/** * Creates a WP_REST_Request and returns it. * * @since 4.4.0 * * @param string $route REST API path to be append to /jetpack/v4/ * @param array $json_params When present, parameters are added to request in JSON format * @param string $method Request method to use, GET or POST * @param array $params Parameters to add to endpoint * * @return WP_REST_Response */ protected function create_and_get_request($route = '', $json_params = array(), $method = 'GET', $params = array()) { $request = new WP_REST_Request($method, "/jetpack/v4/{$route}"); $request->set_header('content-type', 'application/json'); if (!empty($json_params)) { $request->set_body(json_encode($json_params)); } if (!empty($params) && is_array($params)) { foreach ($params as $key => $value) { $request->set_param($key, $value); } } return $this->server->dispatch($request); }
public function test_create_item_unsafe_alt_text() { wp_set_current_user($this->author_id); $request = new WP_REST_Request('POST', '/wp/v2/media'); $request->set_header('Content-Type', 'image/jpeg'); $request->set_header('Content-Disposition', 'filename=canola.jpg'); $request->set_body(file_get_contents($this->test_file)); $request->set_param('alt_text', '<script>alert(document.cookie)</script>'); $response = $this->server->dispatch($request); $attachment = $response->get_data(); $this->assertEquals('', $attachment['alt_text']); }
/** * Test that list endpoint returns expected format */ public function test_run_event() { $ev = Utils::create_test_event(); $ev['action'] = md5($ev['action']); $ev['instance'] = md5(maybe_serialize($ev['args'])); $ev['secret'] = \WP_CRON_CONTROL_SECRET; unset($ev['args']); $request = new \WP_REST_Request('PUT', '/' . \Automattic\WP\Cron_Control\REST_API::API_NAMESPACE . '/' . \Automattic\WP\Cron_Control\REST_API::ENDPOINT_RUN); $request->set_body(wp_json_encode($ev)); $request->set_header('content-type', 'application/json'); $response = $this->server->dispatch($request); $data = $response->get_data(); $this->assertResponseStatus(200, $response); $this->assertArrayHasKey('success', $data); $this->assertArrayHasKey('message', $data); }
public function verify_attachment_roundtrip($input = array(), $expected_output = array()) { // Create the post $request = new WP_REST_Request('POST', '/wp/v2/media'); $request->set_header('Content-Type', 'image/jpeg'); $request->set_header('Content-Disposition', 'attachment; filename=canola.jpg'); $request->set_body(file_get_contents($this->test_file)); foreach ($input as $name => $value) { $request->set_param($name, $value); } $response = $this->server->dispatch($request); $this->assertEquals(201, $response->get_status()); $actual_output = $response->get_data(); // Remove <p class="attachment"> from rendered description // see https://core.trac.wordpress.org/ticket/38679 $content = $actual_output['description']['rendered']; $content = explode("\n", trim($content)); if (preg_match('/^<p class="attachment">/', $content[0])) { $content = implode("\n", array_slice($content, 1)); $actual_output['description']['rendered'] = $content; } // Compare expected API output to actual API output $this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']); $this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered'])); $this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']); $this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered'])); $this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']); $this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered'])); // Compare expected API output to WP internal values $post = get_post($actual_output['id']); $this->assertEquals($expected_output['title']['raw'], $post->post_title); $this->assertEquals($expected_output['description']['raw'], $post->post_content); $this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt); // Update the post $request = new WP_REST_Request('PUT', sprintf('/wp/v2/media/%d', $actual_output['id'])); foreach ($input as $name => $value) { $request->set_param($name, $value); } $response = $this->server->dispatch($request); $this->assertEquals(200, $response->get_status()); $actual_output = $response->get_data(); // Remove <p class="attachment"> from rendered description // see https://core.trac.wordpress.org/ticket/38679 $content = $actual_output['description']['rendered']; $content = explode("\n", trim($content)); if (preg_match('/^<p class="attachment">/', $content[0])) { $content = implode("\n", array_slice($content, 1)); $actual_output['description']['rendered'] = $content; } // Compare expected API output to actual API output $this->assertEquals($expected_output['title']['raw'], $actual_output['title']['raw']); $this->assertEquals($expected_output['title']['rendered'], trim($actual_output['title']['rendered'])); $this->assertEquals($expected_output['description']['raw'], $actual_output['description']['raw']); $this->assertEquals($expected_output['description']['rendered'], trim($actual_output['description']['rendered'])); $this->assertEquals($expected_output['caption']['raw'], $actual_output['caption']['raw']); $this->assertEquals($expected_output['caption']['rendered'], trim($actual_output['caption']['rendered'])); // Compare expected API output to WP internal values $post = get_post($actual_output['id']); $this->assertEquals($expected_output['title']['raw'], $post->post_title); $this->assertEquals($expected_output['description']['raw'], $post->post_content); $this->assertEquals($expected_output['caption']['raw'], $post->post_excerpt); }
/** * Save the value of the setting. * * @param string $value The value to update. * * @return bool The result of saving the value. */ protected function update($value) { $wp_rest_server = $this->plugin->get_rest_server(); $route = '/' . ltrim($this->route, '/'); $rest_request = new \WP_REST_Request('PUT', $route); $rest_request->set_header('content-type', 'application/json'); $rest_request->set_body($value); $rest_response = $wp_rest_server->dispatch($rest_request); if ($rest_response->is_error()) { add_filter('customize_save_response', function ($response) use($rest_response) { if (!isset($response['customize_rest_resources_save_errors'])) { $response['customize_rest_resources_save_errors'] = array(); } $response['customize_rest_resources_save_errors'][$this->id] = $rest_response->as_error()->get_error_message(); return $response; }); return false; } return true; }