/** * Creates a WP_REST_Request and returns it. * * @since 4.4.0 * * @param string $route REST API path to be append to /jetpack/v4/ * @param array $json_params When present, parameters are added to request in JSON format * @param string $method Request method to use, GET or POST * @param array $params Parameters to add to endpoint * * @return WP_REST_Response */ protected function create_and_get_request($route = '', $json_params = array(), $method = 'GET', $params = array()) { $request = new WP_REST_Request($method, "/jetpack/v4/{$route}"); $request->set_header('content-type', 'application/json'); if (!empty($json_params)) { $request->set_body(json_encode($json_params)); } if (!empty($params) && is_array($params)) { foreach ($params as $key => $value) { $request->set_param($key, $value); } } return $this->server->dispatch($request); }
public function test_create_item_unsafe_alt_text() { wp_set_current_user($this->author_id); $request = new WP_REST_Request('POST', '/wp/v2/media'); $request->set_header('Content-Type', 'image/jpeg'); $request->set_header('Content-Disposition', 'filename=canola.jpg'); $request->set_body(file_get_contents($this->test_file)); $request->set_param('alt_text', '<script>alert(document.cookie)</script>'); $response = $this->server->dispatch($request); $attachment = $response->get_data(); $this->assertEquals('', $attachment['alt_text']); }
/** * Retrieve the current event queue * * @subcommand get-queue */ public function get_queue($args, $assoc_args) { // Build and make request $queue_request = new \WP_REST_Request('POST', '/' . \Automattic\WP\Cron_Control\REST_API::API_NAMESPACE . '/' . \Automattic\WP\Cron_Control\REST_API::ENDPOINT_LIST); $queue_request->add_header('Content-Type', 'application/json'); $queue_request->set_body(wp_json_encode(array('secret' => \WP_CRON_CONTROL_SECRET))); $queue_request = rest_do_request($queue_request); // Oh well if ($queue_request->is_error()) { \WP_CLI::error($queue_request->as_error()->get_error_message()); } // Get the decoded JSON object returned by the API $queue_response = $queue_request->get_data(); // No events, nothing more to do if (empty($queue_response['events'])) { \WP_CLI::warning(__('No events in the current queue', 'automattic-cron-control')); return; } // Prepare items for display $events_for_display = $this->format_events($queue_response['events']); $total_events_to_display = count($events_for_display); \WP_CLI::line(sprintf(_n('Displaying one event', 'Displaying %s events', $total_events_to_display, 'automattic-cron-control'), number_format_i18n($total_events_to_display))); // And reformat $format = 'table'; if (isset($assoc_args['format'])) { if ('ids' === $assoc_args['format']) { \WP_CLI::error(__('Invalid output format requested', 'automattic-cron-control')); } else { $format = $assoc_args['format']; } } \WP_CLI\Utils\format_items($format, $events_for_display, array('timestamp', 'action', 'instance', 'scheduled_for', 'internal_event', 'schedule_name', 'event_args')); }
/** * Test that list endpoint returns expected format */ public function test_run_event() { $ev = Utils::create_test_event(); $ev['action'] = md5($ev['action']); $ev['instance'] = md5(maybe_serialize($ev['args'])); $ev['secret'] = \WP_CRON_CONTROL_SECRET; unset($ev['args']); $request = new \WP_REST_Request('PUT', '/' . \Automattic\WP\Cron_Control\REST_API::API_NAMESPACE . '/' . \Automattic\WP\Cron_Control\REST_API::ENDPOINT_RUN); $request->set_body(wp_json_encode($ev)); $request->set_header('content-type', 'application/json'); $response = $this->server->dispatch($request); $data = $response->get_data(); $this->assertResponseStatus(200, $response); $this->assertArrayHasKey('success', $data); $this->assertArrayHasKey('message', $data); }
