"Fossies" - the Fresh Open Source Software Archive

Member "wordpress/wp-content/plugins/akismet/class.akismet-rest-api.php" (30 Oct 2018, 11135 Bytes) of package /linux/www/wordpress-5.7-RC1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 <?php
    2 
    3 class Akismet_REST_API {
    4     /**
    5      * Register the REST API routes.
    6      */
    7     public static function init() {
    8         if ( ! function_exists( 'register_rest_route' ) ) {
    9             // The REST API wasn't integrated into core until 4.4, and we support 4.0+ (for now).
   10             return false;
   11         }
   12 
   13         register_rest_route( 'akismet/v1', '/key', array(
   14             array(
   15                 'methods' => WP_REST_Server::READABLE,
   16                 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   17                 'callback' => array( 'Akismet_REST_API', 'get_key' ),
   18             ), array(
   19                 'methods' => WP_REST_Server::EDITABLE,
   20                 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   21                 'callback' => array( 'Akismet_REST_API', 'set_key' ),
   22                 'args' => array(
   23                     'key' => array(
   24                         'required' => true,
   25                         'type' => 'string',
   26                         'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
   27                         'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
   28                     ),
   29                 ),
   30             ), array(
   31                 'methods' => WP_REST_Server::DELETABLE,
   32                 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   33                 'callback' => array( 'Akismet_REST_API', 'delete_key' ),
   34             )
   35         ) );
   36 
   37         register_rest_route( 'akismet/v1', '/settings/', array(
   38             array(
   39                 'methods' => WP_REST_Server::READABLE,
   40                 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   41                 'callback' => array( 'Akismet_REST_API', 'get_settings' ),
   42             ),
   43             array(
   44                 'methods' => WP_REST_Server::EDITABLE,
   45                 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   46                 'callback' => array( 'Akismet_REST_API', 'set_boolean_settings' ),
   47                 'args' => array(
   48                     'akismet_strictness' => array(
   49                         'required' => false,
   50                         'type' => 'boolean',
   51                         'description' => __( 'If true, Akismet will automatically discard the worst spam automatically rather than putting it in the spam folder.', 'akismet' ),
   52                     ),
   53                     'akismet_show_user_comments_approved' => array(
   54                         'required' => false,
   55                         'type' => 'boolean',
   56                         'description' => __( 'If true, show the number of approved comments beside each comment author in the comments list page.', 'akismet' ),
   57                     ),
   58                 ),
   59             )
   60         ) );
   61 
   62         register_rest_route( 'akismet/v1', '/stats', array(
   63             'methods' => WP_REST_Server::READABLE,
   64             'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   65             'callback' => array( 'Akismet_REST_API', 'get_stats' ),
   66             'args' => array(
   67                 'interval' => array(
   68                     'required' => false,
   69                     'type' => 'string',
   70                     'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_interval' ),
   71                     'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ),
   72                     'default' => 'all',
   73                 ),
   74             ),
   75         ) );
   76 
   77         register_rest_route( 'akismet/v1', '/stats/(?P<interval>[\w+])', array(
   78             'args' => array(
   79                 'interval' => array(
   80                     'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ),
   81                     'type' => 'string',
   82                 ),
   83             ),
   84             array(
   85                 'methods' => WP_REST_Server::READABLE,
   86                 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ),
   87                 'callback' => array( 'Akismet_REST_API', 'get_stats' ),
   88             )
   89         ) );
   90 
   91         register_rest_route( 'akismet/v1', '/alert', array(
   92             array(
   93                 'methods' => WP_REST_Server::READABLE,
   94                 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ),
   95                 'callback' => array( 'Akismet_REST_API', 'get_alert' ),
   96                 'args' => array(
   97                     'key' => array(
   98                         'required' => false,
   99                         'type' => 'string',
  100                         'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
  101                         'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
  102                     ),
  103                 ),
  104             ),
  105             array(
  106                 'methods' => WP_REST_Server::EDITABLE,
  107                 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ),
  108                 'callback' => array( 'Akismet_REST_API', 'set_alert' ),
  109                 'args' => array(
  110                     'key' => array(
  111                         'required' => false,
  112                         'type' => 'string',
  113                         'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
  114                         'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
  115                     ),
  116                 ),
  117             ),
  118             array(
  119                 'methods' => WP_REST_Server::DELETABLE,
  120                 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ),
  121                 'callback' => array( 'Akismet_REST_API', 'delete_alert' ),
  122                 'args' => array(
  123                     'key' => array(
  124                         'required' => false,
  125                         'type' => 'string',
  126                         'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ),
  127                         'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ),
  128                     ),
  129                 ),
  130             )
  131         ) );
  132     }
  133 
  134     /**
  135      * Get the current Akismet API key.
  136      *
  137      * @param WP_REST_Request $request
  138      * @return WP_Error|WP_REST_Response
  139      */
  140     public static function get_key( $request = null ) {
  141         return rest_ensure_response( Akismet::get_api_key() );
  142     }
  143 
  144     /**
  145      * Set the API key, if possible.
  146      *
  147      * @param WP_REST_Request $request
  148      * @return WP_Error|WP_REST_Response
  149      */
  150     public static function set_key( $request ) {
  151         if ( defined( 'WPCOM_API_KEY' ) ) {
  152             return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be changed via the API.', 'akismet' ), array( 'status'=> 409 ) ) );
  153         }
  154 
  155         $new_api_key = $request->get_param( 'key' );
  156 
  157         if ( ! self::key_is_valid( $new_api_key ) ) {
  158             return rest_ensure_response( new WP_Error( 'invalid_key', __( 'The value provided is not a valid and registered API key.', 'akismet' ), array( 'status' => 400 ) ) );
  159         }
  160 
  161         update_option( 'wordpress_api_key', $new_api_key );
  162 
  163         return self::get_key();
  164     }
  165 
  166     /**
  167      * Unset the API key, if possible.
  168      *
  169      * @param WP_REST_Request $request
  170      * @return WP_Error|WP_REST_Response
  171      */
  172     public static function delete_key( $request ) {
  173         if ( defined( 'WPCOM_API_KEY' ) ) {
  174             return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be deleted.', 'akismet' ), array( 'status'=> 409 ) ) );
  175         }
  176 
  177         delete_option( 'wordpress_api_key' );
  178 
  179         return rest_ensure_response( true );
  180     }
  181 
  182     /**
  183      * Get the Akismet settings.
  184      *
  185      * @param WP_REST_Request $request
  186      * @return WP_Error|WP_REST_Response
  187      */
  188     public static function get_settings( $request = null ) {
  189         return rest_ensure_response( array(
  190             'akismet_strictness' => ( get_option( 'akismet_strictness', '1' ) === '1' ),
  191             'akismet_show_user_comments_approved' => ( get_option( 'akismet_show_user_comments_approved', '1' ) === '1' ),
  192         ) );
  193     }
  194 
  195     /**
  196      * Update the Akismet settings.
  197      *
  198      * @param WP_REST_Request $request
  199      * @return WP_Error|WP_REST_Response
  200      */
  201     public static function set_boolean_settings( $request ) {
  202         foreach ( array(
  203             'akismet_strictness',
  204             'akismet_show_user_comments_approved',
  205         ) as $setting_key ) {
  206 
  207             $setting_value = $request->get_param( $setting_key );
  208             if ( is_null( $setting_value ) ) {
  209                 // This setting was not specified.
  210                 continue;
  211             }
  212 
  213             // From 4.7+, WP core will ensure that these are always boolean
  214             // values because they are registered with 'type' => 'boolean',
  215             // but we need to do this ourselves for prior versions.
  216             $setting_value = Akismet_REST_API::parse_boolean( $setting_value );
  217 
  218             update_option( $setting_key, $setting_value ? '1' : '0' );
  219         }
  220 
  221         return self::get_settings();
  222     }
  223 
  224     /**
  225      * Parse a numeric or string boolean value into a boolean.
  226      *
  227      * @param mixed $value The value to convert into a boolean.
  228      * @return bool The converted value.
  229      */
  230     public static function parse_boolean( $value ) {
  231         switch ( $value ) {
  232             case true:
  233             case 'true':
  234             case '1':
  235             case 1:
  236                 return true;
  237 
  238             case false:
  239             case 'false':
  240             case '0':
  241             case 0:
  242                 return false;
  243 
  244             default:
  245                 return (bool) $value;
  246         }
  247     }
  248 
  249     /**
  250      * Get the Akismet stats for a given time period.
  251      *
  252      * Possible `interval` values:
  253      * - all
  254      * - 60-days
  255      * - 6-months
  256      *
  257      * @param WP_REST_Request $request
  258      * @return WP_Error|WP_REST_Response
  259      */
  260     public static function get_stats( $request ) {
  261         $api_key = Akismet::get_api_key();
  262 
  263         $interval = $request->get_param( 'interval' );
  264 
  265         $stat_totals = array();
  266 
  267         $response = Akismet::http_post( Akismet::build_query( array( 'blog' => get_option( 'home' ), 'key' => $api_key, 'from' => $interval ) ), 'get-stats' );
  268 
  269         if ( ! empty( $response[1] ) ) {
  270             $stat_totals[$interval] = json_decode( $response[1] );
  271         }
  272 
  273         return rest_ensure_response( $stat_totals );
  274     }
  275 
  276     /**
  277      * Get the current alert code and message. Alert codes are used to notify the site owner
  278      * if there's a problem, like a connection issue between their site and the Akismet API,
  279      * invalid requests being sent, etc.
  280      *
  281      * @param WP_REST_Request $request
  282      * @return WP_Error|WP_REST_Response
  283      */
  284     public static function get_alert( $request ) {
  285         return rest_ensure_response( array(
  286             'code' => get_option( 'akismet_alert_code' ),
  287             'message' => get_option( 'akismet_alert_msg' ),
  288         ) );
  289     }
  290 
  291     /**
  292      * Update the current alert code and message by triggering a call to the Akismet server.
  293      *
  294      * @param WP_REST_Request $request
  295      * @return WP_Error|WP_REST_Response
  296      */
  297     public static function set_alert( $request ) {
  298         delete_option( 'akismet_alert_code' );
  299         delete_option( 'akismet_alert_msg' );
  300 
  301         // Make a request so the most recent alert code and message are retrieved.
  302         Akismet::verify_key( Akismet::get_api_key() );
  303 
  304         return self::get_alert( $request );
  305     }
  306 
  307     /**
  308      * Clear the current alert code and message.
  309      *
  310      * @param WP_REST_Request $request
  311      * @return WP_Error|WP_REST_Response
  312      */
  313     public static function delete_alert( $request ) {
  314         delete_option( 'akismet_alert_code' );
  315         delete_option( 'akismet_alert_msg' );
  316 
  317         return self::get_alert( $request );
  318     }
  319 
  320     private static function key_is_valid( $key ) {
  321         $response = Akismet::http_post(
  322             Akismet::build_query(
  323                 array(
  324                     'key' => $key,
  325                     'blog' => get_option( 'home' )
  326                 )
  327             ),
  328             'verify-key'
  329         );
  330 
  331         if ( $response[1] == 'valid' ) {
  332             return true;
  333         }
  334 
  335         return false;
  336     }
  337 
  338     public static function privileged_permission_callback() {
  339         return current_user_can( 'manage_options' );
  340     }
  341 
  342     /**
  343      * For calls that Akismet.com makes to the site to clear outdated alert codes, use the API key for authorization.
  344      */
  345     public static function remote_call_permission_callback( $request ) {
  346         $local_key = Akismet::get_api_key();
  347 
  348         return $local_key && ( strtolower( $request->get_param( 'key' ) ) === strtolower( $local_key ) );
  349     }
  350 
  351     public static function sanitize_interval( $interval, $request, $param ) {
  352         $interval = trim( $interval );
  353 
  354         $valid_intervals = array( '60-days', '6-months', 'all', );
  355 
  356         if ( ! in_array( $interval, $valid_intervals ) ) {
  357             $interval = 'all';
  358         }
  359 
  360         return $interval;
  361     }
  362 
  363     public static function sanitize_key( $key, $request, $param ) {
  364         return trim( $key );
  365     }
  366 }