Home Explore Help
Sign In
website
/
finlabsindia
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
finlabsindia
/
wp-content
/
plugins
/
woocommerce
/
includes
/
api
/
legacy
/
v1
/
class-wc-api-json-handler.php

class-wc-api-json-handler.php 2.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * WooCommerce API
    4. 

  4.  *
    5. 

  5.  * Handles parsing JSON request bodies and generating JSON responses
    6. 

  6.  *
    7. 

  7.  * @author      WooThemes
    8. 

  8.  * @category    API
    9. 

  9.  * @package     WooCommerce/API
    10. 

  10.  * @since       2.1
    11. 

  11.  * @version     2.1
    12. 

  12.  */
    13. 

  13. 

  14. if ( ! defined( 'ABSPATH' ) ) {
    15. 

  15. 	exit; // Exit if accessed directly
    16. 

  16. }
    17. 

  17. 

  18. class WC_API_JSON_Handler implements WC_API_Handler {
    19. 

  19. 

  20. 	/**
    21. 

  21. 	 * Get the content type for the response
    22. 

  22. 	 *
    23. 

  23. 	 * @since 2.1
    24. 

  24. 	 * @return string
    25. 

  25. 	 */
    26. 

  26. 	public function get_content_type() {
    27. 

  27. 

  28. 		return sprintf( '%s; charset=%s', isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json', get_option( 'blog_charset' ) );
    29. 

  29. 	}
    30. 

  30. 

  31. 	/**
    32. 

  32. 	 * Parse the raw request body entity
    33. 

  33. 	 *
    34. 

  34. 	 * @since 2.1
    35. 

  35. 	 * @param string $body the raw request body
    36. 

  36. 	 * @return array|mixed
    37. 

  37. 	 */
    38. 

  38. 	public function parse_body( $body ) {
    39. 

  39. 

  40. 		return json_decode( $body, true );
    41. 

  41. 	}
    42. 

  42. 

  43. 	/**
    44. 

  44. 	 * Generate a JSON response given an array of data
    45. 

  45. 	 *
    46. 

  46. 	 * @since 2.1
    47. 

  47. 	 * @param array $data the response data
    48. 

  48. 	 * @return string
    49. 

  49. 	 */
    50. 

  50. 	public function generate_response( $data ) {
    51. 

  51. 

  52. 		if ( isset( $_GET['_jsonp'] ) ) {
    53. 

  53. 

  54. 			// JSONP enabled by default
    55. 

  55. 			if ( ! apply_filters( 'woocommerce_api_jsonp_enabled', true ) ) {
    56. 

  56. 

  57. 				WC()->api->server->send_status( 400 );
    58. 

  58. 

  59. 				$data = array( array( 'code' => 'woocommerce_api_jsonp_disabled', 'message' => __( 'JSONP support is disabled on this site', 'woocommerce' ) ) );
    60. 

  60. 			}
    61. 

  61. 

  62. 			// Check for invalid characters (only alphanumeric allowed)
    63. 

  63. 			if ( preg_match( '/\W/', $_GET['_jsonp'] ) ) {
    64. 

  64. 

  65. 				WC()->api->server->send_status( 400 );
    66. 

  66. 

  67. 				$data = array( array( 'code' => 'woocommerce_api_jsonp_callback_invalid', __( 'The JSONP callback function is invalid', 'woocommerce' ) ) );
    68. 

  68. 			}
    69. 

  69. 

  70. 			// see http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
    71. 

  71. 			WC()->api->server->header( 'X-Content-Type-Options', 'nosniff' );
    72. 

  72. 

  73. 			// Prepend '/**/' to mitigate possible JSONP Flash attacks
    74. 

  74. 			return '/**/' . $_GET['_jsonp'] . '(' . json_encode( $data ) . ')';
    75. 

  75. 		}
    76. 

  76. 

  77. 		return json_encode( $data );
    78. 

  78. 	}
    79. 

  79. }
    80.