Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 3.135.247.237
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/wordpress/wp-content/themes/Divi/includes/builder/api/rest/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /var/www/wordpress/wp-content/themes/Divi/includes/builder/api/rest/BlockLayout.php
<?php
/**
 * Rest API: Layout Block
 *
 * @package Divi
 */

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

/**
 * Class for custom REST API endpoint for Divi Layout block.
 */
class ET_Api_Rest_Block_Layout {

	/**
	 * Instance of `ET_Api_Rest_Block_Layout`.
	 *
	 * @var ET_Api_Rest_Block_Layout
	 */
	private static $_instance;

	/**
	 * Constructor.
	 *
	 * ET_Api_Rest_Block_Layout constructor.
	 */
	public function __construct() {
		$this->register();
	}

	/**
	 * Get class instance
	 *
	 * @since 4.1.0
	 *
	 * @return object class instance
	 */
	public static function instance() {
		if ( null === self::$_instance ) {
			self::$_instance = new self();
		}

		return self::$_instance;
	}

	/**
	 * Register callback for Layout block REST API
	 *
	 * @since 4.1.0
	 */
	public function register() {
		add_action( 'rest_api_init', array( $this, 'register_routes' ) );
	}

	/**
	 * Register REST API routes for Layout block
	 *
	 * @since 4.1.0
	 */
	public function register_routes() {
		register_rest_route(
			'divi/v1',
			'get_layout_content',
			array(
				'methods'             => 'POST',
				'callback'            => array( $this, 'get_layout_content_callback' ),
				'args'                => array(
					'id'    => array(
						// using intval directly doesn't work, hence the custom callback.
						'sanitize_callback'   => array( $this, 'sanitize_int' ),
						'validation_callback' => 'is_numeric',
					),
					'nonce' => array(
						'sanitize_callback' => 'sanitize_text_field',
					),
				),
				'permission_callback' => array( $this, 'rest_api_layout_block_permission' ),
			)
		);

		register_rest_route(
			'divi/v1',
			'block/layout/builder_edit_data',
			array(
				'methods'             => 'POST',
				'callback'            => array( $this, 'process_builder_edit_data' ),
				'args'                => array(
					'action'        => array(
						'sanitize_callback'   => array( $this, 'sanitize_action' ), // update|delete|get.
						'validation_callback' => array( $this, 'validate_action' ),
					),
					'postId'        => array(
						'sanitize_callback'   => array( $this, 'sanitize_int' ),
						'validation_callback' => 'is_numeric',
					),
					'blockId'       => array(
						'sanitize_callback' => 'sanitize_title',
					),
					'layoutContent' => array(
						'sanitize_callback' => 'wp_kses_post',
					),
					'nonce'         => array(
						'sanitize_callback' => 'sanitize_text_field',
					),
				),
				'permission_callback' => array( $this, 'rest_api_layout_block_permission' ),
			)
		);
	}

	/**
	 * Get layout content based on given post ID
	 *
	 * @since 4.1.0
	 *
	 * @param WP_REST_Request $request Full details about the request.
	 *
	 * @return string|WP_Error
	 */
	public function get_layout_content_callback( WP_REST_Request $request ) {
		$post_id = $request->get_param( 'id' );
		$nonce   = $request->get_param( 'nonce' );

		// Action nonce check. REST API actually has checked for nonce at cookie sent on every
		// request and performed capability-based check. This check perform action-based nonce
		// check to strengthen the security
		// @see https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/.
		if ( ! wp_verify_nonce( $nonce, 'et_rest_get_layout_content' ) ) {
			return new WP_Error(
				'invalid_nonce',
				esc_html__( 'Invalid nonce', 'et_builder' ),
				array(
					'status' => 400,
				)
			);
		}

		// request has to have id param.
		if ( ! $post_id ) {
			return new WP_Error(
				'no_layout_id',
				esc_html__( 'No layout id found', 'et_builder' ),
				array(
					'status' => 400,
				)
			);
		}

		$post = get_post( $post_id );

		if ( ! isset( $post->post_content ) || ! $post->post_content ) {
			return new WP_Error(
				'no_layout_found',
				esc_html__( 'No valid layout content found.', 'et_builder' ),
				array(
					'status' => 404,
				)
			);
		}

		return $post->post_content;
	}

	/**
	 *  Process /block/layout/builder_edit_data route request
	 *
	 * @param WP_Rest_Request $request Request to prepare items for.
	 *
	 * @return string|WP_Error
	 * @since 4.1.0
	 */
	public function process_builder_edit_data( WP_Rest_Request $request ) {
		$post_id  = $request->get_param( 'postId' );
		$block_id = $request->get_param( 'blockId' );
		$nonce    = $request->get_param( 'nonce' );

		// No post ID.
		if ( empty( $post_id ) ) {
			return new WP_Error(
				'no_post_id',
				esc_html__( 'No post id', 'et_builder' ),
				array(
					'status' => 400,
				)
			);
		}

		// No block ID.
		if ( empty( $block_id ) ) {
			return new WP_Error(
				'no_block_id',
				esc_html__( 'No block id', 'et_builder' ),
				array(
					'status' => 400,
				)
			);
		}

		// Action nonce check. REST API actually has checked for nonce at cookie sent on every
		// request and performed capability-based check. This check perform action-based nonce
		// check to strengthen the security
		// @see https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/.
		if ( ! wp_verify_nonce( $nonce, 'et_rest_process_builder_edit_data' ) ) {
			return new WP_Error(
				'invalid_nonce',
				esc_html__( 'Invalid nonce', 'et_builder' ),
				array(
					'status' => 400,
				)
			);
		}

		$result        = '';
		$post_meta_key = "_et_block_layout_preview_{$block_id}";

		switch ( $request->get_param( 'action' ) ) {
			case 'get':
				$result = get_post_meta( $post_id, $post_meta_key, true );
				break;
			case 'update':
				$layout_content = $request->get_param( 'layoutContent' );

				// No layout content.
				if ( empty( $layout_content ) ) {
					return new WP_Error(
						'no_layout_content',
						esc_html__( 'No layout content', 'et_builder' ),
						array(
							'status' => 400,
						)
					);
				}

				$saved_layout_content = get_post_meta( $post_id, $post_meta_key, true );

				if ( ! empty( $saved_layout_content ) && $saved_layout_content === $layout_content ) {
					// If for some reason layout exist and identical to the one being sent, return
					// true because update_post_meta() returns false if it updates the meta key and
					// the value doesn't change.
					$result = true;
				} else {
					// Otherwise, attempt to save post meta and returns how it goes.
					$result = update_post_meta(
						$post_id,
						$post_meta_key,
						$layout_content
					);
				}

				break;
			case 'delete':
				$result = delete_post_meta( $post_id, $post_meta_key );
				break;
			default:
				return new WP_Error(
					'no_valid_action',
					esc_html__( 'No valid action found', 'et_builder' ),
					array(
						'status' => 400,
					)
				);
		}

		return array(
			'result' => $result,
		);
	}

	/**
	 * Sanitize int value
	 *
	 * @since 4.1.0
	 *
	 * @param int|mixed $value Value.
	 *
	 * @return int
	 */
	public function sanitize_int( $value ) {
		return intval( $value );
	}

	/**
	 *  Sanitize request "action" argument
	 *
	 * @since 4.1.0
	 *
	 * @param string $value Action value.
	 *
	 * @return string
	 */
	public function sanitize_action( $value ) {
		return $this->validate_action( $value ) ? $value : '';
	}

	/**
	 * Validate request "action" argument
	 *
	 * @since 4.1.0
	 *
	 * @param string $value Action value.
	 *
	 * @return bool
	 */
	public function validate_action( $value ) {
		$valid_builder_edit_data_actions = array(
			'get',
			'update',
			'delete',
		);

		return in_array( $value, $valid_builder_edit_data_actions, true );
	}

	/**
	 * Permission callback for get layout permalink REST API endpoint
	 *
	 * @since 4.1.0
	 *
	 * @return bool
	 */
	public function rest_api_layout_block_permission() {
		return current_user_can( 'edit_posts' ) && et_pb_is_allowed( 'use_visual_builder' );
	}
}

// Initialize ET_Api_Rest_Block_Layout.
ET_Api_Rest_Block_Layout::instance();

Anon7 - 2022
AnonSec Team