dead

File manager - Edit - /home/vblioqus/unfreezetiktok.com/wp-content/plugins/kadence-blocks/includes/advanced-form/getresponse-rest-api.php

Back
<?php /** * REST API GetResponse controller customized for Kadence Form / if ( ! defined( 'ABSPATH' ) ) { exit; } /* * REST API controller class. * / class Kadence_GetResponse_REST_Controller extends WP_REST_Controller { /* * Include property name. / const PROP_END_POINT = 'endpoint'; /* * Allowed endpoint values to prevent SSRF (only these paths are requested from the configured API base). * * @var string[] / const ALLOWED_ENDPOINTS = array( 'campaigns', 'tags', 'custom-fields' ); /* * Constructor. / public function __construct() { $this->namespace = 'kb-getresponse/v1'; $this->rest_base = 'get'; } /* * Registers the routes for the objects of the controller. * * @see register_rest_route() / public function register_routes() { register_rest_route( $this->namespace, '/' . $this->rest_base, array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_items' ), 'permission_callback' => array( $this, 'get_items_permission_check' ), 'args' => $this->get_collection_params(), ), ) ); } /* * Checks if a given request has access to proxy GetResponse API calls. * Requires manage_options so only admins (who can configure the API key) can trigger server-side requests. * * @param WP_REST_Request $request Full details about the request. * * @return true\|WP_Error True if the request has access, WP_Error object otherwise. / public function get_items_permission_check( $request ) { if ( ! current_user_can( 'manage_options' ) ) { return new WP_Error( 'rest_forbidden', __( 'You do not have permission to access GetResponse API data.', 'kadence-blocks' ), array( 'status' => 403 ) ); } return true; } /* * Retrieves a collection of objects. * * @param WP_REST_Request $request Full details about the request. * * @return WP_REST_Response\|WP_Error\|Array Response object on success, or WP_Error object on failure. / public function get_items( $request ) { $api_key = get_option( 'kadence_blocks_getresponse_api_key' ); $api_base = get_option( 'kadence_blocks_getresponse_api_endpoint' ); $end_point = $request->get_param( self::PROP_END_POINT ); // Restrict to whitelisted endpoints to prevent SSRF (e.g. requesting arbitrary URLs that echo back auth headers or server IP). if ( empty( $end_point ) \|\| ! in_array( $end_point, self::ALLOWED_ENDPOINTS, true ) ) { return new WP_Error( 'rest_invalid_endpoint', __( 'Invalid or disallowed endpoint.', 'kadence-blocks' ), array( 'status' => 400 ) ); } if ( empty( $api_key ) \|\| empty( $api_base ) ) { return rest_ensure_response( array() ); } $request_url = rtrim( $api_base, '/' ) . '/' . $end_point; $request_args = array( 'headers' => array( 'X-Auth-Token' => 'api-key ' . $api_key, ), 'timeout' => 10, ); $response = wp_safe_remote_get( $request_url, $request_args ); if ( is_wp_error( $response ) \|\| 200 != (int) wp_remote_retrieve_response_code( $response ) ) { return new WP_Error( 'getresponse_error', __( 'Error fetching data from GetResponse', 'kadence-blocks' ) ); } $body = json_decode( wp_remote_retrieve_body( $response ), true ); if ( ! is_array( $body ) ) { return new WP_Error( 'getresponse_error', __( 'Empty data from GetResponse', 'kadence-blocks' ) ); } return rest_ensure_response( $body ); } /* * Retrieves the query params for the search results collection. * * @return array Collection parameters. */ public function get_collection_params() { $query_params = parent::get_collection_params(); $query_params[ self::PROP_END_POINT ] = array( 'description' => __( 'Actionable endpoint for api call.', 'kadence-blocks' ), 'type' => 'string', ); return $query_params; } }

| ver. 1.4 | Github | . | PHP 8.2.30 | Generation time: 0.01 | proxy | phpinfo | Settings