Fix issues from PR review: sanitize/escape fixes in wp-admin, remove modes.
This commit is contained in:
parent
72d665d464
commit
35cae38aa2
|
@ -41,12 +41,18 @@ class WC_Admin_Status {
|
||||||
|
|
||||||
if ( ! empty( $_GET['action'] ) && ! empty( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( $_REQUEST['_wpnonce'], 'debug_action' ) ) {
|
if ( ! empty( $_GET['action'] ) && ! empty( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( $_REQUEST['_wpnonce'], 'debug_action' ) ) {
|
||||||
$tools_controller = new WC_REST_System_Status_Tools_Controller;
|
$tools_controller = new WC_REST_System_Status_Tools_Controller;
|
||||||
$response = $tools_controller->execute_tool( $_GET['action'] );
|
$action = wc_clean( $_GET['action'] );
|
||||||
|
|
||||||
|
if ( array_key_exists( $action, $tools ) ) {
|
||||||
|
$response = $tools_controller->execute_tool( $action );
|
||||||
|
} else {
|
||||||
|
$response = array( 'success' => false, 'message' => __( 'Tool does not exist.', 'woocommerce' ) );
|
||||||
|
}
|
||||||
|
|
||||||
if ( $response['success'] ) {
|
if ( $response['success'] ) {
|
||||||
echo '<div class="updated inline"><p>' . $response['message'] . '</p></div>';
|
echo '<div class="updated inline"><p>' . esc_html( $response['message'] ) . '</p></div>';
|
||||||
} else {
|
} else {
|
||||||
echo '<div class="error inline"><p>' . $response['message'] . '</p></div>';
|
echo '<div class="error inline"><p>' . esc_html( $response['message'] ) . '</p></div>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
|
||||||
protected $rest_base = 'system_status';
|
protected $rest_base = 'system_status';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Register the routes for /system_status and /system_status/modes
|
* Register the route for /system_status
|
||||||
*/
|
*/
|
||||||
public function register_routes() {
|
public function register_routes() {
|
||||||
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
|
register_rest_route( $this->namespace, '/' . $this->rest_base, array(
|
||||||
|
@ -47,20 +47,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
|
||||||
),
|
),
|
||||||
'schema' => array( $this, 'get_public_item_schema' ),
|
'schema' => array( $this, 'get_public_item_schema' ),
|
||||||
) );
|
) );
|
||||||
register_rest_route( $this->namespace, '/' . $this->rest_base . '/modes', array(
|
|
||||||
array(
|
|
||||||
'methods' => WP_REST_Server::READABLE,
|
|
||||||
'callback' => array( $this, 'get_modes' ),
|
|
||||||
'permission_callback' => array( $this, 'get_modes_permissions_check' ),
|
|
||||||
),
|
|
||||||
array(
|
|
||||||
'methods' => WP_REST_Server::EDITABLE,
|
|
||||||
'callback' => array( $this, 'update_modes' ),
|
|
||||||
'permission_callback' => array( $this, 'update_modes_permissions_check' ),
|
|
||||||
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
|
|
||||||
),
|
|
||||||
'schema' => array( $this, 'get_mode_item_schema' ),
|
|
||||||
) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -76,32 +62,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Check whether a given request has permission to view system status modes.
|
|
||||||
*
|
|
||||||
* @param WP_REST_Request $request Full details about the request.
|
|
||||||
* @return WP_Error|boolean
|
|
||||||
*/
|
|
||||||
public function get_modes_permissions_check( $request ) {
|
|
||||||
if ( ! wc_rest_check_manager_permissions( 'system_status', 'read' ) ) {
|
|
||||||
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list system modes.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check whether a given request has permission to toggle system status modes.
|
|
||||||
*
|
|
||||||
* @param WP_REST_Request $request Full details about the request.
|
|
||||||
* @return WP_Error|boolean
|
|
||||||
*/
|
|
||||||
public function update_modes_permissions_check( $request ) {
|
|
||||||
if ( ! wc_rest_check_manager_permissions( 'system_status', 'edit' ) ) {
|
|
||||||
return new WP_Error( 'woocommerce_rest_cannot_update', __( 'Sorry, you cannot update system modes', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a system status info, by section.
|
* Get a system status info, by section.
