diff --git a/extras.php b/extras.php index 91c4325b..2473602f 100644 --- a/extras.php +++ b/extras.php @@ -52,7 +52,7 @@ function rest_output_rsd() { } ?> -get_data(); } } diff --git a/lib/infrastructure/class-wp-http-responseinterface.php b/lib/infrastructure/class-wp-http-responseinterface.php index 0fb031f7..a6a16083 100644 --- a/lib/infrastructure/class-wp-http-responseinterface.php +++ b/lib/infrastructure/class-wp-http-responseinterface.php @@ -45,17 +45,4 @@ public function get_status(); * @return mixed Response data. */ public function get_data(); - - /** - * @todo: Remove since it's commented out? - * - * Retrieves the response data for JSON serialization. - * - * It is expected that in most implementations, this will return the same as - * {@see get_data()}, however this may be different if you want to do custom - * JSON data handling. - * - * @return mixed Any JSON-serializable value - */ - // public function jsonSerialize(); } diff --git a/lib/infrastructure/class-wp-rest-request.php b/lib/infrastructure/class-wp-rest-request.php index 80c9f772..f630d539 100644 --- a/lib/infrastructure/class-wp-rest-request.php +++ b/lib/infrastructure/class-wp-rest-request.php @@ -119,7 +119,7 @@ public function __construct( $method = '', $route = '', $attributes = array() ) 'POST' => array(), 'FILES' => array(), - // See parse_json_params + // See parse_json_params. 'JSON' => null, 'defaults' => array(), @@ -326,7 +326,7 @@ public function get_content_type() { return null; } - // Parse type and subtype out + // Parse type and subtype out. list( $type, $subtype ) = explode( '/', $value, 2 ); $data = compact( 'value', 'type', 'subtype', 'parameters' ); @@ -351,7 +351,7 @@ protected function get_parameter_order() { $this->parse_json_params(); - // Ensure we parse the body data + // Ensure we parse the body data. $body = $this->get_body(); if ( $this->method !== 'POST' && ! empty( $body ) ) { $this->parse_body_params(); @@ -782,7 +782,7 @@ public function sanitize_params() { $attributes = $this->get_attributes(); - // No arguments set, skip sanitizing + // No arguments set, skip sanitizing. if ( empty( $attributes['args'] ) ) { return true; } @@ -794,12 +794,13 @@ public function sanitize_params() { continue; } foreach ( $this->params[ $type ] as $key => $value ) { - // check if this param has a sanitize_callback added + // Check if this param has a sanitize_callback added. if ( isset( $attributes['args'][ $key ] ) && ! empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) { $this->params[ $type ][ $key ] = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key ); } } } + return null; } /** @@ -871,12 +872,10 @@ public function has_valid_params() { * @since 4.4.0 * @access public * - * @param string $key Parameter name. + * @param string $offset Parameter name. * @return bool Whether the parameter is set. */ - // @codingStandardsIgnoreStart public function offsetExists( $offset ) { - // @codingStandardsIgnoreEnd $order = $this->get_parameter_order(); foreach ( $order as $type ) { @@ -894,12 +893,10 @@ public function offsetExists( $offset ) { * @since 4.4.0 * @access public * - * @param string $key Parameter name. + * @param string $offset Parameter name. * @return mixed|null Value if set, null otherwise. */ - // @codingStandardsIgnoreStart public function offsetGet( $offset ) { - // @codingStandardsIgnoreEnd return $this->get_param( $offset ); } @@ -909,13 +906,11 @@ public function offsetGet( $offset ) { * @since 4.4.0 * @access public * - * @param string $key Parameter name. - * @param mixed $value Parameter value. + * @param string $offset Parameter name. + * @param mixed $value Parameter value. */ - // @codingStandardsIgnoreStart public function offsetSet( $offset, $value ) { - // @codingStandardsIgnoreEnd - return $this->set_param( $offset, $value ); + $this->set_param( $offset, $value ); } /** @@ -924,12 +919,9 @@ public function offsetSet( $offset, $value ) { * @since 4.4.0 * @access public * - * @param string $key Parameter name. - * @param mixed $value Parameter value. + * @param string $offset Parameter name. */ - // @codingStandardsIgnoreStart public function offsetUnset( $offset ) { - // @codingStandardsIgnoreEnd $order = $this->get_parameter_order(); // Remove the offset from every group. diff --git a/lib/infrastructure/class-wp-rest-response.php b/lib/infrastructure/class-wp-rest-response.php index 72471246..cf1fe627 100644 --- a/lib/infrastructure/class-wp-rest-response.php +++ b/lib/infrastructure/class-wp-rest-response.php @@ -65,7 +65,7 @@ public function add_link( $rel, $href, $attributes = array() ) { } if ( isset( $attributes['href'] ) ) { - // Remove the href attribute, as it's used for the main URL + // Remove the href attribute, as it's used for the main URL. unset( $attributes['href'] ); } @@ -116,7 +116,7 @@ public function remove_link( $rel, $href = null ) { */ public function add_links( $links ) { foreach ( $links as $rel => $set ) { - // If it's a single link, wrap with an array for consistent handling + // If it's a single link, wrap with an array for consistent handling. if ( isset( $set['href'] ) ) { $set = array( $set ); } @@ -150,8 +150,8 @@ public function get_links() { * @link http://tools.ietf.org/html/rfc5988 * @link http://www.iana.org/assignments/link-relations/link-relations.xml * - * @param string $rel Link relation. Either an IANA registered type, or an absolute URL - * @param string $link Target IRI for the link + * @param string $rel Link relation. Either an IANA registered type, or an absolute URL. + * @param string $link Target IRI for the link. * @param array $other Optional. Other parameters to send, as an assocative array. * Default empty array. */ @@ -164,7 +164,7 @@ public function link_header( $rel, $link, $other = array() ) { } $header .= '; ' . $key . '=' . $value; } - return $this->header( 'Link', $header, false ); + $this->header( 'Link', $header, false ); } /** diff --git a/lib/infrastructure/class-wp-rest-server.php b/lib/infrastructure/class-wp-rest-server.php index c04e4970..cd147684 100644 --- a/lib/infrastructure/class-wp-rest-server.php +++ b/lib/infrastructure/class-wp-rest-server.php @@ -235,7 +235,7 @@ public function check_authentication() { * @access protected * * @param WP_Error $error WP_Error instance. - * @return array List of associative arrays with code and message keys. + * @return WP_REST_Response List of associative arrays with code and message keys. */ protected function error_to_response( $error ) { $error_data = $error->get_error_data(); @@ -270,8 +270,8 @@ protected function error_to_response( $error ) { * @since 4.4.0 * @access protected * - * @param string $code WP_Error-style code - * @param string $message Human-readable message + * @param string $code WP_Error-style code. + * @param string $message Human-readable message. * @param int $status Optional. HTTP status code to send. Default null. * @return string JSON representation of the error */ @@ -331,6 +331,8 @@ public function serve_request( $path = null ) { */ $jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true ); + $jsonp_callback = null; + if ( ! $enabled ) { echo $this->json_error( 'rest_disabled', __( 'The REST API is disabled on this site.' ), 404 ); return false; @@ -341,8 +343,14 @@ public function serve_request( $path = null ) { return false; } - // Check for invalid characters (only alphanumeric allowed) - if ( ! is_string( $_GET['_jsonp'] ) || preg_match( '/[^\w\.]/', $_GET['_jsonp'] ) ) { + // Check for invalid characters (only alphanumeric allowed). + if ( is_string( $_GET['_jsonp'] ) ) { + $jsonp_callback = preg_replace( '/[^\w\.]/', '', wp_unslash( $_GET['_jsonp'] ), -1, $illegal_char_count ); + if ( 0 !== $illegal_char_count ) { + $jsonp_callback = null; + } + } + if ( null === $jsonp_callback ) { echo $this->json_error( 'rest_callback_invalid', __( 'The JSONP callback function is invalid.' ), 400 ); return false; } @@ -432,7 +440,7 @@ public function serve_request( $path = null ) { if ( ! $served ) { if ( 'HEAD' === $request->get_method() ) { - return; + return null; } // Embed links inside the request. @@ -447,14 +455,15 @@ public function serve_request( $path = null ) { $result = wp_json_encode( $result->data[0] ); } - if ( isset( $_GET['_jsonp'] ) ) { + if ( $jsonp_callback ) { // Prepend '/**/' to mitigate possible JSONP Flash attacks // http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ - echo '/**/' . $_GET['_jsonp'] . '(' . $result . ')'; + echo '/**/' . $jsonp_callback . '(' . $result . ')'; } else { echo $result; } } + return null; } /** @@ -463,9 +472,14 @@ public function serve_request( $path = null ) { * @since 4.4.0 * @access public * - * @param WP_REST_Response $response Response object + * @param WP_REST_Response $response Response object. * @param bool $embed Whether links should be embedded. - * @return array + * @return array { + * Data with sub-requests embedded. + * + * @type array [$_links] Links. + * @type array [$_embedded] Embeddeds. + * } */ public function response_to_data( $response, $embed ) { $data = $this->prepare_response( $response->get_data() ); @@ -529,7 +543,12 @@ public static function get_response_links( $response ) { * @access protected * * @param array $data Data from the request. - * @return array Data with sub-requests embedded. + * @return array { + * Data with sub-requests embedded. + * + * @type array [$_links] Links. + * @type array [$_embedded] Embeddeds. + * } */ protected function embed_links( $data ) { if ( empty( $data['_links'] ) ) { @@ -614,7 +633,7 @@ protected function embed_links( $data ) { * @since 4.4.0 * @access public * - * @param WP_REST_Response $response Response object + * @param WP_REST_Response $response Response object. * @param bool $embed Whether links should be embedded. * @return WP_REST_Response New response with wrapped data */ @@ -645,6 +664,7 @@ public function envelope_response( $response, $embed ) { * @since 4.4.0 * @access public * + * @param string $namespace Namespace. * @param string $route The REST route. * @param array $route_args Route arguments. * @param bool $override Optional. Whether the route should be overriden if it already exists. @@ -752,6 +772,8 @@ public function get_routes() { $methods = explode( ',', $handler['methods'] ); } else if ( is_array( $handler['methods'] ) ) { $methods = $handler['methods']; + } else { + $methods = array(); } $handler['methods'] = array(); @@ -828,7 +850,7 @@ public function dispatch( $request ) { foreach ( $this->get_routes() as $route => $handlers ) { foreach ( $handlers as $handler ) { - $callback = $handler['callback']; + $callback = $handler['callback']; $response = null; if ( empty( $handler['methods'][ $method ] ) ) { @@ -929,7 +951,7 @@ public function dispatch( $request ) { * * @return bool|string Boolean false or string error message. */ - protected function get_json_last_error( ) { + protected function get_json_last_error() { // See https://core.trac.wordpress.org/ticket/27799. if ( ! function_exists( 'json_last_error' ) ) { return false; @@ -954,6 +976,11 @@ protected function get_json_last_error( ) { * @since 4.4.0 * @access public * + * @param array $request { + * Request. + * + * @type string $context Context. + * } * @return array Index entity */ public function get_index( $request ) { @@ -1011,7 +1038,7 @@ public function get_namespace_index( $request ) { ); $response = rest_ensure_response( $data ); - // Link to the root index + // Link to the root index. $response->add_link( 'up', rest_url( '/' ) ); /** @@ -1034,7 +1061,7 @@ public function get_namespace_index( $request ) { * @since 4.4.0 * @access public * - * @param array $routes Routes to get data for + * @param array $routes Routes to get data for. * @param string $context Optional. Context for data. Accepts 'view' or 'help'. Default 'view'. * @return array Route data to expose in indexes. */ @@ -1165,8 +1192,8 @@ protected function set_status( $code ) { * @since 4.4.0 * @access public * - * @param string $key Header key - * @param string $value Header value + * @param string $key Header key. + * @param string $value Header value. */ public function send_header( $key, $value ) { /* diff --git a/plugin.php b/plugin.php index 90374a6a..f1a60efd 100644 --- a/plugin.php +++ b/plugin.php @@ -181,15 +181,8 @@ function rest_api_maybe_flush_rewrites() { * @since 4.4.0 * * @internal This will live in default-filters.php - * - * @global WP_REST_Posts $WP_REST_posts - * @global WP_REST_Pages $WP_REST_pages - * @global WP_REST_Media $WP_REST_media - * @global WP_REST_Taxonomies $WP_REST_taxonomies - * - * @param WP_REST_Server $server Server object. */ -function rest_api_default_filters( $server ) { +function rest_api_default_filters() { // Deprecated reporting. add_action( 'deprecated_function_run', 'rest_handle_deprecated_function', 10, 3 ); add_filter( 'deprecated_function_trigger_error', '__return_false' ); @@ -406,6 +399,8 @@ function rest_url( $path = '', $scheme = 'json' ) { * * @since 4.4.0 * + * @global WP_REST_Server $wp_rest_server + * * @param WP_REST_Request|string $request * @return WP_REST_Response REST response. */ @@ -562,6 +557,7 @@ function rest_handle_options_request( $response, $handler, $request ) { * @param WP_REST_Response $response Current response being served. * @param WP_REST_Server $server ResponseHandler instance (usually WP_REST_Server). * @param WP_REST_Request $request The request that was used to make current response. + * @return WP_REST_Response Current response being served. */ function rest_send_allow_header( $response, $server, $request ) {