Fix issues from PR review: sanitize/escape fixes in wp-admin, remove modes.

This commit is contained in:
Justin Shreve 2016-08-09 10:14:47 -07:00
parent 72d665d464
commit 35cae38aa2
3 changed files with 10 additions and 305 deletions

View File

@ -41,12 +41,18 @@ class WC_Admin_Status {
if ( ! empty( $_GET['action'] ) && ! empty( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( $_REQUEST['_wpnonce'], 'debug_action' ) ) { if ( ! empty( $_GET['action'] ) && ! empty( $_REQUEST['_wpnonce'] ) && wp_verify_nonce( $_REQUEST['_wpnonce'], 'debug_action' ) ) {
$tools_controller = new WC_REST_System_Status_Tools_Controller; $tools_controller = new WC_REST_System_Status_Tools_Controller;
$response = $tools_controller->execute_tool( $_GET['action'] ); $action = wc_clean( $_GET['action'] );
if ( array_key_exists( $action, $tools ) ) {
$response = $tools_controller->execute_tool( $action );
} else {
$response = array( 'success' => false, 'message' => __( 'Tool does not exist.', 'woocommerce' ) );
}
if ( $response['success'] ) { if ( $response['success'] ) {
echo '<div class="updated inline"><p>' . $response['message'] . '</p></div>'; echo '<div class="updated inline"><p>' . esc_html( $response['message'] ) . '</p></div>';
} else { } else {
echo '<div class="error inline"><p>' . $response['message'] . '</p></div>'; echo '<div class="error inline"><p>' . esc_html( $response['message'] ) . '</p></div>';
} }
} }

