Edit File by line

<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName

[0] Fix | Delete

/**

[1] Fix | Delete

* Jetpack JSON API.

[2] Fix | Delete

[3] Fix | Delete

* @package automattic/jetpack

[4] Fix | Delete

[5] Fix | Delete

[6] Fix | Delete

use Automattic\Jetpack\Status;

[7] Fix | Delete

[8] Fix | Delete

if ( ! defined( 'WPCOM_JSON_API__DEBUG' ) ) {

[9] Fix | Delete

define( 'WPCOM_JSON_API__DEBUG', false );

[10] Fix | Delete

}

[11] Fix | Delete

[12] Fix | Delete

require_once __DIR__ . '/sal/class.json-api-platform.php';

[13] Fix | Delete

[14] Fix | Delete

/**

[15] Fix | Delete

* Jetpack JSON API.

[16] Fix | Delete

[17] Fix | Delete

class WPCOM_JSON_API {

[18] Fix | Delete

/**

[19] Fix | Delete

* Static instance.

[20] Fix | Delete

[21] Fix | Delete

* @todo This should be private.

[22] Fix | Delete

* @var self|null

[23] Fix | Delete

[24] Fix | Delete

public static $self = null;

[25] Fix | Delete

[26] Fix | Delete

/**

[27] Fix | Delete

* Registered endpoints.

[28] Fix | Delete

[29] Fix | Delete

* @var WPCOM_JSON_API_Endpoint[]

[30] Fix | Delete

[31] Fix | Delete

public $endpoints = array();

[32] Fix | Delete

[33] Fix | Delete

/**

[34] Fix | Delete

* Endpoint being processed.

[35] Fix | Delete

[36] Fix | Delete

* @var WPCOM_JSON_API_Endpoint

[37] Fix | Delete

[38] Fix | Delete

public $endpoint = null;

[39] Fix | Delete

[40] Fix | Delete

/**

[41] Fix | Delete

* Token details.

[42] Fix | Delete

[43] Fix | Delete

* @var array

[44] Fix | Delete

[45] Fix | Delete

public $token_details = array();

[46] Fix | Delete

[47] Fix | Delete

/**

[48] Fix | Delete

* Request HTTP method.

[49] Fix | Delete

[50] Fix | Delete

* @var string

[51] Fix | Delete

[52] Fix | Delete

public $method = '';

[53] Fix | Delete

[54] Fix | Delete

/**

[55] Fix | Delete

* Request URL.

[56] Fix | Delete

[57] Fix | Delete

* @var string

[58] Fix | Delete

[59] Fix | Delete

public $url = '';

[60] Fix | Delete

[61] Fix | Delete

/**

[62] Fix | Delete

* Path part of the request URL.

[63] Fix | Delete

[64] Fix | Delete

* @var string

[65] Fix | Delete

[66] Fix | Delete

public $path = '';

[67] Fix | Delete

[68] Fix | Delete

/**

[69] Fix | Delete

* Version extracted from the request URL.

[70] Fix | Delete

[71] Fix | Delete

* @var string|null

[72] Fix | Delete

[73] Fix | Delete

public $version = null;

[74] Fix | Delete

[75] Fix | Delete

/**

[76] Fix | Delete

* Parsed query data.

[77] Fix | Delete

[78] Fix | Delete

* @var array

[79] Fix | Delete

[80] Fix | Delete

public $query = array();

[81] Fix | Delete

[82] Fix | Delete

/**

[83] Fix | Delete

* Post body, if the request is a POST.

[84] Fix | Delete

[85] Fix | Delete

* @var string|null

[86] Fix | Delete

[87] Fix | Delete

public $post_body = null;

[88] Fix | Delete

[89] Fix | Delete

/**

[90] Fix | Delete

* Copy of `$_FILES` if the request is a POST.

[91] Fix | Delete

[92] Fix | Delete

* @var null|array

[93] Fix | Delete

[94] Fix | Delete

public $files = null;

[95] Fix | Delete

[96] Fix | Delete

/**

[97] Fix | Delete

* Content type of the request.

[98] Fix | Delete

[99] Fix | Delete

* @var string|null

[100] Fix | Delete

[101] Fix | Delete

public $content_type = null;

[102] Fix | Delete

[103] Fix | Delete

/**

[104] Fix | Delete

* Value of `$_SERVER['HTTP_ACCEPT']`, if any

[105] Fix | Delete

[106] Fix | Delete

* @var string

[107] Fix | Delete

[108] Fix | Delete

public $accept = '';

[109] Fix | Delete

[110] Fix | Delete

/**

[111] Fix | Delete

* Value of `$_SERVER['HTTPS']`, or "--UNset--" if unset.

