public function test_get_comment_with_parent()
{
$comment_parent_id = $this->_create_comment();
$comment_id = $this->_create_comment(array('comment_parent' => (int) $comment_parent_id));
$response = $this->endpoint->get_comment($comment_id);
$this->assertNotInstanceOf('WP_Error', $response);
$response = json_ensure_response($response);
$this->assertEquals(200, $response->get_status());
}
public function test_access_single_revision()
{
wp_set_current_user(0);
$response = $this->endpoint->get_post($this->revision_id);
$this->assertErrorResponse('json_user_cannot_read', $response, 401);
wp_set_current_user($this->author);
$response = $this->endpoint->get_post($this->revision_id);
$this->assertNotInstanceOf('WP_Error', $response);
$response = json_ensure_response($response);
$this->assertEquals(200, $response->get_status());
}
public function test_post_no_revisions()
{
$no_revisions_id = $this->factory->post->create(array('post_author' => $this->author, 'post_title' => md5(wp_generate_password()), 'post_content' => md5(wp_generate_password())));
wp_set_current_user($this->author);
$response = $this->endpoint->get_revisions($no_revisions_id);
$this->assertNotInstanceOf('WP_Error', $response);
$response = json_ensure_response($response);
$this->assertEquals(200, $response->get_status());
$data = $response->get_data();
$this->assertEquals(0, count($data));
}
/**
* Get all registered menus.
*
* @return WP_Error|WP_JSON_ResponseInterface
*/
public function get_menus()
{
$menus = get_registered_nav_menus();
if ($menus) {
$response = json_ensure_response($menus);
$response->set_status(201);
$response->header('Location', json_url('jpwp/menus/'));
return $response;
} else {
return new WP_Error('jwp_api_error' . __FUNCTION__, __('Menus could not be returned.', 'jpwp-api'));
}
}
/**
* Add meta to a post.
*
* Ensures that the correct location header is sent with the response.
*
* @param int $id Post ID
* @param array $data {
* @type string|null $key Meta key
* @type string|null $key Meta value
* }
* @return bool|WP_Error
*/
public function add_meta($id, $data)
{
$response = parent::add_meta($id, $data);
if (is_wp_error($response)) {
return $response;
}
$data = (object) $response->get_data();
$response = new WP_JSON_Response();
$response->header('Location', json_url('/posts/' . $id . '/meta/' . $data->ID));
$response->set_data($data);
$response = json_ensure_response($response);
return $response;
}
function delete_vote($id)
{
$user_vote = $this->get_user_vote(get_current_user_id(), $id);
if ($user_vote) {
$result = delete_post_meta($id, 'votes', $user_vote);
} else {
return new WP_Error('bikeit_vote_not_found', __('Vote not found.', 'bikeit'), array('status' => 404));
}
$this->update_vote_totals($id);
$post = get_post($id);
$this->update_author_votes($post->post_author);
$response = json_ensure_response($result);
return $response;
}
function contact($data)
{
$value = array('name' => $data['name'], 'email' => $data['email'], 'body' => $data['body']);
// Send email
$email = get_option('admin_email');
$body = '<p>Nova mensagem de <strong>' . $value['name'] . '</strong></p><p>Email: <strong>' . $value['email'] . '</strong></p><p><strong>Mensagem</strong>:</p><p><blockquote>' . $data['body'] . '</blockquote></p>';
$headers = array('Content-Type:text/html;charset=UTF-8');
$mailed = wp_mail($email, '[CACI] Nova mensagem de ' . $value['name'], $body, $headers);
if (!$mailed) {
return new WP_Error('vindig_mail_error', print_r($GLOBALS['phpmailer']->ErrorInfo, true), array('status' => 500));
}
$response = json_ensure_response(true);
$response->set_status(201);
return $response;
}
function denuncia($id, $data)
{
$value = array('message' => $data['message'], 'date' => date('c'));
$meta = add_post_meta($id, 'denuncia', $value);
if (!$meta) {
return new WP_Error('vindig_denuncia_error', 'Erro ao enviar contribuição', array('status' => 500));
} else {
// Send email
$email = get_option('admin_email');
$body = '<p>Nova contribuição anônima para o <a href="' . get_option('home') . '#!/caso/' . $id . '/">caso "' . get_the_title($id) . '"</a></p><p><strong>Mensagem</strong>:</p><p><blockquote>' . $data['message'] . '</blockquote></p>';
$headers = array('Content-Type: text/html; charset=UTF-8');
