17205722517

Committed 25 Aug 2025 10:05AM UTC coverage: 60.808% (+3.6%) from 57.172%

Build # 17205722517

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #1206 from equalizedigital/william/no-ticket/enhance-endpoint-checks

Backport v1.30.1

Run Details

11 of 22 new or added lines in 3 files covered. (50.0%)

9 existing lines in 2 files now uncovered.

4110 of 6759 relevant lines covered (60.81%)

3.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

59.49

/includes/classes/class-rest-api.php

<?php
/**
 * Class file for REST api
 *
 * @package Accessibility_Checker
 */

namespace EDAC\Inc;

use EDAC\Admin\Helpers;
use EDAC\Admin\Insert_Rule_Data;
use EDAC\Admin\Scans_Stats;
use EDAC\Admin\Settings;
use EDAC\Admin\Purge_Post_Data;

/**
 * Class that initializes and handles the REST api
 */
class REST_Api {


        /**
         * Constructor
         */
        public function __construct() {
        }


        /**
         * Add the class the hooks.
         */
        public function init_hooks() {
                add_action( 'init', [ $this, 'init_rest_routes' ] );
                add_filter( 'edac_filter_js_violation_html', [ $this, 'filter_js_validation_html' ], 10, 3 );
        }


        /**
         * Add the rest routes.
         *
         * @return void
         */
        public function init_rest_routes() {

                $ns      = 'accessibility-checker/';
                $version = 'v1';

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/test',
                                        [
                                                'methods'             => [ 'GET', 'POST' ],
                                                'callback'            => function () {
                                                        $messages          = [];
                                                        $messages['time']  = time();
                                                        $messages['perms'] = current_user_can( 'edit_posts' );

                                                        return new \WP_REST_Response( [ 'messages' => $messages ], 200 );
                                                },
                                                'permission_callback' => function () {
                                                        return current_user_can( 'edit_posts' );
                                                },
                                        ]
                                );
                        }
                );

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/post-scan-results/(?P<id>\d+)',
                                        [
                                                'methods'             => 'POST',
                                                'callback'            => [ $this, 'set_post_scan_results' ],
                                                'args'                => [
                                                        'id' => [
                                                                'required'          => true,
                                                                'validate_callback' => function ( $param ) {
                                                                        return is_numeric( $param );
                                                                },
                                                                'sanitize_callback' => 'absint',
                                                        ],
                                                ],
                                                'permission_callback' => function ( $request ) {
                                                        return $this->user_can_edit_passed_post_id( $request );
                                                },
                                        ]
                                );
                        }
                );

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/scans-stats',
                                        [
                                                'methods'             => 'GET',
                                                'callback'            => [ $this, 'get_scans_stats' ],
                                                'permission_callback' => function () {
                                                        return current_user_can( 'edit_posts' );
                                                },
                                        ]
                                );
                        }
                );

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/clear-cached-scans-stats',
                                        [
                                                'methods'             => 'POST',
                                                'callback'            => [ $this, 'clear_cached_scans_stats' ],
                                                'permission_callback' => function () {
                                                        return current_user_can( 'publish_posts' );
                                                },
                                        ]
                                );
                        }
                );

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/scans-stats-by-post-type/(?P<slug>[a-zA-Z0-9_-]+)',
                                        [
                                                'methods'             => 'GET',
                                                'callback'            => [ $this, 'get_scans_stats_by_post_type' ],
                                                'permission_callback' => function () {
                                                        return current_user_can( 'edit_posts' );
                                                },
                                        ]
                                );
                        }
                );

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/scans-stats-by-post-types',
                                        [
                                                'methods'             => 'GET',
                                                'callback'            => [ $this, 'get_scans_stats_by_post_types' ],
                                                'permission_callback' => function () {
                                                        return current_user_can( 'edit_posts' );
                                                },
                                        ]
                                );
                        }
                );

                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/clear-issues/(?P<id>\d+)',
                                        [
                                                'methods'             => 'POST',
                                                'callback'            => [ $this, 'clear_issues_for_post' ],
                                                'args'                => [
                                                        'id' => [
                                                                'required'          => true,
                                                                'validate_callback' => function ( $param ) {
                                                                        return is_numeric( $param );
                                                                },
                                                                'sanitize_callback' => 'absint',
                                                        ],
                                                ],
                                                'permission_callback' => function ( $request ) {
                                                        return $this->user_can_edit_passed_post_id( $request );
                                                },
                                        ]
                                );
                        }
                );

                // Exposes the scan summary data.
                add_action(
                        'rest_api_init',
                        function () use ( $ns, $version ) {
                                register_rest_route(
                                        $ns . $version,
                                        '/site-summary',
                                        [
                                                'methods'             => 'GET',
                                                'callback'            => [ $this, 'get_site_summary' ],
                                                'permission_callback' => function () {
                                                        return current_user_can( 'edit_posts' );
                                                },
                                        ]
                                );
                        }
                );
        }

        /**
         * Check if the user can edit a post.
         *
         * This is a permission callback to replace several places where we check if the user can edit a post.
         *
         * @since 1.30.1
         *
         * @param \WP_REST_Request $request The request object passed from the REST call. This should contain the 'id' of the post to check permissions for.
         *
         * @return bool|\WP_Error
         */
        public function user_can_edit_passed_post_id( $request ) {
                if ( ! isset( $request['id'] ) ) {
                        return new \WP_Error( 'rest_post_invalid_id', __( 'A required parameter is missing.', 'accessibility-checker' ), [ 'status' => 400 ] );
                }
                $post_id = (int) $request['id'];
                return current_user_can( 'edit_post', $post_id ); // able to edit the post.
        }

