-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathquery.php
219 lines (195 loc) · 6.01 KB
/
query.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
<?php
function gb_get_ip() {
if ( isset ( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif ( isset ( $_SERVER['HTTP_CLIENT_IP'] ) ) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
class GB_JSON_API_Query {
// Default values
protected $defaults = array(
'date_format' => 'Y-m-d H:i:s',
'read_more' => 'Read more'
);
function __construct() {
// Register JSON API query vars
add_filter( 'query_vars', array( &$this, 'query_vars' ) );
}
function get( $key ) {
if ( is_array( $key ) ) {
$result = array();
foreach ( $key as $k ) {
$result[ $k ] = $this->get( $k );
}
return $result;
}
$query_var = ( isset( $_REQUEST[ $key ] ) ) ? $_REQUEST[ $key ] : null;
$wp_query_var = $this->wp_query_var( $key );
if ( $wp_query_var ) {
return $wp_query_var;
} else if ( $query_var ) {
return $this->strip_magic_quotes( $query_var );
} else if ( isset( $this->defaults[ $key ] ) ) {
return $this->defaults[ $key ];
} else {
return null;
}
}
function __get( $key ) {
return $this->get( $key );
}
function __isset( $key ) {
return ( $this->get( $key ) !== null );
}
function wp_query_var( $key ) {
$wp_translation = array(
'json' => 'json',
'post_id' => 'p',
'post_slug' => 'name',
'page_id' => 'page_id',
'page_slug' => 'name',
'category_id' => 'cat',
'category_slug' => 'category_name',
'tag_id' => 'tag_id',
'tag_slug' => 'tag',
'author_id' => 'author',
'author_slug' => 'author_name',
'search' => 's',
'order' => 'order',
'order_by' => 'orderby'
);
if ( $key == 'date' ) {
$date = null;
if ( get_query_var( 'year' ) ) {
$date = get_query_var( 'year' );
}
if ( get_query_var( 'monthnum' ) ) {
$month = get_query_var( 'monthnum' );
if ( $month < 10 ) {
$month = "0$month";
}
$date .= $month;
}
if ( get_query_var( 'day' ) ) {
$day = get_query_var( 'day' );
if ( $day < 10 ) {
$day = "0$day";
}
$date .= $day;
}
return $date;
} else if ( isset( $wp_translation[ $key ] ) ) {
return get_query_var( $wp_translation[ $key ] );
} else {
return null;
}
}
function strip_magic_quotes( $value ) {
if ( get_magic_quotes_gpc() ) {
return stripslashes( $value );
} else {
return $value;
}
}
function query_vars( $wp_vars ) {
$wp_vars[] = 'gbjson';
return $wp_vars;
}
function get_controller() {
$json = $this->get( 'gbjson' );
if ( empty( $json ) ) {
return false;
}
if ( preg_match( '/^[a-zA-Z_]+$/', $json ) ) {
return $this->get_legacy_controller( $json );
} else if ( preg_match( '/^([a-zA-Z_]+)(\/|\.)[a-zA-Z_]+$/', $json, $matches ) ) {
return $matches[1];
} else {
return 'core';
}
}
function get_legacy_controller( $json ) {
global $gb_json_api;
$is_secure_mode_enabled = get_option( 'is_secure_mode_enabled', '' );
if ( ( $is_secure_mode_enabled == 'True' ) && ( $json != 'submit_comment' ) ) {
$ip = gb_get_ip();
$ip = str_replace( ".", "", $ip );
if ( ! ( ( $ip >= 213251158192 ) && ( $ip <= 213251158217 ) || ( $ip >= 9423134224 ) && ( $ip <= 9423134249 ) ) ) {
$gb_json_api->error( "Sorry, you're not allowed to access this content." );
}
}
if ( $json == 'submit_comment' ) {
if ( $gb_json_api->controller_is_active( 'respond' ) ) {
return 'respond';
} else {
$gb_json_api->error( "The 'submit_comment' method has been removed from the Core controller. To use this method you must enable the Respond controller from WP Admin > Settings > JSON API." );
}
} else if ( $json == 'create_post' ) {
if ( $gb_json_api->controller_is_active( 'posts' ) ) {
return 'posts';
} else {
$gb_json_api->error( "The 'create_post' method has been removed from the Core controller. To use this method you must enable the Posts controller from WP Admin > Settings > JSON API." );
}
} else {
return 'core';
}
}
function get_method( $controller ) {
global $gb_json_api;
// Returns an appropriate API method name or false. Four possible outcomes:
// 1. API isn't being invoked at all (return false)
// 2. A specific API method was requested (return method name)
// 3. A method is chosen implicitly on a given WordPress page
// 4. API invoked incorrectly (return "error" method)
//
// Note:
// The implicit outcome (3) is invoked by setting the json query var to a
// non-empty value on any WordPress page:
// * http://example.org/2009/11/10/hello-world/?json=1 (get_post)
// * http://example.org/2009/11/?json=1 (get_date_posts)
// * http://example.org/category/foo?json=1 (get_category_posts)
$method = $this->get( 'gbjson' );
if ( strpos( $method, '/' ) !== false ) {
$method = substr( $method, strpos( $method, '/' ) + 1 );
} else if ( strpos( $method, '.' ) !== false ) {
$method = substr( $method, strpos( $method, '.' ) + 1 );
}
if ( empty( $method ) ) {
// Case 1: we're not being invoked (done!)
return false;
} else if ( method_exists( "GB_JSON_API_{$controller}_Controller", $method ) ) {
// Case 2: an explicit method was specified
return $method;
} else if ( $controller == 'core' ) {
// Case 3: choose the method implicitly based on which page we're on...
if ( is_search() ) {
return 'get_search_results';
} else if ( is_home() ) {
if ( empty( $_GET['json'] ) ) {
$gb_json_api->error( "Uknown method '$method'." );
}
return 'get_recent_posts';
} else if ( is_page() ) {
return 'get_page';
} else if ( is_single() ) {
return 'get_post';
} else if ( is_category() ) {
return 'get_category_posts';
} else if ( is_tag() ) {
return 'get_tag_posts';
} else if ( is_author() ) {
return 'get_author_posts';
} else if ( is_date() ) {
return 'get_date_posts';
} else if ( is_404() ) {
return '404';
}
}
// Case 4: either the method doesn't exist or we don't support the page implicitly
return 'error';
}
}