/**
* Creates a WP_REST_Request and returns it.
*
* @since 4.4.0
*
* @param string $route REST API path to be append to /jetpack/v4/
* @param array $json_params When present, parameters are added to request in JSON format
* @param string $method Request method to use, GET or POST
* @param array $params Parameters to add to endpoint
*
* @return WP_REST_Response
*/
protected function create_and_get_request($route = '', $json_params = array(), $method = 'GET', $params = array())
{
$request = new WP_REST_Request($method, "/jetpack/v4/{$route}");
$request->set_header('content-type', 'application/json');
if (!empty($json_params)) {
$request->set_body(json_encode($json_params));
}
if (!empty($params) && is_array($params)) {
foreach ($params as $key => $value) {
$request->set_param($key, $value);
}
}
return $this->server->dispatch($request);
}
public function test_create_item_unsafe_alt_text()
{
wp_set_current_user($this->author_id);
$request = new WP_REST_Request('POST', '/wp/v2/media');
$request->set_header('Content-Type', 'image/jpeg');
$request->set_header('Content-Disposition', 'filename=canola.jpg');
$request->set_body(file_get_contents($this->test_file));
$request->set_param('alt_text', '<script>alert(document.cookie)</script>');
$response = $this->server->dispatch($request);
$attachment = $response->get_data();
$this->assertEquals('', $attachment['alt_text']);
}
/**
* Retrieve the current event queue
*
* @subcommand get-queue
*/
public function get_queue($args, $assoc_args)
{
// Build and make request
$queue_request = new \WP_REST_Request('POST', '/' . \Automattic\WP\Cron_Control\REST_API::API_NAMESPACE . '/' . \Automattic\WP\Cron_Control\REST_API::ENDPOINT_LIST);
$queue_request->add_header('Content-Type', 'application/json');
$queue_request->set_body(wp_json_encode(array('secret' => \WP_CRON_CONTROL_SECRET)));
$queue_request = rest_do_request($queue_request);
// Oh well
if ($queue_request->is_error()) {
\WP_CLI::error($queue_request->as_error()->get_error_message());
}
// Get the decoded JSON object returned by the API
$queue_response = $queue_request->get_data();
// No events, nothing more to do
if (empty($queue_response['events'])) {
\WP_CLI::warning(__('No events in the current queue', 'automattic-cron-control'));
return;
}
// Prepare items for display
$events_for_display = $this->format_events($queue_response['events']);
$total_events_to_display = count($events_for_display);
\WP_CLI::line(sprintf(_n('Displaying one event', 'Displaying %s events', $total_events_to_display, 'automattic-cron-control'), number_format_i18n($total_events_to_display)));
// And reformat
$format = 'table';
if (isset($assoc_args['format'])) {
if ('ids' === $assoc_args['format']) {
\WP_CLI::error(__('Invalid output format requested', 'automattic-cron-control'));
} else {
$format = $assoc_args['format'];
}
}
\WP_CLI\Utils\format_items($format, $events_for_display, array('timestamp', 'action', 'instance', 'scheduled_for', 'internal_event', 'schedule_name', 'event_args'));
}
/**
* Test that list endpoint returns expected format
*/
public function test_run_event()
{
$ev = Utils::create_test_event();
$ev['action'] = md5($ev['action']);
$ev['instance'] = md5(maybe_serialize($ev['args']));
$ev['secret'] = \WP_CRON_CONTROL_SECRET;
unset($ev['args']);
$request = new \WP_REST_Request('PUT', '/' . \Automattic\WP\Cron_Control\REST_API::API_NAMESPACE . '/' . \Automattic\WP\Cron_Control\REST_API::ENDPOINT_RUN);
$request->set_body(wp_json_encode($ev));
$request->set_header('content-type', 'application/json');
$response = $this->server->dispatch($request);
$data = $response->get_data();
$this->assertResponseStatus(200, $response);
$this->assertArrayHasKey('success', $data);
$this->assertArrayHasKey('message', $data);
}
/**
* Create a form for testing
*
* @param array $fields
* @since 6.0
* @return object
*/
public function _createForm($fields = array(array('type' => 'single-line-text')), $settings = array())
{
$i = 1;
foreach ($fields as &$field) {
$field = wp_parse_args($field, $this->default_field);
$field['label'] .= ' ' . $i;
$field['value'] .= ' ' . $i;
$field['placeholder'] .= ' ' . $i;
$field['slug'] .= $i;
$field['className'] .= $i;
$i++;
}
$data = wp_parse_args($settings, array('fields' => $fields, 'type' => 'ccf_form', 'status' => 'publish', 'ID' => null, 'title' => array('raw' => 'Test Form'), 'description' => 'Test form description', 'buttonText' => 'Submit Text', 'buttonClass' => '', 'notifications' => array(), 'postCreation' => false, 'postCreationType' => 'post', 'postCreationStatus' => 'draft', 'postFieldMappings' => array(), 'author' => array(), 'excerpt' => '', 'link' => '', 'parent' => 0, 'format' => 'standard', 'slug' => '', 'guid' => '', 'comment_status' => 'open', 'ping_status' => 'open', 'menu_order' => 0, 'terms' => array(), 'post_meta' => array(), 'meta' => array('links' => array()), 'ping_status' => false, 'featured_image' => null));
