/**
* Creates a WP_REST_Request and returns it.
*
* @since 4.4.0
*
* @param string $route REST API path to be append to /jetpack/v4/
* @param array $json_params When present, parameters are added to request in JSON format
* @param string $method Request method to use, GET or POST
* @param array $params Parameters to add to endpoint
*
* @return WP_REST_Response
*/
protected function create_and_get_request($route = '', $json_params = array(), $method = 'GET', $params = array())
{
$request = new WP_REST_Request($method, "/jetpack/v4/{$route}");
$request->set_header('content-type', 'application/json');
if (!empty($json_params)) {
$request->set_body(json_encode($json_params));
}
if (!empty($params) && is_array($params)) {
foreach ($params as $key => $value) {
$request->set_param($key, $value);
}
}
return $this->server->dispatch($request);
}
public function test_create_item_unsafe_alt_text()
{
wp_set_current_user($this->author_id);
$request = new WP_REST_Request('POST', '/wp/v2/media');
$request->set_header('Content-Type', 'image/jpeg');
$request->set_header('Content-Disposition', 'filename=canola.jpg');
$request->set_body(file_get_contents($this->test_file));
$request->set_param('alt_text', '<script>alert(document.cookie)</script>');
$response = $this->server->dispatch($request);
$attachment = $response->get_data();
$this->assertEquals('', $attachment['alt_text']);
}
/**
* Test that list endpoint returns expected format
*/
public function test_run_event()
{
$ev = Utils::create_test_event();
$ev['action'] = md5($ev['action']);
$ev['instance'] = md5(maybe_serialize($ev['args']));
$ev['secret'] = \WP_CRON_CONTROL_SECRET;
unset($ev['args']);
$request = new \WP_REST_Request('PUT', '/' . \Automattic\WP\Cron_Control\REST_API::API_NAMESPACE . '/' . \Automattic\WP\Cron_Control\REST_API::ENDPOINT_RUN);
$request->set_body(wp_json_encode($ev));
$request->set_header('content-type', 'application/json');
$response = $this->server->dispatch($request);
$data = $response->get_data();
$this->assertResponseStatus(200, $response);
$this->assertArrayHasKey('success', $data);
$this->assertArrayHasKey('message', $data);
}
public function verify_attachment_roundtrip($input = array(), $expected_output = array())
{
// Create the post
$request = new WP_REST_Request('POST', '/wp/v2/media');
$request->set_header('Content-Type', 'image/jpeg');
$request->set_header('Content-Disposition', 'attachment; filename=canola.jpg');
$request->set_body(file_get_contents($this->test_file));
foreach ($input as $name => $value) {
$request->set_param($name, $value);
}
$response = $this->server->dispatch($request);
$this->assertEquals(201, $response->get_status());
$actual_output = $response->get_data();
// Remove <p class="attachment"> from rendered description
// see https://core.trac.wordpress.org/ticket/38679
$content = $actual_output['description']['rendered'];
$content = explode("\n", trim($content));
if (preg_match('/^<p class="attachment">/', $content[0])) {
$content = implode("\n", array_slice($content, 1));
$actual_output['description']['rendered'] = $content;
}
// Compare expected API output to actual API output
$this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']);
$this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered']));
$this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']);
$this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered']));
$this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']);
$this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered']));
// Compare expected API output to WP internal values
$post = get_post($actual_output['id']);
$this->assertEquals($expected_output['title']['raw'], $post->post_title);
$this->assertEquals($expected_output['description']['raw'], $post->post_content);
$this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt);
// Update the post
$request = new WP_REST_Request('PUT', sprintf('/wp/v2/media/%d', $actual_output['id']));
foreach ($input as $name => $value) {
$request->set_param($name, $value);
}
$response = $this->server->dispatch($request);
$this->assertEquals(200, $response->get_status());
$actual_output = $response->get_data();
// Remove <p class="attachment"> from rendered description
// see https://core.trac.wordpress.org/ticket/38679
$content = $actual_output['description']['rendered'];
$content = explode("\n", trim($content));
if (preg_match('/^<p class="attachment">/', $content[0])) {
$content = implode("\n", array_slice($content, 1));
$actual_output['description']['rendered'] = $content;
}
// Compare expected API output to actual API output
$this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']);
$this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered']));
$this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']);
$this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered']));
$this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']);
$this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered']));
// Compare expected API output to WP internal values
$post = get_post($actual_output['id']);
$this->assertEquals($expected_output['title']['raw'], $post->post_title);
$this->assertEquals($expected_output['description']['raw'], $post->post_content);
$this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt);
}
/**
* Save the value of the setting.
*
* @param string $value The value to update.
*
* @return bool The result of saving the value.
*/
protected function update($value)
{
$wp_rest_server = $this->plugin->get_rest_server();
$route = '/' . ltrim($this->route, '/');
$rest_request = new \WP_REST_Request('PUT', $route);
$rest_request->set_header('content-type', 'application/json');
$rest_request->set_body($value);
$rest_response = $wp_rest_server->dispatch($rest_request);
if ($rest_response->is_error()) {
add_filter('customize_save_response', function ($response) use($rest_response) {
if (!isset($response['customize_rest_resources_save_errors'])) {
$response['customize_rest_resources_save_errors'] = array();
}
$response['customize_rest_resources_save_errors'][$this->id] = $rest_response->as_error()->get_error_message();
return $response;
});
return false;
}
return true;
}
