1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace GeminiLabs\SiteReviews; |
4
|
|
|
|
5
|
|
|
use GeminiLabs\SiteReviews\Application; |
6
|
|
|
use GeminiLabs\SiteReviews\Controllers\AdminController; |
7
|
|
|
use GeminiLabs\SiteReviews\Controllers\AjaxController; |
8
|
|
|
use GeminiLabs\SiteReviews\Controllers\PublicController; |
9
|
|
|
use GeminiLabs\SiteReviews\Helper; |
10
|
|
|
|
11
|
|
|
class Router |
12
|
|
|
{ |
13
|
|
|
/** |
14
|
|
|
* @return void |
15
|
|
|
*/ |
16
|
|
|
public function routeAdminPostRequest() |
17
|
|
|
{ |
18
|
|
|
$request = filter_input( INPUT_POST, Application::ID, FILTER_DEFAULT, FILTER_REQUIRE_ARRAY ); |
19
|
|
|
if( !isset( $request['action'] ))return; |
20
|
|
|
$this->checkNonce( $request['action'] ); |
21
|
|
|
$this->routeRequest( 'admin', $request['action'], $request ); |
22
|
|
|
} |
23
|
|
|
|
24
|
|
|
/** |
25
|
|
|
* @return void |
26
|
|
|
*/ |
27
|
|
|
public function routeAjaxRequest() |
28
|
|
|
{ |
29
|
|
|
$request = $this->normalizeAjaxRequest(); |
30
|
|
|
if( !wp_verify_nonce( $request['nonce'], $request['action'] )) { |
31
|
|
|
glsr_log()->error( 'Nonce check failed for ajax request' )->info( $request ); |
32
|
|
|
wp_die( -1, 403 ); |
33
|
|
|
} |
34
|
|
|
$this->routeRequest( 'ajax', $request['action'], $request ); |
35
|
|
|
wp_die(); |
36
|
|
|
} |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* @return void |
40
|
|
|
*/ |
41
|
|
|
public function routePublicPostRequest() |
42
|
|
|
{ |
43
|
|
|
// $action = filter_input( INPUT_POST, 'action' ); |
|
|
|
|
44
|
|
|
// $request = $this->normalize( $_POST ); |
|
|
|
|
45
|
|
|
// $this->routeRequest( 'public', $action, $request ); |
|
|
|
|
46
|
|
|
} |
47
|
|
|
|
48
|
|
|
/** |
49
|
|
|
* @param string $type |
50
|
|
|
* @param string $action |
51
|
|
|
* @return void |
52
|
|
|
*/ |
53
|
|
|
public function routeRequest( $type, $action, array $request = [] ) |
54
|
|
|
{ |
55
|
|
|
$controller = glsr( glsr( Helper::class )->buildClassName( $type.'-controller', 'Controllers' )); |
56
|
|
|
$method = glsr( Helper::class )->buildMethodName( $action, 'router' ); |
57
|
|
|
if( is_callable( [$controller, $method] )) { |
58
|
|
|
call_user_func( [$controller, $method], $request ); |
59
|
|
|
return; |
60
|
|
|
} |
61
|
|
|
$actionHook = 'site-reviews/route/'.$type.'/request'; |
62
|
|
|
do_action( $actionHook, $action, $request ); |
63
|
|
|
if( did_action( $actionHook ) === 0 ) { |
64
|
|
|
glsr_log( 'Unknown '.$type.' router request: '.$action ); |
65
|
|
|
} |
66
|
|
|
} |
67
|
|
|
|
68
|
|
|
/** |
69
|
|
|
* @return void |
70
|
|
|
*/ |
71
|
|
|
public function routeWebhookRequest() |
72
|
|
|
{ |
73
|
|
|
$request = filter_input( INPUT_GET, sprintf( '%s-hook', Application::ID )); |
74
|
|
|
if( !$request )return; |
75
|
|
|
// @todo manage webhook here |
76
|
|
|
} |
77
|
|
|
|
78
|
|
|
/** |
79
|
|
|
* @param string $action |
80
|
|
|
* @return void |
81
|
|
|
* @todo verify the $action-options |
82
|
|
|
*/ |
83
|
|
|
protected function checkNonce( $action ) |
84
|
|
|
{ |
85
|
|
|
$nonce = filter_input( INPUT_POST, 'option_page' ) == $action |
86
|
|
|
&& filter_input( INPUT_POST, 'action' ) == 'update' |
87
|
|
|
? $action.'-options' |
88
|
|
|
: $action; |
89
|
|
|
check_admin_referer( $nonce ); |
90
|
|
|
} |
91
|
|
|
|
92
|
|
|
/** |
93
|
|
|
* Undo damage done by javascript: encodeURIComponent() and sanitize values |
94
|
|
|
* @return array |
95
|
|
|
*/ |
96
|
|
|
protected function normalize( array $request ) |
97
|
|
|
{ |
98
|
|
|
array_walk_recursive( $request, function( &$value ) { |
99
|
|
|
$value = stripslashes( $value ); |
100
|
|
|
}); |
101
|
|
|
return $request; |
102
|
|
|
} |
103
|
|
|
|
104
|
|
|
/** |
105
|
|
|
* All ajax requests in the plugin are triggered by a single action hook |
106
|
|
|
* Each route is determined by the request["action"] |
107
|
|
|
* @return array|void |
108
|
|
|
*/ |
109
|
|
|
protected function normalizeAjaxRequest() |
110
|
|
|
{ |
111
|
|
|
$request = filter_input( INPUT_POST, 'request', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY ); |
112
|
|
|
if( isset( $request[Application::ID]['action'] )) { |
113
|
|
|
$request = $request[Application::ID]; |
114
|
|
|
} |
115
|
|
|
if( !isset( $request['action'] )) { |
116
|
|
|
glsr_log()->error( 'The AJAX request must include an action' )->info( $request ); |
117
|
|
|
wp_die(); |
118
|
|
|
} |
119
|
|
|
if( !isset( $request['nonce'] )) { |
120
|
|
|
glsr_log()->error( 'The AJAX request must include a nonce' )->info( $request ); |
121
|
|
|
wp_die(); |
122
|
|
|
} |
123
|
|
|
$request['ajax_request'] = true; |
124
|
|
|
return $this->normalize( $request ); |
125
|
|
|
} |
126
|
|
|
} |
127
|
|
|
|
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.