$request = new WP_REST_Request();
$request->set_body(json_encode($data));
return $this->api->create_item($request);
}
public function verify_attachment_roundtrip($input = array(), $expected_output = array())
{
// Create the post
$request = new WP_REST_Request('POST', '/wp/v2/media');
$request->set_header('Content-Type', 'image/jpeg');
$request->set_header('Content-Disposition', 'attachment; filename=canola.jpg');
$request->set_body(file_get_contents($this->test_file));
foreach ($input as $name => $value) {
$request->set_param($name, $value);
}
$response = $this->server->dispatch($request);
$this->assertEquals(201, $response->get_status());
$actual_output = $response->get_data();
// Remove <p class="attachment"> from rendered description
// see https://core.trac.wordpress.org/ticket/38679
$content = $actual_output['description']['rendered'];
$content = explode("\n", trim($content));
if (preg_match('/^<p class="attachment">/', $content[0])) {
$content = implode("\n", array_slice($content, 1));
$actual_output['description']['rendered'] = $content;
}
// Compare expected API output to actual API output
$this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']);
$this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered']));
$this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']);
$this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered']));
$this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']);
$this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered']));
// Compare expected API output to WP internal values
$post = get_post($actual_output['id']);
$this->assertEquals($expected_output['title']['raw'], $post->post_title);
$this->assertEquals($expected_output['description']['raw'], $post->post_content);
$this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt);
// Update the post
$request = new WP_REST_Request('PUT', sprintf('/wp/v2/media/%d', $actual_output['id']));
foreach ($input as $name => $value) {
$request->set_param($name, $value);
}
$response = $this->server->dispatch($request);
$this->assertEquals(200, $response->get_status());
$actual_output = $response->get_data();
// Remove <p class="attachment"> from rendered description
// see https://core.trac.wordpress.org/ticket/38679
$content = $actual_output['description']['rendered'];
$content = explode("\n", trim($content));
if (preg_match('/^<p class="attachment">/', $content[0])) {
$content = implode("\n", array_slice($content, 1));
$actual_output['description']['rendered'] = $content;
}
// Compare expected API output to actual API output
$this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']);
$this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered']));
$this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']);
$this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered']));
$this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']);
$this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered']));
// Compare expected API output to WP internal values
$post = get_post($actual_output['id']);
$this->assertEquals($expected_output['title']['raw'], $post->post_title);
$this->assertEquals($expected_output['description']['raw'], $post->post_content);
$this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt);
}
/**
* Test Shipping Zone Locations update endpoint.
* @since 2.7.0
*/
public function test_update_locations()
{
wp_set_current_user($this->user);
$zone = $this->create_shipping_zone('Test Zone');
$request = new WP_REST_Request('PUT', '/wc/v1/shipping/zones/' . $zone->get_id() . '/locations');
$request->add_header('Content-Type', 'application/json');
$request->set_body(json_encode(array(array('code' => 'UK', 'type' => 'country'), array('code' => 'US'), array('code' => 'SW1A0AA', 'type' => 'postcode'), array('type' => 'continent'))));
$response = $this->server->dispatch($request);
$data = $response->get_data();
$this->assertEquals(count($data), 2);
$this->assertEquals(array(array('code' => 'UK', 'type' => 'country', '_links' => array('collection' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id() . '/locations'))), 'describes' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id()))))), array('code' => 'SW1A0AA', 'type' => 'postcode', '_links' => array('collection' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id() . '/locations'))), 'describes' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id())))))), $data);
}
/**
* Handles serving an API request.
