From 6bbb1d83e663ac29b168b69abebb0701805e17d9 Mon Sep 17 00:00:00 2001 From: Philipp Stracker Date: Thu, 24 Oct 2024 16:27:40 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20data=20sanitation=20logic=20f?= =?UTF-8?q?or=20REST=20endpoints?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/Endpoint/RestEndpoint.php | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/modules/ppcp-settings/src/Endpoint/RestEndpoint.php b/modules/ppcp-settings/src/Endpoint/RestEndpoint.php index ea7855130..63e543d59 100644 --- a/modules/ppcp-settings/src/Endpoint/RestEndpoint.php +++ b/modules/ppcp-settings/src/Endpoint/RestEndpoint.php @@ -33,4 +33,93 @@ class RestEndpoint extends WC_REST_Controller { public function check_permission() : bool { return current_user_can( 'manage_woocommerce' ); } + + /** + * Sanitizes parameters based on a field mapping. + * + * This method iterates through a field map, applying sanitization methods + * to the corresponding values in the input parameters array. + * + * @param array $params The input parameters to sanitize. + * @param array $field_map An associative array mapping profile keys to sanitization rules. + * Each rule should have 'js_name' and 'sanitize' keys. + * + * @return array An array of sanitized parameters. + */ + protected function sanitize_for_wordpress( array $params, array $field_map ) : array { + $sanitized = array(); + + foreach ( $field_map as $key => $details ) { + $source_key = $details['js_name'] ?? ''; + $sanitation_cb = $details['sanitize'] ?? null; + + if ( ! $source_key || ! isset( $params[ $source_key ] ) ) { + continue; + } + + $value = $params[ $source_key ]; + + if ( null === $sanitation_cb ) { + $sanitized[ $key ] = $value; + } elseif ( method_exists( $this, $sanitation_cb ) ) { + $sanitized[ $key ] = $this->{$sanitation_cb}( $value ); + } elseif ( is_callable( $sanitation_cb ) ) { + $sanitized[ $key ] = $sanitation_cb( $value ); + } + } + + return $sanitized; + } + + /** + * Sanitizes data for JavaScript based on a field mapping. + * + * This method transforms the input data array according to the provided field map, + * renaming keys to their JavaScript equivalents as specified in the mapping. + * + * @param array $data The input data array to be sanitized. + * @param array $field_map An associative array mapping PHP keys to JavaScript key names. + * Each element should have a 'js_name' key specifying the JavaScript + * name. + * + * @return array An array of sanitized data with keys renamed for JavaScript use. + */ + protected function sanitize_for_javascript( array $data, array $field_map ) : array { + $sanitized = array(); + + foreach ( $field_map as $key => $details ) { + $output_key = $details['js_name'] ?? ''; + + if ( ! $output_key || ! isset( $data[ $key ] ) ) { + continue; + } + + $sanitized[ $output_key ] = $data[ $key ]; + } + + return $sanitized; + } + + /** + * Convert a value to a boolean. + * + * @param mixed $value The value to convert. + * + * @return bool|null The boolean value, or null if not set. + */ + protected function to_boolean( $value ) : ?bool { + return $value !== null ? (bool) $value : null; + } + + /** + * Convert a value to a number. + * + * @param mixed $value The value to convert. + * + * @return int|float|null The numeric value, or null if not set. + */ + protected function to_number( $value ) { + return $value !== null ? ( is_numeric( $value ) ? $value + 0 : null ) : null; + } + }