|
||||||
*
|
*
|
||||||
|
@ -126,104 +86,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
|
||||||
return rest_ensure_response( $response );
|
return rest_ensure_response( $response );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* A list of modes that can be toggled via WC's system status screens
|
|
||||||
*
|
|
||||||
* @return array
|
|
||||||
*/
|
|
||||||
public function _get_modes() {
|
|
||||||
$options = wp_parse_args( get_option( 'woocommerce_status_options', array() ), array(
|
|
||||||
'uninstall_data' => 0,
|
|
||||||
'template_debug_mode' => 0,
|
|
||||||
'shipping_debug_mode' => 0,
|
|
||||||
) );
|
|
||||||
$modes = array(
|
|
||||||
'shipping_debug' => array(
|
|
||||||
'id' => 'shipping_debug',
|
|
||||||
'name' => __( 'Shipping Debug Mode', 'woocommerce' ),
|
|
||||||
'description' => __( 'Enable Shipping Debug Mode to show matching shipping zones and to bypass shipping rate cache.', 'woocommerce' ),
|
|
||||||
'enabled' => (bool) $options['shipping_debug_mode'],
|
|
||||||
),
|
|
||||||
'template_debug' => array(
|
|
||||||
'id' => 'template_debug',
|
|
||||||
'name' => __( 'Template Debug Mode', 'woocommerce' ),
|
|
||||||
'description' => __( 'Enable Template Debug Mode to bypass all theme and plugin template overrides for logged-in administrators. Used for debugging purposes.', 'woocommerce' ),
|
|
||||||
'enabled' => (bool) $options['template_debug_mode'],
|
|
||||||
),
|
|
||||||
'uninstall_data' => array(
|
|
||||||
'id' => 'uninstall_data',
|
|
||||||
'name' => __( 'Remove All Data On Uninstall Mode', 'woocommerce' ),
|
|
||||||
'description' => __( 'This mode will remove all WooCommerce, Product and Order data when using the "Delete" link on the plugins screen. It will also remove any setting/option prepended with "woocommerce_" so may also affect installed WooCommerce Extensions.', 'woocommerce' ),
|
|
||||||
'enabled' => (bool) $options['uninstall_data'],
|
|
||||||
),
|
|
||||||
);
|
|
||||||
|
|
||||||
return $modes;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get system status modes.
|
|
||||||
|
|
||||||
* @param WP_REST_Request $request
|
|
||||||
* @return WP_Error|WP_REST_Response
|
|
||||||
*/
|
|
||||||
public function get_modes( $request ) {
|
|
||||||
$modes_response = array();
|
|
||||||
foreach ( $this->_get_modes() as $id => $mode ) {
|
|
||||||
$modes_response[] = $this->prepare_response_for_collection( $this->prepare_mode_for_response ( $mode, $request ) );
|
|
||||||
}
|
|
||||||
$response = rest_ensure_response( $modes_response );
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Update system status modes.
|
|
||||||
|
|
||||||
* @param WP_REST_Request $request
|
|
||||||
* @return WP_Error|WP_REST_Response
|
|
||||||
*/
|
|
||||||
public function update_modes( $request ) {
|
|
||||||
$items = $request->get_params();
|
|
||||||
$modes = $this->_get_modes();
|
|
||||||
$options = wp_parse_args( get_option( 'woocommerce_status_options', array() ), array(
|
|
||||||
'uninstall_data' => 0,
|
|
||||||
'template_debug_mode' => 0,
|
|
||||||
'shipping_debug_mode' => 0,
|
|
||||||
) );
|
|
||||||
|
|
||||||
foreach ( $items as $key => $value ) {
|
|
||||||
if ( ! array_key_exists( $key, $modes ) ) {
|
|
||||||
return new WP_Error( 'woocommerce_rest_system_status_mode_invalid', __( 'Invalid mode.', 'woocommerce' ), array( 'status' => 500 ) );
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( 'uninstall_data' !== $key ) {
|
|
||||||
$key = $key . '_mode'; // all other modes have a suffix
|
|
||||||
}
|
|
||||||
|
|
||||||
$options[ $key ] = (bool) $value;
|
|
||||||
}
|
|
||||||
|
|
||||||
update_option( 'woocommerce_status_options', $options );
|
|
||||||
|
|
||||||
return $this->get_modes( $request );
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Prepare a mode for serialization.
|
|
||||||
*
|
|
||||||
* @param array $item Object.
|
|
||||||
* @param WP_REST_Request $request Request object.
|
|
||||||
* @return WP_REST_Response $response Response data.
