|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* REST API endpoint for editing Jetpack Transients. |
|
4
|
|
|
* |
|
5
|
|
|
* @package automattic/jetpack |
|
6
|
|
|
* @since 9.7.0 |
|
7
|
|
|
*/ |
|
8
|
|
|
|
|
9
|
|
|
/** |
|
10
|
|
|
* Jetpack transients API. |
|
11
|
|
|
* |
|
12
|
|
|
* @since 9.7.0 |
|
13
|
|
|
*/ |
|
14
|
|
|
class WPCOM_REST_API_V2_Endpoint_Transient extends WP_REST_Controller { |
|
15
|
|
|
/** |
|
16
|
|
|
* Constructor. |
|
17
|
|
|
*/ |
|
18
|
|
|
public function __construct() { |
|
19
|
|
|
$this->namespace = 'wpcom/v2'; |
|
20
|
|
|
$this->rest_base = 'transients'; |
|
21
|
|
|
add_action( 'rest_api_init', array( $this, 'register_routes' ) ); |
|
22
|
|
|
} |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* Called automatically on `rest_api_init()`. |
|
26
|
|
|
*/ |
|
27
|
|
|
public function register_routes() { |
|
28
|
|
|
// DELETE /sites/<blog-id>/transients/$name route. |
|
29
|
|
|
register_rest_route( |
|
30
|
|
|
$this->namespace, |
|
31
|
|
|
'/' . $this->rest_base . '/(?P<name>\w{1,172})', |
|
32
|
|
|
array( |
|
33
|
|
|
array( |
|
34
|
|
|
'methods' => WP_REST_Server::DELETABLE, |
|
35
|
|
|
'callback' => array( $this, 'delete_transient' ), |
|
36
|
|
|
'permission_callback' => array( $this, 'delete_transient_permissions_check' ), |
|
37
|
|
|
'args' => array( |
|
38
|
|
|
'name' => array( |
|
39
|
|
|
'description' => __( 'The name of the transient to delete.', 'jetpack' ), |
|
40
|
|
|
'required' => true, |
|
41
|
|
|
'type' => 'string', |
|
42
|
|
|
'sanitize_callback' => 'sanitize_text_field', |
|
43
|
|
|
), |
|
44
|
|
|
), |
|
45
|
|
|
), |
|
46
|
|
|
) |
|
47
|
|
|
); |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
/** |
|
51
|
|
|
* Delete transient callback. |
|
52
|
|
|
* |
|
53
|
|
|
* @param \WP_REST_Request $request Full details about the request. |
|
54
|
|
|
* @return array |
|
55
|
|
|
*/ |
|
56
|
|
|
public function delete_transient( \WP_REST_Request $request ) { |
|
57
|
|
|
return array( |
|
58
|
|
|
'success' => delete_transient( $request->get_param( 'name' ) ), |
|
59
|
|
|
); |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
/** |
|
63
|
|
|
* Check if the user has read access, the transient name starts with |
|
64
|
|
|
* "jetpack_connected_user_data_", and that the user is editing |
|
65
|
|
|
* their own transient. |
|
66
|
|
|
* |
|
67
|
|
|
* @param \WP_REST_Request $request Full details about the request. |
|
68
|
|
|
* @return bool|WP_Error |
|
69
|
|
|
*/ |
|
70
|
|
|
public function delete_transient_permissions_check( \WP_REST_Request $request ) { |
|
71
|
|
|
$transient_name = $request->get_param( 'name' ); |
|
72
|
|
|
|
|
73
|
|
|
if ( current_user_can( 'read' ) && |
|
74
|
|
|
false !== strpos( $transient_name, 'jetpack_connected_user_data_' ) && |
|
75
|
|
|
get_current_user_id() === (int) substr( $transient_name, 28 ) ) { |
|
76
|
|
|
return true; |
|
77
|
|
|
} else { |
|
78
|
|
|
return new WP_Error( |
|
79
|
|
|
'authorization_required', |
|
|
|
|
|
|
80
|
|
|
__( 'Sorry, you are not allowed to delete this transient.', 'jetpack' ), |
|
81
|
|
|
array( 'status' => 403 ) |
|
82
|
|
|
); |
|
83
|
|
|
} |
|
84
|
|
|
} |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
wpcom_rest_api_v2_load_plugin( 'WPCOM_REST_API_V2_Endpoint_Transient' ); |
|
88
|
|
|
|
Automattic /
jetpack
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignorePhpDoc annotation to the duplicate definition and it will be ignored.