        /**
         * REST handler to clear issues results for a given post ID.
         *
         * @param \WP_REST_Request $request  The request passed from the REST call.
         *
         * @return \WP_REST_Response
         */
        public function clear_issues_for_post( $request ) {

                if ( ! isset( $request['id'] ) ) {
                        return new \WP_REST_Response( [ 'message' => 'The ID is required to be passed.' ], 400 );
                }

                $json    = $request->get_json_params();
                $post_id = (int) $request['id'];
                if ( ! isset( $json['skip_post_exists_check'] ) ) {
                        $post = get_post( $post_id );
                        if ( ! is_object( $post ) ) {
                                return new \WP_REST_Response( [ 'message' => 'The post is not valid.' ], 400 );
                        }

                        $post_type  = get_post_type( $post );
                        $post_types = Helpers::get_option_as_array( 'edac_post_types' );
                        if ( empty( $post_types ) || ! in_array( $post_type, $post_types, true ) ) {
                                return new \WP_REST_Response( [ 'message' => 'The post type is not set to be scanned.' ], 400 );
                        }
                }

                // if flush is set then clear the issues for that ID.
                if ( isset( $json['flush'] ) ) {
                        // purge the issues for this post.
                        Purge_Post_Data::delete_post( $post_id );
                }

                return new \WP_REST_Response(
                        [
                                'success' => true,
                                'flushed' => isset( $json['flush'] ),
                                'id'      => $post_id,
                        ]
                );
        }


        /**
         * Filter the html of the js validation violation.
         *
         * This can be used to store additional data in the html of the violation.
         *
         * @since 1.13.0
         * @param string $html      The html of the violation.
         * @param string $rule_id   The id of the rule.
         * @param array  $violation The violation data.
         *
         * @return string
         */
        public function filter_js_validation_html( string $html, string $rule_id, array $violation ): string {
                // Add the selector to the violation message as empty paragraphs are almost always
                // duplicate html fragments. Adding the selector makes it unique, so it can be saved.
                if ( 'empty_paragraph_tag' === $rule_id ) {
                        $html .= $violation['selector'][0]
                                ? '// {{ ' . $violation['selector'][0] . ' }}'
                                : '';
                }

                // Use just the opening <html> and closing </html> tag, prevents storing entire page as the affected code.
                if ( 'html-has-lang' === $rule_id || 'document-title' === $rule_id ) {
                        $html = preg_replace( '/^.*(<html.*?>).*(<\/html>).*$/s', '$1...$2', $html );

                }
                return $html;
        }

        /**
         * REST handler that saves to the DB a list of js rule violations for a post.
         *
         * @param WP_REST_Request $request  The request passed from the REST call.
         *
         * @return \WP_REST_Response
         */
        public function set_post_scan_results( $request ) {

                if ( ! isset( $request['violations'] ) ) {
                        return new \WP_REST_Response( [ 'message' => 'A required parameter is missing.' ], 400 );
                }

                $post_id = (int) $request['id'];
                $post    = get_post( $post_id );
                if ( ! is_object( $post ) ) {

                        return new \WP_REST_Response( [ 'message' => 'The post is not valid.' ], 400 );
                }

                $post_type  = get_post_type( $post );
                $post_types = Helpers::get_option_as_array( 'edac_post_types' );
                if ( empty( $post_types ) || ! in_array( $post_type, $post_types, true ) ) {

                        return new \WP_REST_Response( [ 'message' => 'The post type is not set to be scanned.' ], 400 );

                }

                //phpcs:ignore Generic.Commenting.Todo.TaskFound
                // TODO: setup a rules class for loading/filtering rules.
                $rules             = edac_register_rules();
                $js_rule_ids       = [];
                $combined_rule_ids = [];
                foreach ( $rules as $rule ) {
                        if ( array_key_exists( 'ruleset', $rule ) && 'js' === $rule['ruleset'] ) {
                                $js_rule_ids[] = $rule['slug'];

                                // Some rules can be a grouping of other checks with different ids. This tracks those combined check IDs for later mapping.
                                if ( array_key_exists( 'combines', $rule ) && ! empty( $rule['combines'] ) ) {
                                        foreach ( $rule['combines'] as $combine_rule_id ) {
                                                $combined_rule_ids[ $combine_rule_id ] = $rule['slug'];
                                        }
                                }
                        }
                }

                try {

                        /**
                         * Fires before the validation process starts.
                         *
                         * This is only running in the JS check context.
                         *
                         * @since 1.5.0
                         *
                         * @param int    $post_id The post ID.
                         * @param string $type    The type of validation which is always 'js' in this path.
                         */
                        do_action( 'edac_before_validate', $post_id, 'js' );

                        $violations = $request['violations'];

                        // set record check flag on previous error records.
                        edac_remove_corrected_posts( $post_id, $post->post_type, $pre = 1, 'js' );

                        if ( is_array( $violations ) && count( $violations ) > 0 ) {

                                foreach ( $violations as $violation ) {
                                        $rule_id = $violation['ruleId'];

                                        // If this rule is a combined rule then map it to the actual reporting rule ID.
                                        $actual_rule_id = array_key_exists( $rule_id, $combined_rule_ids ) ? $combined_rule_ids[ $rule_id ] : $rule_id;

                                        if ( in_array( $actual_rule_id, $js_rule_ids, true ) ) {

                                                // This rule is one that we've included in our js ruleset.

