class-wc-api-authentication.php
5 years ago
class-wc-api-coupons.php
5 years ago
class-wc-api-customers.php
5 years ago
class-wc-api-exception.php
5 years ago
class-wc-api-json-handler.php
5 years ago
class-wc-api-orders.php
4 years ago
class-wc-api-products.php
3 years ago
class-wc-api-reports.php
5 years ago
class-wc-api-resource.php
4 years ago
class-wc-api-server.php
5 years ago
class-wc-api-taxes.php
4 years ago
class-wc-api-webhooks.php
3 years ago
interface-wc-api-handler.php
5 years ago
class-wc-api-json-handler.php
74 lines
| 1 | <?php |
| 2 | /** |
| 3 | * WooCommerce API |
| 4 | * |
| 5 | * Handles parsing JSON request bodies and generating JSON responses |
| 6 | * |
| 7 | * @author WooThemes |
| 8 | * @category API |
| 9 | * @package WooCommerce\RestApi |
| 10 | * @since 2.1 |
| 11 | */ |
| 12 | |
| 13 | if ( ! defined( 'ABSPATH' ) ) { |
| 14 | exit; // Exit if accessed directly |
| 15 | } |
| 16 | |
| 17 | class WC_API_JSON_Handler implements WC_API_Handler { |
| 18 | |
| 19 | /** |
| 20 | * Get the content type for the response |
| 21 | * |
| 22 | * @since 2.1 |
| 23 | * @return string |
| 24 | */ |
| 25 | public function get_content_type() { |
| 26 | |
| 27 | return sprintf( '%s; charset=%s', isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json', get_option( 'blog_charset' ) ); |
| 28 | } |
| 29 | |
| 30 | /** |
| 31 | * Parse the raw request body entity |
| 32 | * |
| 33 | * @since 2.1 |
| 34 | * @param string $body the raw request body |
| 35 | * @return array|mixed |
| 36 | */ |
| 37 | public function parse_body( $body ) { |
| 38 | |
| 39 | return json_decode( $body, true ); |
| 40 | } |
| 41 | |
| 42 | /** |
| 43 | * Generate a JSON response given an array of data |
| 44 | * |
| 45 | * @since 2.1 |
| 46 | * @param array $data the response data |
| 47 | * @return string |
| 48 | */ |
| 49 | public function generate_response( $data ) { |
| 50 | if ( isset( $_GET['_jsonp'] ) ) { |
| 51 | |
| 52 | if ( ! apply_filters( 'woocommerce_api_jsonp_enabled', true ) ) { |
| 53 | WC()->api->server->send_status( 400 ); |
| 54 | return wp_json_encode( array( array( 'code' => 'woocommerce_api_jsonp_disabled', 'message' => __( 'JSONP support is disabled on this site', 'woocommerce' ) ) ) ); |
| 55 | } |
| 56 | |
| 57 | $jsonp_callback = $_GET['_jsonp']; |
| 58 | |
| 59 | if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) { |
| 60 | WC()->api->server->send_status( 400 ); |
| 61 | return wp_json_encode( array( array( 'code' => 'woocommerce_api_jsonp_callback_invalid', __( 'The JSONP callback function is invalid', 'woocommerce' ) ) ) ); |
| 62 | } |
| 63 | |
| 64 | WC()->api->server->header( 'X-Content-Type-Options', 'nosniff' ); |
| 65 | |
| 66 | // Prepend '/**/' to mitigate possible JSONP Flash attacks. |
| 67 | // https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ |
| 68 | return '/**/' . $jsonp_callback . '(' . wp_json_encode( $data ) . ')'; |
| 69 | } |
| 70 | |
| 71 | return wp_json_encode( $data ); |
| 72 | } |
| 73 | } |
| 74 |