[ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 3 class Akismet_REST_API { 4 /** 5 * Register the REST API routes. 6 */ 7 public static function init() { 8 if ( ! function_exists( 'register_rest_route' ) ) { 9 // The REST API wasn't integrated into core until 4.4, and we support 4.0+ (for now). 10 return false; 11 } 12 13 register_rest_route( 'akismet/v1', '/key', array( 14 array( 15 'methods' => WP_REST_Server::READABLE, 16 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 17 'callback' => array( 'Akismet_REST_API', 'get_key' ), 18 ), array( 19 'methods' => WP_REST_Server::EDITABLE, 20 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 21 'callback' => array( 'Akismet_REST_API', 'set_key' ), 22 'args' => array( 23 'key' => array( 24 'required' => true, 25 'type' => 'string', 26 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), 27 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), 28 ), 29 ), 30 ), array( 31 'methods' => WP_REST_Server::DELETABLE, 32 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 33 'callback' => array( 'Akismet_REST_API', 'delete_key' ), 34 ) 35 ) ); 36 37 register_rest_route( 'akismet/v1', '/settings/', array( 38 array( 39 'methods' => WP_REST_Server::READABLE, 40 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 41 'callback' => array( 'Akismet_REST_API', 'get_settings' ), 42 ), 43 array( 44 'methods' => WP_REST_Server::EDITABLE, 45 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 46 'callback' => array( 'Akismet_REST_API', 'set_boolean_settings' ), 47 'args' => array( 48 'akismet_strictness' => array( 49 'required' => false, 50 'type' => 'boolean', 51 'description' => __( 'If true, Akismet will automatically discard the worst spam automatically rather than putting it in the spam folder.', 'akismet' ), 52 ), 53 'akismet_show_user_comments_approved' => array( 54 'required' => false, 55 'type' => 'boolean', 56 'description' => __( 'If true, show the number of approved comments beside each comment author in the comments list page.', 'akismet' ), 57 ), 58 ), 59 ) 60 ) ); 61 62 register_rest_route( 'akismet/v1', '/stats', array( 63 'methods' => WP_REST_Server::READABLE, 64 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 65 'callback' => array( 'Akismet_REST_API', 'get_stats' ), 66 'args' => array( 67 'interval' => array( 68 'required' => false, 69 'type' => 'string', 70 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_interval' ), 71 'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ), 72 'default' => 'all', 73 ), 74 ), 75 ) ); 76 77 register_rest_route( 'akismet/v1', '/stats/(?P<interval>[\w+])', array( 78 'args' => array( 79 'interval' => array( 80 'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ), 81 'type' => 'string', 82 ), 83 ), 84 array( 85 'methods' => WP_REST_Server::READABLE, 86 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), 87 'callback' => array( 'Akismet_REST_API', 'get_stats' ), 88 ) 89 ) ); 90 91 register_rest_route( 'akismet/v1', '/alert', array( 92 array( 93 'methods' => WP_REST_Server::READABLE, 94 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ), 95 'callback' => array( 'Akismet_REST_API', 'get_alert' ), 96 'args' => array( 97 'key' => array( 98 'required' => false, 99 'type' => 'string', 100 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), 101 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), 102 ), 103 ), 104 ), 105 array( 106 'methods' => WP_REST_Server::EDITABLE, 107 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ), 108 'callback' => array( 'Akismet_REST_API', 'set_alert' ), 109 'args' => array( 110 'key' => array( 111 'required' => false, 112 'type' => 'string', 113 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), 114 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), 115 ), 116 ), 117 ), 118 array( 119 'methods' => WP_REST_Server::DELETABLE, 120 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ), 121 'callback' => array( 'Akismet_REST_API', 'delete_alert' ), 122 'args' => array( 123 'key' => array( 124 'required' => false, 125 'type' => 'string', 126 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), 127 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), 128 ), 129 ), 130 ) 131 ) ); 132 } 133 134 /** 135 * Get the current Akismet API key. 136 * 137 * @param WP_REST_Request $request 138 * @return WP_Error|WP_REST_Response 139 */ 140 public static function get_key( $request = null ) { 141 return rest_ensure_response( Akismet::get_api_key() ); 142 } 143 144 /** 145 * Set the API key, if possible. 146 * 147 * @param WP_REST_Request $request 148 * @return WP_Error|WP_REST_Response 149 */ 150 public static function set_key( $request ) { 151 if ( defined( 'WPCOM_API_KEY' ) ) { 152 return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be changed via the API.', 'akismet' ), array( 'status'=> 409 ) ) ); 153 } 154 155 $new_api_key = $request->get_param( 'key' ); 156 157 if ( ! self::key_is_valid( $new_api_key ) ) { 158 return rest_ensure_response( new WP_Error( 'invalid_key', __( 'The value provided is not a valid and registered API key.', 'akismet' ), array( 'status' => 400 ) ) ); 159 } 160 161 update_option( 'wordpress_api_key', $new_api_key ); 162 163 return self::get_key(); 164 } 165 166 /** 167 * Unset the API key, if possible. 