Home Explore Help
Sign In
website
/
finlabsindia
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
finlabsindia
/
wp-content
/
plugins
/
woocommerce
/
includes
/
api
/
legacy
/
v2
/
class-wc-api-json-handler.php

class-wc-api-json-handler.php 1.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * WooCommerce API
    4. 

  4.  *
    5. 

  5.  * Handles parsing JSON request bodies and generating JSON responses
    6. 

  6.  *
    7. 

  7.  * @author      WooThemes
    8. 

  8.  * @category    API
    9. 

  9.  * @package     WooCommerce/API
    10. 

  10.  * @since       2.1
    11. 

  11.  */
    12. 

  12. 

  13. if ( ! defined( 'ABSPATH' ) ) {
    14. 

  14. 	exit; // Exit if accessed directly
    15. 

  15. }
    16. 

  16. 

  17. class WC_API_JSON_Handler implements WC_API_Handler {
    18. 

  18. 

  19. 	/**
    20. 

  20. 	 * Get the content type for the response
    21. 

  21. 	 *
    22. 

  22. 	 * @since 2.1
    23. 

  23. 	 * @return string
    24. 

  24. 	 */
    25. 

  25. 	public function get_content_type() {
    26. 

  26. 

  27. 		return sprintf( '%s; charset=%s', isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json', get_option( 'blog_charset' ) );
    28. 

  28. 	}
    29. 

  29. 

  30. 	/**
    31. 

  31. 	 * Parse the raw request body entity
    32. 

  32. 	 *
    33. 

  33. 	 * @since 2.1
    34. 

  34. 	 * @param string $body the raw request body
    35. 

  35. 	 * @return array|mixed
    36. 

  36. 	 */
    37. 

  37. 	public function parse_body( $body ) {
    38. 

  38. 

  39. 		return json_decode( $body, true );
    40. 

  40. 	}
    41. 

  41. 

  42. 	/**
    43. 

  43. 	 * Generate a JSON response given an array of data
    44. 

  44. 	 *
    45. 

  45. 	 * @since 2.1
    46. 

  46. 	 * @param array $data the response data
    47. 

  47. 	 * @return string
    48. 

  48. 	 */
    49. 

  49. 	public function generate_response( $data ) {
    50. 

  50. 

  51. 		if ( isset( $_GET['_jsonp'] ) ) {
    52. 

  52. 

  53. 			// JSONP enabled by default
    54. 

  54. 			if ( ! apply_filters( 'woocommerce_api_jsonp_enabled', true ) ) {
    55. 

  55. 

  56. 				WC()->api->server->send_status( 400 );
    57. 

  57. 

  58. 				$data = array( array( 'code' => 'woocommerce_api_jsonp_disabled', 'message' => __( 'JSONP support is disabled on this site', 'woocommerce' ) ) );
    59. 

  59. 			}
    60. 

  60. 

  61. 			// Check for invalid characters (only alphanumeric allowed)
    62. 

  62. 			if ( preg_match( '/\W/', $_GET['_jsonp'] ) ) {
    63. 

  63. 

  64. 				WC()->api->server->send_status( 400 );
    65. 

  65. 

  66. 				$data = array( array( 'code' => 'woocommerce_api_jsonp_callback_invalid', __( 'The JSONP callback function is invalid', 'woocommerce' ) ) );
    67. 

  67. 			}
    68. 

  68. 

  69. 			// see http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
    70. 

  70. 			WC()->api->server->header( 'X-Content-Type-Options', 'nosniff' );
    71. 

  71. 

  72. 			// Prepend '/**/' to mitigate possible JSONP Flash attacks
    73. 

  73. 			return '/**/' . $_GET['_jsonp'] . '(' . json_encode( $data ) . ')';
    74. 

  74. 		}
    75. 

  75. 

  76. 		return json_encode( $data );
    77. 

  77. 	}
    78. 

  78. }
    79.