[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-settings-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Settings_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class used to manage a site's settings via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Settings_Controller extends WP_REST_Controller {
  18  
  19      /**
  20       * Constructor.
  21       *
  22       * @since 4.7.0
  23       */
  24  	public function __construct() {
  25          $this->namespace = 'wp/v2';
  26          $this->rest_base = 'settings';
  27      }
  28  
  29      /**
  30       * Registers the routes for the objects of the controller.
  31       *
  32       * @since 4.7.0
  33       *
  34       * @see register_rest_route()
  35       */
  36  	public function register_routes() {
  37  
  38          register_rest_route(
  39              $this->namespace,
  40              '/' . $this->rest_base,
  41              array(
  42                  array(
  43                      'methods'             => WP_REST_Server::READABLE,
  44                      'callback'            => array( $this, 'get_item' ),
  45                      'args'                => array(),
  46                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  47                  ),
  48                  array(
  49                      'methods'             => WP_REST_Server::EDITABLE,
  50                      'callback'            => array( $this, 'update_item' ),
  51                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
  52                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  53                  ),
  54                  'schema' => array( $this, 'get_public_item_schema' ),
  55              )
  56          );
  57  
  58      }
  59  
  60      /**
  61       * Checks if a given request has access to read and manage settings.
  62       *
  63       * @since 4.7.0
  64       *
  65       * @param WP_REST_Request $request Full details about the request.
  66       * @return bool True if the request has read access for the item, otherwise false.
  67       */
  68  	public function get_item_permissions_check( $request ) {
  69          return current_user_can( 'manage_options' );
  70      }
  71  
  72      /**
  73       * Retrieves the settings.
  74       *
  75       * @since 4.7.0
  76       *
  77       * @param WP_REST_Request $request Full details about the request.
  78       * @return array|WP_Error Array on success, or WP_Error object on failure.
  79       */
  80  	public function get_item( $request ) {
  81          $options  = $this->get_registered_options();
  82          $response = array();
  83  
  84          foreach ( $options as $name => $args ) {
  85              /**
  86               * Filters the value of a setting recognized by the REST API.
  87               *
  88               * Allow hijacking the setting value and overriding the built-in behavior by returning a
  89               * non-null value.  The returned value will be presented as the setting value instead.
  90               *
  91               * @since 4.7.0
  92               *
  93               * @param mixed  $result Value to use for the requested setting. Can be a scalar
  94               *                       matching the registered schema for the setting, or null to
  95               *                       follow the default get_option() behavior.
  96               * @param string $name   Setting name (as shown in REST API responses).
  97               * @param array  $args   Arguments passed to register_setting() for this setting.
  98               */
  99              $response[ $name ] = apply_filters( 'rest_pre_get_setting', null, $name, $args );
 100  
 101              if ( is_null( $response[ $name ] ) ) {
 102                  // Default to a null value as "null" in the response means "not set".
 103                  $response[ $name ] = get_option( $args['option_name'], $args['schema']['default'] );
 104              }
 105  
 106              /*
 107               * Because get_option() is lossy, we have to
 108               * cast values to the type they are registered with.
 109               */
 110              $response[ $name ] = $this->prepare_value( $response[ $name ], $args['schema'] );
 111          }
 112  
 113          return $response;
 114      }
 115  
 116      /**
 117       * Prepares a value for output based off a schema array.
 118       *
 119       * @since 4.7.0
 120       *
 121       * @param mixed $value  Value to prepare.
 122       * @param array $schema Schema to match.
 123       * @return mixed The prepared value.
 124       */
 125  	protected function prepare_value( $value, $schema ) {
 126          // If the value is not valid by the schema, set the value to null. Null
 127          // values are specifcally non-destructive so this will not cause overwriting
 128          // the current invalid value to null.
 129          if ( is_wp_error( rest_validate_value_from_schema( $value, $schema ) ) ) {
 130              return null;
 131          }
 132          return rest_sanitize_value_from_schema( $value, $schema );
 133      }
 134  
 135      /**
 136       * Updates settings for the settings object.
 137       *
 138       * @since 4.7.0
 139       *
 140       * @param WP_REST_Request $request Full details about the request.
 141       * @return array|WP_Error Array on success, or error object on failure.
 142       */
 143  	public function update_item( $request ) {
 144          $options = $this->get_registered_options();
 145  
 146          $params = $request->get_params();
 147  
 148          foreach ( $options as $name => $args ) {
 149              if ( ! array_key_exists( $name, $params ) ) {
 150                  continue;
 151              }
 152  
 153              /**
 154               * Filters whether to preempt a setting value update.
 155               *
 156               * Allows hijacking the setting update logic and overriding the built-in behavior by
 157               * returning true.
 158               *
 159               * @since 4.7.0
 160               *
 161               * @param bool   $result Whether to override the default behavior for updating the
 162               *                       value of a setting.
 163               * @param string $name   Setting name (as shown in REST API responses).
 164               * @param mixed  $value  Updated setting value.
 165               * @param array  $args   Arguments passed to register_setting() for this setting.
 166               */
 167              $updated = apply_filters( 'rest_pre_update_setting', false, $name, $request[ $name ], $args );
 168  
 169              if ( $updated ) {
 170                  continue;
 171              }
 172  
 173              /*
 174               * A null value for an option would have the same effect as
 175               * deleting the option from the database, and relying on the
 176               * default value.
 177               */
 178              if ( is_null( $request[ $name ] ) ) {
 179                  /*
 180                   * A null value is returned in the response for any option
 181                   * that has a non-scalar value.
 182                   *
 183                   * To protect clients from accidentally including the null
 184                   * values from a response object in a request, we do not allow
 185                   * options with values that don't pass validation to be updated to null.
