Issues in class-wc-api.php (master) - Issues in master - woothemes/woocommerce - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1182)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/class-wc-api.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * WooCommerce API
 *
 * Handles WC-API endpoint requests.
 *
 * @author   WooThemes
 * @category API
 * @package  WooCommerce/API
 * @since    2.0
 */

if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

if ( ! class_exists( 'WC_API' ) ) :

class WC_API {

	/**
	 * This is the major version for the REST API and takes
	 * first-order position in endpoint URLs.
	 *
	 * @deprecated 2.6.0
	 * @var string
	 */
	const VERSION = '3.1.0';

	/**
	 * The REST API server.
	 *
	 * @deprecated 2.6.0
	 * @var WC_API_Server
	 */
	public $server;

	/**
	 * REST API authentication class instance.
	 *
	 * @deprecated 2.6.0
	 * @var WC_API_Authentication
	 */
	public $authentication;

	/**
	 * Setup class.
	 *
	 * @since 2.0
	 * @return WC_API

	 */
	public function __construct() {
		// Add query vars.
		add_filter( 'query_vars', array( $this, 'add_query_vars' ), 0 );

		// Register API endpoints.
		add_action( 'init', array( $this, 'add_endpoint' ), 0 );

		// Handle REST API requests.
		add_action( 'parse_request', array( $this, 'handle_rest_api_requests' ), 0 );

		// Handle wc-api endpoint requests.
		add_action( 'parse_request', array( $this, 'handle_api_requests' ), 0 );

		// Ensure payment gateways are initialized in time for API requests.
		add_action( 'woocommerce_api_request', array( 'WC_Payment_Gateways', 'instance' ), 0 );

		// WP REST API.
		$this->rest_api_init();
	}

	/**
	 * Add new query vars.
	 *
	 * @since 2.0
	 * @param array $vars
	 * @return string[]
	 */
	public function add_query_vars( $vars ) {
		$vars[] = 'wc-api';
		$vars[] = 'wc-api-version'; // Deprecated since 2.6.0.
		$vars[] = 'wc-api-route'; // Deprecated since 2.6.0.

		return $vars;
	}

	/**
	 * Add new endpoints.
	 *
	 * @since 2.0
	 */
	public static function add_endpoint() {

		// REST API, deprecated since 2.6.0.
		add_rewrite_rule( '^wc-api/v([1-3]{1})/?$', 'index.php?wc-api-version=$matches[1]&wc-api-route=/', 'top' );
		add_rewrite_rule( '^wc-api/v([1-3]{1})(.*)?', 'index.php?wc-api-version=$matches[1]&wc-api-route=$matches[2]', 'top' );

		// WC API for payment gateway IPNs, etc.
		add_rewrite_endpoint( 'wc-api', EP_ALL );
	}


	/**
	 * Handle REST API requests.
	 *
	 * @since 2.2
	 * @deprecated 2.6.0
	 */
	public function handle_rest_api_requests() {
		global $wp;

		if ( ! empty( $_GET['wc-api-version'] ) ) {
			$wp->query_vars['wc-api-version'] = $_GET['wc-api-version'];
		}

		if ( ! empty( $_GET['wc-api-route'] ) ) {
			$wp->query_vars['wc-api-route'] = $_GET['wc-api-route'];
		}

		// REST API request.
		if ( ! empty( $wp->query_vars['wc-api-version'] ) && ! empty( $wp->query_vars['wc-api-route'] ) ) {

			define( 'WC_API_REQUEST', true );
			define( 'WC_API_REQUEST_VERSION', absint( $wp->query_vars['wc-api-version'] ) );

			// Legacy v1 API request.
			if ( 1 === WC_API_REQUEST_VERSION ) {
				$this->handle_v1_rest_api_request();
			} else if ( 2 === WC_API_REQUEST_VERSION ) {
				$this->handle_v2_rest_api_request();
			} else {
				$this->includes();

