enmi-conf.org: comparison wp/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php

equal deleted inserted replaced

-:7b1b88e27a20
+:48c4eec2b7e6
 */
 /**
 * Base Global Styles REST API Controller.
 */
-class WP_REST_Global_Styles_Controller extends WP_REST_Controller {
+class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
+	/**
-	/**
+	 * Whether the controller supports batching.
-	 * Post type.
+	 *
-	 *
+	 * @since 6.6.0
-	 * @since 5.9.0
+	 * @var array
-	 * @var string
+	 */
-	 */
+	protected $allow_batch = array( 'v1' => false );
-	protected $post_type;
 	/**
 	 * Constructor.
-	 * @since 5.9.0
+	 *
-	 */
+	 * @since 6.6.0
-	public function __construct() {
+	 *
-		$this->namespace = 'wp/v2';
+	 * @param string $post_type Post type.
-		$this->rest_base = 'global-styles';
+	 */
-		$this->post_type = 'wp_global_styles';
+	public function __construct( $post_type = 'wp_global_styles' ) {
+		parent::__construct( $post_type );
 	}
 	/**
 	 * Registers the controllers routes.
 	 *
 	 * @since 5.9.0
-	 *
-	 * @return void
 	 */
 	public function register_routes() {
 		register_rest_route(
 			$this->namespace,
 			'/' . $this->rest_base . '/themes/(?P<stylesheet>[\/\s%\w\.\(\)\[\]\@_\-]+)/variations',
 						'stylesheet' => array(
 							'description' => __( 'The theme identifier' ),
 							'type'        => 'string',
 						),
 					),
+					'allow_batch'         => $this->allow_batch,
 				),
 			)
 		);
 		// List themes global styles.
 			$this->namespace,
 			// The route.
 			sprintf(
 				'/%s/themes/(?P<stylesheet>%s)',
 				$this->rest_base,
-				// Matches theme's directory: `/themes/<subdirectory>/<theme>/` or `/themes/<theme>/`.
+				/*
-				// Excludes invalid directory name characters: `/:<>*?"|`.
+				 * Matches theme's directory: `/themes/<subdirectory>/<theme>/` or `/themes/<theme>/`.
+				 * Excludes invalid directory name characters: `/:<>*?"|`.
+				 */
 				'[^\/:<>\*\?"\|]+(?:\/[^\/:<>\*\?"\|]+)?'
 			),
 			array(
 				array(
 					'methods'             => WP_REST_Server::READABLE,
 							'description'       => __( 'The theme identifier' ),
 							'type'              => 'string',
 							'sanitize_callback' => array( $this, '_sanitize_global_styles_callback' ),
 						),
 					),
+					'allow_batch'         => $this->allow_batch,
 				),
 			)
 		);
 		// Lists/updates a single global style variation based on the given id.
 					'methods'             => WP_REST_Server::EDITABLE,
 					'callback'            => array( $this, 'update_item' ),
 					'permission_callback' => array( $this, 'update_item_permissions_check' ),
 					'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
 				),
-				'schema' => array( $this, 'get_public_item_schema' ),
+				'schema'      => array( $this, 'get_public_item_schema' ),
+				'allow_batch' => $this->allow_batch,
 			)
 		);
 	}
 	/**
 	 * @param string $id_or_stylesheet Global styles ID or stylesheet.
 	 * @return string Sanitized global styles ID or stylesheet.
 	 */
 	public function _sanitize_global_styles_callback( $id_or_stylesheet ) {
 		return urldecode( $id_or_stylesheet );
+	}
+	/**
+	 * Get the post, if the ID is valid.
+	 *
+	 * @since 5.9.0
+	 *
+	 * @param int $id Supplied ID.
+	 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
+	 */
+	protected function get_post( $id ) {
+		$error = new WP_Error(
+			'rest_global_styles_not_found',
+			__( 'No global styles config exist with that id.' ),
+			array( 'status' => 404 )
+		);
+		$id = (int) $id;
+		if ( $id <= 0 ) {
+			return $error;
+		}
+		$post = get_post( $id );
+		if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
+			return $error;
+		}
+		return $post;
 	}
 	/**
 	 * Checks if a given request has access to read a single global style.
