Automattic\WooCommerce\Admin\Features\Blueprint

RestApi::queue()publicWC 1.0

Handle the upload request.

We're not calling to run the import process in this function. We'll upload the file to a temporary dir, validate the file, and return a reference to the file. The uploaded file will be processed once user hits the import button and calls the process endpoint with a nonce.

Метод класса: RestApi{}

Хуков нет.

Возвращает

Массив.

Использование

$RestApi = new RestApi();
$RestApi->queue();

Код RestApi::queue() WC 9.7.1

woocommerce/src/Admin/Features/Blueprint/RestApi.php 
public function queue() {
	// Initialize response structure.
	$response = array(
		'reference'  => null,
		'error_type' => null,
		'errors'     => array(),
	);

	// Check for nonce to prevent CSRF.
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
	if ( ! isset( $_POST['blueprint_upload_nonce'] ) || ! \wp_verify_nonce( $_POST['blueprint_upload_nonce'], 'blueprint_upload_nonce' ) ) {
		$response['error_type'] = 'upload';
		$response['errors'][]   = __( 'Invalid nonce', 'woocommerce' );
		return $response;
	}

	// Validate file upload.
	if ( empty( $_FILES['file'] ) || ! isset( $_FILES['file']['error'], $_FILES['file']['tmp_name'], $_FILES['file']['type'] ) ) {
		$response['error_type'] = 'upload';
		$response['errors'][]   = __( 'No file uploaded', 'woocommerce' );
		return $response;
	}

	// It errors with " Detected usage of a non-sanitized input variable:"
	// We don't want to sanitize the file name for is_uploaded_file as it expects the raw file name.
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	if ( UPLOAD_ERR_OK !== $_FILES['file']['error'] || ! is_uploaded_file( $_FILES['file']['tmp_name'] ) ) {
		$response['error_type'] = 'upload';
		$response['errors'][]   = __( 'File upload error', 'woocommerce' );
		return $response;
	}

	$mime_type = sanitize_text_field( $_FILES['file']['type'] );

	// Check for valid file types.
	if ( 'application/json' !== $mime_type && 'application/zip' !== $mime_type ) {
		$response['error_type'] = 'upload';
		$response['errors'][]   = __( 'Invalid file type', 'woocommerce' );
		return $response;
	}

	// Errors with "Detected usage of a non-sanitized input variable:"
	// We don't want to sanitize the file name for pathinfo as it expects the raw file name.
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	$extension = pathinfo( $_FILES['file']['name'], PATHINFO_EXTENSION );

	// Same as above, we don't want to sanitize the file name for get_temp_dir as it expects the raw file name.
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	$tmp_filepath = get_temp_dir() . basename( $_FILES['file']['tmp_name'] ) . '.' . $extension;

	// Same as above, we don't want to sanitize the file name for move_uploaded_file as it expects the raw file name.
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	if ( ! move_uploaded_file( $_FILES['file']['tmp_name'], $tmp_filepath ) ) {
		$response['error_type'] = 'upload';
		$response['errors'][]   = __( 'Error moving file to tmp directory', 'woocommerce' );
		return $response;
	}

	// Process the uploaded file.
	// We'll not call import function.
	// Just validate the file by calling create_from_json or create_from_zip.
	// Please note that we're not performing a full validation here as we can't know
	// the full list of available steps without starting the import process due to filters being used for extensibility.
	// For now, we'll just check the provided schema is a valid JSON and has 'steps' key.
	// Full validation is performed in the process function.
	try {
		if ( 'application/zip' === $mime_type ) {
			$import_schema = ImportSchema::create_from_zip( $tmp_filepath );
		} else {
			$import_schema = ImportSchema::create_from_json( $tmp_filepath );
		}
	} catch ( \Exception $e ) {
		$response['error_type'] = 'schema_validation';
		$response['errors'][]   = $e->getMessage();
		return $response;
	}

	// Same as above, we don't want to sanitize the file name for basename as it expects the raw file name.
	// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
	$response['reference']             = basename( $_FILES['file']['tmp_name'] . '.' . $extension );
	$response['process_nonce']         = wp_create_nonce( $response['reference'] );
	$response['settings_to_overwrite'] = $this->get_settings_to_overwrite( $import_schema->get_schema()->get_steps() );

	return $response;
}