				$this->server = new WC_API_Server( $wp->query_vars['wc-api-route'] );

				// load API resource classes.
				$this->register_resources( $this->server );

				// Fire off the request.
				$this->server->serve_request();
			}

			exit;
		}
	}

	/**
	 * Include required files for REST API request.
	 *
	 * @since 2.1
	 * @deprecated 2.6.0
	 */
	public function includes() {

		// API server / response handlers.
		include_once( 'api/legacy/v3/class-wc-api-exception.php' );
		include_once( 'api/legacy/v3/class-wc-api-server.php' );
		include_once( 'api/legacy/v3/interface-wc-api-handler.php' );
		include_once( 'api/legacy/v3/class-wc-api-json-handler.php' );

		// Authentication.
		include_once( 'api/legacy/v3/class-wc-api-authentication.php' );
		$this->authentication = new WC_API_Authentication();

		include_once( 'api/legacy/v3/class-wc-api-resource.php' );
		include_once( 'api/legacy/v3/class-wc-api-coupons.php' );
		include_once( 'api/legacy/v3/class-wc-api-customers.php' );
		include_once( 'api/legacy/v3/class-wc-api-orders.php' );
		include_once( 'api/legacy/v3/class-wc-api-products.php' );
		include_once( 'api/legacy/v3/class-wc-api-reports.php' );
		include_once( 'api/legacy/v3/class-wc-api-taxes.php' );
		include_once( 'api/legacy/v3/class-wc-api-webhooks.php' );

		// Allow plugins to load other response handlers or resource classes.
		do_action( 'woocommerce_api_loaded' );
	}

	/**
	 * Register available API resources.
	 *
	 * @since 2.1
	 * @deprecated 2.6.0
	 * @param WC_API_Server $server the REST server
	 */
	public function register_resources( $server ) {

		$api_classes = apply_filters( 'woocommerce_api_classes',
			array(
				'WC_API_Coupons',
				'WC_API_Customers',
				'WC_API_Orders',
				'WC_API_Products',
				'WC_API_Reports',
				'WC_API_Taxes',
				'WC_API_Webhooks',
			)
		);

		foreach ( $api_classes as $api_class ) {
			$this->$api_class = new $api_class( $server );
		}
	}


	/**
	 * Handle legacy v1 REST API requests.
	 *
	 * @since 2.2
	 * @deprecated 2.6.0
	 */
	private function handle_v1_rest_api_request() {

		// Include legacy required files for v1 REST API request.
		include_once( 'api/legacy/v1/class-wc-api-server.php' );
		include_once( 'api/legacy/v1/interface-wc-api-handler.php' );
		include_once( 'api/legacy/v1/class-wc-api-json-handler.php' );
		include_once( 'api/legacy/v1/class-wc-api-xml-handler.php' );

		include_once( 'api/legacy/v1/class-wc-api-authentication.php' );
		$this->authentication = new WC_API_Authentication();

		include_once( 'api/legacy/v1/class-wc-api-resource.php' );
		include_once( 'api/legacy/v1/class-wc-api-coupons.php' );
		include_once( 'api/legacy/v1/class-wc-api-customers.php' );
		include_once( 'api/legacy/v1/class-wc-api-orders.php' );
		include_once( 'api/legacy/v1/class-wc-api-products.php' );
		include_once( 'api/legacy/v1/class-wc-api-reports.php' );

		// Allow plugins to load other response handlers or resource classes.
		do_action( 'woocommerce_api_loaded' );

		$this->server = new WC_API_Server( $GLOBALS['wp']->query_vars['wc-api-route'] );

		// Register available resources for legacy v1 REST API request.
		$api_classes = apply_filters( 'woocommerce_api_classes',
			array(
				'WC_API_Customers',
				'WC_API_Orders',
				'WC_API_Products',
				'WC_API_Coupons',
				'WC_API_Reports',
			)
		);

		foreach ( $api_classes as $api_class ) {
			$this->$api_class = new $api_class( $this->server );
		}

		// Fire off the request.
		$this->server->serve_request();
	}

	/**
	 * Handle legacy v2 REST API requests.
	 *
	 * @since 2.4
	 * @deprecated 2.6.0
	 */
	private function handle_v2_rest_api_request() {
		include_once( 'api/legacy/v2/class-wc-api-exception.php' );
		include_once( 'api/legacy/v2/class-wc-api-server.php' );
		include_once( 'api/legacy/v2/interface-wc-api-handler.php' );
		include_once( 'api/legacy/v2/class-wc-api-json-handler.php' );

		include_once( 'api/legacy/v2/class-wc-api-authentication.php' );
		$this->authentication = new WC_API_Authentication();

		include_once( 'api/legacy/v2/class-wc-api-resource.php' );
		include_once( 'api/legacy/v2/class-wc-api-coupons.php' );
		include_once( 'api/legacy/v2/class-wc-api-customers.php' );
		include_once( 'api/legacy/v2/class-wc-api-orders.php' );
		include_once( 'api/legacy/v2/class-wc-api-products.php' );
		include_once( 'api/legacy/v2/class-wc-api-reports.php' );
		include_once( 'api/legacy/v2/class-wc-api-webhooks.php' );

		// allow plugins to load other response handlers or resource classes.
		do_action( 'woocommerce_api_loaded' );

		$this->server = new WC_API_Server( $GLOBALS['wp']->query_vars['wc-api-route'] );

		// Register available resources for legacy v2 REST API request.
		$api_classes = apply_filters( 'woocommerce_api_classes',
			array(
				'WC_API_Customers',
				'WC_API_Orders',
				'WC_API_Products',
				'WC_API_Coupons',
				'WC_API_Reports',
				'WC_API_Webhooks',
			)
		);

		foreach ( $api_classes as $api_class ) {
			$this->$api_class = new $api_class( $this->server );
		}

		// Fire off the request.
		$this->server->serve_request();
	}

	/**
	 * API request - Trigger any API requests.
	 *
	 * @since   2.0
	 * @version 2.4
	 */
	public function handle_api_requests() {
		global $wp;

		if ( ! empty( $_GET['wc-api'] ) ) {
			$wp->query_vars['wc-api'] = $_GET['wc-api'];
		}

		// wc-api endpoint requests.
		if ( ! empty( $wp->query_vars['wc-api'] ) ) {

			// Buffer, we won't want any output here.
			ob_start();

			// No cache headers.
			nocache_headers();

			// Clean the API request.
			$api_request = strtolower( wc_clean( $wp->query_vars['wc-api'] ) );

			// Trigger generic action before request hook.
			do_action( 'woocommerce_api_request', $api_request );

			// Is there actually something hooked into this API request? If not trigger 400 - Bad request.
			status_header( has_action( 'woocommerce_api_' . $api_request ) ? 200 : 400 );

			// Trigger an action which plugins can hook into to fulfill the request.
			do_action( 'woocommerce_api_' . $api_request );

			// Done, clear buffer and exit.
			ob_end_clean();
			die( '-1' );
		}
	}

	/**
	 * Init WP REST API.
	 *
	 * @since 2.6.0
	 */
	private function rest_api_init() {
		global $wp_version;

		// REST API was included starting WordPress 4.4.
		if ( version_compare( $wp_version, 4.4, '<' ) ) {
			return;
		}

		$this->rest_api_includes();

		// Init REST API routes.
		add_action( 'rest_api_init', array( $this, 'register_rest_routes' ) );
	}

	/**
	 * Include REST API classes.
	 *
	 * @since 2.6.0
	 */
	private function rest_api_includes() {
		// Exception handler.
		include_once( 'api/class-wc-rest-exception.php' );

		// Authentication.
		include_once( 'api/class-wc-rest-authentication.php' );

		// WP-API classes and functions.
		include_once( 'vendor/wp-rest-functions.php' );
		if ( ! class_exists( 'WP_REST_Controller' ) ) {
			include_once( 'vendor/class-wp-rest-controller.php' );
		}

