Code Coverage for projects/plugins/jetpack/_inc/lib/core-api/class.jetpack-core-api-module-endpoints.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	19.86% covered (danger)	19.86%	166 / 836	3.45% covered (danger)	3.45%	1 / 29	CRAP	0.00% covered (danger)	0.00%	0 / 4
jetpack_do_after_gravatar_hovercards_activation	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
jetpack_do_after_gravatar_hovercards_deactivation	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
jetpack_do_after_markdown_activation	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
Jetpack_Core_API_Module_Toggle_Endpoint	0.00% covered (danger)	0.00%	0 / 64	0.00% covered (danger)	0.00%	0 / 4	306	0.00% covered (danger)	0.00%	0 / 1
process	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	6
activate_module	0.00% covered (danger)	0.00%	0 / 30	0.00% covered (danger)	0.00%	0 / 1	56
deactivate_module	0.00% covered (danger)	0.00%	0 / 30	0.00% covered (danger)	0.00%	0 / 1	56
can_request	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
Jetpack_Core_API_Module_List_Endpoint	0.00% covered (danger)	0.00%	0 / 67	0.00% covered (danger)	0.00%	0 / 4	380	0.00% covered (danger)	0.00%	0 / 1
process	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	6
get_modules	0.00% covered (danger)	0.00%	0 / 11	0.00% covered (danger)	0.00%	0 / 1	30
activate_modules	0.00% covered (danger)	0.00%	0 / 50	0.00% covered (danger)	0.00%	0 / 1	110
can_request	0.00% covered (danger)	0.00%	0 / 3	0.00% covered (danger)	0.00%	0 / 1	6
Jetpack_Core_API_Data	36.48% covered (danger)	36.48%	166 / 455	16.67% covered (danger)	16.67%	1 / 6	11838.68	0.00% covered (danger)	0.00%	0 / 1
process	80.00% covered (warning)	80.00%	4 / 5	0.00% covered (danger)	0.00%	0 / 1	3.07
get_module	0.00% covered (danger)	0.00%	0 / 21	0.00% covered (danger)	0.00%	0 / 1	72
get_all_options	81.82% covered (warning)	81.82%	36 / 44	0.00% covered (danger)	0.00%	0 / 1	24.91
update_data	30.58% covered (danger)	30.58%	111 / 363	0.00% covered (danger)	0.00%	0 / 1	8192.95
process_onboarding		n/a	0 / 0		n/a	0 / 0	1
handle_business_address		n/a	0 / 0		n/a	0 / 0	12
has_business_address_widget	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	20
can_request	100.00% covered (success)	100.00%	15 / 15	100.00% covered (success)	100.00%	1 / 1	8
Jetpack_Core_API_Module_Data_Endpoint	0.00% covered (danger)	0.00%	0 / 242	0.00% covered (danger)	0.00%	0 / 12	4032	0.00% covered (danger)	0.00%	0 / 1
process	0.00% covered (danger)	0.00%	0 / 13	0.00% covered (danger)	0.00%	0 / 1	56
key_check	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	20
get_protect_data	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	6
get_akismet_data	0.00% covered (danger)	0.00%	0 / 4	0.00% covered (danger)	0.00%	0 / 1	6
check_akismet_key	0.00% covered (danger)	0.00%	0 / 23	0.00% covered (danger)	0.00%	0 / 1	56
akismet_class_exists	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	12
akismet_is_active_and_registered	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	30
get_stats_data	0.00% covered (danger)	0.00%	0 / 40	0.00% covered (danger)	0.00%	0 / 1	56
get_monitor_data	0.00% covered (danger)	0.00%	0 / 23	0.00% covered (danger)	0.00%	0 / 1	20
get_verification_tools_data	0.00% covered (danger)	0.00%	0 / 63	0.00% covered (danger)	0.00%	0 / 1	210
get_vaultpress_data	0.00% covered (danger)	0.00%	0 / 47	0.00% covered (danger)	0.00%	0 / 1	56
can_request	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2	/**
3	* Tools to interact with Jetpack modules via API requests.
