[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-content/plugins/akismet/ -> class.akismet-rest-api.php (source)

   1  <?php
   2  
   3  class Akismet_REST_API {
   4      /**
   5       * Register the REST API routes.
   6       */
   7  	public static function init() {
   8          if ( ! function_exists( 'register_rest_route' ) ) {
   9              // The REST API wasn't integrated into core until 4.4, and we support 4.0+ (for now).
  10              return false;
  11          }
  12  
  13          register_rest_route( 'akismet/v1', '/key', array(
  14              array(
  15                  'methods' => WP_REST_Server::READABLE,
  16                  'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  17                  'callback' => array( 'Akismet_REST_API', 'get_key' ),
  18              ), array(
  19                  'methods' => WP_REST_Server::EDITABLE,
  20                  'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  21                  'callback' => array( 'Akismet_REST_API', 'set_key' ),
  22                  'args' => array(
  23                      'key' => array(
  24                          'required' => true,
  25                          'type' => 'string',
  26                          'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
  27                          'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
  28                      ),
  29                  ),
  30              ), array(
  31                  'methods' => WP_REST_Server::DELETABLE,
  32                  'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  33                  'callback' => array( 'Akismet_REST_API', 'delete_key' ),
  34              )
  35          ) );
  36  
  37          register_rest_route( 'akismet/v1', '/settings/', array(
  38              array(
  39                  'methods' => WP_REST_Server::READABLE,
  40                  'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  41                  'callback' => array( 'Akismet_REST_API', 'get_settings' ),
  42              ),
  43              array(
  44                  'methods' => WP_REST_Server::EDITABLE,
  45                  'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  46                  'callback' => array( 'Akismet_REST_API', 'set_boolean_settings' ),
  47                  'args' => array(
  48                      'akismet_strictness' => array(
  49                          'required' => false,
  50                          'type' => 'boolean',
  51                          'description' => __( 'If true, Akismet will automatically discard the worst spam automatically rather than putting it in the spam folder.', 'akismet' ),
  52                      ),
  53                      'akismet_show_user_comments_approved' => array(
  54                          'required' => false,
  55                          'type' => 'boolean',
  56                          'description' => __( 'If true, show the number of approved comments beside each comment author in the comments list page.', 'akismet' ),
  57                      ),
  58                  ),
  59              )
  60          ) );
  61  
  62          register_rest_route( 'akismet/v1', '/stats', array(
  63              'methods' => WP_REST_Server::READABLE,
  64              'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  65              'callback' => array( 'Akismet_REST_API', 'get_stats' ),
  66              'args' => array(
  67                  'interval' => array(
  68                      'required' => false,
  69                      'type' => 'string',
  70                      'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_interval' ),
  71                      'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ),
  72                      'default' => 'all',
  73                  ),
  74              ),
  75          ) );
  76  
  77          register_rest_route( 'akismet/v1', '/stats/(?P<interval>[\w+])', array(
  78              'args' => array(
  79                  'interval' => array(
  80                      'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ),
  81                      'type' => 'string',
  82                  ),
  83              ),
  84              array(
  85                  'methods' => WP_REST_Server::READABLE,
  86                  'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
  87                  'callback' => array( 'Akismet_REST_API', 'get_stats' ),
  88              )
  89          ) );
  90  
  91          register_rest_route( 'akismet/v1', '/alert', array(
  92              array(
  93                  'methods' => WP_REST_Server::READABLE,
  94                  'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ),
  95                  'callback' => array( 'Akismet_REST_API', 'get_alert' ),
  96                  'args' => array(
  97                      'key' => array(
  98                          'required' => false,
  99                          'type' => 'string',
 100                          'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
 101                          'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
 102                      ),
 103                  ),
 104              ),
 105              array(
 106                  'methods' => WP_REST_Server::EDITABLE,
 107                  'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ),
 108                  'callback' => array( 'Akismet_REST_API', 'set_alert' ),
 109                  'args' => array(
 110                      'key' => array(
 111                          'required' => false,
 112                          'type' => 'string',
 113                          'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
 114                          'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
 115                      ),
 116                  ),
 117              ),
 118              array(
 119                  'methods' => WP_REST_Server::DELETABLE,
 120                  'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ),
 121                  'callback' => array( 'Akismet_REST_API', 'delete_alert' ),
 122                  'args' => array(
 123                      'key' => array(
 124                          'required' => false,
 125                          'type' => 'string',
 126                          'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
 127                          'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
 128                      ),
 129                  ),
 130              )
 131          ) );
 132      }
 133  
 134      /**
 135       * Get the current Akismet API key.