 186                   * Without this added protection a client could mistakenly
 187                   * delete all options that have invalid values from the
 188                   * database.
 189                   */
 190                  if ( is_wp_error( rest_validate_value_from_schema( get_option( $args['option_name'], false ), $args['schema'] ) ) ) {
 191                      return new WP_Error(
 192                          'rest_invalid_stored_value',
 193                          sprintf( __( 'The %s property has an invalid stored value, and cannot be updated to null.' ), $name ),
 194                          array( 'status' => 500 )
 195                      );
 196                  }
 197  
 198                  delete_option( $args['option_name'] );
 199              } else {
 200                  update_option( $args['option_name'], $request[ $name ] );
 201              }
 202          }
 203  
 204          return $this->get_item( $request );
 205      }
 206  
 207      /**
 208       * Retrieves all of the registered options for the Settings API.
 209       *
 210       * @since 4.7.0
 211       *
 212       * @return array Array of registered options.
 213       */
 214  	protected function get_registered_options() {
 215          $rest_options = array();
 216  
 217          foreach ( get_registered_settings() as $name => $args ) {
 218              if ( empty( $args['show_in_rest'] ) ) {
 219                  continue;
 220              }
 221  
 222              $rest_args = array();
 223  
 224              if ( is_array( $args['show_in_rest'] ) ) {
 225                  $rest_args = $args['show_in_rest'];
 226              }
 227  
 228              $defaults = array(
 229                  'name'   => ! empty( $rest_args['name'] ) ? $rest_args['name'] : $name,
 230                  'schema' => array(),
 231              );
 232  
 233              $rest_args = array_merge( $defaults, $rest_args );
 234  
 235              $default_schema = array(
 236                  'type'        => empty( $args['type'] ) ? null : $args['type'],
 237                  'description' => empty( $args['description'] ) ? '' : $args['description'],
 238                  'default'     => isset( $args['default'] ) ? $args['default'] : null,
 239              );
 240  
 241              $rest_args['schema']      = array_merge( $default_schema, $rest_args['schema'] );
 242              $rest_args['option_name'] = $name;
 243  
 244              // Skip over settings that don't have a defined type in the schema.
 245              if ( empty( $rest_args['schema']['type'] ) ) {
 246                  continue;
 247              }
 248  
 249              /*
 250               * Whitelist the supported types for settings, as we don't want invalid types
 251               * to be updated with arbitrary values that we can't do decent sanitizing for.
 252               */
 253              if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
 254                  continue;
 255              }
 256  
 257              $rest_args['schema'] = $this->set_additional_properties_to_false( $rest_args['schema'] );
 258  
 259              $rest_options[ $rest_args['name'] ] = $rest_args;
 260          }
 261  
 262          return $rest_options;
 263      }
 264  
 265      /**
 266       * Retrieves the site setting schema, conforming to JSON Schema.
 267       *
 268       * @since 4.7.0
 269       *
 270       * @return array Item schema data.
 271       */
 272  	public function get_item_schema() {
 273          if ( $this->schema ) {
 274              return $this->add_additional_fields_schema( $this->schema );
 275          }
 276  
 277          $options = $this->get_registered_options();
 278  
 279          $schema = array(
 280              '$schema'    => 'http://json-schema.org/draft-04/schema#',
 281              'title'      => 'settings',
 282              'type'       => 'object',
 283              'properties' => array(),
 284          );
 285  
 286          foreach ( $options as $option_name => $option ) {
 287              $schema['properties'][ $option_name ]                = $option['schema'];
 288              $schema['properties'][ $option_name ]['arg_options'] = array(
 289                  'sanitize_callback' => array( $this, 'sanitize_callback' ),
 290              );
 291          }
 292  
 293          $this->schema = $schema;
 294          return $this->add_additional_fields_schema( $this->schema );
 295      }
 296  
 297      /**
 298       * Custom sanitize callback used for all options to allow the use of 'null'.
 299       *
 300       * By default, the schema of settings will throw an error if a value is set to
 301       * `null` as it's not a valid value for something like "type => string". We
 302       * provide a wrapper sanitizer to whitelist the use of `null`.
 303       *
 304       * @since 4.7.0
 305       *
 306       * @param  mixed           $value   The value for the setting.
 307       * @param  WP_REST_Request $request The request object.
 308       * @param  string          $param   The parameter name.
 309       * @return mixed|WP_Error
 310       */
 311  	public function sanitize_callback( $value, $request, $param ) {
 312          if ( is_null( $value ) ) {
 313              return $value;
 314          }
 315          return rest_parse_request_arg( $value, $request, $param );
 316      }
 317  
 318      /**
 319       * Recursively add additionalProperties = false to all objects in a schema.
 320       *
 321       * This is need to restrict properties of objects in settings values to only
 322       * registered items, as the REST API will allow additional properties by
 323       * default.
 324       *
 325       * @since 4.9.0
 326       *
 327       * @param array $schema The schema array.
 328       * @return array
 329       */
 330  	protected function set_additional_properties_to_false( $schema ) {
 331          switch ( $schema['type'] ) {
 332              case 'object':
 333                  foreach ( $schema['properties'] as $key => $child_schema ) {
 334                      $schema['properties'][ $key ] = $this->set_additional_properties_to_false( $child_schema );
 335                  }
 336                  $schema['additionalProperties'] = false;
 337                  break;
 338              case 'array':
 339                  $schema['items'] = $this->set_additional_properties_to_false( $schema['items'] );
 340                  break;
 341          }
 342  
 343          return $schema;
 344      }
 345  }


Generated: Tue Aug 20 08:20:01 2019 Cross-referenced by PHPXref 0.7