| 1 |  |  | <?php | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  | include JETPACK__PLUGIN_DIR . '/modules/module-info.php'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  | /** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  |  * Base class for Jetpack Endpoints, has the validate_call helper function. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  |  */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  | abstract class Jetpack_JSON_API_Endpoint extends WPCOM_JSON_API_Endpoint { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 9 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 10 |  |  | 	protected $needed_capabilities; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 11 |  |  | 	protected $expected_actions = array(); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 12 |  |  | 	protected $action; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 13 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 14 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 15 |  |  | 	public function callback( $path = '', $blog_id = 0, $object = null ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 16 |  |  | 		if ( is_wp_error( $error = $this->validate_call( $blog_id, $this->needed_capabilities ) ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 17 |  |  | 			return $error; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 18 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 19 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 20 |  |  | 		if ( is_wp_error( $error = $this->validate_input( $object ) ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 21 |  |  | 			return $error; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 22 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 23 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 24 |  |  | 		if ( ! empty( $this->action ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 25 |  |  | 			if( is_wp_error( $error = call_user_func( array( $this, $this->action ) ) ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 26 |  |  | 				return $error; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 27 |  |  | 			} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 28 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 29 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 30 |  |  | 		return $this->result(); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 31 |  |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 32 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 33 |  |  | 	abstract protected function result(); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 34 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 35 |  |  | 	protected function validate_input( $object ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 36 |  |  | 		$args = $this->input(); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 37 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 38 |  |  | 		if( isset( $args['action'] ) && $args['action'] == 'update' ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 39 |  |  | 			$this->action = 'update'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 40 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 41 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 42 |  |  | 		if ( preg_match( "/\/update\/?$/", $this->path ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 43 |  |  | 			$this->action = 'update'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 44 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 45 |  |  | 		} elseif( preg_match( "/\/install\/?$/", $this->path ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 46 |  |  | 			$this->action = 'install'; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 47 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 48 |  |  | 		} elseif( ! empty( $args['action'] ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 49 |  |  | 			if( ! in_array( $args['action'], $this->expected_actions ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 50 |  |  | 				return new WP_Error( 'invalid_action', __( 'You must specify a valid action', 'jetpack' ) ); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 51 |  |  | 			} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 52 |  |  | 			$this->action =  $args['action']; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 53 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 54 |  |  | 		return true; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 55 |  |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 56 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 57 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 58 |  |  | 	 * Switches to the blog and checks current user capabilities. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 59 |  |  | 	 * @return bool|WP_Error a WP_Error object or true if things are good. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 60 |  |  | 	 */ | 
            
                                                                                                            
                            
            
                                    
            
            
                | 61 |  |  | 	protected function validate_call( $_blog_id, $capability, $check_manage_active = true ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 62 |  |  | 		$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $_blog_id ) ); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 63 |  |  | 		if ( is_wp_error( $blog_id ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 64 |  |  | 			return $blog_id; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 65 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 66 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 67 |  |  | 		if ( is_wp_error( $error = $this->check_capability( $capability ) ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 68 |  |  | 			return $error; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 69 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 70 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 71 |  |  | 		if ( $check_manage_active &&  'GET' !== $this->method && ! Jetpack::is_module_active( 'manage' ) ) { | 
            
                                                                                                            
                            
            
                                    
            
            
                | 72 |  |  | 			return new WP_Error( 'unauthorized_full_access', __( 'Full management mode is off for this site.', 'jetpack' ), 403 ); | 
            
                                                                                                            
                            
            
                                    
            
            
                | 73 |  |  | 		} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 74 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 75 |  |  | 		return true; | 
            
                                                                                                            
                            
            
                                    
            
            
                | 76 |  |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 77 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 78 |  |  | 	/** | 
            
                                                                                                            
                            
            
                                    
            
            
                | 79 |  |  | 	 * @param $capability | 
            
                                                                                                            
                            
            
                                    
            
            
                | 80 |  |  | 	 * | 
            
                                                                                                            
                            
            
                                    
            
            
                | 81 |  |  | 	 * @return bool|WP_Error | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 82 |  |  | 	 */ | 
            
                                                                        
                            
            
                                    