 136       *
 137       * @param WP_REST_Request $request
 138       * @return WP_Error|WP_REST_Response
 139       */
 140  	public static function get_key( $request = null ) {
 141          return rest_ensure_response( Akismet::get_api_key() );
 142      }
 143  
 144      /**
 145       * Set the API key, if possible.
 146       *
 147       * @param WP_REST_Request $request
 148       * @return WP_Error|WP_REST_Response
 149       */
 150  	public static function set_key( $request ) {
 151          if ( defined( 'WPCOM_API_KEY' ) ) {
 152              return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be changed via the API.', 'akismet' ), array( 'status'=> 409 ) ) );
 153          }
 154  
 155          $new_api_key = $request->get_param( 'key' );
 156  
 157          if ( ! self::key_is_valid( $new_api_key ) ) {
 158              return rest_ensure_response( new WP_Error( 'invalid_key', __( 'The value provided is not a valid and registered API key.', 'akismet' ), array( 'status' => 400 ) ) );
 159          }
 160  
 161          update_option( 'wordpress_api_key', $new_api_key );
 162  
 163          return self::get_key();
 164      }
 165  
 166      /**
 167       * Unset the API key, if possible.
 168       *
 169       * @param WP_REST_Request $request
 170       * @return WP_Error|WP_REST_Response
 171       */
 172  	public static function delete_key( $request ) {
 173          if ( defined( 'WPCOM_API_KEY' ) ) {
 174              return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be deleted.', 'akismet' ), array( 'status'=> 409 ) ) );
 175          }
 176  
 177          delete_option( 'wordpress_api_key' );
 178  
 179          return rest_ensure_response( true );
 180      }
 181  
 182      /**
 183       * Get the Akismet settings.
 184       *
 185       * @param WP_REST_Request $request
 186       * @return WP_Error|WP_REST_Response
 187       */
 188  	public static function get_settings( $request = null ) {
 189          return rest_ensure_response( array(
 190              'akismet_strictness' => ( get_option( 'akismet_strictness', '1' ) === '1' ),
 191              'akismet_show_user_comments_approved' => ( get_option( 'akismet_show_user_comments_approved', '1' ) === '1' ),
 192          ) );
 193      }
 194  
 195      /**
 196       * Update the Akismet settings.
 197       *
 198       * @param WP_REST_Request $request
 199       * @return WP_Error|WP_REST_Response
 200       */
 201  	public static function set_boolean_settings( $request ) {
 202          foreach ( array(
 203              'akismet_strictness',
 204              'akismet_show_user_comments_approved',
 205          ) as $setting_key ) {
 206  
 207              $setting_value = $request->get_param( $setting_key );
 208              if ( is_null( $setting_value ) ) {
 209                  // This setting was not specified.
 210                  continue;
 211              }
 212  
 213              // From 4.7+, WP core will ensure that these are always boolean
 214              // values because they are registered with 'type' => 'boolean',
 215              // but we need to do this ourselves for prior versions.
 216              $setting_value = Akismet_REST_API::parse_boolean( $setting_value );
 217  
 218              update_option( $setting_key, $setting_value ? '1' : '0' );
 219          }
 220  
 221          return self::get_settings();
 222      }
 223  
 224      /**
 225       * Parse a numeric or string boolean value into a boolean.
 226       *
 227       * @param mixed $value The value to convert into a boolean.
 228       * @return bool The converted value.
 229       */
 230  	public static function parse_boolean( $value ) {
 231          switch ( $value ) {
 232              case true:
 233              case 'true':
 234              case '1':
 235              case 1:
 236                  return true;
 237  
 238              case false:
 239              case 'false':
 240              case '0':
 241              case 0:
 242                  return false;
 243  
 244              default:
 245                  return (bool) $value;
 246          }
 247      }
 248  
 249      /**
 250       * Get the Akismet stats for a given time period.
 251       *
 252       * Possible `interval` values:
 253       * - all
 254       * - 60-days
 255       * - 6-months
 256       *
 257       * @param WP_REST_Request $request
 258       * @return WP_Error|WP_REST_Response
 259       */
 260  	public static function get_stats( $request ) {
 261          $api_key = Akismet::get_api_key();
 262  
 263          $interval = $request->get_param( 'interval' );
 264  
 265          $stat_totals = array();
 266  
 267          $response = Akismet::http_post( Akismet::build_query( array( 'blog' => get_option( 'home' ), 'key' => $api_key, 'from' => $interval ) ), 'get-stats' );
 268  
 269          if ( ! empty( $response[1] ) ) {
 270              $stat_totals[$interval] = json_decode( $response[1] );
 271          }
 272  
 273          return rest_ensure_response( $stat_totals );
 274      }
 275  
 276      /**
 277       * Get the current alert code and message. Alert codes are used to notify the site owner
 278       * if there's a problem, like a connection issue between their site and the Akismet API,
 279       * invalid requests being sent, etc.
 280       *
 281       * @param WP_REST_Request $request
 282       * @return WP_Error|WP_REST_Response
 283       */
 284  	public static function get_alert( $request ) {
 285          return rest_ensure_response( array(
 286              'code' => get_option( 'akismet_alert_code' ),
 287              'message' => get_option( 'akismet_alert_msg' ),
 288          ) );
 289      }
 290  
 291      /**
 292       * Update the current alert code and message by triggering a call to the Akismet server.
 293       *
 294       * @param WP_REST_Request $request
 295       * @return WP_Error|WP_REST_Response
 296       */
 297  	public static function set_alert( $request ) {
 298          delete_option( 'akismet_alert_code' );
 299          delete_option( 'akismet_alert_msg' );
 300  
 301          // Make a request so the most recent alert code and message are retrieved.
 302          Akismet::verify_key( Akismet::get_api_key() );
 303  
 304          return self::get_alert( $request );
 305      }
 306  
 307      /**
 308       * Clear the current alert code and message.
 309       *
 310       * @param WP_REST_Request $request
 311       * @return WP_Error|WP_REST_Response
 312       */
 313  	public static function delete_alert( $request ) {
 314          delete_option( 'akismet_alert_code' );
 315          delete_option( 'akismet_alert_msg' );
 316  
 317          return self::get_alert( $request );
 318      }
 319  
 320  	private static function key_is_valid( $key ) {
 321          $response = Akismet::http_post(
 322              Akismet::build_query(
 323                  array(
 324                      'key' => $key,
 325                      'blog' => get_option( 'home' )
 326                  )
 327              ),
 328              'verify-key'
 329          );
 330  
 331          if ( $response[1] == 'valid' ) {
 332              return true;
 333          }
 334  
 335          return false;
 336      }
 337  
 338  	public static function privileged_permission_callback() {
 339          return current_user_can( 'manage_options' );
 340      }
 341  
 342      /**
 343       * For calls that Akismet.com makes to the site to clear outdated alert codes, use the API key for authorization.
 344       */
 345  	public static function remote_call_permission_callback( $request ) {
 346          $local_key = Akismet::get_api_key();
 347  
 348          return $local_key && ( strtolower( $request->get_param( 'key' ) ) === strtolower( $local_key ) );
 349      }
 350  
 351  	public static function sanitize_interval( $interval, $request, $param ) {
 352          $interval = trim( $interval );
 353  
 354          $valid_intervals = array( '60-days', '6-months', 'all', );
 355  
 356          if ( ! in_array( $interval, $valid_intervals ) ) {
 357              $interval = 'all';
 358          }
 359  
 360          return $interval;
 361      }
 362  
 363  	public static function sanitize_key( $key, $request, $param ) {
 364          return trim( $key );
 365      }
 366  }


Generated: Sun Dec 22 01:00:02 2024 Cross-referenced by PHPXref 0.7.1