2016-03-01 22:41:59 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
2016-03-29 22:52:24 +00:00
|
|
|
* WooCommerce REST Functions
|
2016-03-01 22:41:59 +00:00
|
|
|
*
|
2016-03-29 22:52:24 +00:00
|
|
|
* Functions for REST specific things.
|
2016-03-01 22:41:59 +00:00
|
|
|
*
|
2018-03-08 19:34:25 +00:00
|
|
|
* @package WooCommerce/Functions
|
|
|
|
|
* @version 2.6.0
|
2016-03-01 22:41:59 +00:00
|
|
|
*/
|
|
|
|
|
|
2018-03-08 19:34:25 +00:00
|
|
|
defined( 'ABSPATH' ) || exit;
|
2016-03-01 22:41:59 +00:00
|
|
|
|
|
|
|
|
/**
|
2017-03-10 16:30:32 +00:00
|
|
|
* Parses and formats a date for ISO8601/RFC3339.
|
2016-03-01 22:41:59 +00:00
|
|
|
*
|
2016-09-27 16:22:46 +00:00
|
|
|
* Required WP 4.4 or later.
|
2016-03-01 22:41:59 +00:00
|
|
|
* See https://developer.wordpress.org/reference/functions/mysql_to_rfc3339/
|
|
|
|
|
*
|
2017-03-10 18:54:59 +00:00
|
|
|
* @since 2.6.0
|
2018-03-08 19:34:25 +00:00
|
|
|
* @param string|null|WC_DateTime $date Date.
|
|
|
|
|
* @param bool $utc Send false to get local/offset time.
|
2016-03-01 22:41:59 +00:00
|
|
|
* @return string|null ISO8601/RFC3339 formatted datetime.
|
|
|
|
|
*/
|
2017-03-10 18:54:59 +00:00
|
|
|
function wc_rest_prepare_date_response( $date, $utc = true ) {
|
2017-03-10 16:30:32 +00:00
|
|
|
if ( is_numeric( $date ) ) {
|
2017-03-10 18:54:59 +00:00
|
|
|
$date = new WC_DateTime( "@$date", new DateTimeZone( 'UTC' ) );
|
|
|
|
|
$date->setTimezone( new DateTimeZone( wc_timezone_string() ) );
|
2017-03-10 16:30:32 +00:00
|
|
|
} elseif ( is_string( $date ) ) {
|
2017-03-10 18:54:59 +00:00
|
|
|
$date = new WC_DateTime( $date, new DateTimeZone( 'UTC' ) );
|
|
|
|
|
$date->setTimezone( new DateTimeZone( wc_timezone_string() ) );
|
WIP - Product CRUD (#12065)
* Created function to get the catalog visibility options
* First methods for WP_Product crud
* Product set methods
* Fixed several erros while setting data
* First methods for WP_Product crud
* Product set methods
* Fixed several erros while setting data
* Hardcode the get_type per product class
* Initial look through getters and setters and abstract data
* Missing var
* Add related product functions and deprecate those in class.
* No need to exclude ID
* Fixed coding standards and improved the docblocks
* Get cached terms from wc_get_related_terms()
* Fixed wrong variable in wc_get_related_terms
* Use count() instead of sizeof()
* Sanitize ids later
* Remove unneeded comments
* wc_get_product_term_ids instead of related wording and use in other places.
get_the_terms is used here and also handles caching, something
wp_get_post_terms does not.
* Clean up the abstract product class a bit, deprecate two functions we have renamed, make update & create work properly, and add some tests for it.
* Bump template version
* Handle PR feedback: Remove duplicate regular_price update, allow changing of post status for products, remove deprecation for get_title since we might still offer it as a function
* Made abstract function useful
* External Product CRUD
* _virtual meta should be 'no', not taxable, in product unit test helper
* Grouped product class
* Tests
* Move children to meta and update test
* Use get_upsell_ids
* Spacing in query
* Moving and refactoring methods
* Availability html
* Tidy/add todos
* Rename method
* Put back review functions (still todo)
* missing $this
* get_price_including_tax/excluding_tax functions
* wc_get_price_to_display
* Price handling
* [Product CRUD] Variable (#12146)
* [Product CRUD] Variable Products
* Handle PR feedback.
* [Product CRUD] Grouped Handling (#12151)
* Handle grouped product saving
* Update routine
* [Product CRUD] Product crud terms (#12149)
* Category and tag id handling
* Replace template functions
* Remove todo
* Handle default name in save function
* Product crud admin save routine (#12174)
* Initial props
* Work on admin saving
* Set/get attributes
* Atom was moaning about this before but no longer.