[112] Fix | Delete

[113] Fix | Delete

* @var string

[114] Fix | Delete

[115] Fix | Delete

public $_server_https; // phpcs:ignore PSR2.Classes.PropertyDeclaration.Underscore

[116] Fix | Delete

[117] Fix | Delete

/**

[118] Fix | Delete

* Whether to exit after serving a response.

[119] Fix | Delete

[120] Fix | Delete

* @var bool

[121] Fix | Delete

[122] Fix | Delete

public $exit = true;

[123] Fix | Delete

[124] Fix | Delete

/**

[125] Fix | Delete

* Public API scheme.

[126] Fix | Delete

[127] Fix | Delete

* @var string

[128] Fix | Delete

[129] Fix | Delete

public $public_api_scheme = 'https';

[130] Fix | Delete

[131] Fix | Delete

/**

[132] Fix | Delete

* Output status code.

[133] Fix | Delete

[134] Fix | Delete

* @var int

[135] Fix | Delete

[136] Fix | Delete

public $output_status_code = 200;

[137] Fix | Delete

[138] Fix | Delete

/**

[139] Fix | Delete

* Trapped error.

[140] Fix | Delete

[141] Fix | Delete

* @var null|array

[142] Fix | Delete

[143] Fix | Delete

public $trapped_error = null;

[144] Fix | Delete

[145] Fix | Delete

/**

[146] Fix | Delete

* Whether output has been done.

[147] Fix | Delete

[148] Fix | Delete

* @var bool

[149] Fix | Delete

[150] Fix | Delete

public $did_output = false;

[151] Fix | Delete

[152] Fix | Delete

/**

[153] Fix | Delete

* Extra HTTP headers.

[154] Fix | Delete

[155] Fix | Delete

* @var string

[156] Fix | Delete

[157] Fix | Delete

public $extra_headers = array();

[158] Fix | Delete

[159] Fix | Delete

/**

[160] Fix | Delete

* AMP source origin.

[161] Fix | Delete

[162] Fix | Delete

* @var string

[163] Fix | Delete

[164] Fix | Delete

public $amp_source_origin = null;

[165] Fix | Delete

[166] Fix | Delete

/**

[167] Fix | Delete

* Initialize.

[168] Fix | Delete

[169] Fix | Delete

* @param string|null $method As for `$this->setup_inputs()`.

[170] Fix | Delete

* @param string|null $url As for `$this->setup_inputs()`.

[171] Fix | Delete

* @param string|null $post_body As for `$this->setup_inputs()`.

[172] Fix | Delete

* @return WPCOM_JSON_API instance

[173] Fix | Delete

[174] Fix | Delete

public static function init( $method = null, $url = null, $post_body = null ) {

[175] Fix | Delete

if ( ! self::$self ) {

[176] Fix | Delete

self::$self = new static( $method, $url, $post_body );

[177] Fix | Delete

}

[178] Fix | Delete

return self::$self;

[179] Fix | Delete

}

[180] Fix | Delete

[181] Fix | Delete

/**

[182] Fix | Delete

* Add an endpoint.

[183] Fix | Delete

[184] Fix | Delete

* @param WPCOM_JSON_API_Endpoint $endpoint Endpoint to add.

[185] Fix | Delete

[186] Fix | Delete

public function add( WPCOM_JSON_API_Endpoint $endpoint ) {

[187] Fix | Delete

// @todo Determine if anything depends on this being serialized rather than e.g. JSON.

[188] Fix | Delete

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize -- Legacy, possibly depended on elsewhere.

[189] Fix | Delete

$path_versions = serialize(

[190] Fix | Delete

array(

[191] Fix | Delete

$endpoint->path,

[192] Fix | Delete

$endpoint->min_version,

[193] Fix | Delete

$endpoint->max_version,

[194] Fix | Delete

)

[195] Fix | Delete

);

[196] Fix | Delete

if ( ! isset( $this->endpoints[ $path_versions ] ) ) {

[197] Fix | Delete

$this->endpoints[ $path_versions ] = array();

[198] Fix | Delete

}

[199] Fix | Delete

$this->endpoints[ $path_versions ][ $endpoint->method ] = $endpoint;

[200] Fix | Delete

}

[201] Fix | Delete

[202] Fix | Delete

/**

[203] Fix | Delete

* Determine if a string is truthy. If it's not a string, which can happen with

[204] Fix | Delete

* not well-formed data coming from Jetpack sites, we still consider it a truthy value.