		// Abstract controllers.
		include_once( 'abstracts/abstract-wc-rest-controller.php' );
		include_once( 'abstracts/abstract-wc-rest-posts-controller.php' );
		include_once( 'abstracts/abstract-wc-rest-terms-controller.php' );

		// REST API controllers.
		include_once( 'api/class-wc-rest-coupons-controller.php' );
		include_once( 'api/class-wc-rest-customer-downloads-controller.php' );
		include_once( 'api/class-wc-rest-customers-controller.php' );
		include_once( 'api/class-wc-rest-order-notes-controller.php' );
		include_once( 'api/class-wc-rest-order-refunds-controller.php' );
		include_once( 'api/class-wc-rest-orders-controller.php' );
		include_once( 'api/class-wc-rest-product-attribute-terms-controller.php' );
		include_once( 'api/class-wc-rest-product-attributes-controller.php' );
		include_once( 'api/class-wc-rest-product-categories-controller.php' );
		include_once( 'api/class-wc-rest-product-reviews-controller.php' );
		include_once( 'api/class-wc-rest-product-shipping-classes-controller.php' );
		include_once( 'api/class-wc-rest-product-tags-controller.php' );
		include_once( 'api/class-wc-rest-products-controller.php' );
		include_once( 'api/class-wc-rest-report-sales-controller.php' );
		include_once( 'api/class-wc-rest-report-top-sellers-controller.php' );
		include_once( 'api/class-wc-rest-reports-controller.php' );
		include_once( 'api/class-wc-rest-tax-classes-controller.php' );
		include_once( 'api/class-wc-rest-taxes-controller.php' );
		include_once( 'api/class-wc-rest-webhook-deliveries.php' );
		include_once( 'api/class-wc-rest-webhooks-controller.php' );
	}

	/**
	 * Register REST API routes.
	 *
	 * @since 2.6.0
	 */
	public function register_rest_routes() {
		$controllers = array(
			'WC_REST_Coupons_Controller',
			'WC_REST_Customer_Downloads_Controller',
			'WC_REST_Customers_Controller',
			'WC_REST_Order_Notes_Controller',
			'WC_REST_Order_Refunds_Controller',
			'WC_REST_Orders_Controller',
			'WC_REST_Product_Attribute_Terms_Controller',
			'WC_REST_Product_Attributes_Controller',
			'WC_REST_Product_Categories_Controller',
			'WC_REST_Product_Reviews_Controller',
			'WC_REST_Product_Shipping_Classes_Controller',
			'WC_REST_Product_Tags_Controller',
			'WC_REST_Products_Controller',
			'WC_REST_Report_Sales_Controller',
			'WC_REST_Report_Top_Sellers_Controller',
			'WC_REST_Reports_Controller',
			'WC_REST_Tax_Classes_Controller',
			'WC_REST_Taxes_Controller',
			'WC_REST_Webhook_Deliveries_Controller',
			'WC_REST_Webhooks_Controller',
		);

		foreach ( $controllers as $controller ) {
			$this->$controller = new $controller();
			$this->$controller->register_routes();
		}
	}
}

endif;

return new WC_API();


1		<?php
2		/**
3		* WooCommerce API
4		*
5		* Handles WC-API endpoint requests.
6		*
7		* @author WooThemes
8		* @category API
9		* @package WooCommerce/API
10		* @since 2.0
11		*/
12
13		if ( ! defined( 'ABSPATH' ) ) {
14		exit;
15		}
16
17		if ( ! class_exists( 'WC_API' ) ) :
18
19		class WC_API {
20
21		/**
22		* This is the major version for the REST API and takes
23		* first-order position in endpoint URLs.
24		*
25		* @deprecated 2.6.0
26		* @var string
27		*/
28		const VERSION = '3.1.0';
29
30		/**
31		* The REST API server.
32		*
33		* @deprecated 2.6.0
34		* @var WC_API_Server
35		*/
36		public $server;
37
38		/**
39		* REST API authentication class instance.
40		*
41		* @deprecated 2.6.0
42		* @var WC_API_Authentication
43		*/
44		public $authentication;
45
46		/**
47		* Setup class.
48		*
49		* @since 2.0
50		* @return WC_API
		0 ignored issues – show Comprehensibility Best Practice introduced 2015-11-21 02:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
51		*/
52		public function __construct() {
53		// Add query vars.
54		add_filter( 'query_vars', array( $this, 'add_query_vars' ), 0 );
55
56		// Register API endpoints.
57		add_action( 'init', array( $this, 'add_endpoint' ), 0 );
58
59		// Handle REST API requests.
60		add_action( 'parse_request', array( $this, 'handle_rest_api_requests' ), 0 );
61
62		// Handle wc-api endpoint requests.
63		add_action( 'parse_request', array( $this, 'handle_api_requests' ), 0 );
64
65		// Ensure payment gateways are initialized in time for API requests.
66		add_action( 'woocommerce_api_request', array( 'WC_Payment_Gateways', 'instance' ), 0 );
67
68		// WP REST API.
69		$this->rest_api_init();
70		}
71
72		/**
73		* Add new query vars.
74		*
75		* @since 2.0
76		* @param array $vars
77		* @return string[]
78		*/
79		public function add_query_vars( $vars ) {
80		$vars[] = 'wc-api';
81		$vars[] = 'wc-api-version'; // Deprecated since 2.6.0.
82		$vars[] = 'wc-api-route'; // Deprecated since 2.6.0.
83
84		return $vars;
85		}
86
87		/**
88		* Add new endpoints.
89		*
90		* @since 2.0
91		*/
92		public static function add_endpoint() {
93
94		// REST API, deprecated since 2.6.0.
95		add_rewrite_rule( '^wc-api/v([1-3]{1})/?$', 'index.php?wc-api-version=$matches[1]&wc-api-route=/', 'top' );
96		add_rewrite_rule( '^wc-api/v([1-3]{1})(.*)?', 'index.php?wc-api-version=$matches[1]&wc-api-route=$matches[2]', 'top' );
97
98		// WC API for payment gateway IPNs, etc.
99		add_rewrite_endpoint( 'wc-api', EP_ALL );
100		}
101
102
103		/**
104		* Handle REST API requests.
105		*
106		* @since 2.2
107		* @deprecated 2.6.0
108		*/
109		public function handle_rest_api_requests() {
110		global $wp;
111
112		if ( ! empty( $_GET['wc-api-version'] ) ) {
113		$wp->query_vars['wc-api-version'] = $_GET['wc-api-version'];
114		}
115
116		if ( ! empty( $_GET['wc-api-route'] ) ) {
117		$wp->query_vars['wc-api-route'] = $_GET['wc-api-route'];
118		}
119
120		// REST API request.
121		if ( ! empty( $wp->query_vars['wc-api-version'] ) && ! empty( $wp->query_vars['wc-api-route'] ) ) {
122
123		define( 'WC_API_REQUEST', true );
124		define( 'WC_API_REQUEST_VERSION', absint( $wp->query_vars['wc-api-version'] ) );
125
126		// Legacy v1 API request.
127		if ( 1 === WC_API_REQUEST_VERSION ) {
128		$this->handle_v1_rest_api_request();
129		} else if ( 2 === WC_API_REQUEST_VERSION ) {
130		$this->handle_v2_rest_api_request();
131		} else {
132		$this->includes();
133
134		$this->server = new WC_API_Server( $wp->query_vars['wc-api-route'] );
135
136		// load API resource classes.
137		$this->register_resources( $this->server );
138
139		// Fire off the request.
140		$this->server->serve_request();
141		}
142
143		exit;
144		}
145		}
146
147		/**
148		* Include required files for REST API request.
149		*
150		* @since 2.1
151		* @deprecated 2.6.0
152		*/
153		public function includes() {
154
155		// API server / response handlers.
156		include_once( 'api/legacy/v3/class-wc-api-exception.php' );
157		include_once( 'api/legacy/v3/class-wc-api-server.php' );
158		include_once( 'api/legacy/v3/interface-wc-api-handler.php' );
159		include_once( 'api/legacy/v3/class-wc-api-json-handler.php' );
160
161		// Authentication.
162		include_once( 'api/legacy/v3/class-wc-api-authentication.php' );
163		$this->authentication = new WC_API_Authentication();
164
165		include_once( 'api/legacy/v3/class-wc-api-resource.php' );
166		include_once( 'api/legacy/v3/class-wc-api-coupons.php' );
167		include_once( 'api/legacy/v3/class-wc-api-customers.php' );
168		include_once( 'api/legacy/v3/class-wc-api-orders.php' );
169		include_once( 'api/legacy/v3/class-wc-api-products.php' );
170		include_once( 'api/legacy/v3/class-wc-api-reports.php' );
171		include_once( 'api/legacy/v3/class-wc-api-taxes.php' );
172		include_once( 'api/legacy/v3/class-wc-api-webhooks.php' );
173
174		// Allow plugins to load other response handlers or resource classes.
175		do_action( 'woocommerce_api_loaded' );
176		}
177
178		/**
179		* Register available API resources.
180		*
181		* @since 2.1
182		* @deprecated 2.6.0
183		* @param WC_API_Server $server the REST server
184		*/
185		public function register_resources( $server ) {
186
187		$api_classes = apply_filters( 'woocommerce_api_classes',
188		array(
189		'WC_API_Coupons',
190		'WC_API_Customers',
191		'WC_API_Orders',
192		'WC_API_Products',
193		'WC_API_Reports',
194		'WC_API_Taxes',
195		'WC_API_Webhooks',
196		)
197		);
198
199		foreach ( $api_classes as $api_class ) {
200		$this->$api_class = new $api_class( $server );
201		}
202		}
203
204
205		/**
206		* Handle legacy v1 REST API requests.
207		*
208		* @since 2.2
209		* @deprecated 2.6.0
210		*/
211	View Code Duplication	private function handle_v1_rest_api_request() {
212
213		// Include legacy required files for v1 REST API request.
214		include_once( 'api/legacy/v1/class-wc-api-server.php' );
215		include_once( 'api/legacy/v1/interface-wc-api-handler.php' );
216		include_once( 'api/legacy/v1/class-wc-api-json-handler.php' );
217		include_once( 'api/legacy/v1/class-wc-api-xml-handler.php' );
218
219		include_once( 'api/legacy/v1/class-wc-api-authentication.php' );
220		$this->authentication = new WC_API_Authentication();
221
222		include_once( 'api/legacy/v1/class-wc-api-resource.php' );
223		include_once( 'api/legacy/v1/class-wc-api-coupons.php' );
224		include_once( 'api/legacy/v1/class-wc-api-customers.php' );
225		include_once( 'api/legacy/v1/class-wc-api-orders.php' );
226		include_once( 'api/legacy/v1/class-wc-api-products.php' );
227		include_once( 'api/legacy/v1/class-wc-api-reports.php' );
228
229		// Allow plugins to load other response handlers or resource classes.
230		do_action( 'woocommerce_api_loaded' );
231
232		$this->server = new WC_API_Server( $GLOBALS['wp']->query_vars['wc-api-route'] );
233
234		// Register available resources for legacy v1 REST API request.
235		$api_classes = apply_filters( 'woocommerce_api_classes',
236		array(
237		'WC_API_Customers',
238		'WC_API_Orders',
239		'WC_API_Products',
240		'WC_API_Coupons',
241		'WC_API_Reports',