wp_mail($email, 'Nova contribuição para o caso #' . $id, $body, $headers);
$response = json_ensure_response($result);
$response->set_status(201);
return $response;
}
}
function vote($id, $data)
{
$vote = $data['vote'];
if (!is_user_logged_in()) {
return new WP_Error('bikeit_user_cannot_vote', __('Sorry, you must be logged in to vote.'), array('status' => 401));
}
if (!$vote || $vote !== 'up' && $vote !== 'down') {
return new WP_Error('bikeit_invalid_vote', __('Invalid vote.'), array('status' => 500));
}
$votes = get_post_meta($id, 'votes');
$prev_value = $this->get_user_vote(get_current_user_id(), $id);
if (!$prev_value) {
$result = add_post_meta($id, 'votes', array('user_id' => get_current_user_id(), 'vote' => $vote));
} else {
$result = update_post_meta($id, 'votes', array('user_id' => get_current_user_id(), 'vote' => $vote), $prev_value);
}
$this->update_vote_totals($id);
$post = get_post($id);
$this->update_author_votes($post->post_author);
$response = json_ensure_response($result);
$response->set_status(201);
return $response;
}
function test_edit_post_sticky_false()
{
$data = $this->set_data(array('sticky' => false));
$response = $this->endpoint->edit_post($this->post_id, $data);
$response = json_ensure_response($response);
$edited_post = get_post($this->post_id);
$this->check_get_post_response($response, $edited_post);
$this->assertFalse(is_sticky($this->post_id));
}
public function add_meta($id, $data)
{
$id = (int) $id;
if (empty($id)) {
$this->set_status(404);
return array('message' => __('Invalid post ID.'));
}
$post = get_post($id, ARRAY_A);
if (empty($post['ID'])) {
$this->set_status(404);
return array('message' => __('Invalid post ID.'));
}
if (!array_key_exists('key', $data)) {
$this->set_status(400);
return array('message' => __('Missing meta key.'));
}
if (!array_key_exists('value', $data)) {
$this->set_status(400);
return array('message' => __('Missing meta value.'));
}
if (empty($data['key'])) {
$this->set_status(400);
return array('message' => __('Invalid meta key.'));
}
if (!$this->is_valid_meta_data($data['value'])) {
// for now let's not allow updating of arrays, objects or serialized values.
$this->set_status(400);
return array('message' => __('Invalid provided meta data for action.'));
}
if (is_protected_meta($data['key'])) {
$this->set_status(403);
return array('message' => __('Forbidden Error.'));
}
$meta_key = wp_slash($data['key']);
$value = wp_slash($data['value']);
$result = add_post_meta($id, $meta_key, $value);
if (!$result) {
$this->set_status(400);
return array('message' => __('Could not add post meta.'));
}
$response = json_ensure_response($this->get_meta($id, $result));
if (is_wp_error($response)) {
return $response;
}
$response->set_status(201);
$response->header('Location', json_url('/posts/' . $id . '/meta/' . $result));
return $response;
}
/**
* Create a new post for any registered post type.
*
* @since 3.4.0
* @internal 'data' is used here rather than 'content', as get_default_post_to_edit uses $_REQUEST['content']
*
* @param array $content Content data. Can contain:
* - post_type (default: 'post')
* - post_status (default: 'draft')
* - post_title
* - post_author
* - post_excerpt
* - post_content
* - post_date_gmt | post_date
* - post_format
* - post_password
* - comment_status - can be 'open' | 'closed'
* - ping_status - can be 'open' | 'closed'
* - sticky
* - post_thumbnail - ID of a media item to use as the post thumbnail/featured image
* - custom_fields - array, with each element containing 'key' and 'value'
* - terms - array, with taxonomy names as keys and arrays of term IDs as values
* - terms_names - array, with taxonomy names as keys and arrays of term names as values
* - enclosure
* - any other fields supported by wp_insert_post()
* @return array Post data (see {@see WP_JSON_Posts::get_post})
*/
public function create_post($data)
{
unset($data['ID']);
$result = $this->insert_post($data);
if ($result instanceof WP_Error) {
return $result;
}
$response = json_ensure_response($this->get_post($result, 'edit'));
$response->set_status(201);
$response->header('Location', json_url('/posts/' . $result));
return $response;
}
/**
* Edit a form given an ID. This is an API endpoint.
*
* @param int $id
* @param array $data
* @param array $_headers
* @since 6.0
* @return int|WP_Error|WP_JSON_ResponseInterface
*/
function edit_form($id, $data, $_headers = array())
{
$id = (int) $id;
if (empty($id)) {
return new WP_Error('json_invalid_id_ccf_form', esc_html__('Invalid form ID.', 'custom-contact-forms'), array('status' => 404));
}
$form = get_post($id, ARRAY_A);
if (empty($form['ID'])) {
return new WP_Error('json_invalid_ccf_form', esc_html__('Invalid form.', 'custom-contact-forms'), array('status' => 404));
}
// @todo: remove hack. Needed for broken API
if (isset($data['author'])) {
unset($data['author']);
}
// @todo: remove hack. Needed for broken API
if (isset($data['date'])) {
unset($data['date']);
}
// @todo: remove hack. Needed for broken API
if (isset($data['date_gmt'])) {
unset($data['date_gmt']);
}
$result = $this->insert_post($data);
if ($result instanceof WP_Error) {
return $result;
}
if (isset($data['fields'])) {
if (empty($data['fields'])) {
$data['fields'] = array();
}
$this->create_and_map_fields($data['fields'], $result);
}
if (isset($data['buttonText'])) {
update_post_meta($result, 'ccf_form_buttonText', sanitize_text_field($data['buttonText']));
}
if (isset($data['description'])) {
update_post_meta($result, 'ccf_form_description', sanitize_text_field($data['description']));
}
if (isset($data['completionActionType'])) {
update_post_meta($result, 'ccf_form_completion_action_type', sanitize_text_field($data['completionActionType']));
}
if (isset($data['completionMessage'])) {
update_post_meta($result, 'ccf_form_completion_message', sanitize_text_field($data['completionMessage']));
}
if (isset($data['pause'])) {
update_post_meta($result, 'ccf_form_pause', (bool) $data['pause']);
}
if (isset($data['pauseMessage'])) {
update_post_meta($result, 'ccf_form_pause_message', sanitize_text_field($data['pauseMessage']));
}
if (isset($data['completionRedirectUrl'])) {
update_post_meta($result, 'ccf_form_completion_redirect_url', esc_url_raw($data['completionRedirectUrl']));
}
if (isset($data['sendEmailNotifications'])) {
update_post_meta($result, 'ccf_form_send_email_notifications', (bool) $data['sendEmailNotifications']);
}
if (isset($data['emailNotificationAddresses'])) {
update_post_meta($result, 'ccf_form_email_notification_addresses', sanitize_text_field($data['emailNotificationAddresses']));
}
if (isset($data['emailNotificationFromType'])) {
update_post_meta($result, 'ccf_form_email_notification_from_type', sanitize_text_field($data['emailNotificationFromType']));
}
if (isset($data['emailNotificationFromAddress'])) {
update_post_meta($result, 'ccf_form_email_notification_from_address', sanitize_text_field($data['emailNotificationFromAddress']));
}
if (isset($data['emailNotificationFromField'])) {
update_post_meta($result, 'ccf_form_email_notification_from_field', sanitize_text_field($data['emailNotificationFromField']));
}
if (isset($data['emailNotificationFromNameType'])) {
update_post_meta($result, 'ccf_form_email_notification_from_name_type', sanitize_text_field($data['emailNotificationFromNameType']));
}
if (isset($data['emailNotificationFromName'])) {
update_post_meta($result, 'ccf_form_email_notification_from_name', sanitize_text_field($data['emailNotificationFromName']));
}
if (isset($data['emailNotificationFromNameField'])) {
update_post_meta($result, 'ccf_form_email_notification_from_name_field', sanitize_text_field($data['emailNotificationFromNameField']));
}
if (isset($data['emailNotificationSubjectType'])) {
update_post_meta($result, 'ccf_form_email_notification_subject_type', sanitize_text_field($data['emailNotificationSubjectType']));
}
if (isset($data['emailNotificationSubject'])) {
update_post_meta($result, 'ccf_form_email_notification_subject', sanitize_text_field($data['emailNotificationSubject']));
}
if (isset($data['emailNotificationSubjectField'])) {