*
* Matches the current server URI to a route and runs the first matching
* callback then outputs a JSON representation of the returned value.
*
* @since 4.4.0
* @access public
*
* @see WP_REST_Server::dispatch()
*
* @param string $path Optional. The request route. If not set, `$_SERVER['PATH_INFO']` will be used.
* Default null.
* @return false|null Null if not served and a HEAD request, false otherwise.
*/
public function serve_request($path = null)
{
$content_type = isset($_GET['_jsonp']) ? 'application/javascript' : 'application/json';
$this->send_header('Content-Type', $content_type . '; charset=' . get_option('blog_charset'));
$this->send_header('X-Robots-Tag', 'noindex');
$api_root = get_rest_url();
if (!empty($api_root)) {
$this->send_header('Link', '<' . esc_url_raw($api_root) . '>; rel="https://api.w.org/"');
}
/*
* Mitigate possible JSONP Flash attacks.
*
* https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
*/
$this->send_header('X-Content-Type-Options', 'nosniff');
$this->send_header('Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages');
$this->send_header('Access-Control-Allow-Headers', 'Authorization');
/**
* Send nocache headers on authenticated requests.
*
* @since 4.4.0
*
* @param bool $rest_send_nocache_headers Whether to send no-cache headers.
*/
$send_no_cache_headers = apply_filters('rest_send_nocache_headers', is_user_logged_in());
if ($send_no_cache_headers) {
foreach (wp_get_nocache_headers() as $header => $header_value) {
$this->send_header($header, $header_value);
}
}
/**
* Filters whether the REST API is enabled.
*
* @since 4.4.0
*
* @param bool $rest_enabled Whether the REST API is enabled. Default true.
*/
$enabled = apply_filters('rest_enabled', true);
/**
* Filters whether jsonp is enabled.
*
* @since 4.4.0
*
* @param bool $jsonp_enabled Whether jsonp is enabled. Default true.
*/
$jsonp_enabled = apply_filters('rest_jsonp_enabled', true);
$jsonp_callback = null;
if (!$enabled) {
echo $this->json_error('rest_disabled', __('The REST API is disabled on this site.'), 404);
return false;
}
if (isset($_GET['_jsonp'])) {
if (!$jsonp_enabled) {
echo $this->json_error('rest_callback_disabled', __('JSONP support is disabled on this site.'), 400);
return false;
}
$jsonp_callback = $_GET['_jsonp'];
if (!wp_check_jsonp_callback($jsonp_callback)) {
echo $this->json_error('rest_callback_invalid', __('The JSONP callback function is invalid.'), 400);
return false;
}
}
if (empty($path)) {
if (isset($_SERVER['PATH_INFO'])) {
$path = $_SERVER['PATH_INFO'];
} else {
$path = '/';
}
}
$request = new WP_REST_Request($_SERVER['REQUEST_METHOD'], $path);
$request->set_query_params(wp_unslash($_GET));
$request->set_body_params(wp_unslash($_POST));
$request->set_file_params($_FILES);
$request->set_headers($this->get_headers(wp_unslash($_SERVER)));
$request->set_body($this->get_raw_data());
/*
* HTTP method override for clients that can't use PUT/PATCH/DELETE. First, we check
* $_GET['_method']. If that is not set, we check for the HTTP_X_HTTP_METHOD_OVERRIDE
* header.
*/
if (isset($_GET['_method'])) {
$request->set_method($_GET['_method']);
} elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) {
$request->set_method($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']);
}
$result = $this->check_authentication();
if (!is_wp_error($result)) {
$result = $this->dispatch($request);
}
// Normalize to either WP_Error or WP_REST_Response...
$result = rest_ensure_response($result);
// ...then convert WP_Error across.
if (is_wp_error($result)) {
$result = $this->error_to_response($result);
}
/**
* Filters the API response.
*
* Allows modification of the response before returning.
*
* @since 4.4.0
* @since 4.5.0 Applied to embedded responses.
*
* @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Server $this Server instance.
* @param WP_REST_Request $request Request used to generate the response.