[205] Fix | Delete

[206] Fix | Delete

* @param mixed $value true, 1, "1", "t", and "true" (case insensitive) are truthy, everything else isn't.

[207] Fix | Delete

* @return bool

[208] Fix | Delete

[209] Fix | Delete

public static function is_truthy( $value ) {

[210] Fix | Delete

if ( true === $value ) {

[211] Fix | Delete

return true;

[212] Fix | Delete

}

[213] Fix | Delete

[214] Fix | Delete

if ( 1 === $value ) {

[215] Fix | Delete

return true;

[216] Fix | Delete

}

[217] Fix | Delete

[218] Fix | Delete

if ( ! is_string( $value ) ) {

[219] Fix | Delete

return false;

[220] Fix | Delete

}

[221] Fix | Delete

[222] Fix | Delete

switch ( strtolower( (string) $value ) ) {

[223] Fix | Delete

case '1':

[224] Fix | Delete

case 't':

[225] Fix | Delete

case 'true':

[226] Fix | Delete

return true;

[227] Fix | Delete

}

[228] Fix | Delete

[229] Fix | Delete

return false;

[230] Fix | Delete

}

[231] Fix | Delete

[232] Fix | Delete

/**

[233] Fix | Delete

* Determine if a string is falsey.

[234] Fix | Delete

[235] Fix | Delete

* @param mixed $value false, 0, "0", "f", and "false" (case insensitive) are falsey, everything else isn't.

[236] Fix | Delete

* @return bool

[237] Fix | Delete

[238] Fix | Delete

public static function is_falsy( $value ) {

[239] Fix | Delete

if ( false === $value ) {

[240] Fix | Delete

return true;

[241] Fix | Delete

}

[242] Fix | Delete

[243] Fix | Delete

if ( 0 === $value ) {

[244] Fix | Delete

return true;

[245] Fix | Delete

}

[246] Fix | Delete

[247] Fix | Delete

if ( ! is_string( $value ) ) {

[248] Fix | Delete

return false;

[249] Fix | Delete

}

[250] Fix | Delete

[251] Fix | Delete

switch ( strtolower( (string) $value ) ) {

[252] Fix | Delete

case '0':

[253] Fix | Delete

case 'f':

[254] Fix | Delete

case 'false':

[255] Fix | Delete

return true;

[256] Fix | Delete

}

[257] Fix | Delete

[258] Fix | Delete

return false;

[259] Fix | Delete

}

[260] Fix | Delete

[261] Fix | Delete

/**

[262] Fix | Delete

* Constructor.

[263] Fix | Delete

[264] Fix | Delete

* @todo This should be private.

[265] Fix | Delete

* @param string|null $method As for `$this->setup_inputs()`.

[266] Fix | Delete

* @param string|null $url As for `$this->setup_inputs()`.

[267] Fix | Delete

* @param string|null $post_body As for `$this->setup_inputs()`.

[268] Fix | Delete

[269] Fix | Delete

public function __construct( $method = null, $url = null, $post_body = null ) {

[270] Fix | Delete

$this->setup_inputs( $method, $url, $post_body );

[271] Fix | Delete

}

[272] Fix | Delete

[273] Fix | Delete

/**

[274] Fix | Delete

* Setup inputs.

[275] Fix | Delete

[276] Fix | Delete

* @param string|null $method Request HTTP method. Fetched from `$_SERVER` if null.

[277] Fix | Delete

* @param string|null $url URL requested. Determined from `$_SERVER` if null.

[278] Fix | Delete

* @param string|null $post_body POST body. Read from `php://input` if null and method is POST.

[279] Fix | Delete

[280] Fix | Delete

public function setup_inputs( $method = null, $url = null, $post_body = null ) {

[281] Fix | Delete

if ( $method === null ) {

[282] Fix | Delete

$this->method = isset( $_SERVER['REQUEST_METHOD'] ) ? strtoupper( filter_var( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) ) : '';

[283] Fix | Delete

} else {

[284] Fix | Delete

$this->method = strtoupper( $method );

[285] Fix | Delete

}

[286] Fix | Delete

if ( $url === null ) {

[287] Fix | Delete

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sniff misses the esc_url_raw.

