public static function template_redirect() { global $wp_query; if (isset($wp_query->query_vars['wpak_addon_file']) && !empty($wp_query->query_vars['wpak_addon_file'])) { if (!empty($_GET['wpak_app_id'])) { $app_id = esc_attr($_GET['wpak_app_id']); //can be ID or slug $app = WpakApps::get_app($app_id); if (!empty($app)) { $app_id = $app->ID; $default_capability = current_user_can('wpak_edit_apps') ? 'wpak_edit_apps' : 'manage_options'; $capability = apply_filters('wpak_private_simulation_capability', $default_capability, $app_id); if (WpakApps::get_app_simulation_is_secured($app_id) && !current_user_can($capability)) { wp_nonce_ays('wpak-addon-file'); } $file = $wp_query->query_vars['wpak_addon_file']; if (preg_match('/([^\\/]+?)\\/(.+[\\.js|\\.css|\\.html])$/', $file, $matches)) { $addon_slug = $matches[1]; $asset_file = $matches[2]; $app_addons = self::get_app_addons($app_id); if (array_key_exists($addon_slug, $app_addons)) { $addon = $app_addons[$addon_slug]; if ($asset_full_path = $addon->get_asset_file($asset_file)) { $file_type = pathinfo($asset_full_path, PATHINFO_EXTENSION); if ($file_type == 'js') { header("Content-type: text/javascript; charset=utf-8"); } elseif ($file_type == 'css') { header("Content-type: text/css; charset=utf-8"); } elseif ($file_type == 'html') { header("Content-type: text/html; charset=utf-8"); } echo file_get_contents($asset_full_path); exit; } else { header("HTTP/1.0 404 Not Found"); _e('Addon file not found', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('Addon not found for this app', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('Wrong addon file', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('App not found', WpAppKit::i18n_domain) . ' : [' . $app_id . ']'; exit; } } else { header("HTTP/1.0 404 Not Found"); _e('App id not found in _GET parmeters', WpAppKit::i18n_domain); exit; } } }
public static function template_redirect() { global $wp_query; if (isset($wp_query->query_vars['wpak_appli_file']) && !empty($wp_query->query_vars['wpak_appli_file'])) { if (!empty($_GET['wpak_app_id'])) { $app_id = esc_attr($_GET['wpak_app_id']); //can be ID or slug $app = WpakApps::get_app($app_id); if (!empty($app)) { $app_id = $app->ID; $default_capability = current_user_can('wpak_edit_apps') ? 'wpak_edit_apps' : 'manage_options'; $capability = apply_filters('wpak_private_simulation_capability', $default_capability, $app_id); if (WpakApps::get_app_simulation_is_secured($app_id) && !current_user_can($capability)) { wp_nonce_ays($action); } $file = $wp_query->query_vars['wpak_appli_file']; switch ($file) { case 'config.js': header("Content-type: text/javascript; charset=utf-8"); echo "/* Wp AppKit simulator config.js */\n"; self::get_config_js($app_id, true); exit; case 'config.xml': header("Content-type: text/xml; charset=utf-8"); self::get_config_xml($app_id, true); exit; default: exit; } } else { echo __('App not found', WpAppKit::i18n_domain) . ' : [' . $app_id . ']'; exit; } } else { _e('App id not found in _GET parameters', WpAppKit::i18n_domain); exit; } } }
private static function exit_handle_request($app_id_or_slug, $service_slug, $action, $id = 0) { global $wp_query; self::log($_SERVER['REQUEST_METHOD'] . ' : ' . $action . ' : ' . print_r($_REQUEST, true)); //Set AJAX WP context : define('DOING_AJAX', true); if (self::cache_on()) { //TODO_WPAK /* $cached_webservice = WpakCache::get_cached_web_service( self::get_web_service_cache_id($service), isset($_GET['force_reload']) && is_numeric($_GET['force_reload']) && $_GET['force_reload'] == 1, isset($_GET['last_update']) && is_numeric($_GET['last_update']) ? $_GET['last_update'] : 0 ); if( !empty($cached_webservice) ){ self::exit_sending_web_service_content($cached_webservice); } */ } $app = WpakApps::get_app($app_id_or_slug); //Check that the asked app exists : if (empty($app)) { header("HTTP/1.0 404 Not Found"); _e('App not found', WpAppKit::i18n_domain) . ' : [' . $app_id_or_slug . ']'; exit; } $app_id = $app->ID; $app_slug = $app->post_name; WpakWebServiceContext::$current_app_id = $app_id; WpakWebServiceContext::$current_app_slug = $app_slug; //Some browsers or viewports on mobile devices cache HTTP resquests, we don't want this! header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Some time in the past if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { header('Allow: GET, PUT, DELETE, POST'); header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, PUT, DELETE, POST'); header('Access-Control-Allow-Headers: origin, content-type, accept, x-http-method-override'); header('Access-Control-Allow-Credentials: true'); exit; } //If the app current theme has some PHP (hooks!) to be executed before the web //service process, include it here : WpakThemes::include_app_theme_php($app_id); //Include PHP files required by addons activated for this app : WpakAddons::require_app_addons_php_files($app_id); $service_answer = null; switch ($action) { case 'list': if ($_SERVER['REQUEST_METHOD'] == 'POST') { $headers = function_exists('apache_request_headers') ? apache_request_headers() : array(); $is_url_encoded = !empty($headers['Content-Type']) && strpos($headers['Content-Type'], 'application/x-www-form-urlencoded') !== false || !empty($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') !