Changeset 11349
- Timestamp:
- 12/01/2021 03:30:43 AM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/api.wordpress.org/public_html/events/1.0/index.php
r11202 r11349 8 8 function main() { 9 9 global $cache_group, $cache_life; 10 11 validate_request(); 10 12 11 13 bootstrap(); … … 125 127 126 128 // If a precise location is known, use a GET request. The values here should come from the `location` key of the result of a POST request. 127 if ( isset( $_GET['latitude'] ) ) {129 if ( isset( $_GET['latitude'], $_GET['longitude'] ) ) { 128 130 $location_args['latitude'] = $_GET['latitude']; 129 131 $location_args['longitude'] = $_GET['longitude']; … … 169 171 170 172 return $location_args; 173 } 174 175 /** 176 * Validate that the incoming request is in a valid format. 177 */ 178 function validate_request() { 179 // Not all clients have a user agent. 180 if ( ! isset( $_SERVER['HTTP_USER_AGENT'] ) ) { 181 $_SERVER['HTTP_USER_AGENT'] = ''; 182 } 183 184 $must_be_strings = [ 185 'latitude', 186 'longitude', 187 'country', 188 'location', 189 'timezone', 190 'locale', 191 'ip', 192 ]; 193 194 foreach ( $must_be_strings as $field ) { 195 if ( isset( $_GET[ $field ] ) && ! is_scalar( $_GET[ $field ] ) ) { 196 header( $_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400 ); 197 die( '{"error":"Bad request.","reason":"' . $field . ' must be of type string."}' ); 198 } 199 } 200 201 if ( ! empty( $_POST['location_data'] ) ) { 202 foreach ( $_POST['location_data'] as $field => $value ) { 203 if ( ! is_scalar( $value ) ) { 204 header( $_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400 ); 205 die( '{"error":"Bad request.","reason":"' . $field . ' must be of type string."}' ); 206 } 207 } 208 } 171 209 } 172 210
Note: See TracChangeset
for help on using the changeset viewer.