|
|
||||||
*/
|
|
||||||
public function prepare_mode_for_response( $item, $request ) {
|
|
||||||
$context = empty( $request['context'] ) ? 'view' : $request['context'];
|
|
||||||
$data = $this->add_additional_fields_to_object( $item, $request );
|
|
||||||
$data = $this->filter_response_by_context( $data, $context );
|
|
||||||
$response = rest_ensure_response( $data );
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the system status schema, conforming to JSON Schema.
|
* Get the system status schema, conforming to JSON Schema.
|
||||||
*
|
*
|
||||||
|
@ -563,52 +425,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
|
||||||
return $this->add_additional_fields_schema( $schema );
|
return $this->add_additional_fields_schema( $schema );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the system status modes schema, conforming to JSON Schema.
|
|
||||||
*
|
|
||||||
* @return array
|
|
||||||
*/
|
|
||||||
public function get_mode_item_schema() {
|
|
||||||
$schema = array(
|
|
||||||
'$schema' => 'http://json-schema.org/draft-04/schema#',
|
|
||||||
'title' => 'system_status_option',
|
|
||||||
'type' => 'object',
|
|
||||||
'properties' => array(
|
|
||||||
'id' => array(
|
|
||||||
'description' => __( 'A unique identifier for the system status mode.', 'woocommerce' ),
|
|
||||||
'type' => 'string',
|
|
||||||
'context' => array( 'view', 'edit' ),
|
|
||||||
'arg_options' => array(
|
|
||||||
'sanitize_callback' => 'sanitize_title',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'name' => array(
|
|
||||||
'description' => __( 'Mode name.', 'woocommerce' ),
|
|
||||||
'type' => 'string',
|
|
||||||
'context' => array( 'view', 'edit' ),
|
|
||||||
'arg_options' => array(
|
|
||||||
'sanitize_callback' => 'sanitize_text_field',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'description' => array(
|
|
||||||
'description' => __( 'Mode description.', 'woocommerce' ),
|
|
||||||
'type' => 'string',
|
|
||||||
'context' => array( 'view', 'edit' ),
|
|
||||||
'arg_options' => array(
|
|
||||||
'sanitize_callback' => 'sanitize_text_field',
|
|
||||||
),
|
|
||||||
),
|
|
||||||
'enabled' => array(
|
|
||||||
'description' => __( 'True if this mode is enabled.', 'woocommerce' ),
|
|
||||||
'type' => 'boolean',
|
|
||||||
'context' => array( 'view', 'edit' ),
|
|
||||||
),
|
|
||||||
),
|
|
||||||
);
|
|
||||||
|
|
||||||
return $this->add_additional_fields_schema( $schema );
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return an array of sections and the data associated with each.
|
* Return an array of sections and the data associated with each.
|
||||||
*
|
*
|
||||||
|
|
|
@ -25,7 +25,6 @@ class WC_Tests_REST_System_Status extends WC_REST_Unit_Test_Case {
|
||||||
$this->assertArrayHasKey( '/wc/v1/system_status', $routes );
|
$this->assertArrayHasKey( '/wc/v1/system_status', $routes );
|
||||||
$this->assertArrayHasKey( '/wc/v1/system_status/tools', $routes );
|
$this->assertArrayHasKey( '/wc/v1/system_status/tools', $routes );
|
||||||
$this->assertArrayHasKey( '/wc/v1/system_status/tools/(?P<id>[\w-]+)', $routes );
|
$this->assertArrayHasKey( '/wc/v1/system_status/tools/(?P<id>[\w-]+)', $routes );
|
||||||
$this->assertArrayHasKey( '/wc/v1/system_status/modes', $routes );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -303,105 +302,6 @@ class WC_Tests_REST_System_Status extends WC_REST_Unit_Test_Case {
|
||||||
$this->assertEquals( 401, $response->get_status() );
|
$this->assertEquals( 401, $response->get_status() );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test getting a list of system status modes.
|
|
||||||
*
|
|
||||||
* @since 2.7.0
|
|
||||||
*/
|
|
||||||
public function test_get_system_status_modes() {
|
|
||||||
wp_set_current_user( $this->user );
|
|
||||||
$response = $this->server->dispatch( new WP_REST_Request( 'GET', '/wc/v1/system_status/modes' ) );
|
|
||||||
$data = $response->get_data();
|
|
||||||
$system_status = new WC_REST_System_Status_Controller;
|
|
||||||
$raw_modes = $system_status->_get_modes();
|
|
||||||
foreach ( $data as $mode ) {
|
|
||||||
$this->assertEquals( $raw_modes[ $mode['id'] ], $mode );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test getting system status modes without valid permissions.