                                                $html   = apply_filters( 'edac_filter_js_violation_html', $violation['html'], $rule_id, $violation );
                                                $impact = $violation['impact']; // by default, use the impact setting from the js rule.

                                                //phpcs:ignore Generic.Commenting.Todo.TaskFound
                                                // TODO: setup a rules class for loading/filtering rules.
                                                foreach ( $rules as $rule ) {
                                                        if ( $rule['slug'] === $actual_rule_id ) {
                                                                $impact = $rule['rule_type']; // if we are defining the rule_type in php rules config, use that instead of the js rule's impact setting.
                                                        }
                                                }

                                                //phpcs:ignore Generic.Commenting.Todo.TaskFound, Squiz.PHP.CommentedOutCode.Found
                                                // TODO: add support storing $violation['selector'], $violation['tags'].

                                                /**
                                                 * Fires before a rule is run against the content.
                                                 *
                                                 * This is only running in the JS check context.
                                                 *
                                                 * @since 1.5.0
                                                 *
                                                 * @param int    $post_id The post ID.
                                                 * @param string $rule_id The rule ID.
                                                 * @param string $type    The type of validation which is always 'js' in this path.
                                                 */
                                                do_action( 'edac_before_rule', $post_id, $actual_rule_id, 'js' );

                                                $landmark          = $violation['landmark'] ?? null;
                                                $landmark_selector = $violation['landmarkSelector'] ?? null;

                                                $selectors = [
                                                        'selector' => $violation['selector'] ?? [],
                                                        'ancestry' => $violation['ancestry'] ?? [],
                                                        'xpath'    => $violation['xpath'] ?? [],
                                                ];
                                                ( new Insert_Rule_Data() )->insert( $post, $actual_rule_id, $impact, $html, $landmark, $landmark_selector, $selectors );

                                                /**
                                                 * Fires after a rule is run against the content.
                                                 *
                                                 * This is only running in the JS check context.
                                                 *
                                                 * @since 1.5.0
                                                 *
                                                 * @param int    $post_id The post ID.
                                                 * @param string $rule_id The rule ID.
                                                 * @param string $type    The type of validation which is always 'js' in this path.
                                                 */
                                                do_action( 'edac_after_rule', $post_id, $actual_rule_id, 'js' );

                                        }
                                }
                        }

                        /**
                         * Fires after the validation process is complete.
                         *
                         * This is only running in the JS check context.
                         *
                         * @since 1.5.0
                         *
                         * @param int    $post_id The post ID.
                         * @param string $type    The type of validation which is always 'js' in this path.
                         */
                        do_action( 'edac_after_validate', $post_id, 'js' );

                        // remove corrected records.
                        edac_remove_corrected_posts( $post_id, $post->post_type, $pre = 2, 'js' );

                        // Save the density metrics before the summary is generated.
                        $metrics = $request['densityMetrics'] ?? [ 0, 0 ];
                        if ( is_array( $metrics ) && count( $metrics ) > 0 ) {
                                update_post_meta(
                                        $post_id,
                                        '_edac_density_data',
                                        [
                                                $metrics['elementCount'] ?? 0,
                                                $metrics['contentLength'] ?? 0,
                                        ]
                                );
                        }

                        // Update the summary info that is stored in meta this post.
                        ( new Summary_Generator( $post_id ) )->generate_summary();

                        // store a record of this scan in the post's meta.
                        update_post_meta( $post_id, '_edac_post_checked_js', time() );

                        /**
                         * Fires before sending the REST response ending the validation process.
                         *
                         * @since 1.14.0
                         *
                         * @param int             $post_id The post ID.
                         * @param string          $type    The type of validation which is always 'js' in this path.
                         * @param WP_REST_Request $request The request passed from the REST call.
                         */
                        do_action( 'edac_validate_before_sending_rest_response', $post_id, 'js', $request );

                        return new \WP_REST_Response(
                                [
                                        'success'   => true,
                                        'id'        => $post_id,
                                        'timestamp' => time(),
                                ]
                        );

                } catch ( \Exception $ex ) {

                        return new \WP_REST_Response(
                                [
                                        'message' => $ex->getMessage(),
                                ],
                                500
                        );

                }
        }


        /**
         * REST handler that clears the cached stats about the scans
         *
         * @return \WP_REST_Response
         */
        public function clear_cached_scans_stats() {

                try {

                        // Clear the cache.
                        $scans_stats = new Scans_Stats();
                        $scans_stats->clear_cache();

                        // Prime the cache.
                        $scans_stats = new Scans_Stats();

                        return new \WP_REST_Response(
                                [
                                        'success' => true,
                                ]
                        );

                } catch ( \Exception $ex ) {

                        return new \WP_REST_Response(
                                [
                                        'message' => $ex->getMessage(),
                                ],
                                500
                        );

                }
        }

        /**
         * REST handler that gets stats about the scans
         *
         * @return \WP_REST_Response
         */
        public function get_scans_stats() {

                try {

                        $scans_stats = new Scans_Stats( 60 * 5 );
                        $stats       = $scans_stats->summary();

                        return new \WP_REST_Response(
                                [
                                        'success' => true,
                                        'stats'   => $stats,
                                ]
                        );

