diff -r c7c34916027a -r 177826044cd9 wp/wp-content/plugins/akismet/class.akismet-rest-api.php --- a/wp/wp-content/plugins/akismet/class.akismet-rest-api.php Mon Oct 14 18:06:33 2019 +0200 +++ b/wp/wp-content/plugins/akismet/class.akismet-rest-api.php Mon Oct 14 18:28:13 2019 +0200 @@ -87,6 +87,48 @@ 'callback' => array( 'Akismet_REST_API', 'get_stats' ), ) ) ); + + register_rest_route( 'akismet/v1', '/alert', array( + array( + 'methods' => WP_REST_Server::READABLE, + 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ), + 'callback' => array( 'Akismet_REST_API', 'get_alert' ), + 'args' => array( + 'key' => array( + 'required' => false, + 'type' => 'string', + 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), + 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), + ), + ), + ), + array( + 'methods' => WP_REST_Server::EDITABLE, + 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ), + 'callback' => array( 'Akismet_REST_API', 'set_alert' ), + 'args' => array( + 'key' => array( + 'required' => false, + 'type' => 'string', + 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), + 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), + ), + ), + ), + array( + 'methods' => WP_REST_Server::DELETABLE, + 'permission_callback' => array( 'Akismet_REST_API', 'remote_call_permission_callback' ), + 'callback' => array( 'Akismet_REST_API', 'delete_alert' ), + 'args' => array( + 'key' => array( + 'required' => false, + 'type' => 'string', + 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), + 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), + ), + ), + ) + ) ); } /** @@ -231,6 +273,50 @@ return rest_ensure_response( $stat_totals ); } + /** + * Get the current alert code and message. Alert codes are used to notify the site owner + * if there's a problem, like a connection issue between their site and the Akismet API, + * invalid requests being sent, etc. + * + * @param WP_REST_Request $request + * @return WP_Error|WP_REST_Response + */ + public static function get_alert( $request ) { + return rest_ensure_response( array( + 'code' => get_option( 'akismet_alert_code' ), + 'message' => get_option( 'akismet_alert_msg' ), + ) ); + } + + /** + * Update the current alert code and message by triggering a call to the Akismet server. + * + * @param WP_REST_Request $request + * @return WP_Error|WP_REST_Response + */ + public static function set_alert( $request ) { + delete_option( 'akismet_alert_code' ); + delete_option( 'akismet_alert_msg' ); + + // Make a request so the most recent alert code and message are retrieved. + Akismet::verify_key( Akismet::get_api_key() ); + + return self::get_alert( $request ); + } + + /** + * Clear the current alert code and message. + * + * @param WP_REST_Request $request + * @return WP_Error|WP_REST_Response + */ + public static function delete_alert( $request ) { + delete_option( 'akismet_alert_code' ); + delete_option( 'akismet_alert_msg' ); + + return self::get_alert( $request ); + } + private static function key_is_valid( $key ) { $response = Akismet::http_post( Akismet::build_query( @@ -253,6 +339,15 @@ return current_user_can( 'manage_options' ); } + /** + * For calls that Akismet.com makes to the site to clear outdated alert codes, use the API key for authorization. + */ + public static function remote_call_permission_callback( $request ) { + $local_key = Akismet::get_api_key(); + + return $local_key && ( strtolower( $request->get_param( 'key' ) ) === strtolower( $local_key ) ); + } + public static function sanitize_interval( $interval, $request, $param ) { $interval = trim( $interval );