/** * Create a form for testing * * @param array $fields * @since 6.0 * @return object */ public function _createForm($fields = array(array('type' => 'single-line-text')), $settings = array()) { $i = 1; foreach ($fields as &$field) { $field = wp_parse_args($field, $this->default_field); $field['label'] .= ' ' . $i; $field['value'] .= ' ' . $i; $field['placeholder'] .= ' ' . $i; $field['slug'] .= $i; $field['className'] .= $i; $i++; } $data = wp_parse_args($settings, array('fields' => $fields, 'type' => 'ccf_form', 'status' => 'publish', 'ID' => null, 'title' => array('raw' => 'Test Form'), 'description' => 'Test form description', 'buttonText' => 'Submit Text', 'buttonClass' => '', 'notifications' => array(), 'postCreation' => false, 'postCreationType' => 'post', 'postCreationStatus' => 'draft', 'postFieldMappings' => array(), 'author' => array(), 'excerpt' => '', 'link' => '', 'parent' => 0, 'format' => 'standard', 'slug' => '', 'guid' => '', 'comment_status' => 'open', 'ping_status' => 'open', 'menu_order' => 0, 'terms' => array(), 'post_meta' => array(), 'meta' => array('links' => array()), 'ping_status' => false, 'featured_image' => null)); $request = new WP_REST_Request(); $request->set_body(json_encode($data)); return $this->api->create_item($request); }
public function verify_attachment_roundtrip($input = array(), $expected_output = array()) { // Create the post $request = new WP_REST_Request('POST', '/wp/v2/media'); $request->set_header('Content-Type', 'image/jpeg'); $request->set_header('Content-Disposition', 'attachment; filename=canola.jpg'); $request->set_body(file_get_contents($this->test_file)); foreach ($input as $name => $value) { $request->set_param($name, $value); } $response = $this->server->dispatch($request); $this->assertEquals(201, $response->get_status()); $actual_output = $response->get_data(); // Remove <p class="attachment"> from rendered description // see https://core.trac.wordpress.org/ticket/38679 $content = $actual_output['description']['rendered']; $content = explode("\n", trim($content)); if (preg_match('/^<p class="attachment">/', $content[0])) { $content = implode("\n", array_slice($content, 1)); $actual_output['description']['rendered'] = $content; } // Compare expected API output to actual API output $this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']); $this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered'])); $this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']); $this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered'])); $this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']); $this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered'])); // Compare expected API output to WP internal values $post = get_post($actual_output['id']); $this->assertEquals($expected_output['title']['raw'], $post->post_title); $this->assertEquals($expected_output['description']['raw'], $post->post_content); $this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt); // Update the post $request = new WP_REST_Request('PUT', sprintf('/wp/v2/media/%d', $actual_output['id'])); foreach ($input as $name => $value) { $request->set_param($name, $value); } $response = $this->server->dispatch($request); $this->assertEquals(200, $response->get_status()); $actual_output = $response->get_data(); // Remove <p class="attachment"> from rendered description // see https://core.trac.wordpress.org/ticket/38679 $content = $actual_output['description']['rendered']; $content = explode("\n", trim($content)); if (preg_match('/^<p class="attachment">/', $content[0])) { $content = implode("\n", array_slice($content, 1)); $actual_output['description']['rendered'] = $content; } // Compare expected API output to actual API output $this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']); $this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered'])); $this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']); $this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered'])); $this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']); $this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered'])); // Compare expected API output to WP internal values $post = get_post($actual_output['id']); $this->assertEquals($expected_output['title']['raw'], $post->post_title); $this->assertEquals($expected_output['description']['raw'], $post->post_content); $this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt); }
/** * Test Shipping Zone Locations update endpoint. * @since 2.7.0 */ public function test_update_locations() { wp_set_current_user($this->user); $zone = $this->create_shipping_zone('Test Zone'); $request = new WP_REST_Request('PUT', '/wc/v1/shipping/zones/' . $zone->get_id() . '/locations'); $request->add_header('Content-Type', 'application/json'); $request->set_body(json_encode(array(array('code' => 'UK', 'type' => 'country'), array('code' => 'US'), array('code' => 'SW1A0AA', 'type' => 'postcode'), array('type' => 'continent')))); $response = $this->server->dispatch($request); $data = $response->get_data(); $this->assertEquals(count($data), 2); $this->assertEquals(array(array('code' => 'UK', 'type' => 'country', '_links' => array('collection' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id() . '/locations'))), 'describes' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id()))))), array('code' => 'SW1A0AA', 'type' => 'postcode', '_links' => array('collection' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id() . '/locations'))), 'describes' => array(array('href' => rest_url('/wc/v1/shipping/zones/' . $zone->get_id())))))), $data); }
/** * Handles serving an API request. * * Matches the current server URI to a route and runs the first matching * callback then outputs a JSON representation of the returned value. * * @since 4.4.0 * @access public * * @see WP_REST_Server::dispatch() * * @param string $path Optional. The request route. If not set, `$_SERVER['PATH_INFO']` will be used. * Default null. * @return false|null Null if not served and a HEAD request, false otherwise. */ public function serve_request($path = null) { $content_type = isset($_GET['_jsonp']) ? 'application/javascript' : 'application/json'; $this->send_header('Content-Type', $content_type . '; charset=' . get_option('blog_charset')); $this->send_header('X-Robots-Tag', 'noindex'); $api_root = get_rest_url(); if (!empty($api_root)) { $this->send_header('Link', '<' . esc_url_raw($api_root) . '>; rel="https://api.w.org/"'); } /* * Mitigate possible JSONP Flash attacks. * * https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ */ $this->send_header('X-Content-Type-Options', 'nosniff'); $this->send_header('Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages'); $this->send_header('Access-Control-Allow-Headers', 'Authorization'); /** * Send nocache headers on authenticated requests. * * @since 4.4.0 * * @param bool $rest_send_nocache_headers Whether to send no-cache headers. */ $send_no_cache_headers = apply_filters('rest_send_nocache_headers', is_user_logged_in()); if ($send_no_cache_headers) { foreach (wp_get_nocache_headers() as $header => $header_value) { $this->send_header($header, $header_value); } } /** * Filters whether the REST API is enabled. * * @since 4.4.0 * * @param bool $rest_enabled Whether the REST API is enabled. Default true. */ $enabled = apply_filters('rest_enabled', true); /** * Filters whether jsonp is enabled. * * @since 4.4.0 * * @param bool $jsonp_enabled Whether jsonp is enabled. Default true. */ $jsonp_enabled = apply_filters('rest_jsonp_enabled', true); $jsonp_callback = null; if (!$enabled) { echo $this->json_error('rest_disabled', __('The REST API is disabled on this site.'), 404); return false; } if (isset($_GET['_jsonp'])) { if (!$jsonp_enabled) { echo $this->json_error('rest_callback_disabled', __('JSONP support is disabled on this site.'), 400); return false; } $jsonp_callback = $_GET['_jsonp']; if (!wp_check_jsonp_callback($jsonp_callback)) { echo $this->json_error('rest_callback_invalid', __('The JSONP callback function is invalid.'), 400); return false; } } if (empty($path)) { if (isset($_SERVER['PATH_INFO'])) { $path = $_SERVER['PATH_INFO']; } else { $path = '/'; } } $request = new WP_REST_Request($_SERVER['REQUEST_METHOD'], $path); $request->set_query_params(wp_unslash($_GET)); $request->set_body_params(wp_unslash($_POST)); $request->set_file_params($_FILES); $request->set_headers($this->get_headers(wp_unslash($_SERVER))); $request->set_body($this->get_raw_data()); /* * HTTP method override for clients that can't use PUT/PATCH/DELETE. First, we check * $_GET['_method']. If that is not set, we check for the HTTP_X_HTTP_METHOD_OVERRIDE * header. */ if (isset($_GET['_method'])) { $request->set_method($_GET['_method']); } elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) { $request->set_method($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']); } $result = $this->check_authentication(); if (!is_wp_error($result)) { $result = $this->dispatch($request); } // Normalize to either WP_Error or WP_REST_Response... $result = rest_ensure_response($result); // ...then convert WP_Error across. if (is_wp_error($result)) { $result = $this->error_to_response($result); } /** * Filters the API response. * * Allows modification of the response before returning. * * @since 4.4.0 * @since 4.5.0 Applied to embedded responses. * * @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response. * @param WP_REST_Server $this Server instance. * @param WP_REST_Request $request Request used to generate the response. */ $result = apply_filters('rest_post_dispatch', rest_ensure_response($result), $this, $request); // Wrap the response in an envelope if asked for. if (isset($_GET['_envelope'])) { $result = $this->envelope_response($result, isset($_GET['_embed'])); } // Send extra data from response objects. $headers = $result->get_headers(); $this->send_headers($headers); $code = $result->get_status(); $this->set_status($code); /** * Filters whether the request has already been served. * * Allow sending the request manually - by returning true, the API result * will not be sent to the client. * * @since 4.4.0 * * @param bool $served Whether the request has already been served. * Default false. * @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response. * @param WP_REST_Request $request Request used to generate the response. * @param WP_REST_Server $this Server instance. */ $served = apply_filters('rest_pre_serve_request', false, $result, $request, $this); if (!$served) { if ('HEAD' === $request->get_method()) { return null; } // Embed links inside the request. $result = $this->response_to_data($result, isset($_GET['_embed'])); $result = wp_json_encode($result); $json_error_message = $this->get_json_last_error(); if ($json_error_message) { $json_error_obj = new WP_Error('rest_encode_error', $json_error_message, array('status' => 500)); $result = $this->error_to_response($json_error_obj); $result = wp_json_encode($result->data[0]); } if ($jsonp_callback) { // Prepend '/**/' to mitigate possible JSONP Flash attacks // https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ echo '/**/' . $jsonp_callback . '(' . $result . ')'; } else { echo $result; } } return null; }
public function test_json_update_user() { $user_id = $this->factory->user->create(array('user_email' => '*****@*****.**', 'user_pass' => 'sjflsfl3sdjls', 'user_login' => 'test_json_update', 'first_name' => 'Old Name', 'last_name' => 'Original Last')); $this->allow_user_to_manage_multisite(); wp_set_current_user(self::$user); $params = array('username' => 'test_json_update', 'email' => '*****@*****.**', 'first_name' => 'JSON Name', 'last_name' => 'New Last'); $userdata = get_userdata($user_id); $pw_before = $userdata->user_pass; $request = new WP_REST_Request('PUT', sprintf('/wp/v2/users/%d', $user_id)); $request->add_header('content-type', 'application/json'); $request->set_body(wp_json_encode($params)); $response = $this->server->dispatch($request); $this->check_add_edit_user_response($response, true); // Check that the name has been updated correctly $new_data = $response->get_data(); $this->assertEquals('JSON Name', $new_data['first_name']); $this->assertEquals('New Last', $new_data['last_name']); $user = get_userdata($user_id); $this->assertEquals('JSON Name', $user->first_name); $this->assertEquals('New Last', $user->last_name); // Check that we haven't inadvertently changed the user's password, // as per https://core.trac.wordpress.org/ticket/21429 $this->assertEquals($pw_before, $user->user_pass); }
public function test_rest_update_post_raw() { wp_set_current_user(self::$editor_id); $request = new WP_REST_Request('PUT', sprintf('/wp/v2/posts/%d', self::$post_id)); $request->add_header('content-type', 'application/json'); $params = $this->set_raw_post_data(); $request->set_body(wp_json_encode($params)); $response = $this->server->dispatch($request); $this->check_update_post_response($response); $new_data = $response->get_data(); $this->assertEquals(self::$post_id, $new_data['id']); $this->assertEquals($params['title']['raw'], $new_data['title']['raw']); $this->assertEquals($params['content']['raw'], $new_data['content']['raw']); $this->assertEquals($params['excerpt']['raw'], $new_data['excerpt']['raw']); $post = get_post(self::$post_id); $this->assertEquals($params['title']['raw'], $post->post_title); $this->assertEquals($params['content']['raw'], $post->post_content); $this->assertEquals($params['excerpt']['raw'], $post->post_excerpt); }
/** * Test editing a form * * @since 6.0 */ public function testEditForm() { $this->_createForm(); $this->_createForm(); $form = $this->_createForm(); $this->_createForm(); $this->_createForm(); $fields = $this->advanced_fields2; $i = 1; foreach ($fields as &$field) { $field = wp_parse_args($field, $this->default_field); $field['label'] .= ' ' . $i; $field['value'] .= ' ' . $i; $field['placeholder'] .= ' ' . $i; $field['slug'] .= $i; $field['className'] .= $i; $i++; } $edit_data = array('fields' => $fields, 'notifications' => array(), 'postCreation' => false, 'postCreationType' => 'post', 'postCreationStatus' => 'draft', 'postFieldMappings' => array(), 'type' => 'ccf_form', 'status' => 'publish', 'id' => null, 'title' => array('raw' => 'Edit Test Form'), 'description' => 'Edit test form description', 'buttonText' => 'Edit Submit Text', 'author' => array(), 'excerpt' => '', 'link' => '', 'parent' => 0, 'format' => 'standard', 'slug' => '', 'guid' => '', 'comment_status' => 'open', 'ping_status' => 'open', 'menu_order' => 0, 'terms' => array(), 'post_meta' => array(), 'meta' => array('links' => array()), 'ping_status' => false, 'featured_image' => null); $request = new WP_REST_Request(); $request->set_param('id', $form->data['id']); $request->set_body(json_encode($edit_data)); $edit_form_result = $this->api->update_item($request); $this->assertTrue(!empty($edit_form_result->data['id'])); $form = get_post($edit_form_result->data['id']); $this->assertTrue(!empty($form)); $this->assertEquals('Edit Test Form', get_the_title($edit_form_result->data['id'])); $description = get_post_meta($edit_form_result->data['id'], 'ccf_form_description', true); $this->assertEquals('Edit test form description', $description); $button_text = get_post_meta($edit_form_result->data['id'], 'ccf_form_buttonText', true); $this->assertEquals('Edit Submit Text', $button_text); $attached_fields = get_post_meta($edit_form_result->data['id'], 'ccf_attached_fields', true); $this->assertTrue(!empty($attached_fields)); $this->assertEquals(count($attached_fields), 2); foreach ($attached_fields as $field_id) { $field_type = get_post_meta($field_id, 'ccf_field_type', true); $field_label = get_post_meta($field_id, 'ccf_field_label', true); $this->assertTrue(strpos($field_label, 'special label') !== false); if (in_array($field_type, array('dropdown', 'checkbox', 'radio'))) { $choices = get_post_meta($field_id, 'ccf_attached_choices', true); $this->assertEquals(count($choices), 2); } } }
/** * @ticket 38477 */ public function test_update_comment_content_too_long() { wp_set_current_user(self::$admin_id); $params = array('content' => rand_long_str(66525)); $request = new WP_REST_Request('PUT', sprintf('/wp/v2/comments/%d', self::$approved_id)); $request->add_header('content-type', 'application/json'); $request->set_body(wp_json_encode($params)); $response = $this->server->dispatch($request); $this->assertErrorResponse('comment_content_column_length', $response, 400); }
public function test_update_comment_invalid_permission() { wp_set_current_user(0); $params = array('content' => 'Disco Stu likes disco music.'); $request = new WP_REST_Request('PUT', sprintf('/wp/v2/comments/%d', $this->hold_id)); $request->add_header('content-type', 'application/json'); $request->set_body(wp_json_encode($params)); $response = $this->server->dispatch($request); $this->assertErrorResponse('rest_cannot_edit', $response, 403); }
/** * Handle serving an API request * * Matches the current server URI to a route and runs the first matching * callback then outputs a JSON representation of the returned value. * * @uses WP_REST_Server::dispatch() */ public function serve_request($path = null) { $content_type = isset($_GET['_jsonp']) ? 'application/javascript' : 'application/json'; $this->send_header('Content-Type', $content_type . '; charset=' . get_option('blog_charset')); // Mitigate possible JSONP Flash attacks // http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ $this->send_header('X-Content-Type-Options', 'nosniff'); // Proper filter for turning off the JSON API. It is on by default. $enabled = apply_filters('rest_enabled', true); $jsonp_enabled = apply_filters('rest_jsonp_enabled', true); if (!$enabled) { echo $this->json_error('rest_disabled', __('The REST API is disabled on this site.'), 404); return false; } if (isset($_GET['_jsonp'])) { if (!