                } catch ( \Exception $ex ) {

                        return new \WP_REST_Response(
                                [
                                        'message' => $ex->getMessage(),
                                ],
                                500
                        );

                }
        }


        /**
         * REST handler that gets stats about the scans by post type
         *
         * @param WP_REST_Request $request The request passed from the REST call.
         *
         * @return \WP_REST_Response
         */
        public function get_scans_stats_by_post_type( $request ) {

                if ( ! isset( $request['slug'] ) ) {
                        return new \WP_REST_Response( [ 'message' => 'A required parameter is missing.' ], 400 );
                }

                try {

                        $post_type            = strval( $request['slug'] );
                        $scannable_post_types = Settings::get_scannable_post_types();

                        if ( in_array( $post_type, $scannable_post_types, true ) ) {

                                $scans_stats = new Scans_Stats( 60 * 5 );
                                $by_type     = $scans_stats->issues_summary_by_post_type( $post_type );

                                return new \WP_REST_Response(
                                        [
                                                'success' => true,
                                                'stats'   => $by_type,
                                        ]
                                );
                        }
                        return new \WP_REST_Response( [ 'message' => 'The post type is not set to be scanned.' ], 400 );
                } catch ( \Exception $ex ) {
                        return new \WP_REST_Response(
                                [
                                        'message' => $ex->getMessage(),
                                ],
                                500
                        );
                }
        }

        /**
         * REST handler that gets stats about the scans by post types
         *
         * @param WP_REST_Request $request The request passed from the REST call.
         *
         * @return \WP_REST_Response
         */
        public function get_scans_stats_by_post_types( $request ) { //phpcs:ignore

                try {

                        $scans_stats = new Scans_Stats( 60 * 5 );

                        $scannable_post_types = Settings::get_scannable_post_types();

                        $post_types = get_post_types(
                                [
                                        'public' => true,
                                ]
                        );
                        unset( $post_types['attachment'] );

                        $post_types_to_check = array_merge( [ 'post', 'page' ], $scannable_post_types );

                        $by_types = [];

                        foreach ( $post_types as $post_type ) {

                                $by_types[ $post_type ] = false;
                                if ( in_array( $post_type, $scannable_post_types, true ) && in_array( $post_type, $post_types_to_check, true ) ) {
                                        $by_types[ $post_type ] = $scans_stats->issues_summary_by_post_type( $post_type );
                                }
                        }

                        return new \WP_REST_Response(
                                [
                                        'success' => true,
                                        'stats'   => $by_types,
                                ]
                        );

                } catch ( \Exception $ex ) {

                        return new \WP_REST_Response(
                                [
                                        'message' => $ex->getMessage(),
                                ],
                                500
                        );

                }
        }

        /**
         * REST handler that gets stats about the scans
         *
         * @param \WP_REST_Request $request The request passed from the REST call.
         *
         * @return \WP_REST_Response
         */
        public function get_site_summary( \WP_REST_Request $request ) {

                try {
                        $scan_stats = new Scans_Stats();
                        if ( (bool) $request->get_param( 'clearCache' ) ) {
                                $scan_stats->clear_cache();
                        }

                        return new \WP_REST_Response(
                                [
                                        'success' => true,
                                        'stats'   => $scan_stats->summary(),
                                ]
                        );
                } catch ( \Exception $ex ) {
                        return new \WP_REST_Response(
                                [
                                        'message' => $ex->getMessage(),
                                ],
                                500
                        );
                }
        }
}