View File

@ -35,7 +35,7 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
protected $rest_base = 'system_status'; protected $rest_base = 'system_status';
/** /**
* Register the routes for /system_status and /system_status/modes * Register the route for /system_status
*/ */
public function register_routes() { public function register_routes() {
register_rest_route( $this->namespace, '/' . $this->rest_base, array( register_rest_route( $this->namespace, '/' . $this->rest_base, array(
@ -47,20 +47,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
), ),
'schema' => array( $this, 'get_public_item_schema' ), 'schema' => array( $this, 'get_public_item_schema' ),
) ); ) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/modes', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_modes' ),
'permission_callback' => array( $this, 'get_modes_permissions_check' ),
),
array(
'methods' => WP_REST_Server::EDITABLE,
'callback' => array( $this, 'update_modes' ),
'permission_callback' => array( $this, 'update_modes_permissions_check' ),
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
),
'schema' => array( $this, 'get_mode_item_schema' ),
) );
} }
/** /**
@ -76,32 +62,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
return true; return true;
} }
/**
* Check whether a given request has permission to view system status modes.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function get_modes_permissions_check( $request ) {
if ( ! wc_rest_check_manager_permissions( 'system_status', 'read' ) ) {
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list system modes.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Check whether a given request has permission to toggle system status modes.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function update_modes_permissions_check( $request ) {
if ( ! wc_rest_check_manager_permissions( 'system_status', 'edit' ) ) {
return new WP_Error( 'woocommerce_rest_cannot_update', __( 'Sorry, you cannot update system modes', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/** /**
* Get a system status info, by section. * Get a system status info, by section.
* *
@ -126,104 +86,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
return rest_ensure_response( $response ); return rest_ensure_response( $response );
} }
/**
* A list of modes that can be toggled via WC's system status screens
*
* @return array
*/
public function _get_modes() {
$options = wp_parse_args( get_option( 'woocommerce_status_options', array() ), array(
'uninstall_data' => 0,
'template_debug_mode' => 0,
'shipping_debug_mode' => 0,
) );
$modes = array(
'shipping_debug' => array(
'id' => 'shipping_debug',
'name' => __( 'Shipping Debug Mode', 'woocommerce' ),
'description' => __( 'Enable Shipping Debug Mode to show matching shipping zones and to bypass shipping rate cache.', 'woocommerce' ),
'enabled' => (bool) $options['shipping_debug_mode'],
),
'template_debug' => array(
'id' => 'template_debug',
'name' => __( 'Template Debug Mode', 'woocommerce' ),
'description' => __( 'Enable Template Debug Mode to bypass all theme and plugin template overrides for logged-in administrators. Used for debugging purposes.', 'woocommerce' ),
'enabled' => (bool) $options['template_debug_mode'],
),
'uninstall_data' => array(
'id' => 'uninstall_data',
'name' => __( 'Remove All Data On Uninstall Mode', 'woocommerce' ),
'description' => __( 'This mode will remove all WooCommerce, Product and Order data when using the "Delete" link on the plugins screen. It will also remove any setting/option prepended with "woocommerce_" so may also affect installed WooCommerce Extensions.', 'woocommerce' ),
'enabled' => (bool) $options['uninstall_data'],
),
);
return $modes;
}
/**
* Get system status modes.
* @param WP_REST_Request $request
* @return WP_Error|WP_REST_Response
*/
public function get_modes( $request ) {
$modes_response = array();
foreach ( $this->_get_modes() as $id => $mode ) {
$modes_response[] = $this->prepare_response_for_collection( $this->prepare_mode_for_response ( $mode, $request ) );
}
$response = rest_ensure_response( $modes_response );
return $response;
}
/**
* Update system status modes.
* @param WP_REST_Request $request
* @return WP_Error|WP_REST_Response
*/
public function update_modes( $request ) {
$items = $request->get_params();
$modes = $this->_get_modes();
$options = wp_parse_args( get_option( 'woocommerce_status_options', array() ), array(
'uninstall_data' => 0,
'template_debug_mode' => 0,
'shipping_debug_mode' => 0,
) );
foreach ( $items as $key => $value ) {
if ( ! array_key_exists( $key, $modes ) ) {
return new WP_Error( 'woocommerce_rest_system_status_mode_invalid', __( 'Invalid mode.', 'woocommerce' ), array( 'status' => 500 ) );
break;
}
if ( 'uninstall_data' !== $key ) {
$key = $key . '_mode'; // all other modes have a suffix
}
$options[ $key ] = (bool) $value;
}
update_option( 'woocommerce_status_options', $options );
return $this->get_modes( $request );
}
/**
* Prepare a mode for serialization.
*
* @param array $item Object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response $response Response data.
*/
public function prepare_mode_for_response( $item, $request ) {
$context = empty( $request['context'] ) ? 'view' : $request['context'];
$data = $this->add_additional_fields_to_object( $item, $request );
$data = $this->filter_response_by_context( $data, $context );
$response = rest_ensure_response( $data );
return $response;
}
/** /**
* Get the system status schema, conforming to JSON Schema. * Get the system status schema, conforming to JSON Schema.
* *
@ -563,52 +425,6 @@ class WC_REST_System_Status_Controller extends WC_REST_Controller {
return $this->add_additional_fields_schema( $schema ); return $this->add_additional_fields_schema( $schema );
} }
/**
* Get the system status modes schema, conforming to JSON Schema.
*
* @return array
*/
public function get_mode_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'system_status_option',
'type' => 'object',
'properties' => array(
'id' => array(
'description' => __( 'A unique identifier for the system status mode.', 'woocommerce' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_title',
),
),
'name' => array(
'description' => __( 'Mode name.', 'woocommerce' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'description' => array(
'description' => __( 'Mode description.', 'woocommerce' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'enabled' => array(
'description' => __( 'True if this mode is enabled.', 'woocommerce' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
),
),
);
return $this->add_additional_fields_schema( $schema );
}
/** /**
* Return an array of sections and the data associated with each. * Return an array of sections and the data associated with each.
* *

