Edit File by line
/home/zeestwma/richards.../wp-conte.../plugins/jetpack
File: class.json-api.php
if ( $is_help ) {
[500] Fix | Delete
// Truncate path at help depth.
[501] Fix | Delete
// @phan-suppress-next-line PhanPossiblyUndeclaredVariable -- $depth is set when $is_help is true.
[502] Fix | Delete
$endpoint_path = implode( '/', array_slice( explode( '/', $endpoint_path ), 0, $depth ) );
[503] Fix | Delete
}
[504] Fix | Delete
[505] Fix | Delete
// Generate regular expression from sprintf().
[506] Fix | Delete
$endpoint_path_regex = str_replace( array( '%s', '%d' ), array( '([^/?&]+)', '(\d+)' ), $endpoint_path );
[507] Fix | Delete
[508] Fix | Delete
if ( ! preg_match( "#^$endpoint_path_regex\$#", $this->path, $path_pieces ) ) {
[509] Fix | Delete
// This endpoint does not match the requested path.
[510] Fix | Delete
continue;
[511] Fix | Delete
}
[512] Fix | Delete
[513] Fix | Delete
if ( version_compare( $this->version, $endpoint_min_version, '<' ) || version_compare( $this->version, $endpoint_max_version, '>' ) ) {
[514] Fix | Delete
// This endpoint does not match the requested version.
[515] Fix | Delete
continue;
[516] Fix | Delete
}
[517] Fix | Delete
[518] Fix | Delete
$found = true;
[519] Fix | Delete
[520] Fix | Delete
if ( $find_all_matching_endpoints ) {
[521] Fix | Delete
$matching_endpoints[] = array( $endpoints_by_method[ $method ], $path_pieces );
[522] Fix | Delete
} else {
[523] Fix | Delete
// The method parameters are now in $path_pieces.
[524] Fix | Delete
$endpoint = $endpoints_by_method[ $method ];
[525] Fix | Delete
break 2;
[526] Fix | Delete
}
[527] Fix | Delete
}
[528] Fix | Delete
}
[529] Fix | Delete
[530] Fix | Delete
if ( ! $found ) {
[531] Fix | Delete
return $this->output( 404, '', 'text/plain' );
[532] Fix | Delete
}
[533] Fix | Delete
[534] Fix | Delete
if ( $four_oh_five ) {
[535] Fix | Delete
$allowed_methods = array();
[536] Fix | Delete
foreach ( $matching_endpoints as $matching_endpoint ) {
[537] Fix | Delete
$allowed_methods[] = $matching_endpoint[0]->method;
[538] Fix | Delete
}
[539] Fix | Delete
[540] Fix | Delete
header( 'Allow: ' . strtoupper( implode( ',', array_unique( $allowed_methods ) ) ) );
[541] Fix | Delete
return $this->output(
[542] Fix | Delete
405,
[543] Fix | Delete
array(
[544] Fix | Delete
'error' => 'not_allowed',
[545] Fix | Delete
'error_message' => 'Method not allowed',
[546] Fix | Delete
)
[547] Fix | Delete
);
[548] Fix | Delete
}
[549] Fix | Delete
[550] Fix | Delete
if ( $is_help ) {
[551] Fix | Delete
/**
[552] Fix | Delete
* Fires before the API output.
[553] Fix | Delete
*
[554] Fix | Delete
* @since 1.9.0
[555] Fix | Delete
*
[556] Fix | Delete
* @param string help.
[557] Fix | Delete
*/
[558] Fix | Delete
do_action( 'wpcom_json_api_output', 'help' );
[559] Fix | Delete
$proxied = function_exists( 'wpcom_is_proxied_request' ) ? wpcom_is_proxied_request() : false;
[560] Fix | Delete
// @phan-suppress-next-line PhanPossiblyUndeclaredVariable -- $help_content_type is set when $is_help is true.
