namespace = 'wp/v2'; $this->rest_base = 'types'; } /** * Registers the routes for post types. * * @since 4.7.0 * * @see register_rest_route() */ public function register_routes() { register_rest_route( $this->namespace, '/' . $this->rest_base, array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_items' ), 'permission_callback' => array( $this, 'get_items_permissions_check' ), 'args' => $this->get_collection_params(), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P[\w-]+)', array( 'args' => array( 'type' => array( 'description' => __( 'An alphanumeric identifier for the post type.' ), 'type' => 'string', ), ), array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => '__return_true', 'args' => array( 'context' => $this->get_context_param( array( 'default' => 'view' ) ), ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); } /** * Checks whether a given request has permission to read types. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_items_permissions_check( $request ) { if ( 'edit' === $request['context'] ) { $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); foreach ( $types as $type ) { if ( current_user_can( $type->cap->edit_posts ) ) { return true; } } return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Retrieves all public post types. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_items( $request ) { if ( $request->is_method( 'HEAD' ) ) { // Return early as this handler doesn't add any response headers. return new WP_REST_Response( array() ); } $data = array(); $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); foreach ( $types as $type ) { if ( 'edit' === $request['context'] && ! current_user_can( $type->cap->edit_posts ) ) { continue; } $post_type = $this->prepare_item_for_response( $type, $request ); $data[ $type->name ] = $this->prepare_response_for_collection( $post_type ); } return rest_ensure_response( $data ); } /** * Retrieves a specific post type. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_item( $request ) { $obj = get_post_type_object( $request['type'] ); if ( empty( $obj ) ) { return new WP_Error( 'rest_type_invalid', __( 'Invalid post type.' ), array( 'status' => 404 ) ); } if ( empty( $obj->show_in_rest ) ) { return new WP_Error( 'rest_cannot_read_type', __( 'Cannot view post type.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( 'edit' === $request['context'] && ! current_user_can( $obj->cap->edit_posts ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); } $data = $this->prepare_item_for_response( $obj, $request ); return rest_ensure_response( $data ); } /** * Prepares a post type object for serialization. * * @since 4.7.0 * @since 5.9.0 Renamed `$post_type` to `$item` to match parent class for PHP 8 named parameter support. * * @param WP_Post_Type $item Post type object. * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response Response object. */ public function prepare_item_for_response( $item, $request ) { // Restores the more descriptive, specific name for use within this method. $post_type = $item; // Don't prepare the response body for HEAD requests. if ( $request->is_method( 'HEAD' ) ) { /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php */ return apply_filters( 'rest_prepare_post_type', new WP_REST_Response( array() ), $post_type, $request ); } $taxonomies = wp_list_filter( get_object_taxonomies( $post_type->name, 'objects' ), array( 'show_in_rest' => true ) ); $taxonomies = wp_list_pluck( $taxonomies, 'name' ); $base = ! empty( $post_type->rest_base ) ? $post_type->rest_base : $post_type->name; $namespace = ! empty( $post_type->rest_namespace ) ? $post_type->rest_namespace : 'wp/v2'; $supports = get_all_post_type_supports( $post_type->name ); $fields = $this->get_fields_for_response( $request ); $data = array(); if ( rest_is_field_included( 'capabilities', $fields ) ) { $data['capabilities'] = $post_type->cap; } if ( rest_is_field_included( 'description', $fields ) ) { $data['description'] = $post_type->description; } if ( rest_is_field_included( 'hierarchical', $fields ) ) { $data['hierarchical'] = $post_type->hierarchical; } if ( rest_is_field_included( 'has_archive', $fields ) ) { $data['has_archive'] = $post_type->has_archive; } if ( rest_is_field_included( 'visibility', $fields ) ) { $data['visibility'] = array( 'show_in_nav_menus' => (bool) $post_type->show_in_nav_menus, 'show_ui' => (bool) $post_type->show_ui, ); } if ( rest_is_field_included( 'viewable', $fields ) ) { $data['viewable'] = is_post_type_viewable( $post_type ); } if ( rest_is_field_included( 'labels', $fields ) ) { $data['labels'] = $post_type->labels; } if ( rest_is_field_included( 'name', $fields ) ) { $data['name'] = $post_type->label; } if ( rest_is_field_included( 'slug', $fields ) ) { $data['slug'] = $post_type->name; } if ( rest_is_field_included( 'icon', $fields ) ) { $data['icon'] = $post_type->menu_icon; } if ( rest_is_field_included( 'supports', $fields ) ) { $data['supports'] = $supports; } if ( rest_is_field_included( 'taxonomies', $fields ) ) { $data['taxonomies'] = array_values( $taxonomies ); } if ( rest_is_field_included( 'rest_base', $fields ) ) { $data['rest_base'] = $base; } if ( rest_is_field_included( 'rest_namespace', $fields ) ) { $data['rest_namespace'] = $namespace; } if ( rest_is_field_included( 'template', $fields ) ) { $data['template'] = $post_type->template ?? array(); } if ( rest_is_field_included( 