*/
$result = apply_filters('rest_post_dispatch', rest_ensure_response($result), $this, $request);
// Wrap the response in an envelope if asked for.
if (isset($_GET['_envelope'])) {
$result = $this->envelope_response($result, isset($_GET['_embed']));
}
// Send extra data from response objects.
$headers = $result->get_headers();
$this->send_headers($headers);
$code = $result->get_status();
$this->set_status($code);
/**
* Filters whether the request has already been served.
*
* Allow sending the request manually - by returning true, the API result
* will not be sent to the client.
*
* @since 4.4.0
*
* @param bool $served Whether the request has already been served.
* Default false.
* @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response.
* @param WP_REST_Request $request Request used to generate the response.
* @param WP_REST_Server $this Server instance.
*/
$served = apply_filters('rest_pre_serve_request', false, $result, $request, $this);
if (!$served) {
if ('HEAD' === $request->get_method()) {
return null;
}
// Embed links inside the request.
$result = $this->response_to_data($result, isset($_GET['_embed']));
$result = wp_json_encode($result);
$json_error_message = $this->get_json_last_error();
if ($json_error_message) {
$json_error_obj = new WP_Error('rest_encode_error', $json_error_message, array('status' => 500));
$result = $this->error_to_response($json_error_obj);
$result = wp_json_encode($result->data[0]);
}
if ($jsonp_callback) {
// Prepend '/**/' to mitigate possible JSONP Flash attacks
// https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
echo '/**/' . $jsonp_callback . '(' . $result . ')';
} else {
echo $result;
}
}
return null;
}
public function test_json_update_user()
{
$user_id = $this->factory->user->create(array('user_email' => '*****@*****.**', 'user_pass' => 'sjflsfl3sdjls', 'user_login' => 'test_json_update', 'first_name' => 'Old Name', 'last_name' => 'Original Last'));
$this->allow_user_to_manage_multisite();
wp_set_current_user(self::$user);
$params = array('username' => 'test_json_update', 'email' => '*****@*****.**', 'first_name' => 'JSON Name', 'last_name' => 'New Last');
$userdata = get_userdata($user_id);
$pw_before = $userdata->user_pass;
$request = new WP_REST_Request('PUT', sprintf('/wp/v2/users/%d', $user_id));
$request->add_header('content-type', 'application/json');
$request->set_body(wp_json_encode($params));
$response = $this->server->dispatch($request);
$this->check_add_edit_user_response($response, true);
// Check that the name has been updated correctly
$new_data = $response->get_data();
$this->assertEquals('JSON Name', $new_data['first_name']);
$this->assertEquals('New Last', $new_data['last_name']);
$user = get_userdata($user_id);
$this->assertEquals('JSON Name', $user->first_name);
$this->assertEquals('New Last', $user->last_name);
// Check that we haven't inadvertently changed the user's password,
// as per https://core.trac.wordpress.org/ticket/21429
$this->assertEquals($pw_before, $user->user_pass);
}
public function test_rest_update_post_raw()
{
wp_set_current_user(self::$editor_id);
$request = new WP_REST_Request('PUT', sprintf('/wp/v2/posts/%d', self::$post_id));
$request->add_header('content-type', 'application/json');
$params = $this->set_raw_post_data();
$request->set_body(wp_json_encode($params));
$response = $this->server->dispatch($request);
$this->check_update_post_response($response);
$new_data = $response->get_data();
$this->assertEquals(self::$post_id, $new_data['id']);
$this->assertEquals($params['title']['raw'], $new_data['title']['raw']);
$this->assertEquals($params['content']['raw'], $new_data['content']['raw']);
$this->assertEquals($params['excerpt']['raw'], $new_data['excerpt']['raw']);
$post = get_post(self::$post_id);
$this->assertEquals($params['title']['raw'], $post->post_title);
$this->assertEquals($params['content']['raw'], $post->post_content);
$this->assertEquals($params['excerpt']['raw'], $post->post_excerpt);
}
/**
* Test editing a form
*
* @since 6.0
*/
public function testEditForm()