            
            
                | 83 |  |  | 	protected function check_capability( $capability ) { | 
            
                                                                        
                            
            
                                    
            
            
                | 84 |  |  | 		if ( is_array( $capability ) ) { | 
            
                                                                        
                            
            
                                    
            
            
                | 85 |  |  | 			// the idea is that the we can pass in an array of capabilitie that the user needs to have before we allowing them to do something | 
            
                                                                        
                            
            
                                    
            
            
                | 86 |  |  | 			$capabilities = ( isset( $capability['capabilities'] ) ? $capability['capabilities'] : $capability ); | 
            
                                                                        
                            
            
                                    
            
            
                | 87 |  |  |  | 
            
                                                                        
                            
            
                                    
            
            
                | 88 |  |  | 			// We can pass in the number of conditions we must pass by default it is all. | 
            
                                                                        
                            
            
                                    
            
            
                | 89 |  |  | 			$must_pass = ( isset( $capability['must_pass'] ) && is_int( $capability['must_pass'] ) ? $capability['must_pass'] : count( $capabilities ) ); | 
            
                                                                        
                            
            
                                    
            
            
                | 90 |  |  |  | 
            
                                                                        
                            
            
                                    
            
            
                | 91 |  |  | 			$failed = array(); // store the failed capabilities | 
            
                                                                        
                            
            
                                    
            
            
                | 92 |  |  | 			$passed = 0; // | 
            
                                                                        
                            
            
                                    
            
            
                | 93 |  |  |  | 
            
                                                                        
                            
            
                                    
            
            
                | 94 |  |  | 			foreach ( $capabilities as $cap ) { | 
            
                                                                        
                            
            
                                    
            
            
                | 95 |  |  | 				if ( current_user_can( $cap ) ) { | 
            
                                                                        
                            
            
                                    
            
            
                | 96 |  |  | 					$passed ++; | 
            
                                                                        
                            
            
                                    
            
            
                | 97 |  |  | 				} else { | 
            
                                                                        
                            
            
                                    
            
            
                | 98 |  |  | 					$failed[] = $cap; | 
            
                                                                        
                            
            
                                    
            
            
                | 99 |  |  | 				} | 
            
                                                                        
                            
            
                                    
            
            
                | 100 |  |  | 			} | 
            
                                                                        
                            
            
                                    
            
            
                | 101 |  |  | 			// Check that must have conditions is less then | 
            
                                                                        
                            
            
                                                                    
                                                                                                        
            
            
                | 102 |  | View Code Duplication | 			if ( $passed < $must_pass ) { | 
            
                                                                        
                            
            
                                    
            
            
                | 103 |  |  | 				return new WP_Error( 'unauthorized', sprintf( __( 'This user is not authorized to %s on this blog.', 'jetpack' ), implode( ', ', $failed ), 403 ) ); | 
            
                                                                        
                            
            
                                    
            
            
                | 104 |  |  | 			} | 
            
                                                                        
                            
            
                                    
            
            
                | 105 |  |  |  | 
            
                                                                        
                            
            
                                                                    
                                                                                                        
            
            
                | 106 |  | View Code Duplication | 		} else { | 
            
                                                                        
                            
            
                                    
            
            
                | 107 |  |  | 			if ( !current_user_can( $capability ) ) { | 
            
                                                                        
                            
            
                                    
            
            
                | 108 |  |  | 				return new WP_Error( 'unauthorized', sprintf( __( 'This user is not authorized to %s on this blog.', 'jetpack' ), $capability ), 403 ); | 
            
                                                                        
                            
            
                                    
            
            
                | 109 |  |  | 			} | 
            
                                                                        
                            
            
                                    
            
            
                | 110 |  |  | 		} | 
            
                                                                        
                            
            
                                    
            
            
                | 111 |  |  |  | 
            
                                                                        
                            
            
                                    
            
            
                | 112 |  |  | 		return true; | 
            
                                                                        
                            
            
                                    
            
            
                | 113 |  |  | 	} | 
            
                                                                                                            
                            
            
                                    
            
            
                | 114 |  |  |  | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 115 |  |  | } | 
            
                                                        
            
                                    
            
            
                | 116 |  |  |  |