) { return new WP_Error( 'rest_too_long', sprintf( /* translators: 1: Parameter, 2: Number of characters. */ _n( '%1$s must be at most %2$s character long.', '%1$s must be at most %2$s characters long.', $args['maxLength'] ), $param, number_format_i18n( $args['maxLength'] ) ) ); } if ( isset( $args['pattern'] ) && ! rest_validate_json_schema_pattern( $args['pattern'], $value ) ) { return new WP_Error( 'rest_invalid_pattern', /* translators: 1: Parameter, 2: Pattern. */ sprintf( __( '%1$s does not match pattern %2$s.' ), $param, $args['pattern'] ) ); } return true; } /** * Validates an integer value based on a schema. * * @since 5.7.0 * * @param mixed $value The value to validate. * @param array $args Schema array to use for validation. * @param string $param The parameter name, used in error messages. * @return true|WP_Error */ function rest_validate_integer_value_from_schema( $value, $args, $param ) { $is_valid_number = rest_validate_number_value_from_schema( $value, $args, $param ); if ( is_wp_error( $is_valid_number ) ) { return $is_valid_number; } if ( ! rest_is_integer( $value ) ) { return new WP_Error( 'rest_invalid_type', /* translators: 1: Parameter, 2: Type name. */ sprintf( __( '%1$s is not of type %2$s.' ), $param, 'integer' ), array( 'param' => $param ) ); } return true; } /** * Sanitize a value based on a schema. * * @since 4.7.0 * @since 5.5.0 Added the `$param` parameter. * @since 5.6.0 Support the "anyOf" and "oneOf" keywords. * * @param mixed $value The value to sanitize. * @param array $args Schema array to use for sanitization. * @param string $param The parameter name, used in error messages. * @return mixed|WP_Error The sanitized value or a WP_Error instance if the value cannot be safely sanitized. */ function rest_sanitize_value_from_schema( $value, $args, $param = '' ) { if ( isset( $args['anyOf'] ) ) { $matching_schema = rest_find_any_matching_schema( $value, $args, $param ); if ( is_wp_error( $matching_schema ) ) { return $matching_schema; } if ( ! isset( $args['type'] ) ) { $args['type'] = $matching_schema['type']; } $value = rest_sanitize_value_from_schema( $value, $matching_schema, $param ); } if ( isset( $args['oneOf'] ) ) { $matching_schema = rest_find_one_matching_schema( $value, $args, $param ); if ( is_wp_error( $matching_schema ) ) { return $matching_schema; } if ( ! isset( $args['type'] ) ) { $args['type'] = $matching_schema['type']; } $value = rest_sanitize_value_from_schema( $value, $matching_schema, $param ); } $allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' ); if ( ! isset( $args['type'] ) ) { /* translators: %s: Parameter. */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'The "type" schema keyword for %s is required.' ), $param ), '5.5.0' ); } if ( is_array( $args['type'] ) ) { $best_type = rest_handle_multi_type_schema( $value, $args, $param ); if ( ! $best_type ) { return null; } $args['type'] = $best_type; } if ( ! in_array( $args['type'], $allowed_types, true ) ) { _doing_it_wrong( __FUNCTION__, /* translators: 1: Parameter, 2: The list of allowed types. */ wp_sprintf( __( 'The "type" schema keyword for %1$s can only be one of the built-in types: %2$l.' ), $param, $allowed_types ), '5.5.0' ); } if ( 'array' === $args['type'] ) { $value = rest_sanitize_array( $value ); if ( ! empty( $args['items'] ) ) { foreach ( $value as $index => $v ) { $value[ $index ] = rest_sanitize_value_from_schema( $v, $args['items'], $param . '[' . $index . ']' ); } } if ( ! empty( $args['uniqueItems'] ) && ! rest_validate_array_contains_unique_items( $value ) ) { /* translators: %s: Parameter. */ return new WP_Error( 'rest_duplicate_items', sprintf( __( '%s has duplicate items.' ), $param ) ); } return $value; } if ( 'object' === $args['type'] ) { $value = rest_sanitize_object( $value ); foreach ( $value as $property => $v ) { if ( isset( $args['properties'][ $property ] ) ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['properties'][ $property ], $param . '[' . $property . ']' ); continue; } $pattern_property_schema = rest_find_matching_pattern_property_schema( $property, $args ); if ( null !