== false; if ($is_url_encoded) { if (isset($_POST['model'])) { //Specific to backbone's "emulateJSON" $json = stripslashes($_POST['model']); $sent = json_decode($json); } else { $sent = $_POST; } } else { $json = file_get_contents("php://input"); $sent = json_decode($json); } $service_answer = WpakWebServiceCrud::create($app_id, $service_slug, $sent); } elseif ($_SERVER['REQUEST_METHOD'] == 'GET') { $service_answer = WpakWebServiceCrud::read($app_id, $service_slug, $wp_query->query_vars); } break; case 'one': if ($_SERVER['REQUEST_METHOD'] == 'GET') { $service_answer = WpakWebServiceCrud::read_one($app_id, $service_slug, $id); } elseif ($_SERVER['REQUEST_METHOD'] == 'PUT') { $json = file_get_contents("php://input"); $new = json_decode($json); $service_answer = WpakWebServiceCrud::update($app_id, $service_slug, $new); } elseif ($_SERVER['REQUEST_METHOD'] == 'DELETE') { $service_answer = WpakWebServiceCrud::delete($app_id, $service_slug, $id); } elseif ($_SERVER['REQUEST_METHOD'] == 'POST') { $http_method_override_method = ''; $headers = function_exists('apache_request_headers') ? apache_request_headers() : array(); if (!empty($headers['X-HTTP-Method-Override'])) { $http_method_override_method = $headers['X-HTTP-Method-Override']; } elseif (!empty($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) { $http_method_override_method = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']; } $is_url_encoded = !empty($headers['Content-Type']) && strpos($headers['Content-Type'], 'application/x-www-form-urlencoded') !== false || !empty($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'application/x-www-form-urlencoded') !== false; //self::log('$_SERVER : '. print_r($_SERVER,true)); self::log('X-HTTP-Method-Override : ' . $http_method_override_method); if (!empty($http_method_override_method)) { if ($http_method_override_method == 'PUT') { if ($is_url_encoded) { if (isset($_POST['model'])) { //Specific to backbone's "emulateJSON" $json = stripslashes($_POST['model']); $sent = json_decode($json); } else { $sent = $_POST; } self::log('PUT one (X-HTTP-Method-Override + emulateJSON) : ' . $id . ' - json :' . $json . ' - _POST : ' . print_r($_POST, true)); } else { $data = file_get_contents("php://input"); $new = json_decode($data); self::log('PUT one (X-HTTP-Method-Override) : ' . $id . ' : ' . $data); } if ($new !== null) { $service_answer = WpakWebServiceCrud::update($app_id, $service_slug, $new); } } elseif ($http_method_override_method == 'DELETE') { self::log('DELETE one (X-HTTP-Method-Override) : ' . $id); $service_answer = WpakWebServiceCrud::delete($app_id, $service_slug, $id); } } } break; } //Simulate delay : TODO : make this configurable in WP BO : //time_nanosleep(rand(0,1), (floatval(rand(20,100))/100) * 1000000000); //sleep(2); if ($service_answer !== null) { self::exit_sending_answer($service_answer, $app_id, $service_slug); } exit(__('Error : Web service not recognised', WpAppKit::i18n_domain)); }
public static function template_redirect() { global $wp_query; //The following is only for app simulation in browser if (isset($wp_query->query_vars['wpak_theme_file']) && !empty($wp_query->query_vars['wpak_theme_file'])) { $file = $wp_query->query_vars['wpak_theme_file']; //For assets files like fonts, images or css we can't //be sure that the wpak_app_id GET arg is there, because they can //be included directly in themes sources (CSS/HTML) where the WP AppKit API can't //be used. So, we can't check that the file comes from the right app //or theme > we just check that the theme the asset belongs to is a real //WP AppKit theme and that at least one app uses this theme : if (self::is_asset_file($file)) { if (preg_match('/([^\\/]+?)\\/(.+)$/', $file, $matches)) { $theme_slug = $matches[1]; $theme_file = $matches[2]; if (self::is_theme($theme_slug) && self::theme_is_used($theme_slug)) { if ($file_full_path = self::get_theme_file($theme_slug, $theme_file)) { self::exit_send_theme_file($file_full_path); } } else { header("HTTP/1.0 404 Not Found"); _e('Not a valid theme file', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('Not a valid theme file path', WpAppKit::i18n_domain); exit; } } else { if (!empty($_GET['wpak_app_id'])) { //For non considered asset files (like JS) we check that the file is //asked for the correct app and for the theme of the app: $app_id = esc_attr($_GET['wpak_app_id']); //can be ID or slug $app = WpakApps::get_app($app_id); if (!empty($app)) { $app_id = $app->ID; $default_capability = current_user_can('wpak_edit_apps') ? 'wpak_edit_apps' : 'manage_options'; $capability = apply_filters('wpak_private_simulation_capability', $default_capability, $app_id); if (WpakApps::get_app_simulation_is_secured($app_id) && !current_user_can($capability)) { wp_nonce_ays('wpak-theme-file'); } if (preg_match('/([^\\/]+?)\\/(.+)$/', $file, $matches)) { $theme_slug = $matches[1]; $theme_file = $matches[2]; $app_theme = WpakThemesStorage::get_current_theme($app_id); if ($theme_slug == $app_theme) { if ($file_full_path = self::get_theme_file($theme_slug, $theme_file)) { self::exit_send_theme_file($file_full_path); } else { header("HTTP/1.0 404 Not Found"); _e('Theme file not found', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('Asked theme is not activated for the given app', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('Wrong theme file', WpAppKit::i18n_domain); exit; } } else { header("HTTP/1.0 404 Not Found"); _e('App not found', WpAppKit::i18n_domain) . ' : [' . $app_id . ']'; exit; } } else { header("HTTP/1.0 404 Not Found"); _e('App id not found in _GET parmeters', WpAppKit::i18n_domain); exit; } } } }