update_post_meta($result, 'ccf_form_email_notification_subject_field', sanitize_text_field($data['emailNotificationSubjectField']));
}
$response = json_ensure_response($this->get_post($result));
$response->set_status(201);
$response->header('Location', json_url('/ccf/forms/' . $result));
return $response;
}
/**
* Add meta to a post
*
* @param int $id Post ID
* @param array $data {
* @type string|null $key Meta key
* @type string|null $key Meta value
* }
* @return bool|WP_Error
*/
public function add_meta($id, $data)
{
$id = (int) $id;
if (empty($id)) {
return new WP_Error('json_post_invalid_id', __('Invalid post ID.'), array('status' => 404));
}
$post = get_post($id, ARRAY_A);
if (empty($post['ID'])) {
return new WP_Error('json_post_invalid_id', __('Invalid post ID.'), array('status' => 404));
}
/*if ( ! $this->check_edit_permission( $post ) ) {
return new WP_Error( 'json_cannot_edit', __( 'Sorry, you cannot edit this post' ), array( 'status' => 403 ) );
}*/
if (!array_key_exists('key', $data)) {
return new WP_Error('json_post_missing_key', __('Missing meta key.'), array('status' => 400));
}
if (!array_key_exists('value', $data)) {
return new WP_Error('json_post_missing_value', __('Missing meta value.'), array('status' => 400));
}
if (empty($data['key'])) {
return new WP_Error('json_meta_invalid_key', __('Invalid meta key.'), array('status' => 400));
}
if (!$this->is_valid_meta_data($data['value'])) {
// for now let's not allow updating of arrays, objects or serialized values.
return new WP_Error('json_post_invalid_action', __('Invalid provided meta data for action.'), array('status' => 400));
}
if (is_protected_meta($data['key'])) {
return new WP_Error('json_meta_protected', sprintf(__('%s is marked as a protected field.'), $data['key']), array('status' => 403));
}
$meta_key = wp_slash($data['key']);
$value = wp_slash($data['value']);
$result = add_post_meta($id, $meta_key, $value);
if (!$result) {
return new WP_Error('json_meta_could_not_add', __('Could not add post meta.'), array('status' => 400));
}
$response = json_ensure_response($this->get_meta($id, $result));
if (is_wp_error($response)) {
return $response;
}
$response->set_status(201);
$response->header('Location', json_url('/posts/' . $id . '/meta/' . $result));
return $response;
}
/**
* Recieves and stores data from Foursquare User Push APIs
*/
public function new_push($checkin, $secret, $user)
{
if (!isset($checkin) && !isset($secret)) {
// send error back
exit;
}
$options = get_option('hm_time_options');
$push_secret = $options['foursquare_push_secret'];
$google_tz_api_key = $options['google_timezone_api_key'];
if ($secret != $push_secret) {
// send error back
exit;
}
// fix mapping issue where its unescaping the values.
$checkin = $this->hm_stripslashes($checkin);
$checkinDecoded = json_decode($checkin);
$user = $this->hm_stripslashes($user);
$userDecoded = json_decode($user);
$wp_user = $this->get_user_by_meta_data('hm_time_foursquare_user_id', $userDecoded->id);
$venue = $checkinDecoded->venue;
$venue_lat = $venue->location->lat;
$venue_lng = $venue->location->lng;
$timestamp = time();
$google_tz_api_url = 'https://maps.googleapis.com/maps/api/timezone/json?location=' . $venue_lat . ',' . $venue_lng . '×tamp=' . $timestamp . '&sensor=false&key=' . $google_tz_api_key;
$google_tz_api_response = wp_remote_get($google_tz_api_url);
$google_tz_api_body = json_decode($google_tz_api_response['body']);
$timezone_id = $google_tz_api_body->timeZoneId;
$location = $venue->location->city . ', ' . $venue->location->country;
hm_time_save_profile_fields($wp_user->id, $timezone_id, $location);
$response = json_ensure_response('success');
$response->set_status(201);
$response->header('Location', json_url('/hm-time/' . $result));
return $response;
}
/**
* Create a new post for any registered post type.
