Changeset 13649
- Timestamp:
- 05/02/2024 06:47:34 AM (9 months ago)
- Location:
- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory
- Files:
-
- 3 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/class-base.php
r13610 r13649 40 40 new Routes\Plugin_Upload(); 41 41 new Routes\Plugin_Blueprint(); 42 new Routes\P ending_Plugin();42 new Routes\Plugin_Review(); 43 43 } 44 44 -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-plugin-review.php
r13648 r13649 1 1 <?php 2 2 namespace WordPressdotorg\Plugin_Directory\API\Routes; 3 use WordPressdotorg\Plugin_Directory\Shortcodes\Upload_Handler; 3 4 use WordPressdotorg\Plugin_Directory\API\Base; 5 use WordPressdotorg\Plugin_Directory\Template; 4 6 use WP_Error; 5 7 use WP_REST_Server; 6 8 7 9 /** 8 * An API Endpoint to expose a single Plugin data via api.wordpress.org/plugins/info/1.x10 * Plugin-review related endpoints. 9 11 * 10 12 * @package WordPressdotorg_Plugin_Directory 11 13 */ 12 class P ending_Pluginextends Base {14 class Plugin_Review extends Base { 13 15 14 16 /** … … 16 18 */ 17 19 function __construct() { 18 register_rest_route( 'plugins/v1', '/pending-plugin/(?P<plugin_id>\d+)-(?P<token>[a-f0-9]{32})/?', array( 20 // An API Endpoint to expose more detailed plugin data for a pending plugin. 21 register_rest_route( 'plugins/v1', '/plugin-review/(?P<plugin_id>\d+)-(?P<token>[a-f0-9]{32})/?', array( 19 22 'methods' => WP_REST_Server::READABLE, 20 'callback' => array( $this, 'p ending_plugin_info' ),21 'permission_callback' => array( $this, 'p ending_plugin_permission_check' ),23 'callback' => array( $this, 'plugin_review_info' ), 24 'permission_callback' => array( $this, 'plugin_info_permission_check' ), 22 25 ) ); 23 26 } … … 29 32 * @return array A formatted array of all the data for the plugin. 30 33 */ 31 public function p ending_plugin_permission_check( $request ) {34 public function plugin_info_permission_check( $request ) { 32 35 $post = get_post( $request['plugin_id'] ); 33 $expected_hash = $post->{'_pending_access_token'} ?? false;36 $expected_hash = wp_hash( $post->ID, 'plugin-review' ); 34 37 35 38 return ( … … 42 45 43 46 /** 47 * Append a link to the plugin review info endpoint to a URL. 48 * 49 * @param string $url The URL. 50 * @param \WP_Post $post The WP post. 51 * @return string 52 */ 53 public static function append_plugin_review_info_url( $url, $post ) { 54 if ( ! $url || ! $post || str_contains( $url, '#wporgapi:' ) ) { 55 return $url; 56 } 57 58 // Append with a anchor, such that CLI environments don't require special handling. 59 $url .= '#wporgapi:' . self::get_plugin_review_info_url( $post ); 60 61 return $url; 62 } 63 /** 64 * Fetch the URL to the plugin review info endpoint. 65 */ 66 public static function get_plugin_review_info_url( $post ) { 67 return rest_url( sprintf( 68 'plugins/v1/plugin-review/%d-%s/', 69 $post->ID, 70 wp_hash( $post->ID, 'plugin-review' ) 71 ) ); 72 } 73 74 /** 44 75 * Endpoint to retrieve a full plugin representation for a pending plugin. 45 76 * … … 47 78 * @return array A formatted array of all the data for the plugin. 48 79 */ 49 public function p ending_plugin_info( $request ) {80 public function plugin_review_info( $request ) { 50 81 $post = get_post( $request['plugin_id'] ); 51 82 $submitter = get_user_by( 'id', $post->post_author ); 52 83 53 if ( ! $post || ! in_array( $post->post_status, [ 'new', 'pending', 'rejected', 'approved' ] )) {84 if ( ! $post ) { 54 85 return new WP_Error( 'plugin_not_found', 'Plugin not found', [ 'status' => 404 ] ); 55 86 } 56 87 57 // Pending plugin specific fields88 // Review-specific fields. 58 89 $details = [ 59 'ID' => $post->ID, 60 'post_status' => $post->post_status, 61 'edit_url' => add_query_arg( [ 'action' => 'edit', 'post' => $post->ID ], admin_url( 'post.php' ) ), 62 'submitter' => [ 90 'ID' => $post->ID, 91 'post_status' => $post->post_status, 92 'edit_url' => add_query_arg( [ 'action' => 'edit', 'post' => $post->ID ], admin_url( 'post.php' ) ), 93 'helpscout' => null, // Link to Review email (or most recent open email) 94 'submitter' => [ 63 95 'user_login' => $submitter->user_login, 64 96 'user_email' => $submitter->user_email, 65 ] 97 ], 98 'zips' => [], 66 99 ]; 67 100 68 $plugin_endpoint = new Plugin; 101 // Append the public api fields. 