PluginProbe ʕ •ᴥ•ʔ
Presto Player / 2.3.3
Presto Player v2.3.3
4.3.0 4.2.4 4.2.3 4.2.2 4.2.0 4.2.1 trunk 1.10.0 1.10.1 1.10.2 1.11.0 1.12.0 1.13.0 1.14.0 1.14.1 1.5.10 1.5.11 1.5.12 1.5.13 1.5.14 1.5.15 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.10 1.6.11 1.6.12 1.6.13 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.8.0 1.8.1 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.2.0 2.2.1 2.2.2 2.2.3 2.2.3-beta1 2.3.0 2.3.1 2.3.2 2.3.3 3.0.0 3.0.0-beta1 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.1.0 3.1.1 3.1.2 3.1.3 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.0.5 4.0.6 4.0.7 4.0.8 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4
presto-player / inc / Services / API / RestSettingsController.php
presto-player / inc / Services / API Last commit date
RestAudioPresetsController.php 2 years ago RestPresetsController.php 2 years ago RestSettingsController.php 2 years ago RestVideosController.php 2 years ago
RestSettingsController.php
139 lines
1 <?php
2
3 namespace PrestoPlayer\Services\API;
4
5 class RestSettingsController extends \WP_REST_Settings_Controller
6 {
7
8 /**
9 * Constructor.
10 *
11 * @since 4.7.0
12 */
13 public function __construct()
14 {
15 $this->namespace = 'presto-player/v1';
16 $this->rest_base = 'settings';
17 }
18
19 /**
20 * Register controller
21 *
22 * @return void
23 */
24 public function register()
25 {
26 add_action('rest_api_init', [$this, 'register_routes']);
27 add_filter('rest_pre_update_setting', [$this, 'validatePlayerBrandingCSS'], 10, 3);
28 }
29
30 /**
31 * Retrieves all of the registered options for the Settings API.
32 *
33 * @since 4.7.0
34 *
35 * @return array Array of registered options.
36 */
37 protected function get_registered_options()
38 {
39 $rest_options = array();
40
41 foreach (get_registered_settings() as $name => $args) {
42 if (!in_array($name, ['presto_player_branding', 'presto_player_youtube', 'presto_player_presets', 'presto_player_audio_presets'])) {
43 continue;
44 }
45
46 if (empty($args['show_in_rest'])) {
47 continue;
48 }
49
50 $rest_args = array();
51
52 if (is_array($args['show_in_rest'])) {
53 $rest_args = $args['show_in_rest'];
54 }
55
56 $defaults = array(
57 'name' => !empty($rest_args['name']) ? $rest_args['name'] : $name,
58 'schema' => array(),
59 );
60
61 $rest_args = array_merge($defaults, $rest_args);
62
63 $default_schema = array(
64 'type' => empty($args['type']) ? null : $args['type'],
65 'description' => empty($args['description']) ? '' : $args['description'],
66 'default' => isset($args['default']) ? $args['default'] : null,
67 );
68
69 $rest_args['schema'] = array_merge($default_schema, $rest_args['schema']);
70 $rest_args['option_name'] = $name;
71
72 // Skip over settings that don't have a defined type in the schema.
73 if (empty($rest_args['schema']['type'])) {
74 continue;
75 }
76
77 /*
78 * Allow the supported types for settings, as we don't want invalid types
79 * to be updated with arbitrary values that we can't do decent sanitizing for.
80 */
81 if (!in_array($rest_args['schema']['type'], array('number', 'integer', 'string', 'boolean', 'array', 'object'), true)) {
82 continue;
83 }
84
85 $rest_args['schema'] = rest_default_additional_properties_to_false($rest_args['schema']);
86
87 $rest_options[$rest_args['name']] = $rest_args;
88 }
89
90 return $rest_options;
91 }
92
93 /**
94 * Validate player branding css setting value before updating.
95 *
96 * @param mixed $value The value of the setting.
97 * @param string $setting The setting name.
98 * @param WP_REST_Request $request The request object.
99 *
100 * @return void
101 */
102 public function validatePlayerBrandingCSS($value, $setting, $request)
103 {
104 if ('presto_player_branding' !== $setting) {
105 return $value;
106 }
107
108 if (isset($request['player_css']) && !empty($request['player_css'])) {
109 $css_validation_result = $this->validateCustomCSS($request['player_css']);
110 if (is_wp_error($css_validation_result)) {
111 wp_die($css_validation_result, 400);
112 }
113 }
114
115 return $value;
116 }
117
118 /**
119 * Validate style.css as valid CSS.
120 *
121 * Currently just checks for invalid markup.
122 *
123 * @param string $css CSS to validate.
124 *
125 * @return true|WP_Error True if the input was validated, otherwise WP_Error.
126 */
127 protected function validateCustomCSS($css)
128 {
129 if (preg_match('#</?\w+#', $css)) {
130 return new \WP_Error(
131 'rest_custom_css_illegal_markup',
132 __('Markup is not allowed in CSS.', 'gutenberg'),
133 array('status' => 400)
134 );
135 }
136 return true;
137 }
138 }
139