4	*
5	* @package automattic/jetpack
6	*/
7
8	use Automattic\Jetpack\Connection\REST_Connector;
9	use Automattic\Jetpack\Current_Plan as Jetpack_Plan;
10	use Automattic\Jetpack\Stats\WPCOM_Stats;
11	use Automattic\Jetpack\Stats_Admin\Main as Stats_Admin_Main;
12	use Automattic\Jetpack\Status;
13	use Automattic\Jetpack\Waf\Brute_Force_Protection\Brute_Force_Protection;
14	use Automattic\Jetpack\Waf\Brute_Force_Protection\Brute_Force_Protection_Shared_Functions;
15
16	if ( ! defined( 'ABSPATH' ) ) {
17	exit( 0 );
18	}
19
20	/**
21	* This is the base class for every Core API endpoint Jetpack uses.
22	*/
23	class Jetpack_Core_API_Module_Toggle_Endpoint extends Jetpack_Core_API_XMLRPC_Consumer_Endpoint {
24
25	/**
26	* Check if the module requires the site to be publicly accessible from WPCOM.
27	* If the site meets this requirement, the module is activated. Otherwise an error is returned.
28	*
29	* @since 4.3.0
30	*
31	* @param WP_REST_Request $request {
32	* Array of parameters received by request.
33	*
34	* @type string $slug Module slug.
35	* @type bool $active should module be activated.
36	* }
37	*
38	* @return WP_REST_Response\|WP_Error A REST response if the request was served successfully, otherwise an error.
39	*/
40	public function process( $request ) {
41	if ( $request['active'] ) {
42	return $this->activate_module( $request );
43	} else {
44	return $this->deactivate_module( $request );
45	}
46	}
47
48	/**
49	* If it's a valid Jetpack module, activate it.
50	*
51	* @since 4.3.0
52	*
53	* @param string\|WP_REST_Request $request It's a WP_REST_Request when called from endpoint /module/<slug>/*
54	* and a string when called from Jetpack_Core_API_Data->update_data.
55	* {
56	* Array of parameters received by request.
57	*
58	* @type string $slug Module slug.
59	* }
60	*
61	* @return bool\|WP_Error True if module was activated. Otherwise, a WP_Error instance with the corresponding error.
62	*/
63	public function activate_module( $request ) {
64	$module_slug = '';
65
66	if (
67	(
68	is_array( $request )
69	\|\| is_object( $request )
70	)
71	&& isset( $request['slug'] )
72	) {
73	$module_slug = $request['slug'];
74	} else {
75	$module_slug = $request;
76	}
77
78	if ( ! Jetpack::is_module( $module_slug ) ) {
79	return new WP_Error(
80	'not_found',
81	esc_html__( 'The requested Jetpack module was not found.', 'jetpack' ),
82	array( 'status' => 404 )
83	);
84	}
85
86	if ( ! Jetpack_Plan::supports( $module_slug ) ) {
87	return new WP_Error(
88	'not_supported',
89	esc_html__( 'The requested Jetpack module is not supported by your plan.', 'jetpack' ),
90	array( 'status' => 424 )
91	);
92	}
93
94	if ( Jetpack::activate_module( $module_slug, false, false ) ) {
95	return rest_ensure_response(
96	array(
97	'code' => 'success',
98	'message' => esc_html__( 'The requested Jetpack module was activated.', 'jetpack' ),
99	)
100	);
101	}
102
103	return new WP_Error(
104	'activation_failed',
105	esc_html__( 'The requested Jetpack module could not be activated.', 'jetpack' ),
106	array( 'status' => 424 )
107	);
108	}
109
110	/**
111	* If it's a valid Jetpack module, deactivate it.
112	*
113	* @since 4.3.0
114	*
115	* @param string\|WP_REST_Request $request It's a WP_REST_Request when called from endpoint /module/<slug>/*
116	* and a string when called from Jetpack_Core_API_Data->update_data.
117	* {
118	* Array of parameters received by request.
119	*
120	* @type string $slug Module slug.
121	* }
122	*
123	* @return bool\|WP_Error True if module was activated. Otherwise, a WP_Error instance with the corresponding error.