1	<?php
2	/**
3	* Class file for REST api
4	*
5	* @package Accessibility_Checker
6	*/
7
8	namespace EDAC\Inc;
9
10	use EDAC\Admin\Helpers;
11	use EDAC\Admin\Insert_Rule_Data;
12	use EDAC\Admin\Scans_Stats;
13	use EDAC\Admin\Settings;
14	use EDAC\Admin\Purge_Post_Data;
15
16	/**
17	* Class that initializes and handles the REST api
18	*/
19	class REST_Api {
20
21
22	/**
23	* Constructor
24	*/
25	public function __construct() {
26	}	×
27
28
29	/**
30	* Add the class the hooks.
31	*/
32	public function init_hooks() {
33	add_action( 'init', [ $this, 'init_rest_routes' ] );	×
34	add_filter( 'edac_filter_js_violation_html', [ $this, 'filter_js_validation_html' ], 10, 3 );	×
35	}
36
37
38	/**
39	* Add the rest routes.
40	*
41	* @return void
42	*/
43	public function init_rest_routes() {
44
45	$ns = 'accessibility-checker/';	6✔
46	$version = 'v1';	6✔
47
48	add_action(	6✔
49	'rest_api_init',	6✔
50	function () use ( $ns, $version ) {	6✔
51	register_rest_route(	6✔
52	$ns . $version,	6✔
53	'/test',	6✔
54	[	6✔
55	'methods' => [ 'GET', 'POST' ],	6✔
56	'callback' => function () {	6✔
57	$messages = [];	×
58	$messages['time'] = time();	×
59	$messages['perms'] = current_user_can( 'edit_posts' );	×
60
61	return new \WP_REST_Response( [ 'messages' => $messages ], 200 );	×
62	},	6✔
63	'permission_callback' => function () {	6✔
64	return current_user_can( 'edit_posts' );	×
65	},	6✔
66	]	6✔
67	);	6✔
68	}	6✔
69	);	6✔
70
71	add_action(	6✔
72	'rest_api_init',	6✔
73	function () use ( $ns, $version ) {	6✔
74	register_rest_route(	6✔
75	$ns . $version,	6✔
76	'/post-scan-results/(?P<id>\d+)',	6✔
77	[	6✔
78	'methods' => 'POST',	6✔
79	'callback' => [ $this, 'set_post_scan_results' ],	6✔
80	'args' => [	6✔
81	'id' => [	6✔
82	'required' => true,	6✔
83	'validate_callback' => function ( $param ) {	6✔
84	return is_numeric( $param );	4✔
85	},	6✔
86	'sanitize_callback' => 'absint',	6✔
87	],	6✔
88	],	6✔
89	'permission_callback' => function ( $request ) {	6✔
90	return $this->user_can_edit_passed_post_id( $request );	4✔
91	},	6✔
92	]	6✔
93	);	6✔
94	}	6✔
95	);	6✔
96
97	add_action(	6✔
98	'rest_api_init',	6✔
99	function () use ( $ns, $version ) {	6✔
100	register_rest_route(	6✔
101	$ns . $version,	6✔
102	'/scans-stats',	6✔
103	[	6✔
104	'methods' => 'GET',	6✔
105	'callback' => [ $this, 'get_scans_stats' ],	6✔
106	'permission_callback' => function () {	6✔
NEW 107	return current_user_can( 'edit_posts' );	×
108	},	6✔
109	]	6✔
110	);	6✔
111	}	6✔
112	);	6✔
113
114	add_action(	6✔
115	'rest_api_init',	6✔
116	function () use ( $ns, $version ) {	6✔
117	register_rest_route(	6✔
118	$ns . $version,	6✔
119	'/clear-cached-scans-stats',	6✔
120	[	6✔
121	'methods' => 'POST',	6✔
122	'callback' => [ $this, 'clear_cached_scans_stats' ],	6✔
123	'permission_callback' => function () {	6✔
NEW 124	return current_user_can( 'publish_posts' );	×
125	},	6✔
126	]	6✔
127	);	6✔
128	}	6✔
129	);	6✔
130
131	add_action(	6✔
132	'rest_api_init',	6✔
133	function () use ( $ns, $version ) {	6✔
134	register_rest_route(	6✔
135	$ns . $version,	6✔
136	'/scans-stats-by-post-type/(?P<slug>[a-zA-Z0-9_-]+)',	6✔
137	[	6✔
138	'methods' => 'GET',	6✔
139	'callback' => [ $this, 'get_scans_stats_by_post_type' ],	6✔
140	'permission_callback' => function () {	6✔
NEW 141	return current_user_can( 'edit_posts' );	×
142	},	6✔
143	]	6✔
144	);	6✔
145	}	6✔
146	);	6✔
147
148	add_action(	6✔
149	'rest_api_init',	6✔
150	function () use ( $ns, $version ) {	6✔
151	register_rest_route(	6✔
152	$ns . $version,	6✔
153	'/scans-stats-by-post-types',	6✔
154	[	6✔
155	'methods' => 'GET',	6✔
156	'callback' => [ $this, 'get_scans_stats_by_post_types' ],	6✔
157	'permission_callback' => function () {	6✔
NEW 158	return current_user_can( 'edit_posts' );	×
159	},	6✔
160	]	6✔
161	);	6✔
162	}	6✔
163	);	6✔
164
165	add_action(	6✔
166	'rest_api_init',	6✔
167	function () use ( $ns, $version ) {	6✔
168	register_rest_route(	6✔
169	$ns . $version,	6✔
170	'/clear-issues/(?P<id>\d+)',	6✔
171	[	6✔
172	'methods' => 'POST',	6✔
173	'callback' => [ $this, 'clear_issues_for_post' ],	6✔
174	'args' => [	6✔
175	'id' => [	6✔
176	'required' => true,	6✔
177	'validate_callback' => function ( $param ) {	6✔
178	return is_numeric( $param );	4✔
179	},	6✔
180	'sanitize_callback' => 'absint',	6✔
181	],	6✔
182	],	6✔
183	'permission_callback' => function ( $request ) {	6✔
184	return $this->user_can_edit_passed_post_id( $request );	4✔
185	},	6✔
186	]	6✔
187	);	6✔
188	}	6✔
189	);	6✔
190
191	// Exposes the scan summary data.
192	add_action(	6✔
193	'rest_api_init',	6✔
194	function () use ( $ns, $version ) {	6✔
195	register_rest_route(	6✔
196	$ns . $version,	6✔
197	'/site-summary',	6✔
198	[	6✔
199	'methods' => 'GET',	6✔
200	'callback' => [ $this, 'get_site_summary' ],	6✔
201	'permission_callback' => function () {	6✔
202	return current_user_can( 'edit_posts' );	×
