[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

Search

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-settings-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Settings_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class used to manage a site's settings via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Settings_Controller extends WP_REST_Controller {
  18  
  19      /**
  20       * Constructor.
  21       *
  22       * @since 4.7.0
  23       */
  24  	public function __construct() {
  25          $this->namespace = 'wp/v2';
  26          $this->rest_base = 'settings';
  27      }
  28  
  29      /**
  30       * Registers the routes for the site's settings.
  31       *
  32       * @since 4.7.0
  33       *
  34       * @see register_rest_route()
  35       */
  36  	public function register_routes() {
  37  
  38          register_rest_route(
  39              $this->namespace,
  40              '/' . $this->rest_base,
  41              array(
  42                  array(
  43                      'methods'             => WP_REST_Server::READABLE,
  44                      'callback'            => array( $this, 'get_item' ),
  45                      'args'                => array(),
  46                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  47                  ),
  48                  array(
  49                      'methods'             => WP_REST_Server::EDITABLE,
  50                      'callback'            => array( $this, 'update_item' ),
  51                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
  52                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  53                  ),
  54                  'schema' => array( $this, 'get_public_item_schema' ),
  55              )
  56          );
  57      }
  58  
  59      /**
  60       * Checks if a given request has access to read and manage settings.
  61       *
  62       * @since 4.7.0
  63       *
  64       * @param WP_REST_Request $request Full details about the request.
  65       * @return bool True if the request has read access for the item, otherwise false.
  66       */
  67  	public function get_item_permissions_check( $request ) {
  68          return current_user_can( 'manage_options' );
  69      }
  70  
  71      /**
  72       * Retrieves the settings.
  73       *
  74       * @since 4.7.0
  75       *
  76       * @param WP_REST_Request $request Full details about the request.
  77       * @return array|WP_Error Array on success, or WP_Error object on failure.
  78       */
  79  	public function get_item( $request ) {
  80          $options  = $this->get_registered_options();
  81          $response = array();
  82  
  83          foreach ( $options as $name => $args ) {
  84              /**
  85               * Filters the value of a setting recognized by the REST API.
  86               *
  87               * Allow hijacking the setting value and overriding the built-in behavior by returning a
  88               * non-null value.  The returned value will be presented as the setting value instead.
  89               *
  90               * @since 4.7.0
  91               *
  92               * @param mixed  $result Value to use for the requested setting. Can be a scalar
  93               *                       matching the registered schema for the setting, or null to
  94               *                       follow the default get_option() behavior.
  95               * @param string $name   Setting name (as shown in REST API responses).
  96               * @param array  $args   Arguments passed to register_setting() for this setting.
  97               */
  98              $response[ $name ] = apply_filters( 'rest_pre_get_setting', null, $name, $args );
  99  
 100              if ( is_null( $response[ $name ] ) ) {
 101                  // Default to a null value as "null" in the response means "not set".
 102                  $response[ $name ] = get_option( $args['option_name'], $args['schema']['default'] );
 103              }
 104  
 105              /*
 106               * Because get_option() is lossy, we have to
 107               * cast values to the type they are registered with.
 108               */
 109              $response[ $name ] = $this->prepare_value( $response[ $name ], $args['schema'] );
 110          }
 111  
 112          return $response;
 113      }
 114  
 115      /**
 116       * Prepares a value for output based off a schema array.
 117       *
 118       * @since 4.7.0
 119       *
 120       * @param mixed $value  Value to prepare.
 121       * @param array $schema Schema to match.
 122       * @return mixed The prepared value.
 123       */
 124  	protected function prepare_value( $value, $schema ) {
 125          /*
 126           * If the value is not valid by the schema, set the value to null.
 127           * Null values are specifically non-destructive, so this will not cause
 128           * overwriting the current invalid value to null.
 129           */
 130          if ( is_wp_error( rest_validate_value_from_schema( $value, $schema ) ) ) {
 131              return null;
 132          }
 133  
 134          return rest_sanitize_value_from_schema( $value, $schema );
 135      }
 136  
 137      /**
 138       * Updates settings for the settings object.
 139       *
 140       * @since 4.7.0
 141       *
 142       * @param WP_REST_Request $request Full details about the request.
 143       * @return array|WP_Error Array on success, or error object on failure.
 144       */
 145  	public function update_item( $request ) {
 146          $options = $this->get_registered_options();
 147  
 148          $params = $request->get_params();
 149  
 150          foreach ( $options as $name => $args ) {
 151              if ( ! array_key_exists( $name, $params ) ) {
 152                  continue;
 153              }
 154  
 155              /**
 156               * Filters whether to preempt a setting value update via the REST API.
 157               *
 158               * Allows hijacking the setting update logic and overriding the built-in behavior by
 159               * returning true.
 160               *
 161               * @since 4.7.0
 162               *
 163               * @param bool   $result Whether to override the default behavior for updating the
 164               *                       value of a setting.
 165               * @param string $name   Setting name (as shown in REST API responses).
 166               * @param mixed  $value  Updated setting value.
 167               * @param array  $args   Arguments passed to register_setting() for this setting.
 168               */
 169              $updated = apply_filters( 'rest_pre_update_setting', false, $name, $request[ $name ], $args );
 170  
 171              if ( $updated ) {
 172                  continue;
 173              }
 174  
 175              /*
 176               * A null value for an option would have the same effect as
 177               * deleting the option from the database, and relying on the
