woocommerce/includes/abstracts/abstract-wc-rest-settings-a...

<?php
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Base class for settings endpoints so common code can be shared. Handles permissions
 * and helper functions used by both settings and groups endpoints.
 *
 * @author   WooThemes
 * @category API
 * @package  WooCommerce/Abstracts
 * @extends  WP_REST_Controller
 * @version  2.7.0
 */
class WC_REST_Settings_API_Controller extends WC_REST_Controller {

	/**
	 * Route base.
	 *
	 * @var string
	 */
	protected $rest_base = 'settings';

	/**
	 * Makes sure the current user has access to the settings APIs.
	 *
	 * @since  2.7.0
	 * @param  WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function permissions_check( $request ) {
		if ( ! current_user_can( 'manage_options' ) ) {
			return new WP_Error(
				'woocommerce_rest_cannot_view',
				__( 'Sorry, you cannot access settings.', 'woocommerce' ),
				array( 'status' => rest_authorization_required_code() )
			);
		}

		return true;
	}

	/**
	 * Cleans a value before setting it.
	 *
	 * @since  2.7.0
	 *
	 * @param  array $setting   WC Setting Array
	 * @param  mixed $raw_value Raw value from PUT request
	 * @return mixed Sanitized value
		 */
	public function sanitize_setting_value( $setting, $raw_value ) {
		switch ( $setting['type'] ) {
			case 'checkbox' :
				$default = ( ! empty( $setting['default'] ) ? $setting['default'] : 'no' );
				$value   = ( in_array( $raw_value, array( 'yes', 'no' ) ) ? $raw_value : $default );
				break;
			case 'email' :
				$value   = sanitize_email( $raw_value );
				$default = ( ! empty( $setting['default'] ) ? $setting['default'] : '' );
				$value   = ( ! empty( $value ) ? $value : $default );
				break;
			case 'textarea' :
				$value = wp_kses( trim( $raw_value ),
					array_merge(
						array(
							'iframe' => array( 'src' => true, 'style' => true, 'id' => true, 'class' => true )
						),
						wp_kses_allowed_html( 'post' )
					)
				);
				break;
			case 'multiselect' :
			case 'multi_select_countries' :
				$value = array_filter( array_map( 'wc_clean', (array) $raw_value ) );
				break;
			case 'image_width' :
				$value = array();
				if ( isset( $raw_value['width'] ) ) {
					$value['width']  = wc_clean( $raw_value['width'] );
					$value['height'] = wc_clean( $raw_value['height'] );
					$value['crop']   = isset( $raw_value['crop'] ) ? 1 : 0;
				} else {
					$value['width']  = $setting['default']['width'];
					$value['height'] = $setting['default']['height'];
					$value['crop']   = $setting['default']['crop'];
				}
				break;
			case 'select':
				$options = array_keys( $setting['options'] );
				$default = ( empty( $setting['default'] ) ? $options[0] : $setting['default'] );
				$value   = in_array( $raw_value, $options ) ? $raw_value : $default;
				break;
			default :
				$value = wc_clean( $raw_value );
				break;
		}

		// A couple fields changed in the REST API -- we can just pass these too so old filters still work
		$setting['desc']  = ( ! empty( $setting['description'] ) ? $setting['description'] : '' );
		$setting['title'] = ( ! empty( $setting['label'] ) ? $setting['label'] : '' );

		$value = apply_filters( 'woocommerce_admin_settings_sanitize_option', $value, $setting, $raw_value );
		$value = apply_filters( "woocommerce_admin_settings_sanitize_option_" . $setting['id'], $value, $setting, $raw_value );
		do_action( 'woocommerce_update_option', $setting );

		return $value;
	}

	/**
	 * Get a value from WP's settings API.
	 *
	 * @since  2.7.0
	 * @param  string $setting
	 * @param  string $default
	 * @return mixed
	 */
	public function get_value( $setting, $default = '' ) {
		if ( strstr( $setting, '[' ) ) { // Array value.
			parse_str( $setting, $setting_array );
			$setting = current( array_keys( $setting ) );
			$values  = get_option( $setting, '' );
			$key     = key( $setting_array[ $setting ] );
			$value   = isset( $values[ $key ] ) ? $values[ $key ] : null;
		} else { // Single value.
			$value = get_option( $setting, null );
		}

