#1132

Committed 05 May 2026 11:17AM UTC coverage: 89.835% (-0.2%) from 90.025%

Build # #1132

Build Type

push

php-coveralls

Committed by

kagg-design

Commit Message

Update changelog from readme.txt

Coverage Stats

2510 of 2794 relevant lines covered (89.84%)

2.15 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

85.0

/src/php/Request.php

<?php
/**
 * Determine request type.
 *
 * @package cyr-to-lat
 */

namespace CyrToLat;

use WP_Rewrite;

/**
 * Class Request
 */
class Request {

        /**
         * Whether it is allowed request for the plugin to work.
         *
         * @return bool
         */
        public function is_allowed(): bool {
                $allowed =
                        ! $this->is_frontend() ||
                        ( $this->is_frontend() && $this->is_post() ) ||
                        $this->is_cli();

                return (bool) apply_filters( 'ctl_allow', $allowed );
        }

        /**
         * Is frontend.
         *
         * @return bool
         */
        public function is_frontend(): bool {
                return ! ( wp_doing_ajax() || is_admin() || $this->is_cli() || $this->is_rest() );
        }

        /**
         * Check if it is a CLI request
         *
         * @return bool
         */
        public function is_cli(): bool {
                return defined( 'WP_CLI' ) && constant( 'WP_CLI' ) && class_exists( 'WP_CLI', false );
        }

        /**
         * Checks if the current request is a WP REST API request.
         *
         * Case #1: After WP_REST_Request initialization
         * Case #2: Support "plain" permalink settings
         * Case #3: It can happen that WP_Rewrite is not yet initialized,
         *          so do this (wp-settings.php)
         * Case #4: URL Path begins with wp-json/ (your REST prefix)
         *          Also supports WP installations in subfolders
         *
         * @return bool
         * @author matzeeable
         */
        public function is_rest(): bool {
                if ( ! isset( $_SERVER['REQUEST_URI'] ) ) {
                        return false;
                }

                // Case #1.
                if ( defined( 'REST_REQUEST' ) && constant( 'REST_REQUEST' ) ) {
                        return true;
                }

                // Case #2.
                // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                $rest_route  = self::filter_input( INPUT_GET, 'rest_route' );
                $script_name = self::filter_input( INPUT_SERVER, 'SCRIPT_NAME' );

                if ( 0 === strpos( $rest_route, '/' ) && 'index.php' === basename( $script_name ) ) {
                        return true;
                }

                // Case #3.
                global $wp_rewrite;

                $initial_wp_rewrite = $wp_rewrite;

                if ( null === $wp_rewrite ) {
                        // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
                        $wp_rewrite = new WP_Rewrite();
                }

                // Case #4.
                $current_url = (string) wp_parse_url( add_query_arg( [] ), PHP_URL_PATH );
                $rest_url    = wp_parse_url( trailingslashit( rest_url() ), PHP_URL_PATH );

                // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
                $wp_rewrite = $initial_wp_rewrite;

                return 0 === strpos( $current_url, $rest_url );
        }

        /**
         * If the current request is POST.
         *
         * @return bool
         */
        public function is_post(): bool {
                $request_method = filter_var(
                        isset( $_SERVER['REQUEST_METHOD'] ) ? wp_unslash( $_SERVER['REQUEST_METHOD'] ) : '',
                        FILTER_SANITIZE_FULL_SPECIAL_CHARS
                );

                return 'POST' === $request_method;
        }

        /**
         * Filter input in WP style.
         * Nonce must be checked in the calling function.
         *
         * @param int    $type     Input type.
         * @param string $var_name Variable name.
         *
         * @return array|string
         */
        public static function filter_input( int $type, string $var_name ) {
                // phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
                switch ( $type ) {
                        case INPUT_GET:
                                // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                                return isset( $_GET[ $var_name ] ) ? self::sanitize_data( $_GET[ $var_name ] ) : '';
                        case INPUT_POST:
                                // phpcs:ignore WordPress.Security.NonceVerification.Missing
                                return isset( $_POST[ $var_name ] ) ? self::sanitize_data( $_POST[ $var_name ] ) : '';
                        case INPUT_SERVER:
                                return isset( $_SERVER[ $var_name ] ) ? self::sanitize_data( $_SERVER[ $var_name ] ) : '';
                        case INPUT_COOKIE:
                                return isset( $_COOKIE[ $var_name ] ) ? self::sanitize_data( $_COOKIE[ $var_name ] ) : '';
                        default:
                                return '';
                }
                // phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
        }

        /**
         * Sanitize data.
         *
         * @param array|string $data Data to sanitize.
         *
         * @return array|string
         */
        private static function sanitize_data( $data ) {
                if ( is_array( $data ) ) {
                        return array_map( [ self::class, 'sanitize_data' ], $data );
                }

                return is_scalar( $data ) ? sanitize_text_field( wp_unslash( $data ) ) : '';
        }
}