* Update get_shipping_class
* WC_Product_Attribute
* Use getter in admin panel
* Fix attribute saving
* Spacing
* Fix comment
* wc_implode_text_attributes helper function
* [Product CRUD] Product crud admin use getters (#12196)
* Initial props
* Work on admin saving
* Set/get attributes
* Atom was moaning about this before but no longer.
* Update get_shipping_class
* WC_Product_Attribute
* Use getter in admin panel
* Fix attribute saving
* Move settings into new files
* Refactor panels and use getters
* Use getters for variation panel
* Revert save variation changes for now
* Add todos
* Fix downloads
* REST API CRUD Updates
* Additional API updates/fixes. Added some todos
* Fix final failing tests and implementing setters/getters and attributes functionality.
* Fix comparison for is_on_sale and remove download_type from WC_Product.
* Add a wc_get_products wrapper.
* Remove the download type input from the product data metabox for downloadable products. (#12221)
* [Product CRUD] Variations - setters, getters and admin. (#12228)
* Started on variation changes
* Stock functions
* Variation class
* Bulk change ->id to get_id() to fix variation form display
* Missing status
* Fix add to cart
* Start on stored data save
* save variation
* Save_variations
* Variation edit panel
* Save variations code works.
* Remove stored data code and fix save
* Improve legacy class
* wc_bool_to_string
* prepare_set_attributes
* Use wc_get_products
* More feedback fixes
* Feedback fixes
* Implement CRUD in the legacy REST API
* Handle PR feedback
* [Product CRUD] Getter setter proxy methods (#12236)
* Started on variation changes
* Stock functions
* Variation class
* Bulk change ->id to get_id() to fix variation form display
* Missing status
* Fix add to cart
* Start on stored data save
* save variation
* Save_variations
* Variation edit panel
* Save variations code works.
* Remove stored data code and fix save
* Improve legacy class
* wc_bool_to_string
* prepare_set_attributes
* Use wc_get_products
* More feedback fixes
* get_prop implementation in abstract and data classes
* Implement set_prop
* Change handling
* Array key exists
* set_object_read
* Use get_the_terms() instead of wp_get_post_terms()
wp_get_post_terms() is a wrapper around wp_get_object_terms() which does not
use the object cache, and generates a database query every time it is used.
get_the_terms() however can use data from the object cache if present.
* Allow WP_Query to preload post data, and meta in wc_get_products()
Allow WP_Query to bulk query for post data and meta if more than
just IDs are requested from wc_get_products(). Reduces query count
significantly.
* [Product CRUD] Variable, variation, notices, and stock handling (#12277)
* No longer needed
* Remove old todos
* Use getters in admin list
* Related and upsells update for CRUD
* Fix notice in gallery
* Variable fixes and todos
* Context
* Price sync
* Revert variation attributes change
* Return parent data in view context
* Defer term counting
* wc_find_matching_product_variation
* Stock manage tweaks
* Stock fixes
* Correct id
* correct id
* Better sync
* Data logic setter fix
* feedback
* First methods for WP_Product crud
* Product set methods
* Fixed several erros while setting data
* Hardcode the get_type per product class
* Initial look through getters and setters and abstract data
* Missing var
* Fixed coding standards and improved the docblocks
* Get cached terms from wc_get_related_terms()
* Fixed wrong variable in wc_get_related_terms
* Use count() instead of sizeof()
* Add related product functions and deprecate those in class.
* No need to exclude ID
* Sanitize ids later
* Clean up the abstract product class a bit, deprecate two functions we have renamed, make update & create work properly, and add some tests for it.
* Remove unneeded comments
* wc_get_product_term_ids instead of related wording and use in other places.
get_the_terms is used here and also handles caching, something
wp_get_post_terms does not.
* Handle PR feedback: Remove duplicate regular_price update, allow changing of post status for products, remove deprecation for get_title since we might still offer it as a function
* External Product CRUD
* _virtual meta should be 'no', not taxable, in product unit test helper
* Bump template version
* Made abstract function useful
* Grouped product class
* Tests
* Move children to meta and update test
* Use get_upsell_ids
* Spacing in query
* Moving and refactoring methods
* Availability html
* Tidy/add todos
* Rename method
* Put back review functions (still todo)
* missing $this
* get_price_including_tax/excluding_tax functions
* wc_get_price_to_display
* Price handling
* [Product CRUD] Variable (#12146)
* [Product CRUD] Variable Products
* Handle PR feedback.