[561] Fix | Delete
if ( 'json' === $help_content_type ) {
[562] Fix | Delete
$docs = array();
[563] Fix | Delete
foreach ( $matching_endpoints as $matching_endpoint ) {
[564] Fix | Delete
if ( $matching_endpoint[0]->is_publicly_documentable() || $proxied || WPCOM_JSON_API__DEBUG ) {
[565] Fix | Delete
$docs[] = call_user_func( array( $matching_endpoint[0], 'generate_documentation' ) );
[566] Fix | Delete
}
[567] Fix | Delete
}
[568] Fix | Delete
return $this->output( 200, $docs );
[569] Fix | Delete
} else {
[570] Fix | Delete
status_header( 200 );
[571] Fix | Delete
foreach ( $matching_endpoints as $matching_endpoint ) {
[572] Fix | Delete
if ( $matching_endpoint[0]->is_publicly_documentable() || $proxied || WPCOM_JSON_API__DEBUG ) {
[573] Fix | Delete
call_user_func( array( $matching_endpoint[0], 'document' ) );
[574] Fix | Delete
}
[575] Fix | Delete
}
[576] Fix | Delete
}
[577] Fix | Delete
exit( 0 );
[578] Fix | Delete
}
[579] Fix | Delete
[580] Fix | Delete
// @phan-suppress-next-line PhanPossiblyUndeclaredVariable -- $endpoint is set when $find_all_matching_endpoints is false and $found is true, which is guaranteed here.
[581] Fix | Delete
if ( $endpoint->in_testing && ! WPCOM_JSON_API__DEBUG ) {
[582] Fix | Delete
return $this->output( 404, '', 'text/plain' );
[583] Fix | Delete
}
[584] Fix | Delete
[585] Fix | Delete
/** This action is documented in class.json-api.php */
[586] Fix | Delete
// @phan-suppress-next-line PhanPossiblyUndeclaredVariable -- $endpoint is set when $find_all_matching_endpoints is false and $found is true, which is guaranteed here.
[587] Fix | Delete
do_action( 'wpcom_json_api_output', $endpoint->stat );
[588] Fix | Delete
[589] Fix | Delete
// @phan-suppress-next-line PhanPossiblyUndeclaredVariable -- $endpoint is set when $find_all_matching_endpoints is false and $found is true, which is guaranteed here.
[590] Fix | Delete
$response = $this->process_request( $endpoint, $path_pieces );
[591] Fix | Delete
[592] Fix | Delete
if ( ! $response && ! is_array( $response ) ) {
[593] Fix | Delete
return $this->output( 500, '', 'text/plain' );
[594] Fix | Delete
} elseif ( is_wp_error( $response ) ) {
[595] Fix | Delete
return $this->output_error( $response );
[596] Fix | Delete
}
[597] Fix | Delete
[598] Fix | Delete
$output_status_code = $this->output_status_code;
[599] Fix | Delete
$this->set_output_status_code();
[600] Fix | Delete
[601] Fix | Delete
return $this->output( $output_status_code, $response, 'application/json', $this->extra_headers );
[602] Fix | Delete
}
[603] Fix | Delete
[604] Fix | Delete
/**
[605] Fix | Delete
* Process a request.
[606] Fix | Delete
*
[607] Fix | Delete
* @param WPCOM_JSON_API_Endpoint $endpoint Endpoint.
[608] Fix | Delete
* @param array $path_pieces Path pieces.
[609] Fix | Delete
* @return array|WP_Error Return value from the endpoint's callback.
[610] Fix | Delete
*/
[611] Fix | Delete
public function process_request( WPCOM_JSON_API_Endpoint $endpoint, $path_pieces ) {
[612] Fix | Delete
$this->endpoint = $endpoint;
[613] Fix | Delete
$this->maybe_switch_to_token_user_and_site();
[614] Fix | Delete
return call_user_func_array( array( $endpoint, 'callback' ), $path_pieces );
[615] Fix | Delete
}
[616] Fix | Delete
[617] Fix | Delete
/**
[618] Fix | Delete
* Output a response or error without exiting.
[619] Fix | Delete
*
[620] Fix | Delete
* @param int $status_code HTTP status code.
[621] Fix | Delete
* @param mixed $response Response data.
[622] Fix | Delete
* @param string $content_type Content type of the response.
[623] Fix | Delete
*/
[624] Fix | Delete
public function output_early( $status_code, $response = null, $content_type = 'application/json' ) {
[625] Fix | Delete
$exit = $this->exit;
[626] Fix | Delete
$this->exit = false;
[627] Fix | Delete
if ( is_wp_error( $response ) ) {
[628] Fix | Delete
$this->output_error( $response );
[629] Fix | Delete
} else {
[630] Fix | Delete
$this->output( $status_code, $response, $content_type );
[631] Fix | Delete
}
[632] Fix | Delete
$this->exit = $exit;
[633] Fix | Delete
if ( ! defined( 'XMLRPC_REQUEST' ) || ! XMLRPC_REQUEST ) {
[634] Fix | Delete
$this->finish_request();
[635] Fix | Delete
}
[636] Fix | Delete
}
[637] Fix | Delete
[638] Fix | Delete
/**
[639] Fix | Delete
* Set output status code.
[640] Fix | Delete
*
[641] Fix | Delete
* @param int $code HTTP status code.
[642] Fix | Delete
*/
[643] Fix | Delete
public function set_output_status_code( $code = 200 ) {
[644] Fix | Delete
$this->output_status_code = $code;
[645] Fix | Delete
}
[646] Fix | Delete
[647] Fix | Delete
/**
[648] Fix | Delete
* Output a response.
[649] Fix | Delete
*
[650] Fix | Delete
* @param int $status_code HTTP status code.
[651] Fix | Delete
* @param mixed $response Response data.
[652] Fix | Delete
* @param string $content_type Content type of the response.
[653] Fix | Delete
* @param array $extra Additional HTTP headers.
[654] Fix | Delete
* @return string Content type (assuming it didn't exit).
[655] Fix | Delete
*/
[656] Fix | Delete
public function output( $status_code, $response = null, $content_type = 'application/json', $extra = array() ) {
[657] Fix | Delete
$status_code = (int) $status_code;
[658] Fix | Delete
[659] Fix | Delete
// In case output() was called before the callback returned.
[660] Fix | Delete
if ( $this->did_output ) {
[661] Fix | Delete
if ( $this->exit ) {
[662] Fix | Delete
exit( 0 );
[663] Fix | Delete
}
[664] Fix | Delete
return $content_type;
[665] Fix | Delete
}
[666] Fix | Delete
$this->did_output = true;
[667] Fix | Delete
[668] Fix | Delete
// 400s and 404s are allowed for all origins
[669] Fix | Delete
if ( 404 === $status_code || 400 === $status_code ) {
[670] Fix | Delete
header( 'Access-Control-Allow-Origin: *' );
[671] Fix | Delete
}
[672] Fix | Delete
[673] Fix | Delete
/* Add headers for form submission from <amp-form/> */
[674] Fix | Delete
if ( $this->amp_source_origin ) {
[675] Fix | Delete
header( 'Access-Control-Allow-Origin: ' . wp_unslash( $this->amp_source_origin ) );
[676] Fix | Delete
header( 'Access-Control-Allow-Credentials: true' );
[677] Fix | Delete
}
[678] Fix | Delete
[679] Fix | Delete
if ( $response === null ) {
[680] Fix | Delete
$response = new stdClass();
[681] Fix | Delete
}
[682] Fix | Delete
[683] Fix | Delete
if ( 'text/plain' === $content_type ||
[684] Fix | Delete
'text/html' === $content_type ) {
[685] Fix | Delete
status_header( $status_code );
[686] Fix | Delete
header( 'Content-Type: ' . $content_type );
[687] Fix | Delete
foreach ( $extra as $key => $value ) {
[688] Fix | Delete
header( "$key: $value" );
[689] Fix | Delete
}
[690] Fix | Delete
echo $response; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[691] Fix | Delete
if ( $this->exit ) {
[692] Fix | Delete
exit( 0 );
[693] Fix | Delete
}
[694] Fix | Delete
[695] Fix | Delete
return $content_type;
[696] Fix | Delete
}
[697] Fix | Delete
[698] Fix | Delete
$response = $this->filter_fields( $response );
[699] Fix | Delete
[700] Fix | Delete
if ( isset( $this->query['http_envelope'] ) && self::is_truthy( $this->query['http_envelope'] ) ) {
[701] Fix | Delete
$response = static::wrap_http_envelope( $status_code, $response, $content_type, $extra );
[702] Fix | Delete
[703] Fix | Delete
$status_code = 200;
[704] Fix | Delete
$content_type = 'application/json';
[705] Fix | Delete
}
[706] Fix | Delete
[707] Fix | Delete
status_header( $status_code );
[708] Fix | Delete
header( "Content-Type: $content_type" );
[709] Fix | Delete
if ( isset( $this->query['callback'] ) && is_string( $this->query['callback'] ) ) {
[710] Fix | Delete
$callback = preg_replace( '/[^a-z0-9_.]/i', '', $this->query['callback'] );
[711] Fix | Delete
} else {
[712] Fix | Delete
$callback = false;
[713] Fix | Delete
}
[714] Fix | Delete
[715] Fix | Delete
if ( $callback ) {
[716] Fix | Delete
// Mitigate Rosetta Flash [1] by setting the Content-Type-Options: nosniff header
[717] Fix | Delete
// and by prepending the JSONP response with a JS comment.
[718] Fix | Delete
// [1] <https://blog.miki.it/2014/7/8/abusing-jsonp-with-rosetta-flash/index.html>.
[719] Fix | Delete
echo "/**/$callback("; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- This is JSONP output, not HTML.
[720] Fix | Delete
[721] Fix | Delete
}
[722] Fix | Delete
echo $this->json_encode( $response, JSON_UNESCAPED_SLASHES ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- This is JSON or JSONP output, not HTML.
[723] Fix | Delete
if ( $callback ) {
[724] Fix | Delete
echo ');';
[725] Fix | Delete
}
[726] Fix | Delete
[727] Fix | Delete
if ( $this->exit ) {
[728] Fix | Delete
exit( 0 );
[729] Fix | Delete
}
[730] Fix | Delete
[731] Fix | Delete
return $content_type;
[732] Fix | Delete
}
[733] Fix | Delete
[734] Fix | Delete
/**
[735] Fix | Delete
* Wrap JSON API response into an HTTP 200 one.
[736] Fix | Delete
*
[737] Fix | Delete
* @param int $status_code HTTP status code.
[738] Fix | Delete
* @param mixed $response Response body.
[739] Fix | Delete
* @param string $content_type Content type.
[740] Fix | Delete
* @param array|null $extra Extra data.
[741] Fix | Delete
*
[742] Fix | Delete
* @return array
[743] Fix | Delete
*/
[744] Fix | Delete
public static function wrap_http_envelope( $status_code, $response, $content_type, $extra = null ) {
[745] Fix | Delete
$headers = array(
[746] Fix | Delete
array(
[747] Fix | Delete
'name' => 'Content-Type',
[748] Fix | Delete
'value' => $content_type,
[749] Fix | Delete
),
[750] Fix | Delete
);
[751] Fix | Delete
[752] Fix | Delete
if ( is_array( $extra ) ) {
[753] Fix | Delete
foreach ( $extra as $key => $value ) {
[754] Fix | Delete
$headers[] = array(
[755] Fix | Delete
'name' => $key,
[756] Fix | Delete
'value' => $value,
[757] Fix | Delete
);
[758] Fix | Delete
}
[759] Fix | Delete
}
[760] Fix | Delete
[761] Fix | Delete
return array(
[762] Fix | Delete
'code' => (int) $status_code,
[763] Fix | Delete
'headers' => $headers,
[764] Fix | Delete
'body' => $response,
[765] Fix | Delete
);
[766] Fix | Delete
}
[767] Fix | Delete
[768] Fix | Delete
/**
[769] Fix | Delete
* Serialize an error.
[770] Fix | Delete
*
[771] Fix | Delete
* @param WP_Error $error Error.
[772] Fix | Delete
* @return array with 'status_code' and 'errors' data.
[773] Fix | Delete
*/
[774] Fix | Delete
public static function serializable_error( $error ) {
[775] Fix | Delete
[776] Fix | Delete
$status_code = $error->get_error_data();
[777] Fix | Delete
[778] Fix | Delete
if ( is_array( $status_code ) && isset( $status_code['status_code'] ) ) {
[779] Fix | Delete
$status_code = $status_code['status_code'];
[780] Fix | Delete
}
[781] Fix | Delete
[782] Fix | Delete
if ( ! $status_code ) {
[783] Fix | Delete
$status_code = 400;
[784] Fix | Delete
}
[785] Fix | Delete
$response = array(
[786] Fix | Delete
'error' => $error->get_error_code(),
[787] Fix | Delete
'message' => $error->get_error_message(),
[788] Fix | Delete
);
[789] Fix | Delete
[790] Fix | Delete
$additional_data = $error->get_error_data( 'additional_data' );
[791] Fix | Delete
if ( $additional_data ) {
[792] Fix | Delete
$response['data'] = $additional_data;
[793] Fix | Delete
}
[794] Fix | Delete
[795] Fix | Delete
return array(
[796] Fix | Delete
'status_code' => $status_code,
[797] Fix | Delete
'errors' => $response,
[798] Fix | Delete
);
[799] Fix | Delete
}
[800] Fix | Delete
[801] Fix | Delete
/**
[802] Fix | Delete
* Output an error.
[803] Fix | Delete
*
[804] Fix | Delete
* @param WP_Error $error Error.
[805] Fix | Delete
* @return string Content type (assuming it didn't exit).
[806] Fix | Delete
*/
[807] Fix | Delete
public function output_error( $error ) {
[808] Fix | Delete
$error_response = static::serializable_error( $error );
[809] Fix | Delete
[810] Fix | Delete
return $this->output( $error_response['status_code'], $error_response['errors'] );
[811] Fix | Delete
}
[812] Fix | Delete
[813] Fix | Delete
/**
[814] Fix | Delete
* Filter fields in a response.
[815] Fix | Delete
*
[816] Fix | Delete
* @param array|object $response Response.
[817] Fix | Delete
* @return array|object Filtered response.
[818] Fix | Delete
*/
[819] Fix | Delete
public function filter_fields( $response ) {
[820] Fix | Delete
if ( empty( $this->query['fields'] ) || ( is_array( $response ) && ! empty( $response['error'] ) ) || ! empty( $this->endpoint->custom_fields_filtering ) ) {
[821] Fix | Delete
return $response;
[822] Fix | Delete
}
[823] Fix | Delete
[824] Fix | Delete
$fields = array_map( 'trim', explode( ',', $this->query['fields'] ) );
[825] Fix | Delete
[826] Fix | Delete
if ( is_object( $response ) ) {
[827] Fix | Delete
$response = (array) $response;
[828] Fix | Delete
}
[829] Fix | Delete
[830] Fix | Delete
$has_filtered = false;
[831] Fix | Delete
if ( is_array( $response ) && empty( $response['ID'] ) ) {
[832] Fix | Delete
$keys_to_filter = array(
[833] Fix | Delete
'categories',
[834] Fix | Delete
'comments',
[835] Fix | Delete
'connections',
[836] Fix | Delete
'domains',
[837] Fix | Delete
'groups',
[838] Fix | Delete
'likes',
[839] Fix | Delete
'media',
[840] Fix | Delete
'notes',
[841] Fix | Delete
'posts',
[842] Fix | Delete
'services',
[843] Fix | Delete
'sites',
[844] Fix | Delete
'suggestions',
[845] Fix | Delete
'tags',
[846] Fix | Delete
'themes',
[847] Fix | Delete
'topics',
[848] Fix | Delete
'users',
[849] Fix | Delete
);
[850] Fix | Delete
[851] Fix | Delete
foreach ( $keys_to_filter as $key_to_filter ) {
[852] Fix | Delete
if ( ! isset( $response[ $key_to_filter ] ) || $has_filtered ) {
[853] Fix | Delete
continue;
[854] Fix | Delete
}
[855] Fix | Delete
[856] Fix | Delete
foreach ( $response[ $key_to_filter ] as $key => $values ) {
[857] Fix | Delete
if ( is_object( $values ) ) {
[858] Fix | Delete
if ( is_object( $response[ $key_to_filter ] ) ) {
[859] Fix | Delete
// phpcs:ignore Squiz.PHP.DisallowMultipleAssignments.Found -- False positive.
[860] Fix | Delete
$response[ $key_to_filter ]->$key = (object) array_intersect_key( ( (array) $values ), array_flip( $fields ) );
[861] Fix | Delete
} elseif ( is_array( $response[ $key_to_filter ] ) ) {
[862] Fix | Delete
$response[ $key_to_filter ][ $key ] = (object) array_intersect_key( ( (array) $values ), array_flip( $fields ) );
[863] Fix | Delete
}
[864] Fix | Delete
} elseif ( is_array( $values ) ) {
[865] Fix | Delete
$response[ $key_to_filter ][ $key ] = array_intersect_key( $values, array_flip( $fields ) );
[866] Fix | Delete
}
[867] Fix | Delete
}
[868] Fix | Delete
[869] Fix | Delete
$has_filtered = true;
[870] Fix | Delete
}
[871] Fix | Delete
}
[872] Fix | Delete
[873] Fix | Delete
if ( ! $has_filtered ) {
[874] Fix | Delete
if ( is_object( $response ) ) {
[875] Fix | Delete
$response = (object) array_intersect_key( (array) $response, array_flip( $fields ) );
[876] Fix | Delete
} elseif ( is_array( $response ) ) {
[877] Fix | Delete
$response = array_intersect_key( $response, array_flip( $fields ) );
[878] Fix | Delete
}
[879] Fix | Delete
}
[880] Fix | Delete
[881] Fix | Delete
return $response;
[882] Fix | Delete
}
[883] Fix | Delete
[884] Fix | Delete
/**
[885] Fix | Delete
* Filter for `home_url`.
[886] Fix | Delete
*
[887] Fix | Delete
* If `$original_scheme` is null, turns an https URL to http.
[888] Fix | Delete
*
[889] Fix | Delete
* @param string $url The complete home URL including scheme and path.
[890] Fix | Delete
* @param string $path Path relative to the home URL. Blank string if no path is specified.
[891] Fix | Delete
* @param string|null $original_scheme Scheme to give the home URL context. Accepts 'http', 'https', 'relative', 'rest', or null.
[892] Fix | Delete
* @return string URL.
[893] Fix | Delete
*/
[894] Fix | Delete
public function ensure_http_scheme_of_home_url( $url, $path, $original_scheme ) {
[895] Fix | Delete
if ( $original_scheme ) {
[896] Fix | Delete
return $url;
[897] Fix | Delete
}
[898] Fix | Delete
[899] Fix | Delete
return preg_replace( '#^https:#', 'http:', $url );
[900] Fix | Delete
}
[901] Fix | Delete
[902] Fix | Delete
/**
[903] Fix | Delete
* Decode HTML special characters in comment content.
[904] Fix | Delete
*
[905] Fix | Delete
* @param string $comment_content Comment content.
[906] Fix | Delete
* @return string
[907] Fix | Delete
*/
[908] Fix | Delete
public function comment_edit_pre( $comment_content ) {
[909] Fix | Delete
return htmlspecialchars_decode( $comment_content, ENT_QUOTES );
[910] Fix | Delete
}
[911] Fix | Delete
[912] Fix | Delete
/**
[913] Fix | Delete
* JSON encode.
[914] Fix | Delete
*
[915] Fix | Delete
* @param mixed $value The value to encode.
[916] Fix | Delete
* @param int $flags Options to be passed to json_encode(). Default 0.
[917] Fix | Delete
* @param int $depth Maximum depth to walk through $value. Must be greater than 0.
[918] Fix | Delete
*
[919] Fix | Delete
* @return string|false
[920] Fix | Delete
*/
[921] Fix | Delete
public function json_encode( $value, $flags = 0, $depth = 512 ) {
[922] Fix | Delete
return wp_json_encode( $value, $flags, $depth );
[923] Fix | Delete
}
[924] Fix | Delete
[925] Fix | Delete
/**
[926] Fix | Delete
* Test if a string ends with a string.