1	<?php
2	/**
3	* Determine request type.
4	*
5	* @package cyr-to-lat
6	*/
7
8	namespace CyrToLat;
9
10	use WP_Rewrite;
11
12	/**
13	* Class Request
14	*/
15	class Request {
16
17	/**
18	* Whether it is allowed request for the plugin to work.
19	*
20	* @return bool
21	*/
22	public function is_allowed(): bool {
23	$allowed =	8✔
24	! $this->is_frontend() \|\|	8✔
25	( $this->is_frontend() && $this->is_post() ) \|\|	8✔
26	$this->is_cli();	8✔
27
28	return (bool) apply_filters( 'ctl_allow', $allowed );	8✔
29	}
30
31	/**
32	* Is frontend.
33	*
34	* @return bool
35	*/
36	public function is_frontend(): bool {
37	return ! ( wp_doing_ajax() \|\| is_admin() \|\| $this->is_cli() \|\| $this->is_rest() );	16✔
38	}
39
40	/**
41	* Check if it is a CLI request
42	*
43	* @return bool
44	*/
45	public function is_cli(): bool {
46	return defined( 'WP_CLI' ) && constant( 'WP_CLI' ) && class_exists( 'WP_CLI', false );	3✔
47	}
48
49	/**
50	* Checks if the current request is a WP REST API request.
51	*
52	* Case #1: After WP_REST_Request initialization
53	* Case #2: Support "plain" permalink settings
54	* Case #3: It can happen that WP_Rewrite is not yet initialized,
55	* so do this (wp-settings.php)
56	* Case #4: URL Path begins with wp-json/ (your REST prefix)
57	* Also supports WP installations in subfolders
58	*
59	* @return bool
60	* @author matzeeable
61	*/
62	public function is_rest(): bool {
63	if ( ! isset( $_SERVER['REQUEST_URI'] ) ) {	4✔
64	return false;	1✔
65	}
66
67	// Case #1.
68	if ( defined( 'REST_REQUEST' ) && constant( 'REST_REQUEST' ) ) {	3✔
69	return true;	1✔
70	}
71
72	// Case #2.
73	// phpcs:ignore WordPress.Security.NonceVerification.Recommended
74	$rest_route = self::filter_input( INPUT_GET, 'rest_route' );	2✔
75	$script_name = self::filter_input( INPUT_SERVER, 'SCRIPT_NAME' );	2✔
76
77	if ( 0 === strpos( $rest_route, '/' ) && 'index.php' === basename( $script_name ) ) {	2✔
78	return true;	1✔
79	}
80
81	// Case #3.
82	global $wp_rewrite;	1✔
83
84	$initial_wp_rewrite = $wp_rewrite;	1✔
85
86	if ( null === $wp_rewrite ) {	1✔
87	// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
88	$wp_rewrite = new WP_Rewrite();	×
89	}
90
91	// Case #4.
92	$current_url = (string) wp_parse_url( add_query_arg( [] ), PHP_URL_PATH );	1✔
93	$rest_url = wp_parse_url( trailingslashit( rest_url() ), PHP_URL_PATH );	1✔
94
95	// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
96	$wp_rewrite = $initial_wp_rewrite;	1✔
97
98	return 0 === strpos( $current_url, $rest_url );	1✔
99	}
100
101	/**
102	* If the current request is POST.
103	*
104	* @return bool
105	*/
106	public function is_post(): bool {
107	$request_method = filter_var(	1✔
108	isset( $_SERVER['REQUEST_METHOD'] ) ? wp_unslash( $_SERVER['REQUEST_METHOD'] ) : '',	1✔
109	FILTER_SANITIZE_FULL_SPECIAL_CHARS	1✔
110	);	1✔
111
112	return 'POST' === $request_method;	1✔
113	}
114
115	/**
116	* Filter input in WP style.
117	* Nonce must be checked in the calling function.
118	*
119	* @param int $type Input type.
120	* @param string $var_name Variable name.
121	*
122	* @return array\|string
123	*/
124	public static function filter_input( int $type, string $var_name ) {
125	// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
126	switch ( $type ) {
127	case INPUT_GET:	2✔
128	// phpcs:ignore WordPress.Security.NonceVerification.Recommended
129	return isset( $_GET[ $var_name ] ) ? self::sanitize_data( $_GET[ $var_name ] ) : '';	2✔
130	case INPUT_POST:	2✔
131	// phpcs:ignore WordPress.Security.NonceVerification.Missing
132	return isset( $_POST[ $var_name ] ) ? self::sanitize_data( $_POST[ $var_name ] ) : '';	×
133	case INPUT_SERVER:	2✔
134	return isset( $_SERVER[ $var_name ] ) ? self::sanitize_data( $_SERVER[ $var_name ] ) : '';	2✔
135	case INPUT_COOKIE:	×
136	return isset( $_COOKIE[ $var_name ] ) ? self::sanitize_data( $_COOKIE[ $var_name ] ) : '';	×
137	default:
138	return '';	×
139	}
140	// phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
141	}
142
143	/**
144	* Sanitize data.
145	*
146	* @param array\|string $data Data to sanitize.
147	*
148	* @return array\|string
149	*/
150	private static function sanitize_data( $data ) {
151	if ( is_array( $data ) ) {	1✔
152	return array_map( [ self::class, 'sanitize_data' ], $data );	×
153	}
154
155	return is_scalar( $data ) ? sanitize_text_field( wp_unslash( $data ) ) : '';	1✔
156	}
157	}

mihdan / cyr2lat / #1132

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous