|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* Primary service for dispatching ajax calls. |
|
7
|
|
|
* |
|
8
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
|
9
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
|
10
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
|
11
|
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
|
12
|
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
13
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
14
|
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
15
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
16
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
17
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
|
18
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
19
|
|
|
* |
|
20
|
|
|
* @author Glynn Quelch <[email protected]> |
|
21
|
|
|
* @license http://www.opensource.org/licenses/mit-license.html MIT License |
|
22
|
|
|
* @package PinkCrab\Ajax |
|
23
|
|
|
*/ |
|
24
|
|
|
|
|
25
|
|
|
namespace PinkCrab\Ajax\Dispatcher; |
|
26
|
|
|
|
|
27
|
|
|
use PinkCrab\Ajax\Ajax; |
|
28
|
|
|
use PinkCrab\Nonce\Nonce; |
|
29
|
|
|
use PinkCrab\Ajax\Ajax_Helper; |
|
30
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
31
|
|
|
|
|
32
|
|
|
class Ajax_Request_Validator { |
|
33
|
|
|
|
|
34
|
|
|
protected ServerRequestInterface $server_request; |
|
35
|
|
|
|
|
36
|
|
|
public function __construct( ServerRequestInterface $server_request ) { |
|
37
|
|
|
$this->server_request = $server_request; |
|
38
|
|
|
} |
|
39
|
|
|
|
|
40
|
|
|
/** |
|
41
|
|
|
* Validates a ajax call based on current request. |
|
42
|
|
|
* |
|
43
|
|
|
* @param \PinkCrab\Ajax\Ajax $ajax |
|
44
|
|
|
* @return bool |
|
45
|
|
|
*/ |
|
46
|
|
|
public function validate( Ajax $ajax ): bool { |
|
47
|
|
|
if ( ! $ajax->has_nonce() ) { |
|
48
|
|
|
return true; |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
// Find nonce value in request |
|
52
|
|
|
$nonce_value = $this->find_nonce( $ajax->get_nonce_field() ); |
|
53
|
|
|
|
|
54
|
|
|
// If no nonce value found in request. |
|
55
|
|
|
if ( is_null( $nonce_value ) ) { |
|
56
|
|
|
return false; |
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
|
|
/* @phpstan-ignore-next-line, nonce handle checked at start of method*/ |
|
60
|
|
|
return ( new Nonce( $ajax->get_nonce_handle() ) ) |
|
61
|
|
|
->validate( $nonce_value ); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
/** |
|
65
|
|
|
* Attempts to extract the nonce from the request |
|
66
|
|
|
* |
|
67
|
|
|
* @param string $nonce_field |
|
68
|
|
|
* @return string|null |
|
69
|
|
|
*/ |
|
70
|
|
|
protected function find_nonce( string $nonce_field ): ?string { |
|
71
|
|
|
$args = Ajax_Helper::extract_server_request_args( $this->server_request ); |
|
72
|
|
|
|
|
73
|
|
|
return \array_key_exists( $nonce_field, $args ) |
|
74
|
|
|
? $args[ $nonce_field ] |
|
75
|
|
|
: null; |
|
76
|
|
|
} |
|
77
|
|
|
} |
|
78
|
|
|
|
Pink-Crab /
Perique-Ajax
