Edit File by line

<?php

[0] Fix | Delete

/**

[1] Fix | Delete

* Rest API: Layout Block

[2] Fix | Delete

[3] Fix | Delete

* @package Divi

[4] Fix | Delete

[5] Fix | Delete

[6] Fix | Delete

if ( ! defined( 'ABSPATH' ) ) {

[7] Fix | Delete

exit; // Exit if accessed directly.

[8] Fix | Delete

}

[9] Fix | Delete

[10] Fix | Delete

/**

[11] Fix | Delete

* Class for custom REST API endpoint for Divi Layout block.

[12] Fix | Delete

[13] Fix | Delete

class ET_Api_Rest_Block_Layout {

[14] Fix | Delete

[15] Fix | Delete

/**

[16] Fix | Delete

* Instance of `ET_Api_Rest_Block_Layout`.

[17] Fix | Delete

[18] Fix | Delete

* @var ET_Api_Rest_Block_Layout

[19] Fix | Delete

[20] Fix | Delete

private static $_instance;

[21] Fix | Delete

[22] Fix | Delete

/**

[23] Fix | Delete

* Constructor.

[24] Fix | Delete

[25] Fix | Delete

* ET_Api_Rest_Block_Layout constructor.

[26] Fix | Delete

[27] Fix | Delete

public function __construct() {

[28] Fix | Delete

$this->register();

[29] Fix | Delete

}

[30] Fix | Delete

[31] Fix | Delete

/**

[32] Fix | Delete

* Get class instance

[33] Fix | Delete

[34] Fix | Delete

* @since 4.1.0

[35] Fix | Delete

[36] Fix | Delete

* @return object class instance

[37] Fix | Delete

[38] Fix | Delete

public static function instance() {

[39] Fix | Delete

if ( null === self::$_instance ) {

[40] Fix | Delete

self::$_instance = new self();

[41] Fix | Delete

}

[42] Fix | Delete

[43] Fix | Delete

return self::$_instance;

[44] Fix | Delete

}

[45] Fix | Delete

[46] Fix | Delete

/**

[47] Fix | Delete

* Register callback for Layout block REST API

[48] Fix | Delete

[49] Fix | Delete

* @since 4.1.0

[50] Fix | Delete

[51] Fix | Delete

public function register() {

[52] Fix | Delete

add_action( 'rest_api_init', array( $this, 'register_routes' ) );

[53] Fix | Delete

}

[54] Fix | Delete

[55] Fix | Delete

/**

[56] Fix | Delete

* Register REST API routes for Layout block

[57] Fix | Delete

[58] Fix | Delete

* @since 4.1.0

[59] Fix | Delete

[60] Fix | Delete

public function register_routes() {

[61] Fix | Delete

register_rest_route(

[62] Fix | Delete

'divi/v1',

[63] Fix | Delete

'get_layout_content',

[64] Fix | Delete

array(

[65] Fix | Delete

'methods' => 'POST',

[66] Fix | Delete

'callback' => array( $this, 'get_layout_content_callback' ),

[67] Fix | Delete

'args' => array(

[68] Fix | Delete

'id' => array(

[69] Fix | Delete

// using intval directly doesn't work, hence the custom callback.

[70] Fix | Delete

'sanitize_callback' => array( $this, 'sanitize_int' ),

[71] Fix | Delete

'validation_callback' => 'is_numeric',

[72] Fix | Delete

[73] Fix | Delete

'nonce' => array(

[74] Fix | Delete

'sanitize_callback' => 'sanitize_text_field',

[75] Fix | Delete

[76] Fix | Delete

[77] Fix | Delete

'permission_callback' => array( $this, 'rest_api_layout_block_permission' ),

[78] Fix | Delete

)

[79] Fix | Delete

);

[80] Fix | Delete

[81] Fix | Delete

register_rest_route(

[82] Fix | Delete

'divi/v1',

[83] Fix | Delete

'block/layout/builder_edit_data',

[84] Fix | Delete

array(

[85] Fix | Delete

'methods' => 'POST',

[86] Fix | Delete

'callback' => array( $this, 'process_builder_edit_data' ),

[87] Fix | Delete

'args' => array(

[88] Fix | Delete

'action' => array(

[89] Fix | Delete

'sanitize_callback' => array( $this, 'sanitize_action' ), // update|delete|get.

[90] Fix | Delete

'validation_callback' => array( $this, 'validate_action' ),

[91] Fix | Delete

[92] Fix | Delete

'postId' => array(

[93] Fix | Delete

'sanitize_callback' => array( $this, 'sanitize_int' ),

[94] Fix | Delete

'validation_callback' => 'is_numeric',

[95] Fix | Delete

[96] Fix | Delete

'blockId' => array(

[97] Fix | Delete

'sanitize_callback' => 'sanitize_title',

[98] Fix | Delete

[99] Fix | Delete

'layoutContent' => array(

[100] Fix | Delete

'sanitize_callback' => 'wp_kses_post',

[101] Fix | Delete

[102] Fix | Delete

'nonce' => array(

[103] Fix | Delete

'sanitize_callback' => 'sanitize_text_field',

[104] Fix | Delete

[105] Fix | Delete

[106] Fix | Delete

'permission_callback' => array( $this, 'rest_api_layout_block_permission' ),

[107] Fix | Delete

)

[108] Fix | Delete

);

[109] Fix | Delete

}

[110] Fix | Delete

[111] Fix | Delete

/**

[112] Fix | Delete

* Get layout content based on given post ID

[113] Fix | Delete

[114] Fix | Delete

* @since 4.1.0

[115] Fix | Delete

[116] Fix | Delete

* @param WP_REST_Request $request Full details about the request.

[117] Fix | Delete

[118] Fix | Delete

* @return string|WP_Error

[119] Fix | Delete

[120] Fix | Delete

public function get_layout_content_callback( WP_REST_Request $request ) {

[121] Fix | Delete

$post_id = $request->get_param( 'id' );

[122] Fix | Delete

$nonce = $request->get_param( 'nonce' );

[123] Fix | Delete

[124] Fix | Delete

// Action nonce check. REST API actually has checked for nonce at cookie sent on every

[125] Fix | Delete

// request and performed capability-based check. This check perform action-based nonce

[126] Fix | Delete

// check to strengthen the security

[127] Fix | Delete

// @see https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/.

[128] Fix | Delete

if ( ! wp_verify_nonce( $nonce, 'et_rest_get_layout_content' ) ) {

[129] Fix | Delete

return new WP_Error(

[130] Fix | Delete

'invalid_nonce',

[131] Fix | Delete

esc_html__( 'Invalid nonce', 'et_builder' ),

[132] Fix | Delete

array(

[133] Fix | Delete

'status' => 400,

[134] Fix | Delete

)

[135] Fix | Delete

);

[136] Fix | Delete

}

[137] Fix | Delete

[138] Fix | Delete

// request has to have id param.

[139] Fix | Delete

if ( ! $post_id ) {

[140] Fix | Delete

return new WP_Error(

[141] Fix | Delete

'no_layout_id',

[142] Fix | Delete

esc_html__( 'No layout id found', 'et_builder' ),

[143] Fix | Delete

array(

[144] Fix | Delete

'status' => 400,

[145] Fix | Delete

)

[146] Fix | Delete

);

[147] Fix | Delete

}

[148] Fix | Delete

[149] Fix | Delete

$post = get_post( $post_id );

[150] Fix | Delete

[151] Fix | Delete

if ( ! isset( $post->post_content ) || ! $post->post_content ) {

[152] Fix | Delete

return new WP_Error(

[153] Fix | Delete

'no_layout_found',

[154] Fix | Delete

esc_html__( 'No valid layout content found.', 'et_builder' ),

[155] Fix | Delete

array(

[156] Fix | Delete

'status' => 404,

[157] Fix | Delete

)

[158] Fix | Delete

);

[159] Fix | Delete

}

[160] Fix | Delete

[161] Fix | Delete

return $post->post_content;

[162] Fix | Delete

}

[163] Fix | Delete

[164] Fix | Delete

/**

[165] Fix | Delete

* Process /block/layout/builder_edit_data route request

[166] Fix | Delete

[167] Fix | Delete

* @param WP_Rest_Request $request Request to prepare items for.

[168] Fix | Delete

[169] Fix | Delete

* @return string|WP_Error

[170] Fix | Delete

* @since 4.1.0

[171] Fix | Delete

[172] Fix | Delete

public function process_builder_edit_data( WP_Rest_Request $request ) {

[173] Fix | Delete

$post_id = $request->get_param( 'postId' );

[174] Fix | Delete

$block_id = $request->get_param( 'blockId' );

[175] Fix | Delete

$nonce = $request->get_param( 'nonce' );

[176] Fix | Delete

[177] Fix | Delete

// No post ID.

[178] Fix | Delete

if ( empty( $post_id ) ) {

[179] Fix | Delete

return new WP_Error(

[180] Fix | Delete

'no_post_id',

[181] Fix | Delete

esc_html__( 'No post id', 'et_builder' ),

[182] Fix | Delete

array(

[183] Fix | Delete

'status' => 400,

[184] Fix | Delete

)

[185] Fix | Delete

);

[186] Fix | Delete

}

[187] Fix | Delete

[188] Fix | Delete

// No block ID.

[189] Fix | Delete

if ( empty( $block_id ) ) {

[190] Fix | Delete

return new WP_Error(

[191] Fix | Delete

'no_block_id',

[192] Fix | Delete

esc_html__( 'No block id', 'et_builder' ),

[193] Fix | Delete

array(

[194] Fix | Delete

'status' => 400,

[195] Fix | Delete

)

[196] Fix | Delete

);

[197] Fix | Delete

}

[198] Fix | Delete

[199] Fix | Delete

// Action nonce check. REST API actually has checked for nonce at cookie sent on every

[200] Fix | Delete

// request and performed capability-based check. This check perform action-based nonce

[201] Fix | Delete

// check to strengthen the security

[202] Fix | Delete

// @see https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/.

[203] Fix | Delete

if ( ! wp_verify_nonce( $nonce, 'et_rest_process_builder_edit_data' ) ) {

[204] Fix | Delete

return new WP_Error(

[205] Fix | Delete

'invalid_nonce',

[206] Fix | Delete

esc_html__( 'Invalid nonce', 'et_builder' ),

[207] Fix | Delete

array(

[208] Fix | Delete

'status' => 400,

[209] Fix | Delete

)

[210] Fix | Delete

);

[211] Fix | Delete

}

[212] Fix | Delete

[213] Fix | Delete

$result = '';

[214] Fix | Delete

$post_meta_key = "_et_block_layout_preview_{$block_id}";

[215] Fix | Delete

[216] Fix | Delete

switch ( $request->get_param( 'action' ) ) {

[217] Fix | Delete

case 'get':

[218] Fix | Delete

$result = get_post_meta( $post_id, $post_meta_key, true );

[219] Fix | Delete

break;

[220] Fix | Delete

case 'update':

[221] Fix | Delete

$layout_content = $request->get_param( 'layoutContent' );

[222] Fix | Delete

[223] Fix | Delete

// No layout content.

[224] Fix | Delete

if ( empty( $layout_content ) ) {

[225] Fix | Delete

return new WP_Error(

[226] Fix | Delete

'no_layout_content',

[227] Fix | Delete

esc_html__( 'No layout content', 'et_builder' ),

[228] Fix | Delete

array(

[229] Fix | Delete

'status' => 400,

[230] Fix | Delete

)

[231] Fix | Delete

);

[232] Fix | Delete

}

[233] Fix | Delete

[234] Fix | Delete

$saved_layout_content = get_post_meta( $post_id, $post_meta_key, true );

[235] Fix | Delete

[236] Fix | Delete

if ( ! empty( $saved_layout_content ) && $saved_layout_content === $layout_content ) {

[237] Fix | Delete

// If for some reason layout exist and identical to the one being sent, return

[238] Fix | Delete

// true because update_post_meta() returns false if it updates the meta key and

[239] Fix | Delete

// the value doesn't change.

[240] Fix | Delete

$result = true;

[241] Fix | Delete

} else {

[242] Fix | Delete

// Otherwise, attempt to save post meta and returns how it goes.

[243] Fix | Delete

$result = update_post_meta(

[244] Fix | Delete

$post_id,

[245] Fix | Delete

$post_meta_key,

[246] Fix | Delete

$layout_content

[247] Fix | Delete

);

[248] Fix | Delete

}

[249] Fix | Delete

[250] Fix | Delete

break;

[251] Fix | Delete

case 'delete':

[252] Fix | Delete

$result = delete_post_meta( $post_id, $post_meta_key );

[253] Fix | Delete

break;

[254] Fix | Delete

default:

[255] Fix | Delete

return new WP_Error(

[256] Fix | Delete

'no_valid_action',

[257] Fix | Delete

esc_html__( 'No valid action found', 'et_builder' ),

[258] Fix | Delete

array(

[259] Fix | Delete

'status' => 400,

[260] Fix | Delete

)

[261] Fix | Delete

);

[262] Fix | Delete

}

[263] Fix | Delete

[264] Fix | Delete

return array(

[265] Fix | Delete

'result' => $result,

[266] Fix | Delete

);

[267] Fix | Delete

}

[268] Fix | Delete

[269] Fix | Delete

/**

[270] Fix | Delete

* Sanitize int value

[271] Fix | Delete

[272] Fix | Delete

* @since 4.1.0

[273] Fix | Delete

[274] Fix | Delete

* @param int|mixed $value Value.

[275] Fix | Delete

[276] Fix | Delete

* @return int

[277] Fix | Delete

[278] Fix | Delete

public function sanitize_int( $value ) {

[279] Fix | Delete

return intval( $value );

[280] Fix | Delete

}

[281] Fix | Delete

[282] Fix | Delete

/**

[283] Fix | Delete

* Sanitize request "action" argument

[284] Fix | Delete

[285] Fix | Delete

* @since 4.1.0

[286] Fix | Delete

[287] Fix | Delete

* @param string $value Action value.

[288] Fix | Delete

[289] Fix | Delete

* @return string

[290] Fix | Delete

[291] Fix | Delete

public function sanitize_action( $value ) {

[292] Fix | Delete

return $this->validate_action( $value ) ? $value : '';

[293] Fix | Delete

}

[294] Fix | Delete

[295] Fix | Delete

/**

[296] Fix | Delete

* Validate request "action" argument

[297] Fix | Delete

[298] Fix | Delete

* @since 4.1.0

[299] Fix | Delete

[300] Fix | Delete

* @param string $value Action value.

[301] Fix | Delete

[302] Fix | Delete

* @return bool

[303] Fix | Delete

[304] Fix | Delete

public function validate_action( $value ) {

[305] Fix | Delete

$valid_builder_edit_data_actions = array(

[306] Fix | Delete

'get',

[307] Fix | Delete

'update',

[308] Fix | Delete

'delete',

[309] Fix | Delete

);

[310] Fix | Delete

[311] Fix | Delete

return in_array( $value, $valid_builder_edit_data_actions, true );

[312] Fix | Delete

}

[313] Fix | Delete

[314] Fix | Delete

/**

[315] Fix | Delete

* Permission callback for get layout permalink REST API endpoint

[316] Fix | Delete

[317] Fix | Delete

* @since 4.1.0

[318] Fix | Delete

[319] Fix | Delete

* @return bool

[320] Fix | Delete

[321] Fix | Delete

public function rest_api_layout_block_permission() {

[322] Fix | Delete

return current_user_can( 'edit_posts' ) && et_pb_is_allowed( 'use_visual_builder' );

[323] Fix | Delete

}

[324] Fix | Delete

}

[325] Fix | Delete

[326] Fix | Delete

// Initialize ET_Api_Rest_Block_Layout.

[327] Fix | Delete

ET_Api_Rest_Block_Layout::instance();

[328] Fix | Delete

[329] Fix | Delete