$jsonp_enabled) { echo $this->json_error('rest_callback_disabled', __('JSONP support is disabled on this site.'), 400); return false; } // Check for invalid characters (only alphanumeric allowed) if (!is_string($_GET['_jsonp']) || preg_match('/[^\\w\\.]/', $_GET['_jsonp'])) { echo $this->json_error('rest_callback_invalid', __('The JSONP callback function is invalid.'), 400); return false; } } if (empty($path)) { if (isset($_SERVER['PATH_INFO'])) { $path = $_SERVER['PATH_INFO']; } else { $path = '/'; } } $request = new WP_REST_Request($_SERVER['REQUEST_METHOD'], $path); $request->set_query_params($_GET); $request->set_body_params($_POST); $request->set_file_params($_FILES); $request->set_headers($this->get_headers($_SERVER)); $request->set_body($this->get_raw_data()); /** * HTTP method override for clients that can't use PUT/PATCH/DELETE. First, we check * $_GET['_method']. If that is not set, we check for the HTTP_X_HTTP_METHOD_OVERRIDE * header. */ if (isset($_GET['_method'])) { $request->set_method($_GET['_method']); } elseif (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) { $request->set_method($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']); } $result = $this->check_authentication(); if (!is_wp_error($result)) { $result = $this->dispatch($request); } // Normalize to either WP_Error or WP_REST_Response... $result = rest_ensure_response($result); // ...then convert WP_Error across if (is_wp_error($result)) { $result = $this->error_to_response($result); } /** * Allow modifying the response before returning * * @param WP_HTTP_ResponseInterface $result Result to send to the client. Usually a WP_REST_Response * @param WP_REST_Server $this Server instance * @param WP_REST_Request $request Request used to generate the response */ $result = apply_filters('rest_post_dispatch', rest_ensure_response($result), $this, $request); // Wrap the response in an envelope if asked for if (isset($_GET['_envelope'])) { $result = $this->envelope_response($result, isset($_GET['_embed'])); } // Send extra data from response objects $headers = $result->get_headers(); $this->send_headers($headers); $code = $result->get_status(); $this->set_status($code); /** * Allow sending the request manually * * If `$served` is true, the result will not be sent to the client. * * This is a filter rather than an action, since this is designed to be * re-entrant if needed. * * @param bool $served Whether the request has already been served * @param WP_HTTP_ResponseInterface $result Result to send to the client. Usually a WP_REST_Response * @param WP_REST_Request $request Request used to generate the response * @param WP_REST_Server $this Server instance */ $served = apply_filters('rest_pre_serve_request', false, $result, $request, $this); if (!$served) { if ('HEAD' === $request->get_method()) { return; } // Embed links inside the request $result = $this->response_to_data($result, isset($_GET['_embed'])); $result = wp_json_encode($result); $json_error_message = $this->get_json_last_error(); if ($json_error_message) { $json_error_obj = new WP_Error('rest_encode_error', $json_error_message, array('status' => 500)); $result = $this->error_to_response($json_error_obj); $result = wp_json_encode($result->data[0]); } if (isset($_GET['_jsonp'])) { // Prepend '/**/' to mitigate possible JSONP Flash attacks // http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ echo '/**/' . $_GET['_jsonp'] . '(' . $result . ')'; } else { echo $result; } } }
/** * Save the value of the setting. * * @param string $value The value to update. * * @return bool The result of saving the value. */ protected function update($value) { $wp_rest_server = $this->plugin->get_rest_server(); $route = '/' . ltrim($this->route, '/'); $rest_request = new \WP_REST_Request('PUT', $route); $rest_request->set_header('content-type', 'application/json'); $rest_request->set_body($value); $rest_response = $wp_rest_server->dispatch($rest_request); if ($rest_response->is_error()) { add_filter('customize_save_response', function ($response) use($rest_response) { if (!isset($response['customize_rest_resources_save_errors'])) { $response['customize_rest_resources_save_errors'] = array(); } $response['customize_rest_resources_save_errors'][$this->id] = $rest_response->as_error()->get_error_message(); return $response; }); return false; } return true; }