* [Product CRUD] Grouped Handling (#12151)
* Handle grouped product saving
* Update routine
* [Product CRUD] Product crud terms (#12149)
* Category and tag id handling
* Replace template functions
* Remove todo
* Handle default name in save function
* Product crud admin save routine (#12174)
* Initial props
* Work on admin saving
* Set/get attributes
* Atom was moaning about this before but no longer.
* Update get_shipping_class
* WC_Product_Attribute
* Use getter in admin panel
* Fix attribute saving
* Spacing
* Fix comment
* wc_implode_text_attributes helper function
* [Product CRUD] Product crud admin use getters (#12196)
* Initial props
* Work on admin saving
* Set/get attributes
* Atom was moaning about this before but no longer.
* Update get_shipping_class
* WC_Product_Attribute
* Use getter in admin panel
* Fix attribute saving
* Move settings into new files
* Refactor panels and use getters
* Use getters for variation panel
* Revert save variation changes for now
* Add todos
* Fix downloads
* REST API CRUD Updates
* Additional API updates/fixes. Added some todos
* Fix final failing tests and implementing setters/getters and attributes functionality.
* Fix comparison for is_on_sale and remove download_type from WC_Product.
* Add a wc_get_products wrapper.
* Remove the download type input from the product data metabox for downloadable products. (#12221)
* [Product CRUD] Variations - setters, getters and admin. (#12228)
* Started on variation changes
* Stock functions
* Variation class
* Bulk change ->id to get_id() to fix variation form display
* Missing status
* Fix add to cart
* Start on stored data save
* save variation
* Save_variations
* Variation edit panel
* Save variations code works.
* Remove stored data code and fix save
* Improve legacy class
* wc_bool_to_string
* prepare_set_attributes
* Use wc_get_products
* More feedback fixes
* Feedback fixes
* Implement CRUD in the legacy REST API
* Handle PR feedback
* [Product CRUD] Getter setter proxy methods (#12236)
* Started on variation changes
* Stock functions
* Variation class
* Bulk change ->id to get_id() to fix variation form display
* Missing status
* Fix add to cart
* Start on stored data save
* save variation
* Save_variations
* Variation edit panel
* Save variations code works.
* Remove stored data code and fix save
* Improve legacy class
* wc_bool_to_string
* prepare_set_attributes
* Use wc_get_products
* More feedback fixes
* get_prop implementation in abstract and data classes
* Implement set_prop
* Change handling
* Array key exists
* set_object_read
* Use get_the_terms() instead of wp_get_post_terms()
wp_get_post_terms() is a wrapper around wp_get_object_terms() which does not
use the object cache, and generates a database query every time it is used.
get_the_terms() however can use data from the object cache if present.
* [Product CRUD] Variable, variation, notices, and stock handling (#12277)
* No longer needed
* Remove old todos
* Use getters in admin list
* Related and upsells update for CRUD
* Fix notice in gallery
* Variable fixes and todos
* Context
* Price sync
* Revert variation attributes change
* Return parent data in view context
* Defer term counting
* wc_find_matching_product_variation
* Stock manage tweaks
* Stock fixes
* Correct id
* correct id
* Better sync
* Data logic setter fix
* feedback
* Prevent notices
* Handle image_id from parent
* Fix error
* Remove _wc_save_product_price
* Remove todo
* Fixed wrong variation URLs
* Fixed undefined $image_id in WC_Product_Variation::get_image_id()
* Allow wc_rest_prepare_date_response() handle timestamps
* Updated get methods on REST API for variations
* Use variations CRUD to save variations metadata
* [Product CRUD] Abstract todos (#12305)
* Get dimensions and weights, with soft deprecation
* Product attributes
* Ratings
* Fix read method
* Downloads
* Feedback
* Revert "[Product CRUD] Abstract todos (#12305)"
This reverts commit 9a6136fcf88fec16f97457b7c8a4388f7587bfa2.
* Remove deprecated get_variation_id()
* New default attributes method
* [Product CRUD] Product Datastore (#12317)
* Fix up tests in the product/* folder.
* Handle data store updates for grouped, variable, external, simple, and general data store updates for products.
* Variations & variable changes.
* Update -functions.php calls to use data store.
* Add an interface for the public product data store methods.
* Finished product factory tests
* Correctly delete in the api, fix up some comments, and implement an interface for the public variable methods.
* Fix up delete in all versions of the api
* Handle feedback
* Match protected decloration to parent
* Product crud abstract todos (#12316)
* Get dimensions and weights, with soft deprecation
* Product attributes
* Ratings
* Fix read method
* Downloads
* Feedback
* Fix up store
* Fixed method returning in write context
* Fix error in variation admin
* Check for parent value - fixes tax class
* Remove old/complete todos
* Allow set tax class as "parent"
* Removed duplicated sync
* Fixed wrong variation URLs
* Fixed undefined $image_id in WC_Product_Variation::get_image_id()
* Allow wc_rest_prepare_date_response() handle timestamps
* Updated get methods on REST API for variations
* Use variations CRUD to save variations metadata
* Remove deprecated get_variation_id()
* New default attributes method
* Fixed method returning in write context
* Allow set tax class as "parent"
* Removed duplicated sync
* Fixed coding standards
* TODO is not accurate.
* Should pass WC_Product instancies to WC_Comments methods (#12327)
* Use new method in abstract order class to prevent headers sent issue in tests
* Fixed variable description in REST API
* Updated how create initial product variation
* Fixed a few fatal errors and warnings in Products CRUD (#12329)
* Fixed a few fatal errors and warnings in Products CRUD
* Fixed sync functions
* Add variations CRUD to legacy API (#12331)
* Apply crud to variable products in legacy API v1
* New REST API do not need fallback for default attributes
* Apply variations CRUD to legacy API v2
* Legacy v2 - save default attributes
* Variations in legacy API v2 do not have descriptions
* Fixed legacy API v2 variations params
* Applied variations CRUD to legacy API v3
* Sync before save in legacy apis
* Punc
* Removed API todos
* Removed test
* Products endpoint tweaks (#12354)
* Var type already normalized on CRUD
* Let Product CRUD handle with validation, sanitization and conditional checks
* Set downloads using WC_Product_Download
* Stop try catch exceptions more than one time
* Handle WC_Data_Exception in legacy API
* Complete remove products when fails on creating
* On creating I mean!
* Already have a method to complete delete products
* Fixed standards using WP CodeSniffer
* get_the_terms() returns false when empty
* get_manage_stock returns boolean
@claudiosanches
* Merge conflict
* Variations API endpoint fixes
* Product CRUD improvements (#12359)
* args is not used any more - remove todo
* Added test for attributes
* wc_get_price_excluding_tax usage
* parent usage
* Fix rating counts
* Test fixes
* Cleanup after tests
* Make sure status transition code runs even during API calls, not just in admin.
* Default visibility
* Fix attribute setting in API
* Use get name instead of get title
* variation id usage
* Improved cross sell templates
* variation_data
* Grouped product sync
* Notices
* Sync is not needed in API
* Delete
* Rename interfaces
* Update counts in data store
2016-11-16 12:38:24 +00:00
|
|
|
}
|
|
|
|
|
|
2017-03-10 16:30:32 +00:00
|
|
|
if ( ! is_a( $date, 'WC_DateTime' ) ) {
|
2016-03-01 22:41:59 +00:00
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-10 18:54:59 +00:00
|
|
|
// Get timestamp before changing timezone to UTC.
|
|
|
|
|
return gmdate( 'Y-m-d\TH:i:s', $utc ? $date->getTimestamp() : $date->getOffsetTimestamp() );
|
2016-03-01 22:41:59 +00:00
|
|
|
}
|
2016-03-03 21:42:40 +00:00
|
|
|
|
2016-07-21 15:20:13 +00:00
|
|
|
/**
|
|
|
|
|
* Returns image mime types users are allowed to upload via the API.
|
2018-03-08 19:34:25 +00:00
|
|
|
*
|
2016-07-21 15:20:13 +00:00
|
|
|
* @since 2.6.4
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_allowed_image_mime_types() {
|
2018-03-08 19:34:25 +00:00
|
|
|
return apply_filters(
|
|
|
|
|
'woocommerce_rest_allowed_image_mime_types', array(
|
|
|
|
|
'jpg|jpeg|jpe' => 'image/jpeg',
|
|
|
|
|
'gif' => 'image/gif',
|
|
|
|
|
'png' => 'image/png',
|
|
|
|
|
'bmp' => 'image/bmp',
|
|
|
|
|
'tiff|tif' => 'image/tiff',
|
|
|
|
|
'ico' => 'image/x-icon',
|
|
|
|
|
)
|
|
|
|
|
);
|
2016-07-21 15:20:13 +00:00
|
|
|
}
|
|
|
|
|
|
2016-03-03 21:42:40 +00:00
|
|
|
/**
|
|
|
|
|
* Upload image from URL.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
2018-03-08 19:34:25 +00:00
|
|
|
* @param string $image_url Image URL.