== $pattern_property_schema ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $pattern_property_schema, $param . '[' . $property . ']' ); continue; } if ( isset( $args['additionalProperties'] ) ) { if ( false === $args['additionalProperties'] ) { unset( $value[ $property ] ); } elseif ( is_array( $args['additionalProperties'] ) ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['additionalProperties'], $param . '[' . $property . ']' ); } } } return $value; } if ( 'null' === $args['type'] ) { return null; } if ( 'integer' === $args['type'] ) { return (int) $value; } if ( 'number' === $args['type'] ) { return (float) $value; } if ( 'boolean' === $args['type'] ) { return rest_sanitize_boolean( $value ); } // This behavior matches rest_validate_value_from_schema(). if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) { switch ( $args['format'] ) { case 'hex-color': return (string) sanitize_hex_color( $value ); case 'date-time': return sanitize_text_field( $value ); case 'email': // sanitize_email() validates, which would be unexpected. return sanitize_text_field( $value ); case 'uri': return esc_url_raw( $value ); case 'ip': return sanitize_text_field( $value ); case 'uuid': return sanitize_text_field( $value ); } } if ( 'string' === $args['type'] ) { return (string) $value; } return $value; } /** * Append result of internal request to REST API for purpose of preloading data to be attached to a page. * Expected to be called in the context of `array_reduce`. * * @since 5.0.0 * * @param array $memo Reduce accumulator. * @param string $path REST API path to preload. * @return array Modified reduce accumulator. */ function rest_preload_api_request( $memo, $path ) { // array_reduce() doesn't support passing an array in PHP 5.2, // so we need to make sure we start with one. if ( ! is_array( $memo ) ) { $memo = array(); } if ( empty( $path ) ) { return $memo; } $method = 'GET'; if ( is_array( $path ) && 2 === count( $path ) ) { $method = end( $path ); $path = reset( $path ); if ( ! in_array( $method, array( 'GET', 'OPTIONS' ), true ) ) { $method = 'GET'; } } $path_parts = parse_url( $path ); if ( false === $path_parts ) { return $memo; } $request = new WP_REST_Request( $method, $path_parts['path'] ); if ( ! empty( $path_parts['query'] ) ) { parse_str( $path_parts['query'], $query_params ); $request->set_query_params( $query_params ); } $response = rest_do_request( $request ); if ( 200 === $response->status ) { $server = rest_get_server(); $embed = $request->has_param( '_embed' ) ? rest_parse_embed_param( $request['_embed'] ) : false; $data = (array) $server->response_to_data( $response, $embed ); if ( 'OPTIONS' === $method ) { $response = rest_send_allow_header( $response, $server, $request ); $memo[ $method ][ $path ] = array( 'body' => $data, 'headers' => $response->headers, ); } else { $memo[ $path ] = array( 'body' => $data, 'headers' => $response->headers, ); } } return $memo; } /** * Parses the "_embed" parameter into the list of resources to embed. * * @since 5.4.0 * * @param string|array $embed Raw "_embed" parameter value. * @return true|string[] Either true to embed all embeds, or a list of relations to embed. */ function rest_parse_embed_param( $embed ) { if ( ! $embed || 'true' === $embed || '1' === $embed ) { return true; } $rels = wp_parse_list( $embed ); if ( ! $rels ) { return true; } return $rels; } /** * Filters the response to remove any fields not available in the given context. * * @since 5.5.0 * @since 5.6.0 Support the "patternProperties" keyword for objects. * Support the "anyOf" and "oneOf" keywords. * * @param array|object $data The response data to modify. * @param array $schema The schema for the endpoint used to filter the response. * @param string $context The requested context. * @return array|object The filtered response data. */ function rest_filter_response_by_context( $data, $schema, $context ) { if ( isset( $schema['anyOf'] ) ) { $matching_schema = rest_find_any_matching_schema( $data, $schema, '' ); if ( ! is_wp_error( $matching_schema ) ) { if ( ! isset( $schema['type'] ) ) { $schema['type'] = $matching_schema['type']; } $data = rest_filter_response_by_context( $data, $matching_schema, $context ); } } if ( isset( $schema['oneOf'] ) ) { $matching_schema = rest_find_one_matching_schema( $data, $schema, '', true ); if ( ! is_wp_error( $matching_schema ) ) { if ( ! isset( $schema['type'] ) ) { $schema['type'] = $matching_schema['type']; } $data = rest_filter_response_by_context( $data, $matching_schema, $context ); } } if ( ! is_array( $data ) && ! is_object( $data ) ) { return $data; } if ( isset( $schema['type'] ) ) { $type = $schema['type']; } elseif ( isset( $schema['properties'] ) ) { $type = 'object'; // Back compat if a developer accidentally