[927] Fix | Delete
*
[928] Fix | Delete
* @param string $haystack String to check.
[929] Fix | Delete
* @param string $needle Suffix to check.
[930] Fix | Delete
* @return bool
[931] Fix | Delete
*/
[932] Fix | Delete
public function ends_with( $haystack, $needle ) {
[933] Fix | Delete
return substr( $haystack, -strlen( $needle ) ) === $needle;
[934] Fix | Delete
}
[935] Fix | Delete
[936] Fix | Delete
/**
[937] Fix | Delete
* Returns the site's blog_id in the WP.com ecosystem
[938] Fix | Delete
*
[939] Fix | Delete
* @return int
[940] Fix | Delete
*/
[941] Fix | Delete
public function get_blog_id_for_output() {
[942] Fix | Delete
return $this->token_details['blog_id'];
[943] Fix | Delete
}
[944] Fix | Delete
[945] Fix | Delete
/**
[946] Fix | Delete
* Returns the site's local blog_id.
[947] Fix | Delete
*
[948] Fix | Delete
* @param int $blog_id Blog ID.
[949] Fix | Delete
* @return int
[950] Fix | Delete
*/
[951] Fix | Delete
public function get_blog_id( $blog_id ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
[952] Fix | Delete
return $GLOBALS['blog_id'];
[953] Fix | Delete
}
[954] Fix | Delete
[955] Fix | Delete
/**
[956] Fix | Delete
* Switch to blog and validate user.
[957] Fix | Delete
*
[958] Fix | Delete
* @param int $blog_id Blog ID.
[959] Fix | Delete
* @param bool $verify_token_for_blog Whether to verify the token.
[960] Fix | Delete
* @return int Blog ID.
[961] Fix | Delete
*/
[962] Fix | Delete
public function switch_to_blog_and_validate_user( $blog_id = 0, $verify_token_for_blog = true ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
[963] Fix | Delete
if ( $this->is_restricted_blog( $blog_id ) ) {
[964] Fix | Delete
return new WP_Error( 'unauthorized', 'User cannot access this restricted blog', 403 );
[965] Fix | Delete
}
[966] Fix | Delete
/**
[967] Fix | Delete
* If this is a private site we check for 2 things:
[968] Fix | Delete
* 1. In case of user based authentication, we need to check if the logged-in user has the 'read' capability.
[969] Fix | Delete
* 2. In case of site based authentication, make sure the endpoint accepts it.
[970] Fix | Delete
*/
[971] Fix | Delete
if ( ( new Status() )->is_private_site() &&
[972] Fix | Delete
! current_user_can( 'read' ) &&
[973] Fix | Delete
! $this->endpoint->accepts_site_based_authentication()
[974] Fix | Delete
) {
[975] Fix | Delete
return new WP_Error( 'unauthorized', 'User cannot access this private blog.', 403 );
[976] Fix | Delete
}
[977] Fix | Delete
[978] Fix | Delete
return $blog_id;
[979] Fix | Delete
}
[980] Fix | Delete
[981] Fix | Delete
/**
[982] Fix | Delete
* Switch to a user and blog based on the current request's Jetpack token when the endpoint accepts this feature.
[983] Fix | Delete
*
[984] Fix | Delete
* @return void
[985] Fix | Delete
*/
[986] Fix | Delete
protected function maybe_switch_to_token_user_and_site() {
[987] Fix | Delete
if ( ! $this->endpoint->allow_jetpack_token_auth ) {
[988] Fix | Delete
return;
[989] Fix | Delete
}
[990] Fix | Delete
[991] Fix | Delete
if ( ! class_exists( 'Jetpack_Server_Version' ) ) {
[992] Fix | Delete
return;
[993] Fix | Delete
}
[994] Fix | Delete
[995] Fix | Delete
$token = Jetpack_Server_Version::get_token_from_authorization_header();
[996] Fix | Delete
[997] Fix | Delete
if ( ! $token || is_wp_error( $token ) ) {
[998] Fix | Delete
return;
[999] Fix | Delete
123
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function