137 lines
3.1 KiB
PHP
137 lines
3.1 KiB
PHP
<?php
|
|
/**
|
|
* Simply Schedule Appointments Templates Api.
|
|
*
|
|
* @since 5.2.0
|
|
* @package Simply_Schedule_Appointments
|
|
*/
|
|
|
|
/**
|
|
* Simply Schedule Appointments Templates Api.
|
|
*
|
|
* @since 5.2.0
|
|
*/
|
|
class SSA_Templates_Api extends WP_REST_Controller {
|
|
/**
|
|
* Parent plugin class
|
|
*
|
|
* @var class
|
|
* @since 1.0.0
|
|
*/
|
|
protected $plugin = null;
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* @since 1.0.0
|
|
* @param object $plugin Main plugin object.
|
|
* @return void
|
|
*/
|
|
public function __construct( $plugin ) {
|
|
$this->plugin = $plugin;
|
|
$this->hooks();
|
|
}
|
|
|
|
/**
|
|
* Initiate our hooks
|
|
*
|
|
* @since 1.0.0
|
|
* @return void
|
|
*/
|
|
public function hooks() {
|
|
$this->register_routes();
|
|
}
|
|
|
|
|
|
/**
|
|
* Register the routes for the objects of the controller.
|
|
*/
|
|
public function register_routes() {
|
|
$version = '1';
|
|
$namespace = 'ssa/v' . $version;
|
|
$base = 'templates';
|
|
|
|
register_rest_route(
|
|
$namespace,
|
|
'/' . $base . '/validate',
|
|
array(
|
|
array(
|
|
'methods' => WP_REST_Server::CREATABLE,
|
|
'callback' => array( $this, 'validate_twig_template' ),
|
|
'permission_callback' => array( $this, 'get_items_permissions_check' ),
|
|
'args' => array(
|
|
'message' => array(
|
|
'required' => true,
|
|
'type' => 'string',
|
|
),
|
|
),
|
|
),
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Check if a given request has access to get items
|
|
*
|
|
* @param WP_REST_Request $request Full data about the request.
|
|
* @return WP_Error|bool
|
|
*/
|
|
public function get_items_permissions_check( $request ) {
|
|
return TD_API_Model::nonce_permissions_check( $request );
|
|
}
|
|
|
|
/**
|
|
* Given a message, verify if it's a valid Twig string or if it contain errors while parsing it.
|
|
*
|
|
* @since 5.2.0
|
|
*
|
|
* @param WP_REST_Request $request Full data about the request.
|
|
*
|
|
* @return WP_REST_Response $response The response data.
|
|
*/
|
|
public function validate_twig_template( WP_REST_Request $request ) {
|
|
$template_string = $request->get_param( 'message' );
|
|
|
|
// if string includes any js or event handlers, return an error
|
|
if ( preg_match( '/ on\w+=.*\(/', $template_string ) || preg_match( '/<script\b[^>]*>(.*?)<\/script>/is', $template_string ) ) {
|
|
return new WP_REST_Response(
|
|
array(
|
|
'success' => false,
|
|
'error' => 'JavaScript is not allowed in Twig templates.',
|
|
),
|
|
200
|
|
);
|
|
}
|
|
|
|
$template_string = $this->plugin->templates->cleanup_variables_in_string( $template_string );
|
|
$template_string = $this->plugin->notifications->prepare_notification_template( $template_string );
|
|
|
|
$loader = new Twig\Loader\ArrayLoader(
|
|
array(
|
|
'template' => $template_string,
|
|
)
|
|
);
|
|
|
|
$twig = new Twig\Environment( $loader );
|
|
|
|
$twig->addExtension( $this->plugin->templates->getCustomTwigSandboxExtension() );
|
|
|
|
$twig->addExtension( new SSA_Twig_Extension() );
|
|
$twig->getExtension( \Twig\Extension\CoreExtension::class )->setTimezone( 'UTC' );
|
|
|
|
try {
|
|
$render = $twig->render( 'template' );
|
|
} catch ( Exception $e ) {
|
|
return new WP_REST_Response(
|
|
array(
|
|
'success' => false,
|
|
'error' => "Error: {$e->getMessage()}",
|
|
),
|
|
200
|
|
);
|
|
}
|
|
|
|
return new WP_REST_Response( array( 'success' => true ) );
|
|
}
|
|
}
|