242		)
243		);
244
245		foreach ( $api_classes as $api_class ) {
246		$this->$api_class = new $api_class( $this->server );
247		}
248
249		// Fire off the request.
250		$this->server->serve_request();
251		}
252
253		/**
254		* Handle legacy v2 REST API requests.
255		*
256		* @since 2.4
257		* @deprecated 2.6.0
258		*/
259	View Code Duplication	private function handle_v2_rest_api_request() {
260		include_once( 'api/legacy/v2/class-wc-api-exception.php' );
261		include_once( 'api/legacy/v2/class-wc-api-server.php' );
262		include_once( 'api/legacy/v2/interface-wc-api-handler.php' );
263		include_once( 'api/legacy/v2/class-wc-api-json-handler.php' );
264
265		include_once( 'api/legacy/v2/class-wc-api-authentication.php' );
266		$this->authentication = new WC_API_Authentication();
267
268		include_once( 'api/legacy/v2/class-wc-api-resource.php' );
269		include_once( 'api/legacy/v2/class-wc-api-coupons.php' );
270		include_once( 'api/legacy/v2/class-wc-api-customers.php' );
271		include_once( 'api/legacy/v2/class-wc-api-orders.php' );
272		include_once( 'api/legacy/v2/class-wc-api-products.php' );
273		include_once( 'api/legacy/v2/class-wc-api-reports.php' );
274		include_once( 'api/legacy/v2/class-wc-api-webhooks.php' );
275
276		// allow plugins to load other response handlers or resource classes.
277		do_action( 'woocommerce_api_loaded' );
278
279		$this->server = new WC_API_Server( $GLOBALS['wp']->query_vars['wc-api-route'] );
280
281		// Register available resources for legacy v2 REST API request.
282		$api_classes = apply_filters( 'woocommerce_api_classes',
283		array(
284		'WC_API_Customers',
285		'WC_API_Orders',
286		'WC_API_Products',
287		'WC_API_Coupons',
288		'WC_API_Reports',
289		'WC_API_Webhooks',
290		)
291		);
292
293		foreach ( $api_classes as $api_class ) {
294		$this->$api_class = new $api_class( $this->server );
295		}
296
297		// Fire off the request.
298		$this->server->serve_request();
299		}
300
301		/**
302		* API request - Trigger any API requests.
303		*
304		* @since 2.0
305		* @version 2.4
306		*/
307		public function handle_api_requests() {
308		global $wp;
309
310		if ( ! empty( $_GET['wc-api'] ) ) {
311		$wp->query_vars['wc-api'] = $_GET['wc-api'];
312		}
313
314		// wc-api endpoint requests.
315		if ( ! empty( $wp->query_vars['wc-api'] ) ) {
316
317		// Buffer, we won't want any output here.
318		ob_start();
319
320		// No cache headers.
321		nocache_headers();
322
323		// Clean the API request.
324		$api_request = strtolower( wc_clean( $wp->query_vars['wc-api'] ) );
325
326		// Trigger generic action before request hook.
327		do_action( 'woocommerce_api_request', $api_request );
328
329		// Is there actually something hooked into this API request? If not trigger 400 - Bad request.
330		status_header( has_action( 'woocommerce_api_' . $api_request ) ? 200 : 400 );
331
332		// Trigger an action which plugins can hook into to fulfill the request.
333		do_action( 'woocommerce_api_' . $api_request );
334
335		// Done, clear buffer and exit.
336		ob_end_clean();
337		die( '-1' );
338		}
339		}
340
341		/**
342		* Init WP REST API.
343		*
344		* @since 2.6.0
345		*/
346		private function rest_api_init() {
347		global $wp_version;
348
349		// REST API was included starting WordPress 4.4.
350		if ( version_compare( $wp_version, 4.4, '<' ) ) {
351		return;
352		}
353
354		$this->rest_api_includes();
355
356		// Init REST API routes.
357		add_action( 'rest_api_init', array( $this, 'register_rest_routes' ) );
358		}
359
360		/**
361		* Include REST API classes.
362		*
363		* @since 2.6.0
364		*/
365		private function rest_api_includes() {
366		// Exception handler.
367		include_once( 'api/class-wc-rest-exception.php' );
368
369		// Authentication.
370		include_once( 'api/class-wc-rest-authentication.php' );
371
372		// WP-API classes and functions.
373		include_once( 'vendor/wp-rest-functions.php' );
374		if ( ! class_exists( 'WP_REST_Controller' ) ) {
375		include_once( 'vendor/class-wp-rest-controller.php' );
376		}
377
378		// Abstract controllers.
379		include_once( 'abstracts/abstract-wc-rest-controller.php' );
380		include_once( 'abstracts/abstract-wc-rest-posts-controller.php' );
381		include_once( 'abstracts/abstract-wc-rest-terms-controller.php' );
382
383		// REST API controllers.
384		include_once( 'api/class-wc-rest-coupons-controller.php' );
385		include_once( 'api/class-wc-rest-customer-downloads-controller.php' );
386		include_once( 'api/class-wc-rest-customers-controller.php' );
387		include_once( 'api/class-wc-rest-order-notes-controller.php' );
388		include_once( 'api/class-wc-rest-order-refunds-controller.php' );
389		include_once( 'api/class-wc-rest-orders-controller.php' );
390		include_once( 'api/class-wc-rest-product-attribute-terms-controller.php' );
391		include_once( 'api/class-wc-rest-product-attributes-controller.php' );
392		include_once( 'api/class-wc-rest-product-categories-controller.php' );
393		include_once( 'api/class-wc-rest-product-reviews-controller.php' );
394		include_once( 'api/class-wc-rest-product-shipping-classes-controller.php' );
395		include_once( 'api/class-wc-rest-product-tags-controller.php' );
396		include_once( 'api/class-wc-rest-products-controller.php' );
397		include_once( 'api/class-wc-rest-report-sales-controller.php' );
398		include_once( 'api/class-wc-rest-report-top-sellers-controller.php' );
399		include_once( 'api/class-wc-rest-reports-controller.php' );
400		include_once( 'api/class-wc-rest-tax-classes-controller.php' );
401		include_once( 'api/class-wc-rest-taxes-controller.php' );
402		include_once( 'api/class-wc-rest-webhook-deliveries.php' );
403		include_once( 'api/class-wc-rest-webhooks-controller.php' );
404		}
405
406		/**
407		* Register REST API routes.
408		*
409		* @since 2.6.0
410		*/
411		public function register_rest_routes() {
412		$controllers = array(
413		'WC_REST_Coupons_Controller',
414		'WC_REST_Customer_Downloads_Controller',
415		'WC_REST_Customers_Controller',
416		'WC_REST_Order_Notes_Controller',
417		'WC_REST_Order_Refunds_Controller',
418		'WC_REST_Orders_Controller',
419		'WC_REST_Product_Attribute_Terms_Controller',
420		'WC_REST_Product_Attributes_Controller',
421		'WC_REST_Product_Categories_Controller',
422		'WC_REST_Product_Reviews_Controller',
423		'WC_REST_Product_Shipping_Classes_Controller',
424		'WC_REST_Product_Tags_Controller',
425		'WC_REST_Products_Controller',
426		'WC_REST_Report_Sales_Controller',
427		'WC_REST_Report_Top_Sellers_Controller',
428		'WC_REST_Reports_Controller',
429		'WC_REST_Tax_Classes_Controller',
430		'WC_REST_Taxes_Controller',
431		'WC_REST_Webhook_Deliveries_Controller',
432		'WC_REST_Webhooks_Controller',
433		);
434
435		foreach ( $controllers as $controller ) {
436		$this->$controller = new $controller();
437		$this->$controller->register_routes();
438		}
439		}
440		}
441
442		endif;
443
444		return new WC_API();
445

woothemes / woocommerce

Issues (1182)

Security Analysis not enabled

includes/class-wc-api.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like