[288] Fix | Delete

$this->url = esc_url_raw( set_url_scheme( 'http://' . ( isset( $_SERVER['HTTP_HOST'] ) ? wp_unslash( $_SERVER['HTTP_HOST'] ) : '' ) . ( isset( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : '' ) ) );

[289] Fix | Delete

} else {

[290] Fix | Delete

$this->url = $url;

[291] Fix | Delete

}

[292] Fix | Delete

[293] Fix | Delete

$parsed = wp_parse_url( $this->url );

[294] Fix | Delete

if ( ! empty( $parsed['path'] ) ) {

[295] Fix | Delete

$this->path = $parsed['path'];

[296] Fix | Delete

}

[297] Fix | Delete

[298] Fix | Delete

if ( ! empty( $parsed['query'] ) ) {

[299] Fix | Delete

wp_parse_str( $parsed['query'], $this->query );

[300] Fix | Delete

}

[301] Fix | Delete

[302] Fix | Delete

if ( ! empty( $_SERVER['HTTP_ACCEPT'] ) ) {

[303] Fix | Delete

$this->accept = filter_var( wp_unslash( $_SERVER['HTTP_ACCEPT'] ) );

[304] Fix | Delete

}

[305] Fix | Delete

[306] Fix | Delete

if ( 'POST' === $this->method ) {

[307] Fix | Delete

if ( $post_body === null ) {

[308] Fix | Delete

$this->post_body = file_get_contents( 'php://input' );

[309] Fix | Delete

[310] Fix | Delete

if ( ! empty( $_SERVER['HTTP_CONTENT_TYPE'] ) ) {

[311] Fix | Delete

$this->content_type = filter_var( wp_unslash( $_SERVER['HTTP_CONTENT_TYPE'] ) );

[312] Fix | Delete

} elseif ( ! empty( $_SERVER['CONTENT_TYPE'] ) ) {

[313] Fix | Delete

$this->content_type = filter_var( wp_unslash( $_SERVER['CONTENT_TYPE'] ) );

[314] Fix | Delete

} elseif ( isset( $this->post_body[0] ) && '{' === $this->post_body[0] ) {

[315] Fix | Delete

$this->content_type = 'application/json';

[316] Fix | Delete

} else {

[317] Fix | Delete

$this->content_type = 'application/x-www-form-urlencoded';

[318] Fix | Delete

}

[319] Fix | Delete

[320] Fix | Delete

if ( str_starts_with( strtolower( $this->content_type ), 'multipart/' ) ) {

[321] Fix | Delete

// phpcs:ignore WordPress.Security.NonceVerification.Missing

[322] Fix | Delete

$this->post_body = http_build_query( stripslashes_deep( $_POST ) );

[323] Fix | Delete

$this->files = $_FILES;

[324] Fix | Delete

$this->content_type = 'multipart/form-data';

[325] Fix | Delete

}

[326] Fix | Delete

} else {

[327] Fix | Delete

$this->post_body = $post_body;

[328] Fix | Delete

$this->content_type = isset( $this->post_body[0] ) && '{' === $this->post_body[0] ? 'application/json' : 'application/x-www-form-urlencoded';

[329] Fix | Delete

}

[330] Fix | Delete

} else {

[331] Fix | Delete

$this->post_body = null;

[332] Fix | Delete

$this->content_type = null;

[333] Fix | Delete

}

[334] Fix | Delete

[335] Fix | Delete

$this->_server_https = array_key_exists( 'HTTPS', $_SERVER ) ? filter_var( wp_unslash( $_SERVER['HTTPS'] ) ) : '--UNset--';

[336] Fix | Delete

}

[337] Fix | Delete

[338] Fix | Delete

/**

[339] Fix | Delete

* Initialize.

[340] Fix | Delete

[341] Fix | Delete

* @return null|WP_Error (although this implementation always returns null)

[342] Fix | Delete

[343] Fix | Delete

public function initialize() {

[344] Fix | Delete

$this->token_details['blog_id'] = Jetpack_Options::get_option( 'id' );

[345] Fix | Delete

return null;

[346] Fix | Delete

}

[347] Fix | Delete

[348] Fix | Delete

/**

[349] Fix | Delete

* Checks if the current request is authorized with a blog token.

