Changeset 1552
- Timestamp:
- 05/07/2015 08:22:00 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/wcorg-json-api.php
r1544 r1552 35 35 array( array( $wp_json_posts, 'get_post' ), WP_JSON_Server::READABLE ), 36 36 ), 37 38 // todo Add /posts/types too, because it's useful for debugging and there's no harm. It has a different array structure than the current ones, though, so this will need some work. 37 '/posts/types' => array( 38 array( array( $wp_json_posts, 'get_post_types' ), WP_JSON_Server::READABLE ), 39 ), 40 '/posts/types/(?P<type>\w+)' => array( 41 array( array( $wp_json_posts, 'get_post_type' ), WP_JSON_Server::READABLE ), 42 ), 39 43 ); 40 44 … … 176 180 $speaker_id = get_post_meta( $prepared_post['ID'], '_wcpt_speaker_id', true ); 177 181 $speaker = $wp_json_posts->get_post( $speaker_id ); 178 $prepared_post['speaker'] = is_a( $speaker, 'WP_JSON_Response' ) ? $speaker : null; 182 $prepared_post['speaker'] = is_a( $speaker, 'WP_JSON_Response' ) ? $speaker : null; // todo Add multiple speakers when upgrade to v2 of the API bug, see #1020-meta 179 183 break; 180 184 } … … 275 279 add_action( 'wp_json_server_before_serve', 'wcorg_json_avoid_nested_callback_conflicts', 11 ); // after the default endpoints are added in `json_api_default_filters()` 276 280 281 277 282 /* 278 283 * WP-CLI Commands … … 293 298 294 299 // These calls are not formatted in a more compact way because we don't want to short-circuit any of them if one fails 300 if ( $this->post_types_exposed() ) { 301 $errors = true; 302 } 303 295 304 if ( $this->post_meta_exposed() ) { 296 305 $errors = true; … … 305 314 WP_CLI::success( 'All of the tests passed. If the tests are comprehensive and working properly, then all sensitive data has been properly scrubbed.' ); 306 315 } 316 } 317 318 /** 319 * Check if any sensitive post types are being exposed. 320 * 321 * See note in post_meta_exposed() about test data. 322 * 323 * @return bool 324 */ 325 protected function post_types_exposed() { 326 $errors = false; 327 328 WP_CLI::line(); 329 WP_CLI::line( 'Checking post types.' ); 330 331 // Check Central and a normal site, because they can have different types loaded 332 $post_types_endpoints = array( 333 'http://central.wordcamp.org/wp-json/posts/types', 334 'http://europe.wordcamp.org/2014/wp-json/posts/types', 335 ); 336 337 $whitelisted_post_types = array( 338 'post', 'page', 'attachment', 'revision', 'wcb_speaker', 'wcb_session', 'wcb_sponsor', 'mes', 339 'mes-sponsor-level', 'wordcamp' 340 ); 341 342 foreach ( $post_types_endpoints as $request_url ) { 343 $request_url = apply_filters( 'wcorg_json_api_verify_data_scrubbed_url', $request_url ); // Use this filter to override the URLs with corresponding endpoints on your sandbox 344 $response = json_decode( wp_remote_retrieve_body( wp_remote_get( $request_url ) ) ); 345 346 if ( empty( $response->post->slug ) ) { 347 $errors = true; 348 WP_CLI::warning( "Unable to retrieve post types from $request_url", false ); 349 continue; 350 } 351 352 foreach ( $response as $post_type ) { 353 if ( in_array( $post_type->slug, $whitelisted_post_types ) ) { 354 WP_CLI::line( "{$post_type->slug} is whitelisted." ); 355 } else { 356 $errors = true; 357 WP_CLI::warning( "{$post_type->slug} is being exposed at $request_url" ); 358 } 359 } 360 } 361 362 return $errors; 307 363 } 308 364
Note: See TracChangeset
for help on using the changeset viewer.