|
2016-03-03 21:42:40 +00:00
|
|
|
* @return array|WP_Error Attachment data or error message.
|
|
|
|
|
*/
|
2016-03-29 22:54:37 +00:00
|
|
|
function wc_rest_upload_image_from_url( $image_url ) {
|
2016-07-21 15:20:13 +00:00
|
|
|
$file_name = basename( current( explode( '?', $image_url ) ) );
|
2018-03-08 19:34:25 +00:00
|
|
|
$parsed_url = wp_parse_url( $image_url );
|
2016-03-03 21:42:40 +00:00
|
|
|
|
|
|
|
|
// Check parsed URL.
|
|
|
|
|
if ( ! $parsed_url || ! is_array( $parsed_url ) ) {
|
2018-03-08 19:34:25 +00:00
|
|
|
/* translators: %s: image URL */
|
2016-04-05 19:58:18 +00:00
|
|
|
return new WP_Error( 'woocommerce_rest_invalid_image_url', sprintf( __( 'Invalid URL %s.', 'woocommerce' ), $image_url ), array( 'status' => 400 ) );
|
2016-03-03 21:42:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ensure url is valid.
|
2016-04-05 19:58:18 +00:00
|
|
|
$image_url = esc_url_raw( $image_url );
|
2016-03-03 21:42:40 +00:00
|
|
|
|
|
|
|
|
// Get the file.
|
2018-03-08 19:34:25 +00:00
|
|
|
$response = wp_safe_remote_get(
|
|
|
|
|
$image_url, array(
|
|
|
|
|
'timeout' => 10,
|
|
|
|
|
)
|
|
|
|
|
);
|
2016-03-03 21:42:40 +00:00
|
|
|
|
2016-06-16 22:26:27 +00:00
|
|
|
if ( is_wp_error( $response ) ) {
|
2018-03-08 19:34:25 +00:00
|
|
|
return new WP_Error( 'woocommerce_rest_invalid_remote_image_url',
|
|
|
|
|
/* translators: %s: image URL */
|
|
|
|
|
sprintf( __( 'Error getting remote image %s.', 'woocommerce' ), $image_url ) . ' '
|
|
|
|
|
/* translators: %s: error message */
|
|
|
|
|
. sprintf( __( 'Error: %s.', 'woocommerce' ), $response->get_error_message() ), array( 'status' => 400 )
|
|
|
|
|
);
|
2016-06-16 22:26:27 +00:00
|
|
|
} elseif ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
|
2018-03-08 19:34:25 +00:00
|
|
|
/* translators: %s: image URL */
|
2016-06-20 20:43:09 +00:00
|
|
|
return new WP_Error( 'woocommerce_rest_invalid_remote_image_url', sprintf( __( 'Error getting remote image %s.', 'woocommerce' ), $image_url ), array( 'status' => 400 ) );
|
2016-03-03 21:42:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ensure we have a file name and type.
|
2016-07-21 15:20:13 +00:00
|
|
|
$wp_filetype = wp_check_filetype( $file_name, wc_rest_allowed_image_mime_types() );
|
|
|
|
|
|
2016-03-03 21:42:40 +00:00
|
|
|
if ( ! $wp_filetype['type'] ) {
|
|
|
|
|
$headers = wp_remote_retrieve_headers( $response );
|
|
|
|
|
if ( isset( $headers['content-disposition'] ) && strstr( $headers['content-disposition'], 'filename=' ) ) {
|
2018-06-15 14:49:51 +00:00
|
|
|
$content = explode( 'filename=', $headers['content-disposition'] );
|
2018-06-12 11:45:22 +00:00
|
|
|
$disposition = end( $content );
|
2016-03-03 21:42:40 +00:00
|
|
|
$disposition = sanitize_file_name( $disposition );
|
|
|
|
|
$file_name = $disposition;
|
|
|
|
|
} elseif ( isset( $headers['content-type'] ) && strstr( $headers['content-type'], 'image/' ) ) {
|
|
|
|
|
$file_name = 'image.' . str_replace( 'image/', '', $headers['content-type'] );
|
|
|
|
|
}
|
|
|
|
|
unset( $headers );
|
2016-07-21 15:20:13 +00:00
|
|
|
|
2018-03-08 19:34:25 +00:00
|
|
|
// Recheck filetype.