[350] Fix | Delete

* This method is overridden by a child class in WPCOM.

[351] Fix | Delete

[352] Fix | Delete

* @since 9.1.0

[353] Fix | Delete

[354] Fix | Delete

* @param boolean|int $site_id The site id.

[355] Fix | Delete

* @return boolean

[356] Fix | Delete

[357] Fix | Delete

public function is_jetpack_authorized_for_site( $site_id = false ) {

[358] Fix | Delete

if ( ! $this->token_details ) {

[359] Fix | Delete

return false;

[360] Fix | Delete

}

[361] Fix | Delete

[362] Fix | Delete

$token_details = (object) $this->token_details;

[363] Fix | Delete

[364] Fix | Delete

$site_in_token = (int) $token_details->blog_id;

[365] Fix | Delete

[366] Fix | Delete

if ( $site_in_token < 1 ) {

[367] Fix | Delete

return false;

[368] Fix | Delete

}

[369] Fix | Delete

[370] Fix | Delete

if ( $site_id && $site_in_token !== (int) $site_id ) {

[371] Fix | Delete

return false;

[372] Fix | Delete

}

[373] Fix | Delete

[374] Fix | Delete

if ( (int) get_current_user_id() !== 0 ) {

[375] Fix | Delete

// If Jetpack blog token is used, no logged-in user should exist.

[376] Fix | Delete

return false;

[377] Fix | Delete

}

[378] Fix | Delete

[379] Fix | Delete

return true;

[380] Fix | Delete

}

[381] Fix | Delete

[382] Fix | Delete

/**

[383] Fix | Delete

* Checks if the current request is authorized with an upload token.

[384] Fix | Delete

* This method is overridden by a child class in WPCOM.

[385] Fix | Delete

[386] Fix | Delete

* @since 13.5

[387] Fix | Delete

* @return boolean

[388] Fix | Delete

[389] Fix | Delete

public function is_authorized_with_upload_token() {

[390] Fix | Delete

return false;

[391] Fix | Delete

}

[392] Fix | Delete

[393] Fix | Delete

/**

[394] Fix | Delete

* Serve.

[395] Fix | Delete

[396] Fix | Delete

* @param bool $exit Whether to exit.

[397] Fix | Delete

* @return string|null Content type (assuming it didn't exit), or null in certain error cases.

[398] Fix | Delete

[399] Fix | Delete

public function serve( $exit = true ) {

[400] Fix | Delete

ini_set( 'display_errors', false ); // phpcs:ignore WordPress.PHP.IniSet.display_errors_Blacklisted

[401] Fix | Delete

[402] Fix | Delete

$this->exit = (bool) $exit;

[403] Fix | Delete

[404] Fix | Delete

// This was causing problems with Jetpack, but is necessary for wpcom

[405] Fix | Delete

// @see https://github.com/Automattic/jetpack/pull/2603

[406] Fix | Delete

// @see r124548-wpcom .

[407] Fix | Delete

if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {

[408] Fix | Delete

add_filter( 'home_url', array( $this, 'ensure_http_scheme_of_home_url' ), 10, 3 );

[409] Fix | Delete

}

[410] Fix | Delete

[411] Fix | Delete

add_filter( 'user_can_richedit', '__return_true' );

[412] Fix | Delete

[413] Fix | Delete

add_filter( 'comment_edit_pre', array( $this, 'comment_edit_pre' ) );

[414] Fix | Delete

[415] Fix | Delete

$initialization = $this->initialize();

[416] Fix | Delete

if ( 'OPTIONS' === $this->method ) {

[417] Fix | Delete

/**

[418] Fix | Delete

* Fires before the page output.

[419] Fix | Delete

* Can be used to specify custom header options.

[420] Fix | Delete

[421] Fix | Delete

* @module json-api

[422] Fix | Delete

[423] Fix | Delete

* @since 3.1.0

[424] Fix | Delete

[425] Fix | Delete

do_action( 'wpcom_json_api_options' );

[426] Fix | Delete

return $this->output( 200, '', 'text/plain' );

[427] Fix | Delete

}

[428] Fix | Delete

[429] Fix | Delete

if ( is_wp_error( $initialization ) ) {

[430] Fix | Delete

$this->output_error( $initialization );

[431] Fix | Delete

return;

[432] Fix | Delete

}

[433] Fix | Delete

[434] Fix | Delete

// Normalize path and extract API version.