'template_lock', $fields ) ) { $data['template_lock'] = ! empty( $post_type->template_lock ) ? $post_type->template_lock : false; } $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; $data = $this->add_additional_fields_to_object( $data, $request ); $data = $this->filter_response_by_context( $data, $context ); // Wrap the data in a response object. $response = rest_ensure_response( $data ); if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) { $response->add_links( $this->prepare_links( $post_type ) ); } /** * Filters a post type returned from the REST API. * * Allows modification of the post type data right before it is returned. * * @since 4.7.0 * * @param WP_REST_Response $response The response object. * @param WP_Post_Type $post_type The original post type object. * @param WP_REST_Request $request Request used to generate the response. */ return apply_filters( 'rest_prepare_post_type', $response, $post_type, $request ); } /** * Prepares links for the request. * * @since 6.1.0 * * @param WP_Post_Type $post_type The post type. * @return array Links for the given post type. */ protected function prepare_links( $post_type ) { return array( 'collection' => array( 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), ), 'https://api.w.org/items' => array( 'href' => rest_url( rest_get_route_for_post_type_items( $post_type->name ) ), ), ); } /** * Retrieves the post type's schema, conforming to JSON Schema. * * @since 4.7.0 * @since 4.8.0 The `supports` property was added. * @since 5.9.0 The `visibility` and `rest_namespace` properties were added. * @since 6.1.0 The `icon` property was added. * * @return array Item schema data. */ public function get_item_schema() { if ( $this->schema ) { return $this->add_additional_fields_schema( $this->schema ); } $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'type', 'type' => 'object', 'properties' => array( 'capabilities' => array( 'description' => __( 'All capabilities used by the post type.' ), 'type' => 'object', 'context' => array( 'edit' ), 'readonly' => true, ), 'description' => array( 'description' => __( 'A human-readable description of the post type.' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'hierarchical' => array( 'description' => __( 'Whether or not the post type should have children.' ), 'type' => 'boolean', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'viewable' => array( 'description' => __( 'Whether or not the post type can be viewed.' ), 'type' => 'boolean', 'context' => array( 'edit' ), 'readonly' => true, ), 'labels' => array( 'description' => __( 'Human-readable labels for the post type for various contexts.' ), 'type' => 'object', 'context' => array( 'edit' ), 'readonly' => true, ), 'name' => array( 'description' => __( 'The title for the post type.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'slug' => array( 'description' => __( 'An alphanumeric identifier for the post type.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'supports' => array( 'description' => __( 'All features, supported by the post type.' ), 'type' => 'object', 'context' => array( 'edit' ), 'readonly' => true, ), 'has_archive' => array( 'description' => __( 'If the value is a string, the value will be used as the archive slug. If the value is false the post type has no archive.' ), 'type' => array( 'string', 'boolean' ), 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'taxonomies' => array( 'description' => __( 'Taxonomies associated with post type.' ), 'type' => 'array', 'items' => array( 'type' => 'string', ), 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'rest_base' => array( 'description' => __( 'REST base route for the post type.'namespace = 'wp/v2'; $this->rest_base = 'taxonomies'; } /** * Registers the routes for taxonomies. * * @since 4.7.0 * * @see register_rest_route() */ public function register_routes() { register_rest_route( $this->namespace, '/' . $this->rest_base, array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_items' ), 'permission_callback' => array( $this, 'get_items_permissions_check' ), 'args' => $this->get_collection_params(), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P[\w-]+)', array( 'args' => array( 'taxonomy' => array( 'description' => __( 'An alphanumeric identifier for the taxonomy.' ), 'type' => 'string', ), ), array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => array( $this, 'get_item_permissions_check' ), 'args' => array( 'context' => $this->get_context_param( array( 'default' => 'view' ) ), ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); } /** * Checks whether a given request has permission to read taxonomies. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_items_permissions_check( $request ) { if ( 'edit' === $request['context'] ) { if ( ! empty( $request['type'] ) ) { $taxonomies = get_object_taxonomies( $request['type'], 'objects' ); } else { $taxonomies = get_taxonomies( '', 'objects' ); } foreach ( $taxonomies as $taxonomy ) { if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap->assign_terms ) ) { return true; } } return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Retrieves all public taxonomies. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response Response object on success, or WP_Error object on failure. */ public function get_items( $request ) { if ( $request->is_method( 'HEAD' ) ) { // Return early as this handler doesn't add any response headers. return new WP_REST_Response( array() ); } // Retrieve the list of registered collection query parameters. $registered = $this->get_collection_params(); if ( isset( $registered['type'] ) && ! empty( $request['type'] ) ) { $taxonomies = get_object_taxonomies( $request['type'], 'objects' ); } else { $taxonomies = get_taxonomies( '', 'objects' ); } $data = array(); foreach ( $taxonomies as $tax_type => $value ) { if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap->assign_terms ) ) ) { continue; } $tax = $this->prepare_item_for_response( $value, $request ); $tax = $this->prepare_response_for_collection( $tax ); $data[ $tax_type ] = $tax; } if ( empty( $data ) ) { // Response should still be returned as a JSON object when it is empty. $data = (object) $data; } return rest_ensure_response( $data ); } /** * Checks if a given request has access to a taxonomy. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return bool|WP_Error True if the request has read access for the item, otherwise false or WP_Error object. */ public function get_item_permissions_check( $request ) { $tax_obj = get_taxonomy( $request['taxonomy'] ); if ( $tax_obj ) { if ( empty( $tax_obj->show_in_rest ) ) { return false; } if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->assign_terms ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); } } return true; } /** * Retrieves a specific taxonomy. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_item( $request ) { $tax_obj = get_taxonomy( $request['taxonomy'] ); if ( empty( $tax_obj ) ) { return new WP_Error( 'rest_taxonomy_invalid', __( 'Invalid taxonomy.' ), array( 'status' => 404 ) ); } $data = $this->prepare_item_for_response( $tax_obj, $request ); return rest_ensure_response( $data ); } /** * Prepares a taxonomy object for serialization. * * @since 4.7.0 * @since 5.9.0 Renamed `$taxonomy` to `$item` to match parent class for PHP 8 named parameter support. * * @param WP_Taxonomy $item Taxonomy data. * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response Response object. */ public function prepare_item_for_response( $item, $request ) { // Restores the more descriptive, specific name for use within this method. $taxonomy = $item; // Don't prepare the response body for HEAD requests. if ( $request->is_method( 'HEAD' ) ) { /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php */ return apply_filters( 'rest_prepare_taxonomy', new WP_REST_Response( array() ), $taxonomy, $request ); } $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; $fields = $this->get_fields_for_response( $request ); $data = array(); if ( in_array( 'name', $fields, true ) ) { $data['name'] = $taxonomy->label; } if ( in_array( 'slug', $fields, true ) ) { $data['slug'] = $taxonomy->name; } if ( in_array( 'capabilities', $fields, true ) ) { $data['capabilities'] = $taxonomy->cap; } if ( in_array( 'description', $fields, true ) ) { $data['description'] = $taxonomy->description; } if ( in_array( 'labels', $fields, true ) ) { $data['labels'] = $taxonomy->labels; } if ( in_array( 'types', $fields, true ) ) { $data['types'] = array_values( $taxonomy->object_type ); } if ( in_array( 'show_cloud', $fields, true ) ) { $data['show_cloud'] = $taxonomy->show_tagcloud; } if ( in_array( 'hierarchical', $fields, true ) ) { $data['hierarchical'] = $taxonomy->hierarchical; } if ( in_array( 'rest_base', $fields, true ) ) { $data['rest_base'] = $base; } if ( in_array( 'rest_namespace', $fields, true ) ) { $data['rest_namespace'] = $taxonomy->rest_namespace; } if ( in_array( 'visibility', $fields, true ) ) { $data['visibility'] = array( 'public' => (bool) $taxonomy->public, 'publicly_queryable' => (bool) $taxonomy->publicly_queryable, 'show_admin_column' => (bool) $taxonomy->show_admin_column, 'show_in_nav_menus' => (bool) $taxonomy->show_in_nav_menus, 'show_in_quick_edit' => (bool) $taxonomy->show_in_quick_edit, 'show_ui' => (bool) $taxonomy->show_ui, ); } $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; $data = $this->add_additional_fields_to_object( $data, $request ); $data = $this->filter_response_by_context( $data, $context ); // Wrap the data in a response object. $response = rest_ensure_response( $data ); if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) { $response->add_links( $this->prepare_links( $taxonomy ) ); } /** * Filters a taxonomy returned from the REST API. * * Allows modification of the taxonomy data right before it is returned. * * @since 4.7.0 * * @param WP_REST_Response $response The response object. * @param WP_Taxonomy $item The original taxonomy object. * @param WP_REST_Request $request Request used to generate the response. */ return apply_filters( 'rest_prepare_taxonomy', $response, $taxonomy, $request ); } /** * Prepares links for the request. * * @since 6.1.0 * * @param WP_Taxonomy $taxonomy The taxonomy. * @return array Links for the given taxonomy. */ protected function prepare_links( $taxonomy ) { return array( 'collection' => array( 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), ), 'https://api.w.org/items' => array( 'href' => rest_url( rest_get_route_for_taxonomy_items( $taxonomy->name ) ), ), ); } /** * Retrieves the taxonomy's schema, conforming to JSON Schema. * * @since 4.7.0 * @since 5.0.0 The `visibility` property was added. * @since 5.9.0 The `rest_namespace` property was added. * * @return array Item schema data. */ public function get_item_schema() { if ( $this->schema ) { return $this->add_additional_fields_schema( $this->schema ); } $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'taxonomy', 'type' => 'object', 'properties' => array( 'capabilities' => array( 'description' => __( 'All capabilities used by the taxonomy.' ), 'type' => 'object', 'context' => array( 'edit' ), 'readonly' => true, ), 'description' => array( 'description' => __( 'A human-readable description of the taxonomy.' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'hierarchical' => array( 'description' => __( 'Whether or not the taxonomy should have children.' ), 'type' => 'boolean', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'labels' => array( 'description' => __( 'Human-readable labels for the taxonomy for various contexts.' ), 'type' => 'object', 'context' => array( 'edit' ), 'readonly' => true, ), 'name' => array( 'description' => __( 'The title for the taxonomy.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'slug' => array( 'description' => __( 'An alphanumeric identifier for the taxonomy.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'show_cloud' => array( 'ddom = $dom; $this->args = array_merge( $this->DEFAULT_ARGS, $args ); if ( ! empty( $this->args['use_document_element'] ) ) { $this->root_element = $this->dom->documentElement; } else { $this->root_element = $this->dom->body; } } /** * Add filters to manipulate output during output buffering before the DOM is constructed. * * Add actions and filters before the page is rendered so that the sanitizer can fix issues during output buffering. * This provides an alternative to manipulating the DOM in the sanitize method. This is a static function because * it is invoked before the class is instantiated, as the DOM is not available yet. This method is only called * when 'amp' theme support is present. It is conceptually similar to the AMP_Base_Embed_Handler class's register_embed * method. * * @since 1.0 * @see \AMP_Base_Embed_Handler::register_embed() * * @param array $args Args. */ public static function add_buffering_hooks( $args = [] ) {} // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable /** * Get mapping of HTML selectors to the AMP component selectors which they may be converted into. * * @see AMP_Style_Sanitizer::ampify_ruleset_selectors() * * @return array Mapping. */ public function get_selector_conversion_mapping() { return []; } /** * Determine whether the resulting AMP element uses a "light" shadow DOM. * * Sometimes AMP components serve as wrappers for native elements, like `amp-img` for `img`. When this * is the case, authors sometimes will want to style the shadow element (such as to set object-fit). Normally if a * selector contains `img` then the style sanitizer will always convert this to `amp-img` (and `amp-anim`), which * may break the author's intended selector target. So when using a sanitizer's selector conversion mapping to * rewrite non-AMP to AMP selectors, it will first check to see if the selector already mentions an AMP tag and if * so it will skip the conversions for that selector. In this way, an `amp-img img` selector will not get converted * into `amp-img amp-img`. The selector mapping also is involved when doing tree shaking. In the case of the * selector `amp-img img`, the tree shaker would normally strip out this selector because no `img` may be present * in the page as it is added by the AMP runtime (unless noscript fallbacks have been added, and this also * disregards data-hero images which are added later by AMP Optimizer). So in order to prevent such selectors from * being stripped out, it's important to include the `amp-img` selector among the `dynamic_element_selectors` so * that the `img` in the `amp-img img` selector is ignored for the purposes of tree shaking. This method is used * to indicate which sanitizers are involved in such element conversions. If this method returns true, then the * keys in the selector conversion mapping should be used as `dynamic_element_selectors`. * * In other words, this method indicates whether keys in the conversion mapping are ancestors of elements which are * created at runtime. This method is only relevant when the `get_selector_conversion_mapping()` method returns a * mapping. * * @since 2.2 * @see AMP_Style_Sanitizer::ampify_ruleset_selectors() * @see AMP_Base_Sanitizer::get_selector_conversion_mapping() * * @return bool Whether light DOM is used. */ public function has_light_shadow_dom() { return true; } /** * Get arg. * * @since 2.2 * * @param string $key Arg key. * @return mixed Args. */ public function get_arg( $key ) { if ( array_key_exists( $key, $this->args ) ) { return $this->args[ $key ]; } return null; } /** * Get args. * * @since 2.2 * * @return array Args. */ public function get_args() { return $this->args; } /** * Update args. * * Merges the supplied args with the existing args. * * @since 2.2 * * @param array $args Args. */ public function update_args( $args ) { $this->args = array_merge( $this->args, $args ); } /** * Run logic before any sanitizers are run. * * After the sanitizers are instantiated but before calling sanitize on each of them, this * method is called with list of all the instantiated sanitizers. * * @param AMP_Base_Sanitizer[] $sanitizers Sanitizers. */ public function init( $sanitizers ) {} // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable /** * Sanitize the HTML contained in the DOMDocument received by the constructor */ abstract public function sanitize(); /** * Return array of values that would be valid as an HTML `script` element. * * Array keys are AMP element names and array values are their respective * Javascript URLs from https://cdn.ampproject.org * * @since 0.2 * * @return string[] Returns component name as array key and JavaScript URL as array value, * respectively. Will return an empty array if sanitization has yet to be run * or if it did not find any HTML elements to convert to AMP equivalents. */ public function get_scripts() { return []; } /** * Return array of values that would be valid as an HTML `style` attribute. * * @since 0.4 * @codeCoverageIgnore * @deprecated As of 1.0, use get_stylesheets(). * @internal * * @return array[][] Mapping of CSS selectors to arrays of properties. */ public function get_styles() { return []; } /** * Get stylesheets. * * @since 0.7 * @return array Values are the CSS stylesheets. Keys are MD5 hashes of the stylesheets. */ public function get_stylesheets() { $stylesheets = []; foreach ( $this->get_styles() as $selector => $properties ) { $stylesheet = sprintf( '%s { %s }', $selector, implode( '; ', $properties ) . ';' ); $stylesheets[ md5( $stylesheet ) ] = $stylesheet; } return $stylesheets; } /** * Get HTML body as DOMElement from Dom\Document received by the constructor. * * @codeCoverageIgnore * @deprecated Use $this->dom->body instead. * @return DOMElement The body element. */ protected function get_body_node() { _deprecated_function( 'Use $this->dom->body instead', '1.5.0' ); return $this->dom->body; } /** * Sanitizes a CSS dimension specifier while being sensitive to dimension context. * * @param string $value A valid CSS dimension specifier; e.g. 50, 50px, 50%. Can be 'auto' for width. * @param string $dimension Dimension, either 'width' or 'height'. * * @return float|int|string Returns a numeric dimension value, 'auto', or an empty string. */ public function sanitize_dimension( $value, $dimension ) { // Allows 0 to be used as valid dimension. if ( empty( $value ) && '0' !== (string) $value ) { return ''; } // Accepts both integers and floats & prevents negative values. if ( is_numeric( $value ) ) { return max( 0, (float) $value ); } if ( AMP_String_Utils::endswith( $value, '%' ) && 'width' === $dimension ) { if ( '100%' === $value ) { return 'auto'; } elseif ( isset( $this->args['content_max_width'] ) ) { $percentage = absint( $value ) / 100; return round( $percentage * $this->args['content_max_width'] ); } } $length = new CssLength( $value ); $length->validate( 'width' === $dimension, false ); if ( $length->isValid() ) { if ( $length->isAuto() ) { return 'auto'; } return $length->getNumeral() . ( $length->getUnit() === 'px' ? '' : $length->getUnit() ); } return ''; } /** * Determine if an attribute value is empty. * * @param string|null $value Attribute value. * @return bool True if empty, false if not. */ public function is_empty_attribute_value( $value ) { return ! isset( $value ) || '' === $value; } /** * Sets the layout, and possibly the 'height' and 'width' attributes. * * @param array $attributes { * Attributes. * * @type string $bottom * @type int|string $height * @type string $layout * @type string $left * @type string $position * @type string $right * @type string $style * @type string $top * @type int|string $width * } * @return array Attributes. */ public function set_layout( $attributes ) { if ( isset( $attributes['layout'] ) && ( 'fill' === $attributes['layout'] || 'flex-item' !== $attributes['layout'] ) ) { return $attributes; } // Special-case handling for inline style that should be transformed into layout=fill. if ( ! empty( $attributes['style'] ) ) { $styles = $this->parse_style_string( $attributes['style'] ); // Apply fill layout if top, left, bottom, right are used. if ( isset( $styles['position'], $styles['top'], $styles['left'], $styles['bottom'], $styles['right'] ) && 'absolute' === $styles['position'] && 0 === (int) $styles['top'] && 0 === (int) $styles['left'] && 0 === (int) $styles['bottom'] && 0 === (int) $styles['right'] && ( ! isset( $attributes['width'] ) || '100%' === $attributes['width'] ) && ( ! isset( $attributes['height'] ) || '100%' === $attributes['height'] ) ) { unset( $attributes['style'], $styles['position'], $styles['top'], $styles['left'], $styles['bottom'], $styles['right'] ); if ( ! empty( $styles ) ) { $attributes['style'] = $this->reassemble_style_string( $styles ); } $attributes['layout'] = 'fill'; unset( $attributes['height'], $attributes['width'] ); return $attributes; } // Apply fill layout if top, left, width, height are used. if ( isset( $styles['position'], $styles['top'], $styles['left'], $styles['width'], $styles['height'] ) && 'absolute' === $styles['position'] && 0 === (int) $styles['top'] && 0 === (int) $styles['left'] && '100%' === (string) $styles['width'] && '100%' === (string) $styles['height'] ) { unset( $attributes['style'], $styles['position'], $styles['top'], $styles['left'], $styles['width'], $styles['height'] ); if ( ! empty( $styles ) ) { $attributes['style'] = $this->reassemble_style_string( $styles ); } $attributes['layout'] = 'fill'; unset( $attributes['height'], $attributes['width'] ); return $attributes; } // Apply fill layout if width & height are 100%. if ( ( isset( $styles['position'] ) && 'absolute' === $styles['position'] ) && ( ( isset( $attributes['width'] ) && '100%' === $attributes['width'] ) || ( isset( $styles['width'] ) && '100%' === $styles['width'] ) ) && ( ( isset( $attributes['height'] ) && '100%' === $attributes['height'] ) || ( isset( $styles['height'] ) && '100%' === $styles['height'] ) ) ) { unset( $attributes['style'], $attributes['width'], $attributes['height'] ); unset( $styles['position'], $styles['width'], $styles['height'] ); if ( ! empty( $styles ) ) { $attributes['style'] = $this->reassemble_style_string( $styles ); } $attributes['layout'] = 'fill'; return $attributes; } // Make sure the width and height styles are copied to the width and height attributes since AMP will ultimately inline them as styles. $pending_attributes = []; $seen_units = []; foreach ( wp_array_slice_assoc( $styles, [ 'height', 'width' ] ) as $dimension => $value ) { $value = $this->sanitize_dimension( $value, $dimension ); if ( '' === $value ) { continue; } if ( 'auto' !== $value ) { $this_unit = preg_replace( '/^.*\d/', '', $value ); if ( ! $this_unit ) { $this_unit = 'px'; } $seen_units[ $this_unit ] = true; } $pending_attributes[ $dimension ] = $value; } if ( $pending_attributes && count( $seen_units ) <= 1 ) { $attributes = array_merge( $attributes, $pending_attributes ); } } if ( isset( $attributes['width'], $attributes['height'] ) && '100%' === $attributes['width'] && '100%' === $attributes['height'] ) { unset( $attributes['width'], $attributes['height'] ); $attributes['layout'] = 'fill'; } else { if ( empty( $attributes['height'] ) ) { unset( $attributes['width'] ); $attributes['height'] = self::FALLBACK_HEIGHT; } if ( empty( $attributes['width'] ) || '100%' === $attributes['width'] || 'auto' === $attributes['width'] ) { $attributes['layout'] = 'fixed-height'; $attributes['width'] = 'auto'; } } return $attributes; } /** * Adds or appends key and value to list of attributes * * Adds key and value to list of attributes, or if the key already exists in the array * it concatenates to existing attribute separator by a space or other supplied separator. * * @param string[] $attributes { * Attributes. * * @type int $height * @type int $width * @type string $sizes * @type string $class * @type string $layout * } * @param string $key Valid associative array index to add. * @param string $value Value to add or append to array indexed at the key. * @param string $separator Optional; defaults to space but some other separator if needed. */ public function add_or_append_attribute( &$attributes, $key, $value, $separator = ' ' ) { if ( isset( $attributes[ $key ] ) ) { $attributes[ $key ] = trim( $attributes[ $key ] . $separator . $value ); } else { $attributes[ $key ] = $value; } } /** * Decide if we should remove a src attribute if https is required. * * If not required, the implementing class may want to try and force https instead. * * @param string $src URL to convert to HTTPS if forced, or made empty if $args['require_https_src']. * @param boolean $force_https Force setting of HTTPS if true. * @return string URL which may have been updated with HTTPS, or may have been made empty. */ public function maybe_enforce_https_src( $src, $force_https = false ) { $protocol = strtok( $src, ':' ); // @todo What about relative URLs? This should use wp_parse_url( $src, PHP_URL_SCHEME ) if ( 'https' !== $protocol ) { // Check if https is required. if ( isset( $this->args['require_https_src'] ) && true === $this->args['require_https_src'] ) { // Remove the src. Let the implementing class decide what do from here. $src = ''; } elseif ( ( ! isset( $this->args['require_https_src'] ) || false === $this->args['require_https_src'] ) && true === $force_https ) { // Don't remove the src, but force https instead. $src = set_url_scheme( $src, 'https' ); } } return $src; } /** * Check whether the document of a given node is in dev mode. * * @since 1.3 * * @deprecated Use AmpProject\DevMode::isActiveForDocument( $document ) instead. * * @return bool Whether the document is in dev mode. */ protected function is_document_in_dev_mode() { _deprecated_function( 'AMP_Base_Sanitizer::is_document_in_dev_mode', '1.5', 'AmpProject\DevMode::isActiveForDocument' ); return DevMode::isActiveForDocument( $this->dom ); } /** * Check whether a node is exempt from validation during dev mode. * * @since 1.3 * * @deprecated Use AmpProject\DevMode::hasExemptionForNode( $node ) instead. * * @param DOMNode $node Node to check. * @return bool Whether the node should be exempt during dev mode. */ protected function has_dev_mode_exemption( DOMNode $node ) { _deprecated_function( 'AMP_Base_Sanitizer::has_dev_mode_exemption', '1.5', 'AmpProject\DevMode::hasExemptionForNode' ); return DevMode::hasExemptionForNode( $node ); } /** * Check whether a certain node should be exempt from validation. * * @deprecated Use AmpProject\DevMode::isExemptFromValidation( $node ) instead. * * @param DOMNode $node Node to check. * @return bool Whether the node should be exempt from validation. */ protected function is_exempt_from_validation( DOMNode $node ) { _deprecated_function( 'AMP_Base_Sanitizer::is_exempt_from_validation', '1.5', 'AmpProject\DevMode::isExemptFromValidation' ); return DevMode::isExemptFromValidation( $node ); } /** * Removes an invalid child of a node. * * Also, calls the mutation callback for it. * This tracks all the nodes that were removed. * * @since 0.7 * * @param DOMNode|DOMElement $node The node to remove. * @param array $validation_error Validation error details. * @return bool Whether the node should have been removed, that is, that the node was sanitized for validity. */ public function remove_invalid_child( $node, $validation_error = [] ) { if ( DevMode::isExemptFromValidation( $node ) ) { return false; } if ( ValidationExemption::is_amp_unvalidated_for_node( $node ) || ValidationExemption::is_px_verified_for_node( $node ) ) { return false; } $should_remove = $this->should_sanitize_validation_error( $validation_error, compact( 'node' ) ); if ( $should_remove ) { if ( null === $node->parentNode ) { // Node no longer exists. return $should_remove; } $node->parentNode->removeChild( $node ); } else { ValidationExemption::mark_node_as_amp_unvalidated( $node ); } return $should_remove; } /** * Removes an invalid attribute of a node. * * Also, calls the mutation callback for it. * This tracks all the attributes that were removed. * * @since 0.7 * * @param DOMElement $element The node for which to remove the attribute. * @param DOMAttr|string $attribute The attribute to remove from the element. * @param array $validation_error Validation error details. * @param array $attr_spec Attribute spec. * @return bool Whether the node should have been removed, that is, that the node was sanitized for validity. */ public function remove_invalid_attribute( $element, $attribute, $validation_error = [], $attr_spec = [] ) { if ( DevMode::isExemptFromValidation( $element ) ) { return false; } if ( is_string( $attribute ) ) { $node = $element->getAttributeNode( $attribute ); } else { $node = $attribute; } // Catch edge condition (no known possible way to reach). if ( ! ( $node instanceof DOMAttr ) || $element !== $node->parentNode ) { return false; } if ( ValidationExemption::is_amp_unvalidated_for_node( $node ) || ValidationExemption::is_px_verified_for_node( $node ) ) { return false; } $should_remove = $this->should_sanitize_validation_error( $validation_error, compact( 'node' ) ); if ( $should_remove ) { $allow_empty = ! empty( $attr_spec[ AMP_Rule_Spec::VALUE_URL ][ AMP_Rule_Spec::ALLOW_EMPTY ] ); $is_href_attr = ( isset( $attr_spec[ AMP_Rule_Spec::VALUE_URL ] ) && 'href' === $node->nodeName ); if ( $allow_empty && ! $is_href_attr ) { $node->nodeValue = ''; } else { $element->removeAttributeNode( $node ); } } else { ValidationExemption::mark_node_as_amp_unvalidated( $node ); } return $should_remove; } /** * Check whether or not sanitization should occur in response to validation error. * * @since 1.0 * * @param array $validation_error Validation error. * @param array $data Data including the node. * @return bool Whether to sanitize. */ public function should_sanitize_validation_error( $validation_error, $data = [] ) { if ( empty( $this->args['validation_error_callback'] ) || ! is_callable( $this->args['validation_error_callback'] ) ) { return true; } $validation_error = $this->prepare_validation_error( $validation_error, $data ); return false !== call_user_func( $this->args['validation_error_callback'], $validation_error, $data ); } /** * Prepare validation error. * * @param array $error { * Error. * * @type string $code Error code. * } * @param array $data { * Data. * * @type DOMElement|DOMNode $node The removed node. * } * @return array Error. */ public function prepare_validation_error( array $error = [], array $data = [] ) { $node = null; if ( isset( $data['node'] ) && $data['node'] instanceof DOMNode ) { $node = $data['node']; $error['node_name'] = $node->nodeName; if ( $node->parentNode ) { $error['parent_name'] = $node->parentNode->nodeName; } } if ( $node instanceof DOMElement ) { if ( ! isset( $error['code'] ) ) { $error['code'] = AMP_Tag_And_Attribute_Sanitizer::DISALLOWED_TAG; } if ( ! isset( $error['type'] ) ) { // @todo Also include javascript: protocol for URL errors. $error['type'] = 'script' === $node->nodeName ? AMP_Validation_Error_Taxonomy::JS_ERROR_TYPE : AMP_Validation_Error_Taxonomy::HTML_ELEMENT_ERROR_TYPE; } // @todo Change from node_attributes to element_attributes to harmonize the two. if ( ! isset( $error['node_attributes'] ) ) { $error['node_attributes'] = []; foreach ( $node->attributes as $attribute ) { $error['node_attributes'][ $attribute->nodeName ] = $attribute->nodeValue; } } // Capture element contents. $is_inline_script = ( 'script' === $node->nodeName && ! $node->hasAttribute( 'src' ) ); $is_inline_style = ( 'style' === $node->nodeName && ! $node->hasAttribute( 'amp-custom' ) && ! $node->hasAttribute( 'amp-keyframes' ) ); if ( $is_inline_script || $is_inline_style ) { $text_content = $node->textContent; if ( $is_inline_script ) { // For inline scripts, normalize string and number literals to prevent nonces, random numbers, and timestamps // from generating endless number of validation errors. $error['text'] = preg_replace( [ // Regex credit to . '/"[^"\\\\\n]*(?:\\\\.[^"\\\\\n]*)*"/s', '/\'[^\'\\\\\n]*(?:\\\\.[^\'\\\\\n]*)*\'/s', '/(\b|-)\d+\.\d+\b/', '/(\b|-)\d+\b/', ], [ '__DOUBLE_QUOTED_STRING__', '__SINGLE_QUOTED_STRING__', '__FLOAT__', '__INT__', ], $text_content ); } else { // Include stylesheet text except for amp-custom and amp-keyframes since it is large and since it should // already be detailed in the stylesheets metabox. $error['text'] = $text_content; } } // Suppress 'ver' param from enqueued scripts and styles. if ( 'script' === $node->nodeName && isset( $error['node_attributes']['src'] ) && false !