RestAudioPresetsController.php
2 years ago
RestPresetsController.php
2 years ago
RestSettingsController.php
2 years ago
RestVideosController.php
2 years ago
RestSettingsController.php
139 lines
| 1 | <?php |
| 2 | |
| 3 | namespace PrestoPlayer\Services\API; |
| 4 | |
| 5 | class RestSettingsController extends \WP_REST_Settings_Controller |
| 6 | { |
| 7 | |
| 8 | /** |
| 9 | * Constructor. |
| 10 | * |
| 11 | * @since 4.7.0 |
| 12 | */ |
| 13 | public function __construct() |
| 14 | { |
| 15 | $this->namespace = 'presto-player/v1'; |
| 16 | $this->rest_base = 'settings'; |
| 17 | } |
| 18 | |
| 19 | /** |
| 20 | * Register controller |
| 21 | * |
| 22 | * @return void |
| 23 | */ |
| 24 | public function register() |
| 25 | { |
| 26 | add_action('rest_api_init', [$this, 'register_routes']); |
| 27 | add_filter('rest_pre_update_setting', [$this, 'validatePlayerBrandingCSS'], 10, 3); |
| 28 | } |
| 29 | |
| 30 | /** |
| 31 | * Retrieves all of the registered options for the Settings API. |
| 32 | * |
| 33 | * @since 4.7.0 |
| 34 | * |
| 35 | * @return array Array of registered options. |
| 36 | */ |
| 37 | protected function get_registered_options() |
| 38 | { |
| 39 | $rest_options = array(); |
| 40 | |
| 41 | foreach (get_registered_settings() as $name => $args) { |
| 42 | if (!in_array($name, ['presto_player_branding', 'presto_player_youtube', 'presto_player_presets', 'presto_player_audio_presets'])) { |
| 43 | continue; |
| 44 | } |
| 45 | |
| 46 | if (empty($args['show_in_rest'])) { |
| 47 | continue; |
| 48 | } |
| 49 | |
| 50 | $rest_args = array(); |
| 51 | |
| 52 | if (is_array($args['show_in_rest'])) { |
| 53 | $rest_args = $args['show_in_rest']; |
| 54 | } |
| 55 | |
| 56 | $defaults = array( |
| 57 | 'name' => !empty($rest_args['name']) ? $rest_args['name'] : $name, |
| 58 | 'schema' => array(), |
| 59 | ); |
| 60 | |
| 61 | $rest_args = array_merge($defaults, $rest_args); |
| 62 | |
| 63 | $default_schema = array( |
| 64 | 'type' => empty($args['type']) ? null : $args['type'], |
| 65 | 'description' => empty($args['description']) ? '' : $args['description'], |
| 66 | 'default' => isset($args['default']) ? $args['default'] : null, |
| 67 | ); |
| 68 | |
| 69 | $rest_args['schema'] = array_merge($default_schema, $rest_args['schema']); |
| 70 | $rest_args['option_name'] = $name; |
| 71 | |
| 72 | // Skip over settings that don't have a defined type in the schema. |
| 73 | if (empty($rest_args['schema']['type'])) { |
| 74 | continue; |
| 75 | } |
| 76 | |
| 77 | /* |
| 78 | * Allow the supported types for settings, as we don't want invalid types |
| 79 | * to be updated with arbitrary values that we can't do decent sanitizing for. |
| 80 | */ |
| 81 | if (!in_array($rest_args['schema']['type'], array('number', 'integer', 'string', 'boolean', 'array', 'object'), true)) { |
| 82 | continue; |
| 83 | } |
| 84 | |
| 85 | $rest_args['schema'] = rest_default_additional_properties_to_false($rest_args['schema']); |
| 86 | |
| 87 | $rest_options[$rest_args['name']] = $rest_args; |
| 88 | } |
| 89 | |
| 90 | return $rest_options; |
| 91 | } |
| 92 | |
| 93 | /** |
| 94 | * Validate player branding css setting value before updating. |
| 95 | * |
| 96 | * @param mixed $value The value of the setting. |
| 97 | * @param string $setting The setting name. |
| 98 | * @param WP_REST_Request $request The request object. |
| 99 | * |
| 100 | * @return void |
| 101 | */ |
| 102 | public function validatePlayerBrandingCSS($value, $setting, $request) |
| 103 | { |
| 104 | if ('presto_player_branding' !== $setting) { |
| 105 | return $value; |
| 106 | } |
| 107 | |
| 108 | if (isset($request['player_css']) && !empty($request['player_css'])) { |
| 109 | $css_validation_result = $this->validateCustomCSS($request['player_css']); |
| 110 | if (is_wp_error($css_validation_result)) { |
| 111 | wp_die($css_validation_result, 400); |
| 112 | } |
| 113 | } |
| 114 | |
| 115 | return $value; |
| 116 | } |
| 117 | |
| 118 | /** |
| 119 | * Validate style.css as valid CSS. |
| 120 | * |
| 121 | * Currently just checks for invalid markup. |
| 122 | * |
| 123 | * @param string $css CSS to validate. |
| 124 | * |
| 125 | * @return true|WP_Error True if the input was validated, otherwise WP_Error. |
| 126 | */ |
| 127 | protected function validateCustomCSS($css) |
| 128 | { |
| 129 | if (preg_match('#</?\w+#', $css)) { |
| 130 | return new \WP_Error( |
| 131 | 'rest_custom_css_illegal_markup', |
| 132 | __('Markup is not allowed in CSS.', 'gutenberg'), |
| 133 | array('status' => 400) |
| 134 | ); |
| 135 | } |
| 136 | return true; |
| 137 | } |
| 138 | } |
| 139 |