[435] Fix | Delete

$this->path = untrailingslashit( $this->path );

[436] Fix | Delete

if ( preg_match( '#^/rest/v(\d+(\.\d+)*)#', $this->path, $matches ) ) {

[437] Fix | Delete

$this->path = substr( $this->path, strlen( $matches[0] ) );

[438] Fix | Delete

$this->version = $matches[1];

[439] Fix | Delete

}

[440] Fix | Delete

[441] Fix | Delete

$allowed_methods = array( 'GET', 'POST' );

[442] Fix | Delete

$four_oh_five = false;

[443] Fix | Delete

[444] Fix | Delete

$is_help = preg_match( '#/help/?$#i', $this->path );

[445] Fix | Delete

$matching_endpoints = array();

[446] Fix | Delete

[447] Fix | Delete

if ( $is_help ) {

[448] Fix | Delete

$origin = get_http_origin();

[449] Fix | Delete

[450] Fix | Delete

if ( ! empty( $origin ) && 'GET' === $this->method ) {

[451] Fix | Delete

header( 'Access-Control-Allow-Origin: ' . esc_url_raw( $origin ) );

[452] Fix | Delete

}

[453] Fix | Delete

[454] Fix | Delete

$this->path = substr( rtrim( $this->path, '/' ), 0, -5 );

[455] Fix | Delete

// Show help for all matching endpoints regardless of method.

[456] Fix | Delete

$methods = $allowed_methods;

[457] Fix | Delete

$find_all_matching_endpoints = true;

[458] Fix | Delete

// How deep to truncate each endpoint's path to see if it matches this help request.

[459] Fix | Delete

$depth = substr_count( $this->path, '/' ) + 1;

[460] Fix | Delete

if ( false !== stripos( $this->accept, 'javascript' ) || false !== stripos( $this->accept, 'json' ) ) {

[461] Fix | Delete

$help_content_type = 'json';

[462] Fix | Delete

} else {

[463] Fix | Delete

$help_content_type = 'html';

[464] Fix | Delete

}

[465] Fix | Delete

} elseif ( in_array( $this->method, $allowed_methods, true ) ) {

[466] Fix | Delete

// Only serve requested method.

[467] Fix | Delete

$methods = array( $this->method );

[468] Fix | Delete

$find_all_matching_endpoints = false;

[469] Fix | Delete

} else {

[470] Fix | Delete

// We don't allow this requested method - find matching endpoints and send 405.

[471] Fix | Delete

$methods = $allowed_methods;

[472] Fix | Delete

$find_all_matching_endpoints = true;

[473] Fix | Delete

$four_oh_five = true;

[474] Fix | Delete

}

[475] Fix | Delete

[476] Fix | Delete

// Find which endpoint to serve.

[477] Fix | Delete

$found = false;

[478] Fix | Delete

foreach ( $this->endpoints as $endpoint_path_versions => $endpoints_by_method ) {

[479] Fix | Delete

// @todo Determine if anything depends on this being serialized rather than e.g. JSON.

[480] Fix | Delete

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unserialize -- Legacy, possibly depended on elsewhere.

[481] Fix | Delete

$endpoint_path_versions = unserialize( $endpoint_path_versions );

[482] Fix | Delete

$endpoint_path = $endpoint_path_versions[0];

[483] Fix | Delete

$endpoint_min_version = $endpoint_path_versions[1];

[484] Fix | Delete

$endpoint_max_version = $endpoint_path_versions[2];

[485] Fix | Delete

[486] Fix | Delete

// Make sure max_version is not less than min_version.

[487] Fix | Delete

if ( version_compare( $endpoint_max_version, $endpoint_min_version, '<' ) ) {

[488] Fix | Delete

$endpoint_max_version = $endpoint_min_version;

[489] Fix | Delete

}

[490] Fix | Delete

[491] Fix | Delete

foreach ( $methods as $method ) {

[492] Fix | Delete

if ( ! isset( $endpoints_by_method[ $method ] ) ) {

[493] Fix | Delete

continue;

[494] Fix | Delete

}

[495] Fix | Delete

[496] Fix | Delete

// Normalize.

[497] Fix | Delete

$endpoint_path = untrailingslashit( $endpoint_path );

[498] Fix | Delete

if ( $is_help ) {

[499] Fix | Delete

12 3