 	 *
 	 * @since 5.9.0
 	 *
 	 * @param WP_Post $post Post object.
 	 * @return bool Whether the post can be read.
 	 */
-	protected function check_read_permission( $post ) {
+	public function check_read_permission( $post ) {
 		return current_user_can( 'read_post', $post->ID );
-	}
-	/**
-	 * Returns the given global styles config.
-	 *
-	 * @since 5.9.0
-	 *
-	 * @param WP_REST_Request $request The request instance.
-	 *
-	 * @return WP_REST_Response|WP_Error
-	 */
-	public function get_item( $request ) {
-		$post = $this->get_post( $request['id'] );
-		if ( is_wp_error( $post ) ) {
-			return $post;
-		}
-		return $this->prepare_item_for_response( $post, $request );
 	}
 	/**
 	 * Checks if a given request has access to write a single global styles config.
 	 *
 		return true;
 	}
 	/**
-	 * Checks if a global style can be edited.
-	 *
-	 * @since 5.9.0
-	 *
-	 * @param WP_Post $post Post object.
-	 * @return bool Whether the post can be edited.
-	 */
-	protected function check_update_permission( $post ) {
-		return current_user_can( 'edit_post', $post->ID );
-	}
-	/**
-	 * Updates a single global style config.
-	 *
-	 * @since 5.9.0
-	 *
-	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
-	 */
-	public function update_item( $request ) {
-		$post_before = $this->get_post( $request['id'] );
-		if ( is_wp_error( $post_before ) ) {
-			return $post_before;
-		}
-		$changes = $this->prepare_item_for_database( $request );
-		$result  = wp_update_post( wp_slash( (array) $changes ), true, false );
-		if ( is_wp_error( $result ) ) {
-			return $result;
-		}
-		$post          = get_post( $request['id'] );
-		$fields_update = $this->update_additional_fields_for_object( $post, $request );
-		if ( is_wp_error( $fields_update ) ) {
-			return $fields_update;
-		}
-		wp_after_insert_post( $post, true, $post_before );
-		$response = $this->prepare_item_for_response( $post, $request );
-		return rest_ensure_response( $response );
-	}
-	/**
 	 * Prepares a single global styles config for update.
 	 *
 	 * @since 5.9.0
+	 * @since 6.2.0 Added validation of styles.css property.
+	 * @since 6.6.0 Added registration of block style variations from theme.json sources (theme.json, user theme.json, partials).
 	 *
 	 * @param WP_REST_Request $request Request object.
-	 * @return stdClass Changes to pass to wp_update_post.
+	 * @return stdClass|WP_Error Prepared item on success. WP_Error on when the custom CSS is not valid.
 	 */
 	protected function prepare_item_for_database( $request ) {
 		$changes     = new stdClass();
 		$changes->ID = $request['id'];
 		}
 		if ( isset( $request['styles'] ) || isset( $request['settings'] ) ) {
 			$config = array();
 			if ( isset( $request['styles'] ) ) {
+				if ( isset( $request['styles']['css'] ) ) {
+					$css_validation_result = $this->validate_custom_css( $request['styles']['css'] );
+					if ( is_wp_error( $css_validation_result ) ) {
+						return $css_validation_result;
+					}
+				}
 				$config['styles'] = $request['styles'];
 			} elseif ( isset( $existing_config['styles'] ) ) {
 				$config['styles'] = $existing_config['styles'];
 			}
+			// Register theme-defined variations e.g. from block style variation partials under `/styles`.
+			$variations = WP_Theme_JSON_Resolver::get_style_variations( 'block' );
+			wp_register_block_style_variations_from_theme_json_partials( $variations );
 			if ( isset( $request['settings'] ) ) {
 				$config['settings'] = $request['settings'];
 			} elseif ( isset( $existing_config['settings'] ) ) {
 				$config['settings'] = $existing_config['settings'];
 			}
 	/**
 	 * Prepare a global styles config output for response.
