Changeset 11237
- Timestamp:
- 09/15/2021 06:20:16 AM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/theme-directory/rest-api/class-internal.php
r11228 r11237 11 11 'methods' => \WP_REST_Server::CREATABLE, 12 12 'callback' => array( $this, 'bulk_update_stats' ), 13 'permission_callback' => array( $this, 'permission_check_ internal_api_bearer' ),13 'permission_callback' => array( $this, 'permission_check_bearer' ), 14 14 ) ); 15 15 … … 17 17 'methods' => \WP_REST_Server::READABLE, 18 18 'callback' => array( $this, 'svn_auth' ), 19 'permission_callback' => array( $this, 'permission_check_internal_api_bearer' ), 19 'permission_callback' => function( $request ) { 20 return $this->permission_check_bearer( $request, 'THEME_SVN_AUTH_BEARER_TOKEN' ); 21 } 20 22 ) ); 21 23 } … … 24 26 * A Permission Check callback which validates the request with a Bearer token. 25 27 * 26 * @param \WP_REST_Request $request The Rest API Request. 28 * @param \WP_REST_Request $request The Rest API Request. 29 * @param string $constant The constant to check. 27 30 * @return bool|\WP_Error True if the token exists, WP_Error upon failure. 28 31 */ 29 function permission_check_ internal_api_bearer( $request) {32 function permission_check_bearer( $request, $constant = 'THEME_API_INTERNAL_BEARER_TOKEN' ) { 30 33 $authorization_header = $request->get_header( 'authorization' ); 31 34 $authorization_header = trim( str_ireplace( 'bearer', '', $authorization_header ) ); … … 33 36 if ( 34 37 ! $authorization_header || 35 ! defined( 'THEME_API_INTERNAL_BEARER_TOKEN') ||36 ! hash_equals( THEME_API_INTERNAL_BEARER_TOKEN, $authorization_header )38 ! defined( $constant ) || 39 ! hash_equals( constant( $constant ), $authorization_header ) 37 40 ) { 38 41 return new WP_Error( … … 74 77 } 75 78 echo "\n"; 79 80 // TODO: Temporarily don't output the Theme Authors until we're ready. 81 exit(); 76 82 77 83 // Theme Authors.
Note: See TracChangeset
for help on using the changeset viewer.