203	},	6✔
204	]	6✔
205	);	6✔
206	}	6✔
207	);	6✔
208	}
209
210	/**
211	* Check if the user can edit a post.
212	*
213	* This is a permission callback to replace several places where we check if the user can edit a post.
214	*
215	* @since 1.30.1
216	*
217	* @param \WP_REST_Request $request The request object passed from the REST call. This should contain the 'id' of the post to check permissions for.
218	*
219	* @return bool\|\WP_Error
220	*/
221	public function user_can_edit_passed_post_id( $request ) {
222	if ( ! isset( $request['id'] ) ) {	6✔
NEW 223	return new \WP_Error( 'rest_post_invalid_id', __( 'A required parameter is missing.', 'accessibility-checker' ), [ 'status' => 400 ] );	×
224	}
225	$post_id = (int) $request['id'];	6✔
226	return current_user_can( 'edit_post', $post_id ); // able to edit the post.	6✔
227	}
228
229	/**
230	* REST handler to clear issues results for a given post ID.
231	*
232	* @param \WP_REST_Request $request The request passed from the REST call.
233	*
234	* @return \WP_REST_Response
235	*/
236	public function clear_issues_for_post( $request ) {
237
238	if ( ! isset( $request['id'] ) ) {	4✔
239	return new \WP_REST_Response( [ 'message' => 'The ID is required to be passed.' ], 400 );	×
240	}
241
242	$json = $request->get_json_params();	4✔
243	$post_id = (int) $request['id'];	4✔
244	if ( ! isset( $json['skip_post_exists_check'] ) ) {	4✔
245	$post = get_post( $post_id );	4✔
246	if ( ! is_object( $post ) ) {	4✔
247	return new \WP_REST_Response( [ 'message' => 'The post is not valid.' ], 400 );	×
248	}
249
250	$post_type = get_post_type( $post );	4✔
251	$post_types = Helpers::get_option_as_array( 'edac_post_types' );	4✔
252	if ( empty( $post_types ) \|\| ! in_array( $post_type, $post_types, true ) ) {	4✔
253	return new \WP_REST_Response( [ 'message' => 'The post type is not set to be scanned.' ], 400 );	×
254	}
255	}
256
257	// if flush is set then clear the issues for that ID.
258	if ( isset( $json['flush'] ) ) {	4✔
259	// purge the issues for this post.
260	Purge_Post_Data::delete_post( $post_id );	4✔
261	}
262
263	return new \WP_REST_Response(	4✔
264	[	4✔
265	'success' => true,	4✔
266	'flushed' => isset( $json['flush'] ),	4✔
267	'id' => $post_id,	4✔
268	]	4✔
269	);	4✔
270	}
271
272
273	/**
274	* Filter the html of the js validation violation.
275	*
276	* This can be used to store additional data in the html of the violation.
277	*
278	* @since 1.13.0
279	* @param string $html The html of the violation.
280	* @param string $rule_id The id of the rule.
281	* @param array $violation The violation data.
282	*
283	* @return string
284	*/
285	public function filter_js_validation_html( string $html, string $rule_id, array $violation ): string {
286	// Add the selector to the violation message as empty paragraphs are almost always
287	// duplicate html fragments. Adding the selector makes it unique, so it can be saved.
288	if ( 'empty_paragraph_tag' === $rule_id ) {	×
289	$html .= $violation['selector'][0]	×
290	? '// {{ ' . $violation['selector'][0] . ' }}'	×
291	: '';	×
292	}
293
294	// Use just the opening <html> and closing </html> tag, prevents storing entire page as the affected code.
295	if ( 'html-has-lang' === $rule_id \|\| 'document-title' === $rule_id ) {	×
296	$html = preg_replace( '/^.(<html.?>).(<\/html>).$/s', '$1...$2', $html );	×
297
298	}
299	return $html;	×
300	}
301
302	/**
303	* REST handler that saves to the DB a list of js rule violations for a post.
304	*
305	* @param WP_REST_Request $request The request passed from the REST call.
306	*
307	* @return \WP_REST_Response
308	*/
309	public function set_post_scan_results( $request ) {
310
311	if ( ! isset( $request['violations'] ) ) {	4✔
312	return new \WP_REST_Response( [ 'message' => 'A required parameter is missing.' ], 400 );	×
313	}
314
315	$post_id = (int) $request['id'];	4✔
316	$post = get_post( $post_id );	4✔
317	if ( ! is_object( $post ) ) {	4✔
318
319	return new \WP_REST_Response( [ 'message' => 'The post is not valid.' ], 400 );	×
320	}
321
322	$post_type = get_post_type( $post );	4✔
323	$post_types = Helpers::get_option_as_array( 'edac_post_types' );	4✔
324	if ( empty( $post_types ) \|\| ! in_array( $post_type, $post_types, true ) ) {	4✔
325
326	return new \WP_REST_Response( [ 'message' => 'The post type is not set to be scanned.' ], 400 );	×
327
328	}
329
330	//phpcs:ignore Generic.Commenting.Todo.TaskFound
331	// TODO: setup a rules class for loading/filtering rules.
332	$rules = edac_register_rules();	4✔
333	$js_rule_ids = [];	4✔
334	$combined_rule_ids = [];	4✔
335	foreach ( $rules as $rule ) {	4✔
336	if ( array_key_exists( 'ruleset', $rule ) && 'js' === $rule['ruleset'] ) {	4✔
337	$js_rule_ids[] = $rule['slug'];	4✔
338
339	// Some rules can be a grouping of other checks with different ids. This tracks those combined check IDs for later mapping.
340	if ( array_key_exists( 'combines', $rule ) && ! empty( $rule['combines'] ) ) {	4✔
341	foreach ( $rule['combines'] as $combine_rule_id ) {	4✔
342	$combined_rule_ids[ $combine_rule_id ] = $rule['slug'];	4✔
343	}
344	}
345	}
346	}
347
348	try {
349
350	/**
351	* Fires before the validation process starts.
352	*
353	* This is only running in the JS check context.
354	*
355	* @since 1.5.0
356	*
357	* @param int $post_id The post ID.
358	* @param string $type The type of validation which is always 'js' in this path.
359	*/
360	do_action( 'edac_before_validate', $post_id, 'js' );	4✔
361
362	$violations = $request['violations'];	4✔
363
364	// set record check flag on previous error records.
365	edac_remove_corrected_posts( $post_id, $post->post_type, $pre = 1, 'js' );	4✔
366
367	if ( is_array( $violations ) && count( $violations ) > 0 ) {	4✔
368
369	foreach ( $violations as $violation ) {	4✔
370	$rule_id = $violation['ruleId'];	4✔
371
372	// If this rule is a combined rule then map it to the actual reporting rule ID.
373	$actual_rule_id = array_key_exists( $rule_id, $combined_rule_ids ) ? $combined_rule_ids[ $rule_id ] : $rule_id;	4✔
374
375	if ( in_array( $actual_rule_id, $js_rule_ids, true ) ) {	4✔
376
377	// This rule is one that we've included in our js ruleset.
378
379	$html = apply_filters( 'edac_filter_js_violation_html', $violation['html'], $rule_id, $violation );	×
380	$impact = $violation['impact']; // by default, use the impact setting from the js rule.	×
381
382	//phpcs:ignore Generic.Commenting.Todo.TaskFound
383	// TODO: setup a rules class for loading/filtering rules.
384	foreach ( $rules as $rule ) {	×
385	if ( $rule['slug'] === $actual_rule_id ) {	×
386	$impact = $rule['rule_type']; // if we are defining the rule_type in php rules config, use that instead of the js rule's impact setting.	×
387	}
388	}
389
390	//phpcs:ignore Generic.Commenting.Todo.TaskFound, Squiz.PHP.CommentedOutCode.Found
391	// TODO: add support storing $violation['selector'], $violation['tags'].
392
393	/**
394	* Fires before a rule is run against the content.
395	*
396	* This is only running in the JS check context.
397	*
398	* @since 1.5.0
399	*
400	* @param int $post_id The post ID.
401	* @param string $rule_id The rule ID.
402	* @param string $type The type of validation which is always 'js' in this path.
403	*/
404	do_action( 'edac_before_rule', $post_id, $actual_rule_id, 'js' );	×
405
406	$landmark = $violation['landmark'] ?? null;	×
407	$landmark_selector = $violation['landmarkSelector'] ?? null;	×
408
409	$selectors = [	×
410	'selector' => $violation['selector'] ?? [],	×
411	'ancestry' => $violation['ancestry'] ?? [],	×
412	'xpath' => $violation['xpath'] ?? [],	×
413	];	×
414	( new Insert_Rule_Data() )->insert( $post, $actual_rule_id, $impact, $html, $landmark, $landmark_selector, $selectors );	×
415
416	/**
417	* Fires after a rule is run against the content.
418	*
419	* This is only running in the JS check context.
420	*
421	* @since 1.5.0
422	*
423	* @param int $post_id The post ID.
424	* @param string $rule_id The rule ID.
425	* @param string $type The type of validation which is always 'js' in this path.
426	*/
427	do_action( 'edac_after_rule', $post_id, $actual_rule_id, 'js' );	×
428
429	}
430	}
431	}
432
433	/**
434	* Fires after the validation process is complete.
435	*
436	* This is only running in the JS check context.
437	*
438	* @since 1.5.0
439	*
440	* @param int $post_id The post ID.
441	* @param string $type The type of validation which is always 'js' in this path.
442	*/
443	do_action( 'edac_after_validate', $post_id, 'js' );	4✔
444
445	// remove corrected records.
446	edac_remove_corrected_posts( $post_id, $post->post_type, $pre = 2, 'js' );	4✔
447
448	// Save the density metrics before the summary is generated.
449	$metrics = $request['densityMetrics'] ?? [ 0, 0 ];	4✔
450	if ( is_array( $metrics ) && count( $metrics ) > 0 ) {	4✔
451	update_post_meta(	4✔
452	$post_id,	4✔
453	'_edac_density_data',	4✔
454	[	4✔
455	$metrics['elementCount'] ?? 0,	4✔
456	$metrics['contentLength'] ?? 0,	4✔
457	]	4✔
458	);	4✔
459	}
460
461	// Update the summary info that is stored in meta this post.
462	( new Summary_Generator( $post_id ) )->generate_summary();	4✔
463
464	// store a record of this scan in the post's meta.
465	update_post_meta( $post_id, '_edac_post_checked_js', time() );	4✔
466
467	/**
468	* Fires before sending the REST response ending the validation process.
469	*
470	* @since 1.14.0
471	*
472	* @param int $post_id The post ID.
473	* @param string $type The type of validation which is always 'js' in this path.
474	* @param WP_REST_Request $request The request passed from the REST call.
475	*/
