= array( 'status' => WP_Http::BAD_REQUEST, 'json_error_code' => json_last_error(), 'json_error_message' => json_last_error_msg(), ); return new WP_Error( 'rest_invalid_json', __( 'Invalid JSON body passed.' ), $error_data ); } $this->params['JSON'] = $params; return true; } /** * Parses the request body parameters. * * Parses out URL-encoded bodies for request methods that aren't supported * natively by PHP. In PHP 5.x, only POST has these parsed automatically. * * @since 4.4.0 */ protected function parse_body_params() { if ( $this->parsed_body ) { return; } $this->parsed_body = true; /* * Check that we got URL-encoded. Treat a missing Content-Type as * URL-encoded for maximum compatibility. */ $content_type = $this->get_content_type(); if ( ! empty( $content_type ) && 'application/x-www-form-urlencoded' !== $content_type['value'] ) { return; } parse_str( $this->get_body(), $params ); /* * Add to the POST parameters stored internally. If a user has already * set these manually (via `set_body_params`), don't override them. */ $this->params['POST'] = array_merge( $params, $this->params['POST'] ); } /** * Retrieves the route that matched the request. * * @since 4.4.0 * * @return string Route matching regex. */ public function get_route() { return $this->route; } /** * Sets the route that matched the request. * * @since 4.4.0 * * @param string $route Route matching regex. */ public function set_route( $route ) { $this->route = $route; } /** * Retrieves the attributes for the request. * * These are the options for the route that was matched. * * @since 4.4.0 * * @return array Attributes for the request. */ public function get_attributes() { return $this->attributes; } /** * Sets the attributes for the request. * * @since 4.4.0 * * @param array $attributes Attributes for the request. */ public function set_attributes( $attributes ) { $this->attributes = $attributes; } /** * Sanitizes (where possible) the params on the request. * * This is primarily based off the sanitize_callback param on each registered * argument. * * @since 4.4.0 * * @return true|WP_Error True if parameters were sanitized, WP_Error if an error occurred during sanitization. */ public function sanitize_params() { $attributes = $this->get_attributes(); // No arguments set, skip sanitizing. if ( empty( $attributes['args'] ) ) { return true; } $order = $this->get_parameter_order(); $invalid_params = array(); $invalid_details = array(); foreach ( $order as $type ) { if ( empty( $this->params[ $type ] ) ) { continue; } foreach ( $this->params[ $type ] as $key => $value ) { if ( ! isset( $attributes['args'][ $key ] ) ) { continue; } $param_args = $attributes['args'][ $key ]; // If the arg has a type but no sanitize_callback attribute, default to rest_parse_request_arg. if ( ! array_key_exists( 'sanitize_callback', $param_args ) && ! empty( $param_args['type'] ) ) { $param_args['sanitize_callback'] = 'rest_parse_request_arg'; } // If there's still no sanitize_callback, nothing to do here. if ( empty( $param_args['sanitize_callback'] ) ) { continue; } /** @var mixed|WP_Error $sanitized_value */ $sanitized_value = call_user_func( $param_args['sanitize_callback'], $value, $this, $key ); if ( is_wp_error( $sanitized_value ) ) { $invalid_params[ $key ] = implode( ' ', $sanitized_value->get_error_messages() ); $invalid_details[ $key ] = rest_convert_error_to_response( $sanitized_value )->get_data(); } else { $this->params[ $type ][ $key ] = $sanitized_value; } } } if ( $invalid_params ) { return new WP_Error( 'rest_invalid_param', /* translators: %s: List of invalid parameters. */ sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params, 'details' => $invalid_details, ) ); } return true; } /** * Checks whether this request is valid according to its attributes. * * @since 4.4.0 * * @return true|WP_Error True if there are no parameters to validate or if all pass validation, * WP_Error if required parameters are missing. */ public function has_valid_params() { // If JSON data was passed, check for errors. $json_error = $this->parse_json_params(); if ( is_wp_error( $json_error ) ) { return $json_error; } $attributes = $this->get_attributes(); $required = array(); $args = empty( $attributes['args'] ) ? array() : $attributes['args']; foreach ( $args as $key => $arg ) { $param = $this->get_param( $key ); if ( isset( $arg['required'] ) && true === $arg['required'] && null === $param ) { $required[] = $key; } } if ( ! empty( $required ) ) { return new WP_Error( 'rest_missing_callback_param', /* translators: %s: List of required parameters. */ sprintf( __( 'Missing parameter(s): %s' ), implode( ', ', $required ) ), array( 'status' => 400, 'params' => $required, ) ); } /* * Check the validation callbacks for each registered arg. * * This is done after required checking as required checking is cheaper. */ $invalid_params = array(); $invalid_details = array(); foreach ( $args as $key => $arg ) { $param = $this->get_param( $key ); if ( null !== $param && ! empty( $arg['validate_callback'] ) ) { /** @var bool|\WP_Error $valid_check */ $valid_check = call_user_func( $arg['validate_callback'], $param, $this, $key ); if ( false === $valid_check ) { $invalid_params[ $key ] = __( 'Invalid parameter.' ); } if ( is_wp_error( $valid_check ) ) { $invalid_params[ $key ] = implode( ' ', $valid_check->get_error_messages() ); $invalid_details[ $key ] = rest_convert_error_to_response( $valid_check )->get_data(); } } } if ( $invalid_params ) { return new WP_Error( 'rest_invalid_param', /* translators: %s: List of invalid parameters. */ sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params, 'details' => $invalid_details, ) ); } if ( isset( $attributes['validate_callback'] ) ) { $valid_check = call_user_func( $attributes['validate_callback'], $this ); if ( is_wp_error( $valid_check ) ) { return $valid_check; } if ( false === $valid_check ) { // A WP_Error instance is preferred, but false is supported for parity with the per-arg validate_callback. return new WP_Error( 'rest_invalid_params', __( 'Invalid parameters.' ), array( 'status' => 400 ) ); } } return true; } /** * Checks if a parameter is set. * * @since 4.4.0 * * @param string $offset Parameter name. * @return bool Whether the parameter is set. */ #[ReturnTypeWillChange] public function offsetExists( $offset ) { $order = $this->get_parameter_order(); foreach ( $order as $type ) { if ( isset( $this->params[ $type ][ $offset ] ) ) { return true; } } return false; } /** * Retrieves a parameter from the request. * * @since 4.4.0 * * @param string $offset Parameter name. * @return mixed|null Value if set, null otherwise. */ #[ReturnTypeWillChange] public function offsetGet( $offset ) { return $this->get_param( $offset ); } /** * Sets a parameter on the request. * * @since 4.4.0 * * @param string $offset Parameter name. * @param mixed $value Parameter value. */ #[ReturnTypeWillChange] public function offsetSet( $offset, $value ) { $this->set_param( $offset, $value ); } /** * Removes a parameter from the request. * * @since 4.4.0 * * @param string $offset Parameter name. */ #[ReturnTypeWillChange] public function offsetUnset( $offset ) { $order = $this->get_parameter_order(); // Remove the offset from every group. foreach ( $order as $type ) { unset( $this->params[ $type ][ $offset ] ); } } /** * Retrieves a WP_REST_Request object from a full URL. * * @since 4.5.0 * * @param string $url URL with protocol, domain, path and query args. * @return WP_REST_Request|false WP_REST_Request object on success, false on failure. */ public static function from_url( $url ) { $bits = parse_url( $url ); $query_params = array(); if ( ! empty( $bits['query'] ) ) { wp_parse_str( $bits['query'], $query_params ); } $api_root = rest_url(); if ( get_option( 'permalink_structure' ) && str_starts_with( $url, $api_root ) ) { // Pretty permalinks on, and URL is under the API root. $api_url_part = substr( $url, strlen( untrailingslashit( $api_root ) ) ); $route = parse_url( $api_url_part, PHP_URL_PATH ); } elseif ( ! empty( $query_params['rest_route'] ) ) { // ?rest_route=... set directly. $route = $query_params['rest_route']; unset( $query_params['rest_route'] ); } $request = false; if ( ! empty( $route ) ) { $request = new WP_REST_Request( 'GET', $route ); $request->set_query_params( $query_params ); } /** * Filters the REST API request generated from a URL. * * @since 4.5.0 * * @param WP_REST_Request|false $request Generated request object, or false if URL * could not be parsed. * @param string $url URL the request was generated from. */ return apply_filters( 'rest_request_from_url', $request, $url ); } } 'wpseo_search_console', 'wpseo_licenses', ]; return in_array( $current_page, $yoast_seo_free_pages, true ); } /** * Determine if Yoast SEO is in development mode? * * Inspired by JetPack (https://github.com/Automattic/jetpack/blob/master/class.jetpack.php#L1383-L1406). * * @since 3.0.0 * * @return bool */ public static function is_development_mode() { $development_mode = false; if ( defined( 'YOAST_ENVIRONMENT' ) && YOAST_ENVIRONMENT === 'development' ) { $development_mode = true; } elseif ( defined( 'WPSEO_DEBUG' ) ) { $development_mode = WPSEO_DEBUG; } elseif ( site_url() && strpos( site_url(), '.' ) === false ) { $development_mode = true; } /** * Filter the Yoast SEO development mode. * * @since 3.0 * * @param bool $development_mode Is Yoast SEOs development mode active. */ return apply_filters( 'yoast_seo_development_mode', $development_mode ); } /** * Retrieve home URL with proper trailing slash. * * @since 3.3.0 * * @param string $path Path relative to home URL. * @param string|null $scheme Scheme to apply. * * @return string Home URL with optional path, appropriately slashed if not. */ public static function home_url( $path = '', $scheme = null ) { return YoastSEO()->helpers->url->home( $path, $scheme ); } /** * Checks if the WP-REST-API is available. * * @since 3.6 * @since 3.7 Introduced the $minimum_version parameter. * * @param string $minimum_version The minimum version the API should be. * * @return bool Returns true if the API is available. */ public static function is_api_available( $minimum_version = '2.0' ) { return ( defined( 'REST_API_VERSION' ) && version_compare( REST_API_VERSION, $minimum_version, '>=' ) ); } /** * Determine whether or not the metabox should be displayed for a post type. * * @param string|null $post_type Optional. The post type to check the visibility of the metabox for. * * @return bool Whether or not the metabox should be displayed. */ protected static function display_post_type_metabox( $post_type = null ) { if ( ! isset( $post_type ) ) { $post_type = get_post_type(); } if ( ! isset( $post_type ) || ! WPSEO_Post_Type::is_post_type_accessible( $post_type ) ) { return false; } if ( $post_type === 'attachment' && WPSEO_Options::get( 'disable-attachment' ) ) { return false; } return apply_filters( 'wpseo_enable_editor_features_' . $post_type, WPSEO_Options::get( 'display-metabox-pt-' . $post_type ) ); } /** * Determine whether or not the metabox should be displayed for a taxonomy. * * @param string|null $taxonomy Optional. The post type to check the visibility of the metabox for. * * @return bool Whether or not the metabox should be displayed. */ protected static function display_taxonomy_metabox( $taxonomy = null ) { if ( ! isset( $taxonomy ) || ! in_array( $taxonomy, get_taxonomies( [ 'public' => true ], 'names' ), true ) ) { return false; } return WPSEO_Options::get( 'display-metabox-tax-' . $taxonomy ); } /** * Determines whether the metabox is active for the given identifier and type. * * @param string $identifier The identifier to check for. * @param string $type The type to check for. * * @return bool Whether or not the metabox is active. */ public static function is_metabox_active( $identifier, $type ) { if ( $type === 'post_type' ) { return self::display_post_type_metabox( $identifier ); } if ( $type === 'taxonomy' ) { return self::display_taxonomy_metabox( $identifier ); } return false; } /** * Determines whether the plugin is active for the entire network. * * @return bool Whether the plugin is network-active. */ public static function is_plugin_network_active() { return YoastSEO()->helpers->url->is_plugin_network_active(); } /** * Gets the type of the current post. * * @return string The post type, or an empty string. */ public static function get_post_type() { $wp_screen = get_current_screen(); if ( $wp_screen !== null && ! empty( $wp_screen->post_type ) ) { return $wp_screen->post_type; } return ''; } /** * Gets the type of the current page. * * @return string Returns 'post' if the current page is a post edit page. Taxonomy in other cases. */ public static function get_page_type() { global $pagenow; if ( WPSEO_Metabox::is_post_edit( $pagenow ) ) { return 'post'; } return 'taxonomy'; } /** * Getter for the Adminl10n array. Applies the wpseo_admin_l10n filter. * * @return array The Adminl10n array. */ public static function get_admin_l10n() { $post_type = self::get_post_type(); $page_type = self::get_page_type(); $label_object = false; $no_index = false; if ( $page_type === 'post' ) { $label_object = get_post_type_object( $post_type ); $no_index = WPSEO_Options::get( 'noindex-' . $post_type, false ); } else { $label_object = WPSEO_Taxonomy::get_labels(); $wp_screen = get_current_screen(); if ( $wp_screen !== null && ! empty( $wp_screen->taxonomy ) ) { $taxonomy_slug = $wp_screen->taxonomy; $no_index = WPSEO_Options::get( 'noindex-tax-' . $taxonomy_slug, false ); } } $wpseo_admin_l10n = [ 'displayAdvancedTab' => WPSEO_Capability_Utils::current_user_can( 'wpseo_edit_advanced_metadata' ) || ! WPSEO_Options::get( 'disableadvanced_meta' ), 'noIndex' => (bool) $no_index, 'isPostType' => (bool) get_post_type(), 'postType' => get_post_type(), 'postTypeNamePlural' => ( $page_type === 'post' ) ? $label_object->label : $label_object->name, 'postTypeNameSingular' => ( $page_type === 'post' ) ? $label_object->labels->singular_name : $label_object->singular_name, 'isBreadcrumbsDisabled' => WPSEO_Options::get( 'breadcrumbs-enable', false ) !== true && ! current_theme_supports( 'yoast-seo-breadcrumbs' ), // phpcs:ignore Generic.ControlStructures.DisallowYodaConditions -- Bug: squizlabs/PHP_CodeSniffer#2962. 'isPrivateBlog' => ( (string) get_option( 'blog_public' ) ) === '0', 'news_seo_is_active' => ( defined( 'WPSEO_NEWS_FILE' ) ), ]; $additional_entries = apply_filters( 'wpseo_admin_l10n', [] ); if ( is_array( $additional_entries ) ) { $wpseo_admin_l10n = array_merge( $wpseo_admin_l10n, $additional_entries ); } return $wpseo_admin_l10n; } /** * Retrieves the analysis worker log level. Defaults to errors only. * * Uses bool YOAST_SEO_DEBUG as flag to enable logging. Off equals ERROR. * Uses string YOAST_SEO_DEBUG_ANALYSIS_WORKER as log level for the Analysis * Worker. Defaults to INFO. * Can be: TRACE, DEBUG, INFO, WARN or ERROR. * * @return string The log level to use. */ public static function get_analysis_worker_log_level() { if ( defined( 'YOAST_SEO_DEBUG' ) && YOAST_SEO_DEBUG ) { return defined( 'YOAST_SEO_DEBUG_ANALYSIS_WORKER' ) ? YOAST_SEO_DEBUG_ANALYSIS_WORKER : 'INFO'; } return 'ERROR'; } /** * Returns the unfiltered home URL. * * In case WPML is installed, returns the original home_url and not the WPML version. * In case of a multisite setup we return the network_home_url. * * @codeCoverageIgnore * * @return string The home url. */ public static function get_home_url() { return YoastSEO()->helpers->url->network_safe_home_url(); } /** * Prepares data for outputting as JSON. * * @param array $data The data to format. * * @return false|string The prepared JSON string. */ public static function format_json_encode( $data ) { $flags = ( JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ); if ( self::is_development_mode() ) { $flags = ( $flags | JSON_PRETTY_PRINT ); /** * Filter the Yoast SEO development mode. * * @param array $data Allows filtering of the JSON data for debug purposes. */ $data = apply_filters( 'wpseo_debug_json_data', $data ); } // phpcs:ignore Yoast.Yoast.JsonEncodeAlternative.FoundWithAdditionalParams -- This is the definition of format_json_encode. return wp_json_encode( $data, $flags ); } /** * Extends the allowed post tags with accessibility-related attributes. * * @codeCoverageIgnore * * @param array $allowed_post_tags The allowed post tags. * * @return array The allowed tags including post tags, input tags and select tags. */ public static function extend_kses_post_with_a11y( $allowed_post_tags ) { static $a11y_tags; if ( isset( $a11y_tags ) === false ) { $a11y_tags = [ 'button' => [ 'aria-expanded' => true, 'aria-controls' => true, ], 'div' => [ 'tabindex' => true, ], // Below are attributes that are needed for backwards compatibility (WP < 5.1). 'span' => [ 'aria-hidden' => true, ], 'input' => [ 'aria-describedby' => true, ], 'select' => [ 'aria-describedby' => true, ], 'textarea' => [ 'aria-describedby' => true, ], ]; // Add the global allowed attributes to each html element. $a11y_tags = array_map( '_wp_add_global_attributes', $a11y_tags ); } return array_merge_recursive( $allowed_post_tags, $a11y_tags ); } /** * Extends the allowed post tags with input, select and option tags. * * @codeCoverageIgnore * * @param array $allowed_post_tags The allowed post tags. * * @return array The allowed tags including post tags, input tags, select tags and option tags. */ public static function extend_kses_post_with_forms( $allowed_post_tags ) { static $input_tags; if ( isset( $input_tags ) === false ) { $input_tags = [ 'input' => [ 'accept' => true, 'accesskey' => true, 'align' => true, 'alt' => true, 'autocomplete' => true, 'autofocus' => true, 'checked' => true, 'contenteditable' => true, 'dirname' => true, 'disabled' => true, 'draggable' => true, 'dropzone' => true, 'form' => true, 'formaction' => true, 'formenctype' => true, 'formmethod' => true, 'formnovalidate' => true, 'formtarget' => true, 'height' => true, 'hidden' => true, 'lang' => true, 'list' => true, 'max' => true, 'maxlength' => true, 'min' => true, 'multiple' => true, 'name' => true, 'pattern' => true, 'placeholder' => true, 'readonly' => true, 'required' => true, 'size' => true, 'spellcheck' => true, 'src' => true, 'step' => true, 'tabindex' => true, 'translate' => true, 'type' => true, 'value' => true, 'width' => true, /* * Below are attributes that are needed for backwards compatibility (WP < 5.1). * They are used for the social media image in the metabox. * These can be removed once we move to the React versions of the social previews. */ 'data-target' => true, 'data-target-id' => true, ], 'select' => [ 'accesskey' => true, 'autofocus' => true, 'contenteditable' => true, 'disabled' => true, 'draggable' => true, 'dropzone' => true, 'form' => true, 'hidden' => true, 'lang' => true, 'multiple' => true, 'name' => true, 'onblur' => true, 'onchange' => true, 'oncontextmenu' => true, 'onfocus' => true, 'oninput' => true, 'oninvalid' => true, 'onreset' => true, 'onsearch' => true, 'onselect' => true, 'onsubmit' => true, 'required' => true, 'size' => true, 'spellcheck' => true, 'tabindex' => true, 'translate' => true, ], 'option' => [ 'class' => true, 'disabled' => true, 'id' => true, 'label' => true, 'selected' => true, 'value' => true, ], ]; // Add the global allowed attributes to each html element. $input_tags = array_map( '_wp_add_global_attributes', $input_tags ); } return array_merge_recursive( $allowed_post_tags, $input_tags ); } /** * Gets an array of enabled features. * * @return string[] The array of enabled features. */ public static function retrieve_enabled_features() { /** * The feature flag integration. * * @var Feature_Flag_Integration $feature_flag_integration; */ $feature_flag_integration = YoastSEO()->classes->get( Feature_Flag_Integration::class ); return $feature_flag_integration->get_enabled_features(); } }