102 $details = $details + (new Plugin)->plugin_info_data( $request, $post ); 69 103 70 return $details + $plugin_endpoint->plugin_info_data( $request, $post ); 104 // When the plugin is pre-publish, we'll overwrite some fields. 105 if ( in_array( $post->post_status, [ 'new', 'pending', 'approved' ] ) ) { 106 $details['download_link'] = null; 107 $details['preview_link'] = null; 108 } 109 110 $attachments = get_attached_media( 'application/zip', $post ); 111 if ( $attachments ) { 112 foreach ( $attachments as $zip_file ) { 113 $url = self::append_plugin_review_info_url( wp_get_attachment_url( $zip_file->ID ), $post ); 114 $preview = Template::preview_link_zip( $post->post_name, $zip_file->ID, 'pcp' ); 115 116 $details['zips'][] = [ 117 'url' => $url, 118 'name' => $zip_file->submitted_name ?: preg_split( '/[?#]/', basename( $url ) )[0], 119 'date' => $zip_file->post_date, 120 'version' => $zip_file->version, 121 'note' => $zip_file->post_content, 122 'preview' => $preview, 123 ]; 124 } 125 126 // Use the last one, which should be the latest. 127 $details['download_link'] ??= $url; 128 $details['preview_link'] ??= $preview; 129 } 130 131 // For a published plugin, append the API url. 132 $details['download_link'] = self::append_plugin_review_info_url( $details['download_link'], $post ); 133 134 return $details; 71 135 } 72 136 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php
r13640 r13649 1847 1847 * Add additional context to ZIP urls. 1848 1848 * 1849 * The ZIP URL will have a 'info' key attached which is a rest api URL to information about the plugin.1849 * The ZIP URL will have URL suffixed which is a rest api URL to information about the plugin. 1850 1850 * 1851 1851 * @param string $url The URL to the ZIP file. 1852 * @param int $attachment_id The attachment ID .1852 * @param int $attachment_id The attachment ID, or post ID. 1853 1853 * @return string The URL to the ZIP file. 1854 1854 */ 1855 1855 public function add_info_to_zip_url( $url, $attachment_id ) { 1856 $attachment = get_post( $attachment_id ); 1857 $post = get_post( $attachment->post_parent ); 1858 $token = $post->{'_pending_access_token'} ?? false; 1859 1860 if ( ! $url || ! $attachment || ! $post || ! $token || ! current_user_can( 'edit_post', $post->ID ) ) { 1856 $post = get_post( $attachment_id ); 1857 if ( 'attachment' === $post->post_type ) { 1858 $post = get_post( $post->post_parent ); 1859 } 1860 1861 if ( ! $url || ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { 1861 1862 return $url; 1862 1863 } 1863 1864 1864 1865 // Append with a anchor, such that CLI environments don't require special handling. 1865 $url .= '#wporgapi:' . rest_url( sprintf( 1866 'plugins/v1/pending-plugin/%d-%s/', 1867 $post->ID, 1868 $token 1869 ) ); 1870 1871 return $url; 1866 return API\Routes\Plugin_Review::append_plugin_review_info_url( $url, $post ); 1872 1867 } 1873 1868 -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload-handler.php
r13610 r13649 469 469 // First time submission, track some additional metadata. 470 470 if ( ! $updating_existing ) { 471 $post_args['meta_input']['_author_ip'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] ); 472 $post_args['meta_input']['_submitted_date'] = time(); 473 $post_args['meta_input']['_used_upload_token'] = $has_upload_token; 474 $post_args['meta_input']['_pending_access_token'] = md5( wp_generate_password( 32, true, true ) ); 471 $post_args['meta_input']['_author_ip'] = preg_replace( '/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR'] ); 472 $post_args['meta_input']['_submitted_date'] = time(); 473 $post_args['meta_input']['_used_upload_token'] = $has_upload_token; 475 474 } 476 475 … … 741 740 global $wpdb; 742 741 743 if ( 'pending' !== $post->post_status|| ! $post->post_name ) {742 if ( ! in_array( $post->post_status, [ 'new', 'pending' ] ) || ! $post->post_name ) { 744 743 return false; 745 744 }
Note: See TracChangeset
for help on using the changeset viewer.