omitted the type. } else { return $data; } $is_array_type = 'array' === $type || ( is_array( $type ) && in_array( 'array', $type, true ) ); $is_object_type = 'object' === $type || ( is_array( $type ) && in_array( 'object', $type, true ) ); if ( $is_array_type && $is_object_type ) { if ( rest_is_array( $data ) ) { $is_object_type = false; } else { $is_array_type = false; } } $has_additional_properties = $is_object_type && isset( $schema['additionalProperties'] ) && is_array( $schema['additionalProperties'] ); foreach ( $data as $key => $value ) { $check = array(); if ( $is_array_type ) { $check = isset( $schema['items'] ) ? $schema['items'] : array(); } elseif ( $is_object_type ) { if ( isset( $schema['properties'][ $key ] ) ) { $check = $schema['properties'][ $key ]; } else { $pattern_property_schema = rest_find_matching_pattern_property_schema( $key, $schema ); if ( null !== $pattern_property_schema ) { $check = $pattern_property_schema; } elseif ( $has_additional_properties ) { $check = $schema['additionalProperties']; } } } if ( ! isset( $check['context'] ) ) { continue; } if ( ! in_array( $context, $check['context'], true ) ) { if ( $is_array_type ) { // All array items share schema, so there's no need to check each one. $data = array(); break; } if ( is_object( $data ) ) { unset( $data->$key ); } else { unset( $data[ $key ] ); } } elseif ( is_array( $value ) || is_object( $value ) ) { $new_value = rest_filter_response_by_context( $value, $check, $context ); if ( is_object( $data ) ) { $data->$key = $new_value; } else { $data[ $key ] = $new_value; } } } return $data; } /** * Sets the "additionalProperties" to false by default for all object definitions in the schema. * * @since 5.5.0 * @since 5.6.0 Support the "patternProperties" keyword. * * @param array $schema The schema to modify. * @return array The modified schema. */ function rest_default_additional_properties_to_false( $schema ) { $type = (array) $schema['type']; if ( in_array( 'object', $type, true ) ) { if ( isset( $schema['properties'] ) ) { foreach ( $schema['properties'] as $key => $child_schema ) { $schema['properties'][ $key ] = rest_default_additional_properties_to_false( $child_schema ); } } if ( isset( $schema['patternProperties'] ) ) { foreach ( $schema['patternProperties'] as $key => $child_schema ) { $schema['patternProperties'][ $key ] = rest_default_additional_properties_to_false( $child_schema ); } } if ( ! isset( $schema['additionalProperties'] ) ) { $schema['additionalProperties'] = false; } } if ( in_array( 'array', $type, true ) ) { if ( isset( $schema['items'] ) ) { $schema['items'] = rest_default_additional_properties_to_false( $schema['items'] ); } } return $schema; } /** * Gets the REST API route for a post. * * @since 5.5.0 * * @param int|WP_Post $post Post ID or post object. * @return string The route path with a leading slash for the given post, or an empty string if there is not a route. */ function rest_get_route_for_post( $post ) { $post = get_post( $post ); if ( ! $post instanceof WP_Post ) { return ''; } $post_type = get_post_type_object( $post->post_type ); if ( ! $post_type ) { return ''; } $controller = $post_type->get_rest_controller(); if ( ! $controller ) { return ''; } $route = ''; // The only two controllers that we can detect are the Attachments and Posts controllers. if ( in_array( get_class( $controller ), array( 'WP_REST_Attachments_Controller', 'WP_REST_Posts_Controller' ), true ) ) { $namespace = 'wp/v2'; $rest_base = ! empty( $post_type->rest_base ) ? $post_type->rest_base : $post_type->name; $route = sprintf( '/%s/%s/%d', $namespace, $rest_base, $post->ID ); } /** * Filters the REST API route for a post. * * @since 5.5.0 * * @param string $route The route path. * @param WP_Post $post The post object. */ return apply_filters( 'rest_route_for_post', $route, $post ); } /** * Gets the REST API route for a term. * * @since 5.5.0 * * @param int|WP_Term $term Term ID or term object. * @return string The route path with a leading slash for the given term, or an empty string if there is not a route. */ function rest_get_route_for_term( $term ) { $term = get_term( $term ); if ( ! $term instanceof WP_Term ) { return ''; } $taxonomy = get_taxonomy( $term->taxonomy ); if ( ! $taxonomy ) { return ''; } $controller = $taxonomy->get_rest_controller(); if ( ! $controller ) { return ''; } $route = ''; // The only controller that works is the Terms controller. if ( $controller instanceof WP_REST_Terms_Controller ) { $namespace = 'wp/v2'; $rest_base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; $route = sprintf( '/%s/%s/%d', $namespace, $rest_base, $term->term_id ); } /** * Filters the REST API route for a term. * * @since 5.5.0 * * @param string $route The route path. * @param WP_Term $term The term object. */ return apply_filters( 'rest_route_for_term', $route, $term ); } /** * Gets the REST route for the currently queried object. * * @since 5.5.0 * * @return string The REST route of the resource, or an empty string if no resource identified. */ function rest_get_queried_resource_route() { if ( is_singular() ) { $route = rest_get_route_for_post( get_queried_object() ); } elseif ( is_category() || is_tag() || is_tax() ) { $route = rest_get_route_for_term( get_queried_object() ); } elseif ( is_author() ) { $route = '/wp/v2/users/' . get_queried_object_id(); } else { $route = ''; } /** * Filters the REST route for the currently queried object. * * @since 5.5.0 * * @param string $link The route with a leading slash, or an empty string. */ return apply_filters( 'rest_queried_resource_route', $route ); } /** * Retrieves an array of endpoint arguments from the item schema and endpoint method. * * @since 5.6.0 * * @param array $schema The full JSON schema for the endpoint. * @param string $method Optional. HTTP method of the endpoint. The arguments for `CREATABLE` endpoints are * checked for required values and may fall-back to a given default, this is not done * on `EDITABLE` endpoints. Default WP_REST_Server::CREATABLE. * @return array The endpoint arguments. */ function rest_get_endpoint_args_for_schema( $schema, $method = WP_REST_Server::CREATABLE ) { $schema_properties = ! empty( $schema['properties'] ) ? $schema['properties'] : array(); $endpoint_args = array(); $valid_schema_properties = rest_get_allowed_schema_keywords(); $valid_schema_properties = array_diff( $valid_schema_properties, array( 'default', 'required' ) ); foreach ( $schema_properties as $field_id => $params ) { // Arguments specified as `readonly` are not allowed to be set. if ( ! empty( $params['readonly'] ) ) { continue; } $endpoint_args[ $field_id ] = array( 'validate_callback' => 'rest_validate_request_arg', 'sanitize_callback' => 'rest_sanitize_request_arg', ); if ( WP_REST_Server::CREATABLE === $method && isset( $params['default'] ) ) { $endpoint_args[ $field_id ]['default'] = $params['default']; } if ( WP_REST_Server::CREATABLE === $method && ! empty( $params['required'] ) ) { $endpoint_args[ $field_id ]['required'] = true; } foreach ( $valid_schema_properties as $schema_prop ) { if ( isset( $params[ $schema_prop ] ) ) { $endpoint_args[ $field_id ][ $schema_prop ] = $params[ $schema_prop ]; } } // Merge in any options provided by the schema property. if ( isset( $params['arg_options'] ) ) { // Only use required / default from arg_options on CREATABLE endpoints. if ( WP_REST_Server::CREATABLE !== $method ) { $params['arg_options'] = array_diff_key( $params['arg_options'], array( 'required' => '', 'default' => '', ) ); } $endpoint_args[ $field_id ] = array_merge( $endpoint_args[ $field_id ], $params['arg_options'] ); } } return $endpoint_args; } /** * Converts an error to a response object. * * This iterates over all error codes and messages to change it into a flat * array. This enables simpler client behaviour, as it is represented as a * list in JSON rather than an object/map. * * @since 5.7.0 * * @param WP_Error $error WP_Error instance. * * @return WP_REST_Response List of associative arrays with code and message keys. */ function rest_convert_error_to_response( $error ) { $status = array_reduce( $error->get_all_error_data(), function ( $status, $error_data ) { return is_array( $error_data ) && isset( $error_data['status'] ) ? $error_data['status'] : $status; }, 500 ); $errors = array(); foreach ( (array) $error->errors as $code => $messages ) { $all_data = $error->get_all_error_data( $code ); $last_data = array_pop( $all_data ); foreach ( (array) $messages as $message ) { $formatted = array( 'code' => $code, 'message' => $message, 'data' => $last_data, ); if ( $all_data ) { $formatted['additional_data'] = $all_data; } $errors[] = $formatted; } } $data = $errors[0]; if ( count( $errors ) > 1 ) { // Remove the primary error. array_shift( $errors ); $data['additional_errors'] = $errors; } return new WP_REST_Response( $data, $status ); }