*
* @since 3.4.0
* @internal 'data' is used here rather than 'content', as get_default_post_to_edit uses $_REQUEST['content']
*
* @param array $content Content data. Can contain:
* - post_type (default: 'post')
* - post_status (default: 'draft')
* - post_title
* - post_author
* - post_excerpt
* - post_content
* - post_date_gmt | post_date
* - post_format
* - post_password
* - comment_status - can be 'open' | 'closed'
* - ping_status - can be 'open' | 'closed'
* - sticky
* - post_thumbnail - ID of a media item to use as the post thumbnail/featured image
* - custom_fields - array, with each element containing 'key' and 'value'
* - terms - array, with taxonomy names as keys and arrays of term IDs as values
* - terms_names - array, with taxonomy names as keys and arrays of term names as values
* - enclosure
* - any other fields supported by wp_insert_post()
* @return array Post data (see {@see WP_JSON_Posts::get_post})
*/
public function create_post($data)
{
unset($data['ID']);
$result = $this->insert_post($data);
if ($result == false) {
json_error(BigAppErr::$post['code'], "create post faild!");
}
$response = json_ensure_response($this->get_post($result, 'edit'));
$response->set_status(201);
return $response;
}
public function check_get_taxonomy_term_response($response)
{
$this->assertNotInstanceOf('WP_Error', $response);
$response = json_ensure_response($response);
$this->assertEquals(200, $response->get_status());
$data = $response->get_data();
$category = get_term(1, 'category');
$this->check_taxonomy_term($category, $data);
}
public function test_update_user_role_privilage_escalation()
{
$response = $this->endpoint->edit_user($this->user, array('role' => 'administrator'));
$response = json_ensure_response($response);
$this->assertErrorResponse('json_cannot_edit_roles', $response, 403);
$user = get_userdata($this->user);
$this->assertArrayHasKey('subscriber', $user->caps);
}
function nonce()
{
return json_ensure_response(array('nonce' => wp_create_nonce('wp_json')));
}
/**
* Add meta to an object.
*
* @param int $id Object ID
* @param array $data {
* @type string|null $key Meta key
* @type string|null $key Meta value
* }
* @return bool|WP_Error
*/
public function add_meta($id, $data)
{
$check = $this->check_object($id);
if (is_wp_error($check)) {
return $check;
}
if (!array_key_exists('key', $data)) {
$code = $this->type === 'post' ? 'json_post_missing_key' : 'json_meta_missing_key';
return new WP_Error($code, __('Missing meta key.'), array('status' => 400));
}
if (!array_key_exists('value', $data)) {
$code = $this->type === 'post' ? 'json_post_missing_value' : 'json_meta_missing_value';
return new WP_Error($code, __('Missing meta value.'), array('status' => 400));
}
if (empty($data['key'])) {
return new WP_Error('json_meta_invalid_key', __('Invalid meta key.'), array('status' => 400));
}
if (!$this->is_valid_meta_data($data['value'])) {
$code = $this->type === 'post' ? 'json_post_invalid_action' : 'json_meta_invalid_action';
// for now let's not allow updating of arrays, objects or serialized values.
return new WP_Error($code, __('Invalid provided meta data for action.'), array('status' => 400));
}
if (is_protected_meta($data['key'])) {
return new WP_Error('json_meta_protected', sprintf(__('%s is marked as a protected field.'), $data['key']), array('status' => 403));
}
$meta_key = wp_slash($data['key']);
$value = wp_slash($data['value']);
$result = add_metadata($this->type, $id, $meta_key, $value);
if (!$result) {
return new WP_Error('json_meta_could_not_add', __('Could not add meta.'), array('status' => 400));
}
$response = json_ensure_response($this->get_meta($id, $result));
if (is_wp_error($response)) {
return $response;
}
$response->set_status(201);
return $response;
}
public function test_delete_meta()
{
$post_id = $this->factory->post->create();
$meta_id = add_post_meta($post_id, 'testkey', 'testvalue');
$response = $this->endpoint->delete_meta($post_id, $meta_id);
$this->assertNotInstanceOf('WP_Error', $response);
$response = json_ensure_response($response);
$this->assertEquals(200, $response->get_status());
$data = $response->get_data();
$this->assertArrayHasKey('message', $data);
$this->assertNotEmpty($data['message']);
$meta = get_post_meta($post_id, 'testkey', false);
$this->assertEmpty($meta);
}