 	 *
 	 * @since 5.9.0
+	 * @since 6.6.0 Added custom relative theme file URIs to `_links`.
 	 *
 	 * @param WP_Post         $post    Global Styles post object.
 	 * @param WP_REST_Request $request Request object.
 	 * @return WP_REST_Response Response object.
 	 */
-	public function prepare_item_for_response( $post, $request ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
+	public function prepare_item_for_response( $post, $request ) {
 		$raw_config                       = json_decode( $post->post_content, true );
 		$is_global_styles_user_theme_json = isset( $raw_config['isGlobalStylesUserThemeJSON'] ) && true === $raw_config['isGlobalStylesUserThemeJSON'];
 		$config                           = array();
+		$theme_json                       = null;
 		if ( $is_global_styles_user_theme_json ) {
-			$config = ( new WP_Theme_JSON( $raw_config, 'custom' ) )->get_raw_data();
+			$theme_json = new WP_Theme_JSON( $raw_config, 'custom' );
+			$config     = $theme_json->get_raw_data();
 		}
 		// Base fields for every post.
+		$fields = $this->get_fields_for_response( $request );
 		$data   = array();
-		$fields = $this->get_fields_for_response( $request );
 		if ( rest_is_field_included( 'id', $fields ) ) {
 			$data['id'] = $post->ID;
 		}
 		$data    = $this->filter_response_by_context( $data, $context );
 		// Wrap the data in a response object.
 		$response = rest_ensure_response( $data );
-		$links = $this->prepare_links( $post->ID );
+		if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) {
-		$response->add_links( $links );
+			$links = $this->prepare_links( $post->ID );
-		if ( ! empty( $links['self']['href'] ) ) {
-			$actions = $this->get_available_actions();
+			// Only return resolved URIs for get requests to user theme JSON.
-			$self    = $links['self']['href'];
+			if ( $theme_json ) {
-			foreach ( $actions as $rel ) {
+				$resolved_theme_uris = WP_Theme_JSON_Resolver::get_resolved_theme_uris( $theme_json );
-				$response->add_link( $rel, $self );
+				if ( ! empty( $resolved_theme_uris ) ) {
+					$links['https://api.w.org/theme-file'] = $resolved_theme_uris;
+				}
+			}
+			$response->add_links( $links );
+			if ( ! empty( $links['self']['href'] ) ) {
+				$actions = $this->get_available_actions( $post, $request );
+				$self    = $links['self']['href'];
+				foreach ( $actions as $rel ) {
+					$response->add_link( $rel, $self );
+				}
 			}
 		}
 		return $response;
 	}
 	/**
-	 * Get the post, if the ID is valid.
-	 *
-	 * @since 5.9.0
-	 *
-	 * @param int $id Supplied ID.
-	 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
-	 */
-	protected function get_post( $id ) {
-		$error = new WP_Error(
-			'rest_global_styles_not_found',
-			__( 'No global styles config exist with that id.' ),
-			array( 'status' => 404 )
-		);
-		$id = (int) $id;
-		if ( $id <= 0 ) {
-			return $error;
-		}
-		$post = get_post( $id );
-		if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
-			return $error;
-		}
-		return $post;
-	}
-	/**
 	 * Prepares links for the request.
 	 *
 	 * @since 5.9.0
+	 * @since 6.3.0 Adds revisions count and rest URL href to version-history.
 	 *
 	 * @param integer $id ID.
 	 * @return array Links for the given post.
 	 */
 	protected function prepare_links( $id ) {
 		$base = sprintf( '%s/%s', $this->namespace, $this->rest_base );
 		$links = array(
-			'self' => array(
+			'self'  => array(
 				'href' => rest_url( trailingslashit( $base ) . $id ),
 			),
+			'about' => array(
+				'href' => rest_url( 'wp/v2/types/' . $this->post_type ),
+			),
 		);
+		if ( post_type_supports( $this->post_type, 'revisions' ) ) {
+			$revisions                = wp_get_latest_revision_id_and_total_count( $id );
+			$revisions_count          = ! is_wp_error( $revisions ) ? $revisions['count'] : 0;
+			$revisions_base           = sprintf( '/%s/%d/revisions', $base, $id );
+			$links['version-history'] = array(
+				'href'  => rest_url( $revisions_base ),
+				'count' => $revisions_count,
+			);
+		}
 		return $links;
 	}
 	/**
 	 * Get the link relations available for the post and current user.
 	 *
 	 * @since 5.9.0
-	 *
+	 * @since 6.2.0 Added 'edit-css' action.
+	 * @since 6.6.0 Added $post and $request parameters.
+	 *
+	 * @param WP_Post         $post    Post object.
+	 * @param WP_REST_Request $request Request object.
 	 * @return array List of link relations.
 	 */
-	protected function get_available_actions() {
+	protected function get_available_actions( $post, $request ) {
 		$rels = array();
-		$post_type = get_post_type_object( $this->post_type );
+		$post_type = get_post_type_object( $post->post_type );
 		if ( current_user_can( $post_type->cap->publish_posts ) ) {
 			$rels[] = 'https://api.w.org/action-publish';
 		}
+		if ( current_user_can( 'edit_css' ) ) {
+			$rels[] = 'https://api.w.org/action-edit-css';
+		}
 		return $rels;
-	}
-	/**
-	 * Overwrites the default protected title format.
-	 *
-	 * By default, WordPress will show password protected posts with a title of
-	 * "Protected: %s", as the REST API communicates the protected status of a post
-	 * in a machine readable format, we remove the "Protected: " prefix.
-	 *
-	 * @since 5.9.0
-	 *
-	 * @return string Protected title format.
-	 */
-	public function protected_title_format() {
-		return '%s';
 	}
 	/**
 	 * Retrieves the query params for the global styles collection.
 	 *
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
 	 * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
 	 */
 	public function get_theme_item_permissions_check( $request ) {
-		// Verify if the current user has edit_theme_options capability.
+		/*
-		// This capability is required to edit/view/delete templates.
+		 * Verify if the current user has edit_theme_options capability.
+		 * This capability is required to edit/view/delete templates.
+		 */
 		if ( ! current_user_can( 'edit_theme_options' ) ) {
 			return new WP_Error(
 				'rest_cannot_manage_global_styles',
 				__( 'Sorry, you are not allowed to access the global styles on this site.' ),
 				array(
 	/**
 	 * Returns the given theme global styles config.
 	 *
 	 * @since 5.9.0
+	 * @since 6.6.0 Added custom relative theme file URIs to `_links`.
 	 *
 	 * @param WP_REST_Request $request The request instance.
 	 * @return WP_REST_Response|WP_Error
 	 */
 	public function get_theme_item( $request ) {
-		if ( wp_get_theme()->get_stylesheet() !== $request['stylesheet'] ) {
+		if ( get_stylesheet() !== $request['stylesheet'] ) {
 			// This endpoint only supports the active theme for now.
 			return new WP_Error(
 				'rest_theme_not_found',
 				__( 'Theme not found.' ),
 				array( 'status' => 404 )
 			);
 		}
 		$theme  = WP_Theme_JSON_Resolver::get_merged_data( 'theme' );
+		$fields = $this->get_fields_for_response( $request );
 		$data   = array();
-		$fields = $this->get_fields_for_response( $request );
 		if ( rest_is_field_included( 'settings', $fields ) ) {
 			$data['settings'] = $theme->get_settings();
 		}
 		$data    = $this->add_additional_fields_to_object( $data, $request );
 		$data    = $this->filter_response_by_context( $data, $context );
 		$response = rest_ensure_response( $data );
-		$links = array(
+		if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) {
-			'self' => array(
+			$links               = array(
-				'href' => rest_url( sprintf( '%s/%s/themes/%s', $this->namespace, $this->rest_base, $request['stylesheet'] ) ),
+				'self' => array(
-			),
+					'href' => rest_url( sprintf( '%s/%s/themes/%s', $this->namespace, $this->rest_base, $request['stylesheet'] ) ),
-		);
+				),
+			);
-		$response->add_links( $links );
+			$resolved_theme_uris = WP_Theme_JSON_Resolver::get_resolved_theme_uris( $theme );
+			if ( ! empty( $resolved_theme_uris ) ) {
+				$links['https://api.w.org/theme-file'] = $resolved_theme_uris;
+			}
+			$response->add_links( $links );
+		}
 		return $response;
 	}
 	/**
 	 * @since 6.0.0
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
 	 * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
 	 */
-	public function get_theme_items_permissions_check( $request ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
+	public function get_theme_items_permissions_check( $request ) {
-		// Verify if the current user has edit_theme_options capability.
+		/*
-		// This capability is required to edit/view/delete templates.
+		 * Verify if the current user has edit_theme_options capability.
+		 * This capability is required to edit/view/delete templates.
+		 */
 		if ( ! current_user_can( 'edit_theme_options' ) ) {
 			return new WP_Error(
 				'rest_cannot_manage_global_styles',
 				__( 'Sorry, you are not allowed to access the global styles on this site.' ),
 				array(
 	/**
 	 * Returns the given theme global styles variations.
 	 *
 	 * @since 6.0.0
+	 * @since 6.2.0 Returns parent theme variations, if they exist.
+	 * @since 6.6.0 Added custom relative theme file URIs to `_links` for each item.
 	 *
 	 * @param WP_REST_Request $request The request instance.
 	 *
 	 * @return WP_REST_Response|WP_Error
 	 */
 	public function get_theme_items( $request ) {
-		if ( wp_get_theme()->get_stylesheet() !== $request['stylesheet'] ) {
+		if ( get_stylesheet() !== $request['stylesheet'] ) {
 			// This endpoint only supports the active theme for now.
 			return new WP_Error(
 				'rest_theme_not_found',
 				__( 'Theme not found.' ),
 				array( 'status' => 404 )
 			);
 		}
+		$response   = array();
+		// Register theme-defined variations e.g. from block style variation partials under `/styles`.
+		$partials = WP_Theme_JSON_Resolver::get_style_variations( 'block' );
+		wp_register_block_style_variations_from_theme_json_partials( $partials );
 		$variations = WP_Theme_JSON_Resolver::get_style_variations();
-		$response   = rest_ensure_response( $variations );
+		foreach ( $variations as $variation ) {
+			$variation_theme_json = new WP_Theme_JSON( $variation );
-		return $response;
+			$resolved_theme_uris  = WP_Theme_JSON_Resolver::get_resolved_theme_uris( $variation_theme_json );
+			$data                 = rest_ensure_response( $variation );
+			if ( ! empty( $resolved_theme_uris ) ) {
+				$data->add_links(
+					array(
+						'https://api.w.org/theme-file' => $resolved_theme_uris,
+					)
+				);
+			}
+			$response[] = $this->prepare_response_for_collection( $data );
+		}
+		return rest_ensure_response( $response );
+	}
+	/**
+	 * Validate style.css as valid CSS.
+	 *
+	 * Currently just checks for invalid markup.
+	 *
+	 * @since 6.2.0
+	 * @since 6.4.0 Changed method visibility to protected.
+	 *
+	 * @param string $css CSS to validate.
+	 * @return true|WP_Error True if the input was validated, otherwise WP_Error.
+	 */
+	protected function validate_custom_css( $css ) {
+		if ( preg_match( '#</?\w+#', $css ) ) {
+			return new WP_Error(
+				'rest_custom_css_illegal_markup',
+				__( 'Markup is not allowed in CSS.' ),
+				array( 'status' => 400 )
+			);
+		}
+		return true;
 	}
 }

changeset 21	48c4eec2b7e6
parent 19	3d72ae0968f4
child 22	8c2e4d02f4ef