		if ( is_array( $value ) ) {
			$value = array_map( 'stripslashes', $value );
		} elseif ( ! is_null( $value ) ) {
			$value = stripslashes( $value );
		}

		return $value === null ? $default : $value;
	}

	/**
	 * Filters out bad values from the settings array/filter so we
	 * only return known values via the API.
	 *
	 * @since 2.7.0
	 * @param  array $setting
	 * @return array
	 */
	public function filter_setting( $setting ) {
		$setting = array_intersect_key(
			$setting,
			array_flip( array_filter( array_keys( $setting ), array( $this, 'allowed_setting_keys' ) ) )
		);

		if ( empty( $setting['options'] ) ) {
			unset( $setting['options'] );
		}

		return $setting;
	}

	/**
	 * Callback for allowed keys for each setting response.
	 *
	 * @since  2.7.0
	 * @param  string $key Key to check
	 * @return boolean
	 */
	public function allowed_setting_keys( $key ) {
		return in_array( $key, array(
			'id', 'label', 'description', 'default', 'tip',
			'placeholder', 'type', 'options', 'value',
		) );
	}

	/**
	 * Boolean for if a setting type is a valid supported setting type.
	 *
	 * @since  2.7.0
	 * @param  string  $type
	 * @return boolean
	 */
	public function is_setting_type_valid( $type ) {
		return in_array( $type, array(
			'text', 'email', 'number', 'color', 'password',
			'textarea', 'select', 'multiselect', 'radio', 'checkbox',
			'multi_select_countries', 'image_width',
		) );
	}
}
Small tweaks to make it follow the REST API standards 2016-06-06 17:59:54 +00:00			`<?php`
			`if ( ! defined( 'ABSPATH' ) ) {`
			`exit;`
			`}`

			`/**`
			`* Base class for settings endpoints so common code can be shared. Handles permissions`
			`* and helper functions used by both settings and groups endpoints.`
			`*`
			`* @author WooThemes`
			`* @category API`
			`* @package WooCommerce/Abstracts`
			`* @extends WP_REST_Controller`
			`* @version 2.7.0`
			`*/`
			`class WC_REST_Settings_API_Controller extends WC_REST_Controller {`

			`/**`
			`* Route base.`
			`*`
			`* @var string`
			`*/`
			`protected $rest_base = 'settings';`

			`/**`
			`* Makes sure the current user has access to the settings APIs.`
			`*`
			`* @since 2.7.0`
			`* @param WP_REST_Request $request Full details about the request.`
			`* @return WP_Error\|boolean`
			`*/`
			`public function permissions_check( $request ) {`
			`if ( ! current_user_can( 'manage_options' ) ) {`
			`return new WP_Error(`
			`'woocommerce_rest_cannot_view',`
			`__( 'Sorry, you cannot access settings.', 'woocommerce' ),`
			`array( 'status' => rest_authorization_required_code() )`
			`);`
			`}`

			`return true;`
			`}`

			`/**`
			`* Cleans a value before setting it.`
			`*`
			`* @since 2.7.0`
			`*`
			`* @param array $setting WC Setting Array`
			`* @param mixed $raw_value Raw value from PUT request`
			`* @return mixed Sanitized value`
			`*/`
			`public function sanitize_setting_value( $setting, $raw_value ) {`
			`switch ( $setting['type'] ) {`
			`case 'checkbox' :`
			`$default = ( ! empty( $setting['default'] ) ? $setting['default'] : 'no' );`
			`$value = ( in_array( $raw_value, array( 'yes', 'no' ) ) ? $raw_value : $default );`
			`break;`
			`case 'email' :`
			`$value = sanitize_email( $raw_value );`
			`$default = ( ! empty( $setting['default'] ) ? $setting['default'] : '' );`
			`$value = ( ! empty( $value ) ? $value : $default );`
			`break;`
			`case 'textarea' :`
			`$value = wp_kses( trim( $raw_value ),`
			`array_merge(`
			`array(`
			`'iframe' => array( 'src' => true, 'style' => true, 'id' => true, 'class' => true )`
			`),`
			`wp_kses_allowed_html( 'post' )`
			`)`
			`);`
			`break;`
			`case 'multiselect' :`
			`case 'multi_select_countries' :`
			`$value = array_filter( array_map( 'wc_clean', (array) $raw_value ) );`
			`break;`
			`case 'image_width' :`
			`$value = array();`
			`if ( isset( $raw_value['width'] ) ) {`
			`$value['width'] = wc_clean( $raw_value['width'] );`
			`$value['height'] = wc_clean( $raw_value['height'] );`
			`$value['crop'] = isset( $raw_value['crop'] ) ? 1 : 0;`
			`} else {`
			`$value['width'] = $setting['default']['width'];`
			`$value['height'] = $setting['default']['height'];`
			`$value['crop'] = $setting['default']['crop'];`
			`}`
			`break;`
Handle select options in setting sanitization function. 2016-06-07 22:54:28 +00:00			`case 'select':`
			`$options = array_keys( $setting['options'] );`
			`$default = ( empty( $setting['default'] ) ? $options[0] : $setting['default'] );`
			`$value = in_array( $raw_value, $options ) ? $raw_value : $default;`
			`break;`
Small tweaks to make it follow the REST API standards 2016-06-06 17:59:54 +00:00			`default :`
			`$value = wc_clean( $raw_value );`
			`break;`
			`}`

