checkToken() === false) { (new ErrorResponse( array('unauthorized' => __('This request is not authorized.')), array(), Response::STATUS_UNAUTHORIZED ))->send(); } if($this->checkPermissions() === false) { (new ErrorResponse( array('forbidden' => __('You do not have the required permissions.')), array(), Response::STATUS_FORBIDDEN ))->send(); } $this->processRoute(); } function setupPublic() { if($this->checkToken() === false) { $response = new ErrorResponse(array( 'unauthorized' => __('This request is not authorized.') ), Response::STATUS_UNAUTHORIZED); $response->send(); } $this->processRoute(); } function processRoute() { $class = ucfirst($_POST['endpoint']); $endpoint = __NAMESPACE__ . "\\Endpoints\\" . $class; $method = $_POST['method']; $doing_ajax = (bool)(defined('DOING_AJAX') && DOING_AJAX); if($doing_ajax) { $data = isset($_POST['data']) ? stripslashes_deep($_POST['data']) : array(); } else { $data = $_POST; } if(is_array($data) && !empty($data)) { // filter out reserved keywords from data $reserved_keywords = array( 'token', 'endpoint', 'method', 'mailpoet_redirect' ); $data = array_diff_key($data, array_flip($reserved_keywords)); } try { $endpoint = new $endpoint(); $response = $endpoint->$method($data); // TODO: remove this condition once the API unification is complete if(is_object($response)) { $response->send(); } else { // LEGACY API wp_send_json($response); } } catch(\Exception $e) { (new ErrorResponse(array($e->getMessage())))->send(); } } function setToken() { $global = ''; echo $global; } function checkPermissions() { return current_user_can('manage_options'); } function checkToken() { return ( isset($_POST['token']) && wp_verify_nonce($_POST['token'], 'mailpoet_token') ); } }