168 * 169 * @param WP_REST_Request $request 170 * @return WP_Error|WP_REST_Response 171 */ 172 public static function delete_key( $request ) { 173 if ( defined( 'WPCOM_API_KEY' ) ) { 174 return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be deleted.', 'akismet' ), array( 'status'=> 409 ) ) ); 175 } 176 177 delete_option( 'wordpress_api_key' ); 178 179 return rest_ensure_response( true ); 180 } 181 182 /** 183 * Get the Akismet settings. 184 * 185 * @param WP_REST_Request $request 186 * @return WP_Error|WP_REST_Response 187 */ 188 public static function get_settings( $request = null ) { 189 return rest_ensure_response( array( 190 'akismet_strictness' => ( get_option( 'akismet_strictness', '1' ) === '1' ), 191 'akismet_show_user_comments_approved' => ( get_option( 'akismet_show_user_comments_approved', '1' ) === '1' ), 192 ) ); 193 } 194 195 /** 196 * Update the Akismet settings. 197 * 198 * @param WP_REST_Request $request 199 * @return WP_Error|WP_REST_Response 200 */ 201 public static function set_boolean_settings( $request ) { 202 foreach ( array( 203 'akismet_strictness', 204 'akismet_show_user_comments_approved', 205 ) as $setting_key ) { 206 207 $setting_value = $request->get_param( $setting_key ); 208 if ( is_null( $setting_value ) ) { 209 // This setting was not specified. 210 continue; 211 } 212 213 // From 4.7+, WP core will ensure that these are always boolean 214 // values because they are registered with 'type' => 'boolean', 215 // but we need to do this ourselves for prior versions. 216 $setting_value = Akismet_REST_API::parse_boolean( $setting_value ); 217 218 update_option( $setting_key, $setting_value ? '1' : '0' ); 219 } 220 221 return self::get_settings(); 222 } 223 224 /** 225 * Parse a numeric or string boolean value into a boolean. 226 * 227 * @param mixed $value The value to convert into a boolean. 228 * @return bool The converted value. 229 */ 230 public static function parse_boolean( $value ) { 231 switch ( $value ) { 232 case true: 233 case 'true': 234 case '1': 235 case 1: 236 return true; 237 238 case false: 239 case 'false': 240 case '0': 241 case 0: 242 return false; 243 244 default: 245 return (bool) $value; 246 } 247 } 248 249 /** 250 * Get the Akismet stats for a given time period. 251 * 252 * Possible `interval` values: 253 * - all 254 * - 60-days 255 * - 6-months 256 * 257 * @param WP_REST_Request $request 258 * @return WP_Error|WP_REST_Response 259 */ 260 public static function get_stats( $request ) { 261 $api_key = Akismet::get_api_key(); 262 263 $interval = $request->get_param( 'interval' ); 264 265 $stat_totals = array(); 266 267 $response = Akismet::http_post( Akismet::build_query( array( 'blog' => get_option( 'home' ), 'key' => $api_key, 'from' => $interval ) ), 'get-stats' ); 268 269 if ( ! empty( $response[1] ) ) { 270 $stat_totals[$interval] = json_decode( $response[1] ); 271 } 272 273 return rest_ensure_response( $stat_totals ); 274 } 275 276 /** 277 * Get the current alert code and message. Alert codes are used to notify the site owner 278 * if there's a problem, like a connection issue between their site and the Akismet API, 279 * invalid requests being sent, etc. 280 * 281 * @param WP_REST_Request $request 282 * @return WP_Error|WP_REST_Response 283 */ 284 public static function get_alert( $request ) { 285 return rest_ensure_response( array( 286 'code' => get_option( 'akismet_alert_code' ), 287 'message' => get_option( 'akismet_alert_msg' ), 288 ) ); 289 } 290 291 /** 292 * Update the current alert code and message by triggering a call to the Akismet server. 293 * 294 * @param WP_REST_Request $request 295 * @return WP_Error|WP_REST_Response 296 */ 297 public static function set_alert( $request ) { 298 delete_option( 'akismet_alert_code' ); 299 delete_option( 'akismet_alert_msg' ); 300 301 // Make a request so the most recent alert code and message are retrieved. 302 Akismet::verify_key( Akismet::get_api_key() ); 303 304 return self::get_alert( $request ); 305 } 306 307 /** 308 * Clear the current alert code and message. 309 * 310 * @param WP_REST_Request $request 311 * @return WP_Error|WP_REST_Response 312 */ 313 public static function delete_alert( $request ) { 314 delete_option( 'akismet_alert_code' ); 315 delete_option( 'akismet_alert_msg' ); 316 317 return self::get_alert( $request ); 318 } 319 320 private static function key_is_valid( $key ) { 321 $response = Akismet::http_post( 322 Akismet::build_query( 323 array( 324 'key' => $key, 325 'blog' => get_option( 'home' ) 326 ) 327 ), 328 'verify-key' 329 ); 330 331 if ( $response[1] == 'valid' ) { 332 return true; 333 } 334 335 return false; 336 } 337 338 public static function privileged_permission_callback() { 339 return current_user_can( 'manage_options' ); 340 } 341 342 /** 343 * For calls that Akismet.com makes to the site to clear outdated alert codes, use the API key for authorization. 344 */ 345 public static function remote_call_permission_callback( $request ) { 346 $local_key = Akismet::get_api_key(); 347 348 return $local_key && ( strtolower( $request->get_param( 'key' ) ) === strtolower( $local_key ) ); 349 } 350 351 public static function sanitize_interval( $interval, $request, $param ) { 352 $interval = trim( $interval ); 353 354 $valid_intervals = array( '60-days', '6-months', 'all', ); 355 356 if ( ! in_array( $interval, $valid_intervals ) ) { 357 $interval = 'all'; 358 } 359 360 return $interval; 361 } 362 363 public static function sanitize_key( $key, $request, $param ) { 364 return trim( $key ); 365 } 366 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Sun Dec 22 01:00:02 2024 | Cross-referenced by PHPXref 0.7.1 |