{
$this->_createForm();
$this->_createForm();
$form = $this->_createForm();
$this->_createForm();
$this->_createForm();
$fields = $this->advanced_fields2;
$i = 1;
foreach ($fields as &$field) {
$field = wp_parse_args($field, $this->default_field);
$field['label'] .= ' ' . $i;
$field['value'] .= ' ' . $i;
$field['placeholder'] .= ' ' . $i;
$field['slug'] .= $i;
$field['className'] .= $i;
$i++;
}
$edit_data = array('fields' => $fields, 'notifications' => array(), 'postCreation' => false, 'postCreationType' => 'post', 'postCreationStatus' => 'draft', 'postFieldMappings' => array(), 'type' => 'ccf_form', 'status' => 'publish', 'id' => null, 'title' => array('raw' => 'Edit Test Form'), 'description' => 'Edit test form description', 'buttonText' => 'Edit Submit Text', 'author' => array(), 'excerpt' => '', 'link' => '', 'parent' => 0, 'format' => 'standard', 'slug' => '', 'guid' => '', 'comment_status' => 'open', 'ping_status' => 'open', 'menu_order' => 0, 'terms' => array(), 'post_meta' => array(), 'meta' => array('links' => array()), 'ping_status' => false, 'featured_image' => null);
$request = new WP_REST_Request();
$request->set_param('id', $form->data['id']);
$request->set_body(json_encode($edit_data));
$edit_form_result = $this->api->update_item($request);
$this->assertTrue(!empty($edit_form_result->data['id']));
$form = get_post($edit_form_result->data['id']);
$this->assertTrue(!empty($form));
$this->assertEquals('Edit Test Form', get_the_title($edit_form_result->data['id']));
$description = get_post_meta($edit_form_result->data['id'], 'ccf_form_description', true);
$this->assertEquals('Edit test form description', $description);
$button_text = get_post_meta($edit_form_result->data['id'], 'ccf_form_buttonText', true);
$this->assertEquals('Edit Submit Text', $button_text);
$attached_fields = get_post_meta($edit_form_result->data['id'], 'ccf_attached_fields', true);
$this->assertTrue(!empty($attached_fields));
$this->assertEquals(count($attached_fields), 2);
foreach ($attached_fields as $field_id) {
$field_type = get_post_meta($field_id, 'ccf_field_type', true);
$field_label = get_post_meta($field_id, 'ccf_field_label', true);
$this->assertTrue(strpos($field_label, 'special label') !== false);
if (in_array($field_type, array('dropdown', 'checkbox', 'radio'))) {
$choices = get_post_meta($field_id, 'ccf_attached_choices', true);
$this->assertEquals(count($choices), 2);
}
}
}
/**
* @ticket 38477
*/
public function test_update_comment_content_too_long()
{
wp_set_current_user(self::$admin_id);
$params = array('content' => rand_long_str(66525));
$request = new WP_REST_Request('PUT', sprintf('/wp/v2/comments/%d', self::$approved_id));
$request->add_header('content-type', 'application/json');
$request->set_body(wp_json_encode($params));
$response = $this->server->dispatch($request);
$this->assertErrorResponse('comment_content_column_length', $response, 400);
}
public function test_update_comment_invalid_permission()
{
wp_set_current_user(0);
$params = array('content' => 'Disco Stu likes disco music.');
$request = new WP_REST_Request('PUT', sprintf('/wp/v2/comments/%d', $this->hold_id));
$request->add_header('content-type', 'application/json');
$request->set_body(wp_json_encode($params));
$response = $this->server->dispatch($request);
$this->assertErrorResponse('rest_cannot_edit', $response, 403);
}
/**
* Handle serving an API request
*
* Matches the current server URI to a route and runs the first matching
* callback then outputs a JSON representation of the returned value.
*
* @uses WP_REST_Server::dispatch()
*/
public function serve_request($path = null)
{
$content_type = isset($_GET['_jsonp']) ? 'application/javascript' : 'application/json';
$this->send_header('Content-Type', $content_type . '; charset=' . get_option('blog_charset'));
// Mitigate possible JSONP Flash attacks
// http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
$this->send_header('X-Content-Type-Options', 'nosniff');
// Proper filter for turning off the JSON API. It is on by default.
$enabled = apply_filters('rest_enabled', true);
$jsonp_enabled = apply_filters('rest_jsonp_enabled', true);
if (!$enabled) {
echo $this->json_error('rest_disabled', __('The REST API is disabled on this site.'), 404);
return false;
}
if (isset($_GET['_jsonp'])) {
if (!$jsonp_enabled) {
echo $this->json_error('rest_callback_disabled', __('JSONP support is disabled on this site.'), 400);
return false;
}
// Check for invalid characters (only alphanumeric allowed)
if (!is_string($_GET['_jsonp']) || preg_match('/[^\\w\\.]/', $_GET['_jsonp'])) {
echo $this->json_error('rest_callback_invalid', __('The JSONP callback function is invalid.'), 400);
return false;
}
}
if (empty($path)) {
if (isset($_SERVER['PATH_INFO'])) {
$path = $_SERVER['PATH_INFO'];
} else {
$path = '/';
}
}
$request = new WP_REST_Request($_SERVER['REQUEST_METHOD'], $path);
$request->set_query_params($_GET);
$request->set_body_params($_POST);
$request->set_file_params($_FILES);
$request->set_headers($this->get_headers($_SERVER));
$request->set_body($this->get_raw_data());
/**
* HTTP method override for clients that can't use PUT/PATCH/DELETE. First, we check
* $_GET['_method']. If that is not set, we check for the HTTP_X_HTTP_METHOD_OVERRIDE
* header.
*/
if (isset($_GET['_method'])) {
$request->set_method($_GET['_method']);
} elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) {
$request->set_method($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']);
}
$result = $this->check_authentication();
if (!is_wp_error($result)) {
$result = $this->dispatch($request);
}
// Normalize to either WP_Error or WP_REST_Response...
$result = rest_ensure_response($result);
// ...then convert WP_Error across
if (is_wp_error($result)) {
$result = $this->error_to_response($result);
}
/**
* Allow modifying the response before returning
*
* @param WP_HTTP_ResponseInterface $result Result to send to the client. Usually a WP_REST_Response
* @param WP_REST_Server $this Server instance
* @param WP_REST_Request $request Request used to generate the response
*/
$result = apply_filters('rest_post_dispatch', rest_ensure_response($result), $this, $request);
// Wrap the response in an envelope if asked for
if (isset($_GET['_envelope'])) {
$result = $this->envelope_response($result, isset($_GET['_embed']));
}
// Send extra data from response objects
$headers = $result->get_headers();
$this->send_headers($headers);
$code = $result->get_status();
$this->set_status($code);
/**
* Allow sending the request manually
*
* If `$served` is true, the result will not be sent to the client.
*
* This is a filter rather than an action, since this is designed to be
* re-entrant if needed.
*
* @param bool $served Whether the request has already been served
* @param WP_HTTP_ResponseInterface $result Result to send to the client. Usually a WP_REST_Response
* @param WP_REST_Request $request Request used to generate the response
* @param WP_REST_Server $this Server instance
*/
$served = apply_filters('rest_pre_serve_request', false, $result, $request, $this);
if (!$served) {
if ('HEAD' === $request->get_method()) {
return;
}
// Embed links inside the request
$result = $this->response_to_data($result, isset($_GET['_embed']));
$result = wp_json_encode($result);
$json_error_message = $this->get_json_last_error();
if ($json_error_message) {
$json_error_obj = new WP_Error('rest_encode_error', $json_error_message, array('status' => 500));
$result = $this->error_to_response($json_error_obj);
$result = wp_json_encode($result->data[0]);
}
if (isset($_GET['_jsonp'])) {
// Prepend '/**/' to mitigate possible JSONP Flash attacks
// http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
echo '/**/' . $_GET['_jsonp'] . '(' . $result . ')';
} else {
echo $result;
}
}
}
/**
* Save the value of the setting.
*
* @param string $value The value to update.
*
* @return bool The result of saving the value.
*/
protected function update($value)
{
$wp_rest_server = $this->plugin->get_rest_server();
$route = '/' . ltrim($this->route, '/');
$rest_request = new \WP_REST_Request('PUT', $route);
$rest_request->set_header('content-type', 'application/json');
$rest_request->set_body($value);
$rest_response = $wp_rest_server->dispatch($rest_request);
if ($rest_response->is_error()) {
add_filter('customize_save_response', function ($response) use($rest_response) {
if (!isset($response['customize_rest_resources_save_errors'])) {
$response['customize_rest_resources_save_errors'] = array();
}
$response['customize_rest_resources_save_errors'][$this->id] = $rest_response->as_error()->get_error_message();
return $response;
});
return false;
}
return true;
}