== strpos( $error['node_attributes']['src'], 'ver=' ) ) { $error['node_attributes']['src'] = add_query_arg( 'ver', '__normalized__', $error['node_attributes']['src'] ); } elseif ( 'link' === $node->nodeName && isset( $error['node_attributes']['href'] ) && false !== strpos( $error['node_attributes']['href'], 'ver=' ) ) { $error['node_attributes']['href'] = add_query_arg( 'ver', '__normalized__', $error['node_attributes']['href'] ); } } elseif ( $node instanceof DOMAttr ) { if ( ! isset( $error['code'] ) ) { $error['code'] = AMP_Tag_And_Attribute_Sanitizer::DISALLOWED_ATTR; } if ( ! isset( $error['type'] ) ) { // If this is an attribute that begins with on, like onclick, it should be a js_error. $error['type'] = preg_match( '/^on\w+/', $node->nodeName ) ? AMP_Validation_Error_Taxonomy::JS_ERROR_TYPE : AMP_Validation_Error_Taxonomy::HTML_ATTRIBUTE_ERROR_TYPE; } if ( ! isset( $error['element_attributes'] ) ) { $error['element_attributes'] = []; if ( $node->parentNode && $node->parentNode->hasAttributes() ) { foreach ( $node->parentNode->attributes as $attribute ) { $error['element_attributes'][ $attribute->nodeName ] = $attribute->nodeValue; } } } } elseif ( $node instanceof DOMProcessingInstruction ) { $error['text'] = trim( $node->data, '?' ); } if ( ! isset( $error['node_type'] ) ) { $error['node_type'] = $node->nodeType; } return $error; } /** * Cleans up artifacts after the removal of an attribute node. * * @since 1.3 * * @param DOMElement $element The node for which the attribute was removed. * @param DOMAttr $attribute The attribute that was removed. */ protected function clean_up_after_attribute_removal( $element, $attribute ) { static $attributes_tied_to_href = [ 'target', 'download', 'rel', 'rev', 'hreflang', 'type' ]; if ( 'href' === $attribute->nodeName ) { /* * "The target, download, rel, rev, hreflang, and type attributes must be omitted * if the href attribute is not present." * See: https://www.w3.org/TR/2016/REC-html51-20161101/textlevel-semantics.html#the-a-element */ foreach ( $attributes_tied_to_href as $attribute_to_remove ) { if ( $element->hasAttribute( $attribute_to_remove ) ) { $element->removeAttribute( $attribute_to_remove ); } } } } /** * Get data-amp-* values from the parent node 'figure' added by editor block. * * @param DOMElement $node Base node. * @return array AMP data array. */ public function get_data_amp_attributes( $node ) { $attributes = []; // Editor blocks add 'figure' as the parent node for images. If this node has data-amp-layout then we should add this as the layout attribute. $parent_node = $node->parentNode; if ( $parent_node instanceof DOMELement && 'figure' === $parent_node->tagName ) { $parent_attributes = AMP_DOM_Utils::get_node_attributes_as_assoc_array( $parent_node ); if ( isset( $parent_attributes['data-amp-layout'] ) ) { $attributes['layout'] = $parent_attributes['data-amp-layout']; } if ( isset( $parent_attributes['data-amp-noloading'] ) && true === filter_var( $parent_attributes['data-amp-noloading'], FILTER_VALIDATE_BOOLEAN ) ) { $attributes['noloading'] = $parent_attributes['data-amp-noloading']; } } return $attributes; } /** * Set AMP attributes. * * @param array $attributes Array of attributes. * @param array $amp_data Array of AMP attributes. * @return array Updated attributes. */ public function filter_data_amp_attributes( $attributes, $amp_data ) { if ( isset( $amp_data['layout'] ) ) { $attributes['data-amp-layout'] = $amp_data['layout']; } if ( isset( $amp_data['noloading'] ) ) { $attributes['data-amp-noloading'] = ''; } return $attributes; } /** * Set attributes to node's parent element according to layout. * * @param DOMElement $node Node. * @param array $new_attributes Attributes array. * @param string $layout Layout. * @return array New attributes. */ public function filter_attachment_layout_attributes( $node, $new_attributes, $layout ) { // The width has to be unset / auto in case of fixed-height. if ( 'fixed-height' === $layout && $node->parentNode instanceof DOMElement ) { if ( ! isset( $new_attributes['height'] ) ) { $new_attributes['height'] = self::FALLBACK_HEIGHT; } $new_attributes['width'] = 'auto'; $node->parentNode->setAttribute( 'style', 'height: ' . $new_attributes['height'] . 'px; width: auto;' ); // The parent element should have width/height set and position set in case of 'fill'. } elseif ( 'fill' === $layout && $node->parentNode instanceof DOMElement ) { if ( ! isset( $new_attributes['height'] ) ) { $new_attributes['height'] = self::FALLBACK_HEIGHT; } $node->parentNode->setAttribute( 'style', 'position:relative; width: 100%; height: ' . $new_attributes['height'] . 'px;' ); unset( $new_attributes['width'], $new_attributes['height'] ); } elseif ( 'responsive' === $layout && $node->parentNode instanceof DOMElement ) { $node->parentNode->setAttribute( 'style', 'position:relative; width: 100%; height: auto' ); } elseif ( 'fixed' === $layout ) { if ( ! isset( $new_attributes['height'] ) ) { $new_attributes['height'] = self::FALLBACK_HEIGHT; } } return $new_attributes; } /** * Parse a style string into an associative array of style attributes. * * @param string $style_string Style string to parse. * @return string[] Associative array of style attributes. */ protected function parse_style_string( $style_string ) { // We need to turn the style str