|
2016-07-21 15:20:13 +00:00
|
|
|
$wp_filetype = wp_check_filetype( $file_name, wc_rest_allowed_image_mime_types() );
|
|
|
|
|
|
|
|
|
|
if ( ! $wp_filetype['type'] ) {
|
|
|
|
|
return new WP_Error( 'woocommerce_rest_invalid_image_type', __( 'Invalid image type.', 'woocommerce' ), array( 'status' => 400 ) );
|
|
|
|
|
}
|
2016-03-03 21:42:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Upload the file.
|
|
|
|
|
$upload = wp_upload_bits( $file_name, '', wp_remote_retrieve_body( $response ) );
|
|
|
|
|
|
|
|
|
|
if ( $upload['error'] ) {
|
|
|
|
|
return new WP_Error( 'woocommerce_rest_image_upload_error', $upload['error'], array( 'status' => 400 ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get filesize.
|
|
|
|
|
$filesize = filesize( $upload['file'] );
|
|
|
|
|
|
2018-03-08 19:34:25 +00:00
|
|
|
if ( ! $filesize ) {
|
|
|
|
|
@unlink( $upload['file'] ); // @codingStandardsIgnoreLine
|
2016-03-03 21:42:40 +00:00
|
|
|
unset( $upload );
|
|
|
|
|
|
2016-04-05 19:58:18 +00:00
|
|
|
return new WP_Error( 'woocommerce_rest_image_upload_file_error', __( 'Zero size file downloaded.', 'woocommerce' ), array( 'status' => 400 ) );
|
2016-03-03 21:42:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
do_action( 'woocommerce_rest_api_uploaded_image_from_url', $upload, $image_url );
|
|
|
|
|
|
|
|
|
|
return $upload;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set uploaded image as attachment.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
|
|
|
|
* @param array $upload Upload information from wp_upload_bits.
|
2018-03-08 19:34:25 +00:00
|
|
|
* @param int $id Post ID. Default to 0.
|
2016-03-03 21:42:40 +00:00
|
|
|
* @return int Attachment ID
|
|
|
|
|
*/
|
2016-03-29 22:54:37 +00:00
|
|
|
function wc_rest_set_uploaded_image_as_attachment( $upload, $id = 0 ) {
|
2016-03-03 21:42:40 +00:00
|
|
|
$info = wp_check_filetype( $upload['file'] );
|
|
|
|
|
$title = '';
|
|
|
|
|
$content = '';
|
|
|
|
|
|
2016-03-07 17:39:42 +00:00
|
|
|
if ( ! function_exists( 'wp_generate_attachment_metadata' ) ) {
|
2018-03-08 19:34:25 +00:00
|
|
|
include_once ABSPATH . 'wp-admin/includes/image.php';
|
2016-03-07 17:39:42 +00:00
|
|
|
}
|
|
|
|
|
|
2018-03-08 19:34:25 +00:00
|
|
|
$image_meta = wp_read_image_metadata( $upload['file'] );
|
|
|
|
|
if ( $image_meta ) {
|
2016-03-03 21:42:40 +00:00
|
|
|
if ( trim( $image_meta['title'] ) && ! is_numeric( sanitize_title( $image_meta['title'] ) ) ) {
|
2016-07-19 17:24:11 +00:00
|
|
|
$title = wc_clean( $image_meta['title'] );
|
2016-03-03 21:42:40 +00:00
|
|
|
}
|
|
|
|
|
if ( trim( $image_meta['caption'] ) ) {
|
2016-07-19 17:24:11 +00:00
|
|
|
$content = wc_clean( $image_meta['caption'] );
|
2016-03-03 21:42:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$attachment = array(
|
|
|
|
|
'post_mime_type' => $info['type'],
|
|
|
|
|
'guid' => $upload['url'],
|
|
|
|
|
'post_parent' => $id,
|
2017-08-24 11:33:53 +00:00
|
|
|
'post_title' => $title ? $title : basename( $upload['file'] ),
|
2016-04-05 19:58:18 +00:00
|
|
|
'post_content' => $content,
|
2016-03-03 21:42:40 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$attachment_id = wp_insert_attachment( $attachment, $upload['file'], $id );
|
|
|
|
|
if ( ! is_wp_error( $attachment_id ) ) {
|
|
|
|
|
wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $upload['file'] ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $attachment_id;
|
|
|
|
|
}
|
2016-03-10 02:19:36 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validate reports request arguments.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
2018-03-08 19:34:25 +00:00
|
|
|
* @param mixed $value Value to valdate.