			`// A couple fields changed in the REST API -- we can just pass these too so old filters still work`
			`$setting['desc'] = ( ! empty( $setting['description'] ) ? $setting['description'] : '' );`
			`$setting['title'] = ( ! empty( $setting['label'] ) ? $setting['label'] : '' );`

			`$value = apply_filters( 'woocommerce_admin_settings_sanitize_option', $value, $setting, $raw_value );`
			`$value = apply_filters( "woocommerce_admin_settings_sanitize_option_" . $setting['id'], $value, $setting, $raw_value );`
			`do_action( 'woocommerce_update_option', $setting );`

			`return $value;`
			`}`

			`/**`
			`* Get a value from WP's settings API.`
			`*`
			`* @since 2.7.0`
			`* @param string $setting`
			`* @param string $default`
			`* @return mixed`
			`*/`
			`public function get_value( $setting, $default = '' ) {`
			`if ( strstr( $setting, '[' ) ) { // Array value.`
			`parse_str( $setting, $setting_array );`
			`$setting = current( array_keys( $setting ) );`
			`$values = get_option( $setting, '' );`
			`$key = key( $setting_array[ $setting ] );`
			`$value = isset( $values[ $key ] ) ? $values[ $key ] : null;`
			`} else { // Single value.`
			`$value = get_option( $setting, null );`
			`}`

			`if ( is_array( $value ) ) {`
			`$value = array_map( 'stripslashes', $value );`
			`} elseif ( ! is_null( $value ) ) {`
			`$value = stripslashes( $value );`
			`}`

			`return $value === null ? $default : $value;`
			`}`

			`/**`
			`* Filters out bad values from the settings array/filter so we`
			`* only return known values via the API.`
			`*`
			`* @since 2.7.0`
			`* @param array $setting`
			`* @return array`
			`*/`
			`public function filter_setting( $setting ) {`
			`$setting = array_intersect_key(`
			`$setting,`
			`array_flip( array_filter( array_keys( $setting ), array( $this, 'allowed_setting_keys' ) ) )`
			`);`

			`if ( empty( $setting['options'] ) ) {`
			`unset( $setting['options'] );`
			`}`

			`return $setting;`
			`}`

			`/**`
			`* Callback for allowed keys for each setting response.`
			`*`
			`* @since 2.7.0`
			`* @param string $key Key to check`
			`* @return boolean`
			`*/`
			`public function allowed_setting_keys( $key ) {`
			`return in_array( $key, array(`
			`'id', 'label', 'description', 'default', 'tip',`
			`'placeholder', 'type', 'options', 'value',`
			`) );`
			`}`

			`/**`
			`* Boolean for if a setting type is a valid supported setting type.`
			`*`
			`* @since 2.7.0`
			`* @param string $type`
			`* @return boolean`
			`*/`
			`public function is_setting_type_valid( $type ) {`
			`return in_array( $type, array(`
			`'text', 'email', 'number', 'color', 'password',`
			`'textarea', 'select', 'multiselect', 'radio', 'checkbox',`
			`'multi_select_countries', 'image_width',`
			`) );`
			`}`
			`}`