 178               * default value.
 179               */
 180              if ( is_null( $request[ $name ] ) ) {
 181                  /*
 182                   * A null value is returned in the response for any option
 183                   * that has a non-scalar value.
 184                   *
 185                   * To protect clients from accidentally including the null
 186                   * values from a response object in a request, we do not allow
 187                   * options with values that don't pass validation to be updated to null.
 188                   * Without this added protection a client could mistakenly
 189                   * delete all options that have invalid values from the
 190                   * database.
 191                   */
 192                  if ( is_wp_error( rest_validate_value_from_schema( get_option( $args['option_name'], false ), $args['schema'] ) ) ) {
 193                      return new WP_Error(
 194                          'rest_invalid_stored_value',
 195                          /* translators: %s: Property name. */
 196                          sprintf( __( 'The %s property has an invalid stored value, and cannot be updated to null.' ), $name ),
 197                          array( 'status' => 500 )
 198                      );
 199                  }
 200  
 201                  delete_option( $args['option_name'] );
 202              } else {
 203                  update_option( $args['option_name'], $request[ $name ] );
 204              }
 205          }
 206  
 207          return $this->get_item( $request );
 208      }
 209  
 210      /**
 211       * Retrieves all of the registered options for the Settings API.
 212       *
 213       * @since 4.7.0
 214       *
 215       * @return array Array of registered options.
 216       */
 217  	protected function get_registered_options() {
 218          $rest_options = array();
 219  
 220          foreach ( get_registered_settings() as $name => $args ) {
 221              if ( empty( $args['show_in_rest'] ) ) {
 222                  continue;
 223              }
 224  
 225              $rest_args = array();
 226  
 227              if ( is_array( $args['show_in_rest'] ) ) {
 228                  $rest_args = $args['show_in_rest'];
 229              }
 230  
 231              $defaults = array(
 232                  'name'   => ! empty( $rest_args['name'] ) ? $rest_args['name'] : $name,
 233                  'schema' => array(),
 234              );
 235  
 236              $rest_args = array_merge( $defaults, $rest_args );
 237  
 238              $default_schema = array(
 239                  'type'        => empty( $args['type'] ) ? null : $args['type'],
 240                  'title'       => empty( $args['label'] ) ? '' : $args['label'],
 241                  'description' => empty( $args['description'] ) ? '' : $args['description'],
 242                  'default'     => isset( $args['default'] ) ? $args['default'] : null,
 243              );
 244  
 245              $rest_args['schema']      = array_merge( $default_schema, $rest_args['schema'] );
 246              $rest_args['option_name'] = $name;
 247  
 248              // Skip over settings that don't have a defined type in the schema.
 249              if ( empty( $rest_args['schema']['type'] ) ) {
 250                  continue;
 251              }
 252  
 253              /*
 254               * Allow the supported types for settings, as we don't want invalid types
 255               * to be updated with arbitrary values that we can't do decent sanitizing for.
 256               */
 257              if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) {
 258                  continue;
 259              }
 260  
 261              $rest_args['schema'] = rest_default_additional_properties_to_false( $rest_args['schema'] );
 262  
 263              $rest_options[ $rest_args['name'] ] = $rest_args;
 264          }
 265  
 266          return $rest_options;
 267      }
 268  
 269      /**
 270       * Retrieves the site setting schema, conforming to JSON Schema.
 271       *
 272       * @since 4.7.0
 273       *
 274       * @return array Item schema data.
 275       */
 276  	public function get_item_schema() {
 277          if ( $this->schema ) {
 278              return $this->add_additional_fields_schema( $this->schema );
 279          }
 280  
 281          $options = $this->get_registered_options();
 282  
 283          $schema = array(
 284              '$schema'    => 'http://json-schema.org/draft-04/schema#',
 285              'title'      => 'settings',
 286              'type'       => 'object',
 287              'properties' => array(),
 288          );
 289  
 290          foreach ( $options as $option_name => $option ) {
 291              $schema['properties'][ $option_name ]                = $option['schema'];
 292              $schema['properties'][ $option_name ]['arg_options'] = array(
 293                  'sanitize_callback' => array( $this, 'sanitize_callback' ),
 294              );
 295          }
 296  
 297          $this->schema = $schema;
 298  
 299          return $this->add_additional_fields_schema( $this->schema );
 300      }
 301  
 302      /**
 303       * Custom sanitize callback used for all options to allow the use of 'null'.
 304       *
 305       * By default, the schema of settings will throw an error if a value is set to
 306       * `null` as it's not a valid value for something like "type => string". We
 307       * provide a wrapper sanitizer to allow the use of `null`.
 308       *
 309       * @since 4.7.0
 310       *
 311       * @param mixed           $value   The value for the setting.
 312       * @param WP_REST_Request $request The request object.
 313       * @param string          $param   The parameter name.
 314       * @return mixed|WP_Error
 315       */
 316  	public function sanitize_callback( $value, $request, $param ) {
 317          if ( is_null( $value ) ) {
 318              return $value;
 319          }
 320  
 321          return rest_parse_request_arg( $value, $request, $param );
 322      }
 323  
 324      /**
 325       * Recursively add additionalProperties = false to all objects in a schema
 326       * if no additionalProperties setting is specified.
 327       *
 328       * This is needed to restrict properties of objects in settings values to only
 329       * registered items, as the REST API will allow additional properties by
 330       * default.
 331       *
 332       * @since 4.9.0
 333       * @deprecated 6.1.0 Use {@see rest_default_additional_properties_to_false()} instead.
 334       *
 335       * @param array $schema The schema array.
 336       * @return array
 337       */
 338  	protected function set_additional_properties_to_false( $schema ) {
 339          _deprecated_function( __METHOD__, '6.1.0', 'rest_default_additional_properties_to_false()' );
 340  
 341          return rest_default_additional_properties_to_false( $schema );
 342      }
 343  }


Generated : Sat Dec 21 08:20:01 2024 Cross-referenced by PHPXref