View File

@ -25,7 +25,6 @@ class WC_Tests_REST_System_Status extends WC_REST_Unit_Test_Case {
$this->assertArrayHasKey( '/wc/v1/system_status', $routes ); $this->assertArrayHasKey( '/wc/v1/system_status', $routes );
$this->assertArrayHasKey( '/wc/v1/system_status/tools', $routes ); $this->assertArrayHasKey( '/wc/v1/system_status/tools', $routes );
$this->assertArrayHasKey( '/wc/v1/system_status/tools/(?P<id>[\w-]+)', $routes ); $this->assertArrayHasKey( '/wc/v1/system_status/tools/(?P<id>[\w-]+)', $routes );
$this->assertArrayHasKey( '/wc/v1/system_status/modes', $routes );
} }
/** /**
@ -303,105 +302,6 @@ class WC_Tests_REST_System_Status extends WC_REST_Unit_Test_Case {
$this->assertEquals( 401, $response->get_status() ); $this->assertEquals( 401, $response->get_status() );
} }
/**
* Test getting a list of system status modes.
*
* @since 2.7.0
*/
public function test_get_system_status_modes() {
wp_set_current_user( $this->user );
$response = $this->server->dispatch( new WP_REST_Request( 'GET', '/wc/v1/system_status/modes' ) );
$data = $response->get_data();
$system_status = new WC_REST_System_Status_Controller;
$raw_modes = $system_status->_get_modes();
foreach ( $data as $mode ) {
$this->assertEquals( $raw_modes[ $mode['id'] ], $mode );
}
}
/**
* Test getting system status modes without valid permissions.
*
* @since 2.7.0
*/
public function test_get_system_status_modes_without_permission() {
wp_set_current_user( 0 );
$response = $this->server->dispatch( new WP_REST_Request( 'GET', '/wc/v1/system_status/modes' ) );
$this->assertEquals( 401, $response->get_status() );
}
/**
* Test updating system status modes.
*
* @since 2.7.0
*/
public function test_update_system_status_modes() {
wp_set_current_user( $this->user );
// test invalid mode
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
$request->set_body_params( array(
'test_mode' => 'test',
) );
$response = $this->server->dispatch( $request );
$this->assertEquals( 500, $response->get_status() );
// test updating single mode.
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
$request->set_body_params( array(
'uninstall_data' => true,
) );
$response = $this->server->dispatch( $request );
$data = $response->get_data();
foreach ( $data as $mode ) {
if ( 'uninstall_data' === $mode['id'] ) {
$this->assertTrue( $mode['enabled'] );
} else {
$this->assertFalse( $mode['enabled'] );
}
}
// test updating multiple
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
$request->set_body_params( array(
'template_debug' => true,
'shipping_debug' => true,
) );
$response = $this->server->dispatch( $request );
$data = $response->get_data();
foreach ( $data as $mode ) {
$this->assertTrue( $mode['enabled'] ); // all 3 should be true now
}
// test updating multiple, some false
$request = new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' );
$request->set_body_params( array(
'template_debug' => false,
'shipping_debug' => true,
'uninstall_data' => false,
) );
$response = $this->server->dispatch( $request );
$data = $response->get_data();
foreach ( $data as $mode ) {
if ( 'shipping_debug' === $mode['id'] ) {
$this->assertTrue( $mode['enabled'] );
} else {
$this->assertFalse( $mode['enabled'] );
}
}
}
/**
* Test updating system status modes without permission.
*
* @since 2.7.0
*/
public function test_update_system_status_modes_without_permission() {
wp_set_current_user( 0 );
$response = $this->server->dispatch( new WP_REST_Request( 'POST', '/wc/v1/system_status/modes' ) );
$this->assertEquals( 401, $response->get_status() );
}
/** /**
* Test system status schema. * Test system status schema.
* *
@ -421,21 +321,4 @@ class WC_Tests_REST_System_Status extends WC_REST_Unit_Test_Case {
$this->assertArrayHasKey( 'message', $properties ); $this->assertArrayHasKey( 'message', $properties );
} }
/**
* Test modes schema.
*
* @since 2.7.0
*/
public function test_get_system_status_mode_schema() {
$request = new WP_REST_Request( 'OPTIONS', '/wc/v1/system_status/modes' );
$response = $this->server->dispatch( $request );
$data = $response->get_data();
$properties = $data['schema']['properties'];
$this->assertEquals( 4, count( $properties ) );
$this->assertArrayHasKey( 'id', $properties );
$this->assertArrayHasKey( 'name', $properties );
$this->assertArrayHasKey( 'description', $properties );
$this->assertArrayHasKey( 'enabled', $properties );
}
} }