476	do_action( 'edac_validate_before_sending_rest_response', $post_id, 'js', $request );	4✔
477
478	return new \WP_REST_Response(	4✔
479	[	4✔
480	'success' => true,	4✔
481	'id' => $post_id,	4✔
482	'timestamp' => time(),	4✔
483	]	4✔
484	);	4✔
485
486	} catch ( \Exception $ex ) {	×
487
488	return new \WP_REST_Response(	×
489	[	×
490	'message' => $ex->getMessage(),	×
491	],	×
492	500	×
493	);	×
494
495	}
496	}
497
498
499	/**
500	* REST handler that clears the cached stats about the scans
501	*
502	* @return \WP_REST_Response
503	*/
504	public function clear_cached_scans_stats() {
505
506	try {
507
508	// Clear the cache.
509	$scans_stats = new Scans_Stats();	×
510	$scans_stats->clear_cache();	×
511
512	// Prime the cache.
513	$scans_stats = new Scans_Stats();	×
514
515	return new \WP_REST_Response(	×
516	[	×
517	'success' => true,	×
518	]	×
519	);	×
520
521	} catch ( \Exception $ex ) {	×
522
523	return new \WP_REST_Response(	×
524	[	×
525	'message' => $ex->getMessage(),	×
526	],	×
527	500	×
528	);	×
529
530	}
531	}
532
533	/**
534	* REST handler that gets stats about the scans
535	*
536	* @return \WP_REST_Response
537	*/
538	public function get_scans_stats() {
539
540	try {
541
542	$scans_stats = new Scans_Stats( 60 * 5 );	×
543	$stats = $scans_stats->summary();	×
544
545	return new \WP_REST_Response(	×
546	[	×
547	'success' => true,	×
548	'stats' => $stats,	×
549	]	×
550	);	×
551
552	} catch ( \Exception $ex ) {	×
553
554	return new \WP_REST_Response(	×
555	[	×
556	'message' => $ex->getMessage(),	×
557	],	×
558	500	×
559	);	×
560
561	}
562	}
563
564
565	/**
566	* REST handler that gets stats about the scans by post type
567	*
568	* @param WP_REST_Request $request The request passed from the REST call.
569	*
570	* @return \WP_REST_Response
571	*/
572	public function get_scans_stats_by_post_type( $request ) {
573
574	if ( ! isset( $request['slug'] ) ) {	×
575	return new \WP_REST_Response( [ 'message' => 'A required parameter is missing.' ], 400 );	×
576	}
577
578	try {
579
580	$post_type = strval( $request['slug'] );	×
581	$scannable_post_types = Settings::get_scannable_post_types();	×
582
583	if ( in_array( $post_type, $scannable_post_types, true ) ) {	×
584
585	$scans_stats = new Scans_Stats( 60 * 5 );	×
586	$by_type = $scans_stats->issues_summary_by_post_type( $post_type );	×
587
588	return new \WP_REST_Response(	×
589	[	×
590	'success' => true,	×
591	'stats' => $by_type,	×
592	]	×
593	);	×
594	}
595	return new \WP_REST_Response( [ 'message' => 'The post type is not set to be scanned.' ], 400 );	×
596	} catch ( \Exception $ex ) {	×
597	return new \WP_REST_Response(	×
598	[	×
599	'message' => $ex->getMessage(),	×
600	],	×
601	500	×
602	);	×
603	}
604	}
605
606	/**
607	* REST handler that gets stats about the scans by post types
608	*
609	* @param WP_REST_Request $request The request passed from the REST call.
610	*
611	* @return \WP_REST_Response
612	*/
613	public function get_scans_stats_by_post_types( $request ) { //phpcs:ignore
614
615	try {
616
617	$scans_stats = new Scans_Stats( 60 * 5 );	×
618
619	$scannable_post_types = Settings::get_scannable_post_types();	×
620
621	$post_types = get_post_types(	×
622	[	×
623	'public' => true,	×
624	]	×
625	);	×
626	unset( $post_types['attachment'] );	×
627
628	$post_types_to_check = array_merge( [ 'post', 'page' ], $scannable_post_types );	×
629
630	$by_types = [];	×
631
632	foreach ( $post_types as $post_type ) {	×
633
634	$by_types[ $post_type ] = false;	×
635	if ( in_array( $post_type, $scannable_post_types, true ) && in_array( $post_type, $post_types_to_check, true ) ) {	×
636	$by_types[ $post_type ] = $scans_stats->issues_summary_by_post_type( $post_type );	×
637	}
638	}
639
640	return new \WP_REST_Response(	×
641	[	×
642	'success' => true,	×
643	'stats' => $by_types,	×
644	]	×
645	);	×
646
647	} catch ( \Exception $ex ) {	×
648
649	return new \WP_REST_Response(	×
650	[	×
651	'message' => $ex->getMessage(),	×
652	],	×
653	500	×
654	);	×
655
656	}
657	}
658
659	/**
660	* REST handler that gets stats about the scans
661	*
662	* @param \WP_REST_Request $request The request passed from the REST call.
663	*
664	* @return \WP_REST_Response
665	*/
666	public function get_site_summary( \WP_REST_Request $request ) {
667
668	try {
669	$scan_stats = new Scans_Stats();	×
670	if ( (bool) $request->get_param( 'clearCache' ) ) {	×
671	$scan_stats->clear_cache();	×
672	}
673
674	return new \WP_REST_Response(	×
675	[	×
676	'success' => true,	×
677	'stats' => $scan_stats->summary(),	×
678	]	×
679	);	×
680	} catch ( \Exception $ex ) {	×
681	return new \WP_REST_Response(	×
682	[	×
683	'message' => $ex->getMessage(),	×
684	],	×
685	500	×
686	);	×
687	}
688	}
689	}

equalizedigital / accessibility-checker / 17205722517

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous