/**
* Validate reports request arguments.
*
* @since 2.6.0
* @param mixed $value
* @param WP_REST_Request $request
* @param string $param
* @return WP_Error|boolean
*/
function wc_rest_validate_reports_request_arg($value, $request, $param)
{
$attributes = $request->get_attributes();
if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) {
return true;
}
$args = $attributes['args'][$param];
if ('string' === $args['type'] && !is_string($value)) {
return new WP_Error('woocommerce_rest_invalid_param', sprintf(__('%1$s is not of type %2$s', 'woocommerce'), $param, 'string'));
}
if ('date' === $args['format']) {
$regex = '#^\\d{4}-\\d{2}-\\d{2}$#';
if (!preg_match($regex, $value, $matches)) {
return new WP_Error('woocommerce_rest_invalid_date', __('The date you provided is invalid.', 'woocommerce'));
}
}
return true;
}
/**
* Sanitize a request argument based on details registered to the route.
*
* @param mixed $value
* @param WP_REST_Request $request
* @param string $param
* @return mixed
*/
function rest_sanitize_request_arg($value, $request, $param)
{
$attributes = $request->get_attributes();
if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) {
return $value;
}
$args = $attributes['args'][$param];
if ('integer' === $args['type']) {
return (int) $value;
}
if ('boolean' === $args['type']) {
return rest_sanitize_boolean($value);
}
if (isset($args['format'])) {
switch ($args['format']) {
case 'date-time':
return sanitize_text_field($value);
case 'email':
/*
* sanitize_email() validates, which would be unexpected
*/
return sanitize_text_field($value);
case 'uri':
return esc_url_raw($value);
case 'ipv4':
return sanitize_text_field($value);
}
}
return $value;
}
/**
* Validates that the parameter belongs to a list of admitted values.
*
* @since 4.3.0
*
* @param string $value Value to check.
* @param WP_REST_Request $request
* @param string $param Name of the parameter passed to endpoint holding $value.
*
* @return bool
*/
public static function validate_list_item($value = '', $request, $param)
{
$attributes = $request->get_attributes();
if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) {
return new WP_Error('invalid_param', sprintf(esc_html__('%s not recognized', 'jetpack'), $param));
}
$args = $attributes['args'][$param];
if (!empty($args['enum'])) {
// If it's an associative array, use the keys to check that the value is among those admitted.
$enum = count(array_filter(array_keys($args['enum']), 'is_string')) > 0 ? array_keys($args['enum']) : $args['enum'];
if (!in_array($value, $enum)) {
return new WP_Error('invalid_param_value', sprintf(esc_html__('%1$s must be one of %2$s', 'jetpack'), $param, implode(', ', $enum)));
}
}
return true;
}
/**
* Sanitize a request argument based on details registered to the route.
*
* @since 4.7.0
*
* @param mixed $value
* @param WP_REST_Request $request
* @param string $param
* @return mixed
*/
function rest_sanitize_request_arg($value, $request, $param)
{
$attributes = $request->get_attributes();
if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) {
return $value;
}
$args = $attributes['args'][$param];
return rest_sanitize_value_from_schema($value, $args, $param);
}
/**
* Sanitizes and validates the list of post statuses, including whether the
* user can query private statuses.
*
* @since 4.7.0
* @access public
*
* @param string|array $statuses One or more post statuses.
* @param WP_REST_Request $request Full details about the request.
* @param string $parameter Additional parameter to pass to validation.
* @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
*/
public function sanitize_post_statuses($statuses, $request, $parameter)
{
$statuses = wp_parse_slug_list($statuses);
// The default status is different in WP_REST_Attachments_Controller
$attributes = $request->get_attributes();
$default_status = $attributes['args']['status']['default'];
foreach ($statuses as $status) {
if ($status === $default_status) {
continue;
}
$post_type_obj = get_post_type_object($this->post_type);
if (current_user_can($post_type_obj->cap->edit_posts)) {
$result = rest_validate_request_arg($status, $request, $parameter);
if (is_wp_error($result)) {
return $result;
}
} else {
return new WP_Error('rest_forbidden_status', __('Status is forbidden.'), array('status' => rest_authorization_required_code()));
}
}
return $statuses;
}