|
|
|
|
|
* @param WP_REST_Request $request Request instance.
|
|
|
|
|
* @param string $param Param to validate.
|
2016-03-10 02:19:36 +00:00
|
|
|
* @return WP_Error|boolean
|
|
|
|
|
*/
|
2016-03-29 22:54:37 +00:00
|
|
|
function wc_rest_validate_reports_request_arg( $value, $request, $param ) {
|
2016-03-10 02:19:36 +00:00
|
|
|
|
|
|
|
|
$attributes = $request->get_attributes();
|
|
|
|
|
if ( ! isset( $attributes['args'][ $param ] ) || ! is_array( $attributes['args'][ $param ] ) ) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
$args = $attributes['args'][ $param ];
|
|
|
|
|
|
|
|
|
|
if ( 'string' === $args['type'] && ! is_string( $value ) ) {
|
2018-03-08 19:34:25 +00:00
|
|
|
/* translators: 1: param 2: type */
|
2016-04-25 12:07:38 +00:00
|
|
|
return new WP_Error( 'woocommerce_rest_invalid_param', sprintf( __( '%1$s is not of type %2$s', 'woocommerce' ), $param, 'string' ) );
|
2016-03-10 02:19:36 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-13 23:15:51 +00:00
|
|
|
if ( 'date' === $args['format'] ) {
|
2016-03-10 02:19:36 +00:00
|
|
|
$regex = '#^\d{4}-\d{2}-\d{2}$#';
|
|
|
|
|
|
|
|
|
|
if ( ! preg_match( $regex, $value, $matches ) ) {
|
|
|
|
|
return new WP_Error( 'woocommerce_rest_invalid_date', __( 'The date you provided is invalid.', 'woocommerce' ) );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2016-03-18 11:37:31 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Encodes a value according to RFC 3986.
|
|
|
|
|
* Supports multidimensional arrays.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
|
|
|
|
* @param string|array $value The value to encode.
|
|
|
|
|
* @return string|array Encoded values.
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_urlencode_rfc3986( $value ) {
|
|
|
|
|
if ( is_array( $value ) ) {
|
|
|
|
|
return array_map( 'wc_rest_urlencode_rfc3986', $value );
|
|
|
|
|
}
|
2018-05-15 09:01:41 +00:00
|
|
|
|
|
|
|
|
return str_replace( array( '+', '%7E' ), array( ' ', '~' ), rawurlencode( $value ) );
|
2016-03-18 11:37:31 +00:00
|
|
|
}
|
2016-03-30 14:17:16 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check permissions of posts on REST API.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
|
|
|
|
* @param string $post_type Post type.
|
|
|
|
|
* @param string $context Request context.
|
|
|
|
|
* @param int $object_id Post ID.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_check_post_permissions( $post_type, $context = 'read', $object_id = 0 ) {
|
|
|
|
|
$contexts = array(
|
|
|
|
|
'read' => 'read_private_posts',
|
|
|
|
|
'create' => 'publish_posts',
|
|
|
|
|
'edit' => 'edit_post',
|
|
|
|
|
'delete' => 'delete_post',
|
2016-05-22 20:46:25 +00:00
|
|
|
'batch' => 'edit_others_posts',
|
2016-03-30 14:17:16 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ( 'revision' === $post_type ) {
|
|
|
|
|
$permission = false;
|
|
|
|
|
} else {
|
2018-03-08 19:34:25 +00:00
|
|
|
$cap = $contexts[ $context ];
|
2016-03-30 14:17:16 +00:00
|
|
|
$post_type_object = get_post_type_object( $post_type );
|
2018-03-08 19:34:25 +00:00
|
|
|
$permission = current_user_can( $post_type_object->cap->$cap, $object_id );
|
2016-03-30 14:17:16 +00:00
|
|
|
}
|
|
|
|
|
|
2016-03-30 17:17:40 +00:00
|
|
|
return apply_filters( 'woocommerce_rest_check_permissions', $permission, $context, $object_id, $post_type );
|
2016-03-30 14:17:16 +00:00
|
|
|
}
|
2016-03-30 14:53:14 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check permissions of users on REST API.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
|
|
|
|
* @param string $context Request context.
|
|
|
|
|
* @param int $object_id Post ID.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_check_user_permissions( $context = 'read', $object_id = 0 ) {
|
|
|
|
|
$contexts = array(
|
|
|
|
|
'read' => 'list_users',
|
|
|
|
|
'create' => 'edit_users',
|
|
|
|
|
'edit' => 'edit_users',
|
|
|
|
|
'delete' => 'delete_users',
|
2016-05-09 21:16:48 +00:00
|
|
|
'batch' => 'edit_users',
|
2016-03-30 14:53:14 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$permission = current_user_can( $contexts[ $context ], $object_id );
|
|
|
|
|
|
2016-03-30 17:17:40 +00:00
|
|
|
return apply_filters( 'woocommerce_rest_check_permissions', $permission, $context, $object_id, 'user' );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check permissions of product terms on REST API.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
|
|
|
|
* @param string $taxonomy Taxonomy.
|
|
|
|
|
* @param string $context Request context.
|
|
|
|
|
* @param int $object_id Post ID.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_check_product_term_permissions( $taxonomy, $context = 'read', $object_id = 0 ) {
|
|
|
|
|
$contexts = array(
|
|
|
|
|
'read' => 'manage_terms',
|
|
|
|
|
'create' => 'edit_terms',
|
|
|
|
|
'edit' => 'edit_terms',
|
|
|
|
|
'delete' => 'delete_terms',
|
2016-05-09 21:16:48 +00:00
|
|
|
'batch' => 'edit_terms',
|
2016-03-30 17:17:40 +00:00
|
|
|
);
|
|
|
|
|
|
2018-03-08 19:34:25 +00:00
|
|
|
$cap = $contexts[ $context ];
|
2016-03-30 17:17:40 +00:00
|
|
|
$taxonomy_object = get_taxonomy( $taxonomy );
|
2018-03-08 19:34:25 +00:00
|
|
|
$permission = current_user_can( $taxonomy_object->cap->$cap, $object_id );
|
2016-03-30 17:17:40 +00:00
|
|
|
|
|
|
|
|
return apply_filters( 'woocommerce_rest_check_permissions', $permission, $context, $object_id, $taxonomy );
|
2016-03-30 14:53:14 +00:00
|
|
|
}
|
2016-03-30 17:33:33 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check manager permissions on REST API.
|
|
|
|
|
*
|
|
|
|
|
* @since 2.6.0
|
|
|
|
|
* @param string $object Object.
|
|
|
|
|
* @param string $context Request context.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_check_manager_permissions( $object, $context = 'read' ) {
|
|
|
|
|
$objects = array(
|
2016-08-25 18:48:17 +00:00
|
|
|
'reports' => 'view_woocommerce_reports',
|
|
|
|
|
'settings' => 'manage_woocommerce',
|
|
|
|
|
'system_status' => 'manage_woocommerce',
|
|
|
|
|
'attributes' => 'manage_product_terms',
|
|
|
|
|
'shipping_methods' => 'manage_woocommerce',
|
2016-08-31 21:16:52 +00:00
|
|
|
'payment_gateways' => 'manage_woocommerce',
|
2017-11-29 12:23:19 +00:00
|
|
|
'webhooks' => 'manage_woocommerce',
|
2016-03-30 17:33:33 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$permission = current_user_can( $objects[ $object ] );
|
|
|
|
|
|
|
|
|
|
return apply_filters( 'woocommerce_rest_check_permissions', $permission, $context, 0, $object );
|
|
|
|
|
}
|
2018-05-29 14:22:18 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check product reviews permissions on REST API.
|
|
|
|
|
*
|
|
|
|
|
* @since 3.5.0
|
|
|
|
|
* @param string $context Request context.
|
|
|
|
|
* @param string $object_id Object ID.
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
function wc_rest_check_product_reviews_permissions( $context = 'read', $object_id = 0 ) {
|
|
|
|
|
$contexts = array(
|
|
|
|
|
'read' => 'read_private_posts',
|
|
|
|
|
'create' => 'publish_posts',
|
|
|
|
|
'edit' => 'edit_post',
|
|
|
|
|
'delete' => 'delete_post',
|
|
|
|
|
'batch' => 'edit_others_posts',
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$cap = $contexts[ $context ];
|
2018-07-04 18:15:33 +00:00
|
|
|
$post_type_object = get_post_type_object( 'product' );
|
|
|
|
|
|
|
|
|
|
if ( isset( $post_type_object->cap->$cap ) ) {
|
|
|
|
|
$permission = current_user_can( $post_type_object->cap->$cap );
|
|
|
|
|
}
|
2018-05-29 14:22:18 +00:00
|
|
|
|
|
|
|
|
return apply_filters( 'woocommerce_rest_check_permissions', $permission, $context, $object_id, 'product_review' );
|
|
|
|
|
}
|