|
|
||||||
*
|
|
||||||
* @since 2.7.0
|
|
||||||
*/
|
|
||||||
public function test_get_system_status_modes_without_permission() {
|
|
||||||
wp_set_current_user( 0 );
|
|
||||||
$response = $this->server->dispatch( new WP_REST_Request( 'GET', '/wc/v1/system_status/modes' ) );
|
|
||||||
$this->assertEquals( 401, $response->get_status() );
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test updating system status modes.
|
|
||||||
*
|
|
||||||
* @since 2.7.0
|
|
||||||
*/
|
|
||||||
public function test_update_system_status_modes() {
|
|
||||||
wp_set_current_user( $this->user );
|
|
||||||
|
|
||||||
// test invalid mode
|
|
||||||
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
|
|
||||||
$request->set_body_params( array(
|
|
||||||
'test_mode' => 'test',
|
|
||||||
) );
|
|
||||||
$response = $this->server->dispatch( $request );
|
|
||||||
$this->assertEquals( 500, $response->get_status() );
|
|
||||||
|
|
||||||
// test updating single mode.
|
|
||||||
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
|
|
||||||
$request->set_body_params( array(
|
|
||||||
'uninstall_data' => true,
|
|
||||||
) );
|
|
||||||
$response = $this->server->dispatch( $request );
|
|
||||||
$data = $response->get_data();
|
|
||||||
foreach ( $data as $mode ) {
|
|
||||||
if ( 'uninstall_data' === $mode['id'] ) {
|
|
||||||
$this->assertTrue( $mode['enabled'] );
|
|
||||||
} else {
|
|
||||||
$this->assertFalse( $mode['enabled'] );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// test updating multiple
|
|
||||||
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
|
|
||||||
$request->set_body_params( array(
|
|
||||||
'template_debug' => true,
|
|
||||||
'shipping_debug' => true,
|
|
||||||
) );
|
|
||||||
$response = $this->server->dispatch( $request );
|
|
||||||
$data = $response->get_data();
|
|
||||||
foreach ( $data as $mode ) {
|
|
||||||
$this->assertTrue( $mode['enabled'] ); // all 3 should be true now
|
|
||||||
}
|
|
||||||
|
|
||||||
// test updating multiple, some false
|
|
||||||
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
|
|
||||||
$request->set_body_params( array(
|
|
||||||
'template_debug' => false,
|
|
||||||
'shipping_debug' => true,
|
|
||||||
'uninstall_data' => false,
|
|
||||||
) );
|
|
||||||
$response = $this->server->dispatch( $request );
|
|
||||||
$data = $response->get_data();
|
|
||||||
foreach ( $data as $mode ) {
|
|
||||||
if ( 'shipping_debug' === $mode['id'] ) {
|
|
||||||
$this->assertTrue( $mode['enabled'] );
|
|
||||||
} else {
|
|
||||||
$this->assertFalse( $mode['enabled'] );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test updating system status modes without permission.
|
|
||||||
*
|
|
||||||
* @since 2.7.0
|
|
||||||
*/
|
|
||||||
public function test_update_system_status_modes_without_permission() {
|
|
||||||
wp_set_current_user( 0 );
|
|
||||||
$response = $this->server->dispatch( new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' ) );
|
|
||||||
$this->assertEquals( 401, $response->get_status() );
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test system status schema.
|
* Test system status schema.
|
||||||
*
|
*
|
||||||
|
@ -421,21 +321,4 @@ class WC_Tests_REST_System_Status extends WC_REST_Unit_Test_Case {
|
||||||
$this->assertArrayHasKey( 'message', $properties );
|
$this->assertArrayHasKey( 'message', $properties );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Test modes schema.
|
|
||||||
*
|
|
||||||
* @since 2.7.0
|
|
||||||
*/
|
|
||||||
public function test_get_system_status_mode_schema() {
|
|
||||||
$request = new WP_REST_Request( 'OPTIONS', '/wc/v1/system_status/modes' );
|
|
||||||
$response = $this->server->dispatch( $request );
|
|
||||||
$data = $response->get_data();
|
|
||||||
$properties = $data['schema']['properties'];
|
|
||||||
$this->assertEquals( 4, count( $properties ) );
|
|
||||||
$this->assertArrayHasKey( 'id', $properties );
|
|
||||||
$this->assertArrayHasKey( 'name', $properties );
|
|
||||||
$this->assertArrayHasKey( 'description', $properties );
|
|
||||||
$this->assertArrayHasKey( 'enabled', $properties );
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue