_route(
  39              $this->namespace,
  40              '/' . $this->rest_base,
  41              array(
  42                  array(
  43                      'methods'             => WP_REST_Server::READABLE,
  44                      'callback'            => array( $this, 'get_item' ),
  45                      'args'                => array(),
  46                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  47                  ),
  48                  array(
  49                      'methods'             => WP_REST_Server::EDITABLE,
  50                      'callback'            => array( $this, 'update_item' ),
  51                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
  52                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  53                  ),
  54                  'schema' => array( $this, 'get_public_item_schema' ),
  55              )
  56          );
  57  
  58      }
  59  
  60      /**
  61       * Checks if a given request has access to read and manage settings.
  62       *
  63       * @since 4.7.0
  64       *
  65       * @param WP_REST_Request $request Full details about the request.
  66       * @return bool True if the request has read access for the item, otherwise false.
  67       */
  68  	public function get_item_permissions_check( $request ) {
  69          return current_user_can( 'manage_options' );
  70      }
  71  
  72      /**
  73       * Retrieves the settings.
  74       *
  75       * @since 4.7.0
  76       *
  77       * @param WP_REST_Request $request Full details about the request.
  78       * @return array|WP_Error Array on success, or WP_Error object on failure.
  79       */
  80  	public function get_item( $request ) {
  81          $options  = $this->get_registered_options();
  82          $response = array();
  83  
  84          foreach ( $options as $name => $args ) {
  85              /**
  86               * Filters the value of a setting recognized by the REST API.
  87               *
  88               * Allow hijacking the setting value and overriding the built-in behavior by returning a
  89               * non-null value.  The returned value will be presented as the setting value instead.
  90               *
  91               * @since 4.7.0
  92               *
  93               * @param mixed  $result Value to use for the requested setting. Can be a scalar
  94               *                       matching the registered schema for the setting, or null to
  95               *                       follow the default get_option() behavior.
  96               * @param string $name   Setting name (as shown in REST API responses).
  97               * @param array  $args   Arguments passed to register_setting() for this setting.
  98               */
  99              $response[ $name ] = apply_filters( 'rest_pre_get_setting', null, $name, $args );
 100  
 101              if ( is_null( $response[ $name ] ) ) {
 102                  // Default to a null value as "null" in the response means "not set".
 103                  $response[ $name ] = get_option( $args['option_name'], $args['schema']['default'] );
 104              }
 105  
 106              /*
 107               * Because get_option() is lossy, we have to
 108               * cast values to the type they are registered with.
 109               */
 110              $response[ $name ] = $this->prepare_value( $response[ $name ], $args['schema'] );
 111          }
 112  
 113          return $response;
 114      }
 115  
 116      /**
 117       * Prepares a value for output based off a schema array.
 118       *
 119       * @since 4.7.0
 120       *
 121       * @param mixed $value  Value to prepare.
 122       * @param array $schema Schema to match.
 123       * @return mixed The prepared value.
 124       */
 125  	protected function prepare_value( $value, $schema ) {
 126          /*
 127           * If the value is not valid by the schema, set the value to null.
 128           * Null values are specifically non-destructive, so this will not cause
 129           * overwriting the current invalid value to null.
 130           */
 131          if ( is_wp_error( rest_validate_value_from_schema( $value, $schema ) ) ) {
 132              return null;
 133          }
 134          return rest_sanitize_value_from_schema( $value, $schema );
 135      }
 136  
 137      /**
 138       * Updates settings for the settings object.
 139       *
 140       * @since 4.7.0
 141       *
 142       * @param WP_REST_Request $request Full details about the request.
 143       * @return array|WP_Error Array on success, or error object on failure.
 144       */
 145  	public function update_item( $request ) {
 146          $options = $this->get_registered_options();
 147  
 148          $params = $request->get_params();
 149  
 150          foreach ( $options as $name => $args ) {
 151              if ( ! array_key_exists( $name, $params ) ) {
 152                  continue;
 153              }
 154  
 155              /**
 156               * Filters whether to preempt a setting value update.
 157               *
 158               * Allows hijacking the setting update logic and overriding the built-in behavior by
 159               * returning true.
 160               *
 161               * @since 4.7.0
 162               *
 163               * @param bool   $result Whether to override the default behavior for updating the
 164               *                       value of a setting.
 165               * @param string $name   Setting name (as shown in REST API responses).
 166               * @param mixed  $value  Updated setting value.
 167               * @param array  $args   Arguments passed to register_setting() for this setting.
 168               */
 169              $updated = apply_filters( 'rest_pre_update_setting', false, $name, $request[ $name ], $args );
 170  
 171              if ( $updated ) {
 172                  continue;
 173              }
 174  
 175              /*
 176               * A null value for an option would have the same effect as
 177               * deleting the option from the database, and relying on the
 178               * default value.
 179               */
 180              if ( is_null( $request[ $name ] ) ) {
 181                  /*
 182                   * A null value is returned in the response for any option
 183                   * that has a non-scalar value.
 184                   *
 185                   * To protect clients from accidentally including the null
 186                   * values from a response object in a request, we do not allow
 187                   * options with values that don't pass validation to be updated to null.
 188                   * Without this added protection a client could mistakenly
 189                   * delete all options that have invalid values from the
 190                   * database.
 191                   */
 192                  if ( is_wp_error( rest_validate_value_from_schema( get_option( $args['option_name'], false ), $args['schema'] ) ) ) {
 193                      return new WP_Error(
 194                          'rest_invalid_stored_value',
 195                          /* translators: %s: Property name. */
 196                          sprintf( __( 'The %s property has an invalid stored value, and cannot be updated to null.' ), $name ),
 197                          array( 'status' => 500 )
 198                      );
 199                  }
 200  
 201                  delete_option( $args['option_name'] );
 202              } else {
 203                  update_option( $args['option_name'], $request[ $name ] );
 204              }
 205          }
 206  
 207          return $this->get_item( $request );
 208      }
 209  
 210      /**
 211       * Retrieves all of the registered options for the Settings API.
 212       *
 213       * @since 4.7.0
 214       *
 215       * @return array Array of registered options.
 216       */
 217  	protected function get_registered_options() {
 218          $rest_options = array();
 219  
 220          foreach ( get_registered_settings() as $name => $args ) {
 221              if ( empty( $args['show_in_rest'] ) ) {
 222                  continue;
 223              }
 224  
 225              $rest_args = array();
 226  
 227              if ( is_array( $args['show_in_rest'] ) ) {
 228                  $rest_args = $args['show_in_rest'];
 229              }
 230  
 231              $defaults = array(
 232                  'name'   => ! empty( $rest_args['name'] ) ? $rest_args['name'] : $name,
 233                  'schema' => array(),
 234              );
 235  
 236              $rest_args = array_merge( $defaults, $rest_args );
 237  
 238              $default_schema = array(
 239                  'type'        => empty( $args['type'] ) ? null : $args['type'],
 240                  'description' => empty( $args['description'] ) ? '' : $args['description'],
 241                  'default'     => isset( $args['default'] ) ? $args['default'] : null,
 242              );
 243  
 244              $rest_args['schema']      = array_merge( $default_schema, $rest_args['schema'] );
 245              $rest_args['option_name'] = $name;
 246  
 247              // Skip over settings that don't have a defined type in the schema.
 248              if ( empty( $rest_args['schema']['type'] ) ) {
 249                  continue;
 250              }
 251  
 252              /*
 253               * Whitelist the supported types for settings, as we don't want invalid types
 254               * to be updated with arbitrary values that we can't do decent sanitizing for.
 255               */
 256              if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
 257                  continue;
 258              }
 259  
 260              $rest_args['schema'] = $this->set_additional_properties_to_false( $rest_args['schema'] );
 261  
 262              $rest_options[ $rest_args['name'] ] = $rest_args;
 263          }
 264  
 265          return $rest_options;
 266      }
 267  
 268      /**
 269       * Retrieves the site setting schema, conforming to JSON Schema.
 270       *
 271       * @since 4.7.0
 272       *
 273       * @return array Item schema data.
 274       */
 275  	public function get_item_schema() {
 276          if ( $this->schema ) {
 277              return $this->add_additional_fields_schema( $this->schema );
 278          }
 279  
 280          $options = $this->get_registered_options();
 281  
 282          $schema = array(
 283              '$schema'    => 'http://json-schema.org/draft-04/schema#',
 284              'title'      => 'settings',
 285              'type'       => 'object',
 286              'properties' => array(),
 287          );
 288  
 289          foreach ( $options as $option_name => $option ) {
 290              $schema['properties'][ $option_name ]                = $option['schema'];
 291              $schema['properties'][ $option_name ]['arg_options'] = array(
 292                  'sanitize_callback' => array( $this, 'sanitize_callback' ),
 293              );
 294          }
 295  
 296          $this->schema = $schema;
 297          return $this->add_additional_fields_schema( $this->schema );
 298      }
 299  
 300      /**
 301       * Custom sanitize callback used for all options to allow the use of 'null'.
 302       *
 303       * By default, the schema of settings will throw an error if a value is set to
 304       * `null` as it's not a valid value for something like "type => string". We
 305       * provide a wrapper sanitizer to whitelist the use of `null`.
 306       *
 307       * @since 4.7.0
 308       *
 309       * @param mixed           $value   The value for the setting.
 310       * @param WP_REST_Request $request The request object.
 311       * @param string          $param   The parameter name.
 312       * @return mixed|WP_Error
 313       */
 314  	public function sanitize_callback( $value, $request, $param ) {
 315          if ( is_null( $value ) ) {
 316              return $value;
 317          }
 318          return rest_parse_request_arg( $value, $request, $param );
 319      }
 320  
 321      /**
 322       * Recursively add additionalProperties = false to all objects in a schema.
 323       *
 324       * This is need to restrict properties of objects in settings values to only
 325       * registered items, as the REST API will allow additional properties by
 326       * default.
 327       *
 328       * @since 4.9.0
 329       *
 330       * @param array $schema The schema array.
 331       * @return array
 332       */
 333  	protected function set_additional_properties_to_false( $schema ) {
 334          switch ( $schema['type'] ) {
 335              case 'object':
 336                  foreach ( $schema['properties'] as $key => $child_schema ) {
 337                      $schema['properties'][ $key ] = $this->set_additional_properties_to_false( $child_schema );
 338                  }
 339                  $schema['additionalProperties'] = false;
 340                  break;
 341              case 'array':
 342                  $schema['items'] = $this->set_additional_properties_to_false( $schema['items'] );
 343                  break;
 344          }
 345  
 346          return $schema;
 347      }
 348  }


Generated: Fri Oct 18 08:20:01 2019 Cross-referenced by PHPXref 0.7