124	*/
125	public function deactivate_module( $request ) {
126	$module_slug = '';
127
128	if (
129	(
130	is_array( $request )
131	\|\| is_object( $request )
132	)
133	&& isset( $request['slug'] )
134	) {
135	$module_slug = $request['slug'];
136	} else {
137	$module_slug = $request;
138	}
139
140	if ( ! Jetpack::is_module( $module_slug ) ) {
141	return new WP_Error(
142	'not_found',
143	esc_html__( 'The requested Jetpack module was not found.', 'jetpack' ),
144	array( 'status' => 404 )
145	);
146	}
147
148	if ( ! Jetpack::is_module_active( $module_slug ) ) {
149	return new WP_Error(
150	'already_inactive',
151	esc_html__( 'The requested Jetpack module was already inactive.', 'jetpack' ),
152	array( 'status' => 409 )
153	);
154	}
155
156	if ( Jetpack::deactivate_module( $module_slug ) ) {
157	return rest_ensure_response(
158	array(
159	'code' => 'success',
160	'message' => esc_html__( 'The requested Jetpack module was deactivated.', 'jetpack' ),
161	)
162	);
163	}
164	return new WP_Error(
165	'deactivation_failed',
166	esc_html__( 'The requested Jetpack module could not be deactivated.', 'jetpack' ),
167	array( 'status' => 400 )
168	);
169	}
170
171	/**
172	* Check that the current user has permissions to manage Jetpack modules.
173	*
174	* @since 4.3.0
175	*
176	* @return bool
177	*/
178	public function can_request() {
179	return current_user_can( 'jetpack_manage_modules' );
180	}
181	}
182
183	/**
184	* Interact with multiple modules at once (list or activate).
185	*
186	* // phpcs:disable Generic.Files.OneObjectStructurePerFile.MultipleFound
187	*/
188	class Jetpack_Core_API_Module_List_Endpoint {
189	// phpcs:enable Generic.Files.OneObjectStructurePerFile.MultipleFound
190
191	/**
192	* A WordPress REST API callback method that accepts a request object and decides what to do with it.
193	*
194	* @param WP_REST_Request $request The request sent to the WP REST API.
195	*
196	* @since 4.3.0
197	*
198	* @return bool\|Array\|WP_Error a resulting value or object, or an error.
199	*/
200	public function process( $request ) {
201	if ( 'GET' === $request->get_method() ) {
202	return $this->get_modules();
203	} else {
204	return static::activate_modules( $request );
205	}
206	}
207
208	/**
209	* Get a list of all Jetpack modules and their information.
210	*
211	* @since 4.3.0
212	*
213	* @return array Array of Jetpack modules.
214	*/
215	public function get_modules() {
216	require_once JETPACK__PLUGIN_DIR . 'class.jetpack-admin.php';
217
218	$modules = Jetpack_Admin::init()->get_modules();
219	foreach ( $modules as $slug => $properties ) {
220	$modules[ $slug ]['options'] =
221	Jetpack_Core_Json_Api_Endpoints::prepare_options_for_response( $slug );
222	if (
223	isset( $modules[ $slug ]['requires_connection'] )
224	&& $modules[ $slug ]['requires_connection']
225	&& ( new Status() )->is_offline_mode()
226	) {
227	$modules[ $slug ]['activated'] = false;
228	}
229	}
230
231	$modules = Jetpack::get_translated_modules( $modules );
232
233	return Jetpack_Core_Json_Api_Endpoints::prepare_modules_for_response( $modules );
234	}
235
236	/**
237	* Activate a list of valid Jetpack modules.
238	*
239	* @since 4.3.0
240	*
241	* @param WP_REST_Request $request {
242	* Array of parameters received by request.
243	*
244	* @type string $slug Module slug.
245	* }
246	*
247	* @return bool\|WP_Error True if modules were activated. Otherwise, a WP_Error instance with the corresponding error.
248	*/
249	public static function activate_modules( $request ) {
250
251	if (
252	! isset( $request['modules'] )
253	\|\| ! is_array( $request['modules'] )
254	) {
255	return new WP_Error(
256	'not_found',
257	esc_html__( 'The requested Jetpack module was not found.', 'jetpack' ),
258	array( 'status' => 404 )
259	);
260	}
261
262	$activated = array();
263	$failed = array();
264
265	foreach ( $request['modules'] as $module ) {
266	if ( Jetpack::activate_module( $module, false, false ) ) {
267	$activated[] = $module;
268	} else {
269	$failed[] = $module;
270	}
271	}
272
273	if ( empty( $failed ) ) {
274	return rest_ensure_response(
275	array(
276	'code' => 'success',
277	'message' => esc_html__( 'All modules activated.', 'jetpack' ),
278	)
279	);
280	}
281
282	$error = '';
283
284	$activated_count = count( $activated );
285	if ( $activated_count > 0 ) {
286	$activated_last = array_pop( $activated );
287	$activated_text = $activated_count > 1 ? sprintf(
288	/* Translators: first variable is a list followed by the last item, which is the second variable. Example: dog, cat and bird. */
289	__( '%1$s and %2$s', 'jetpack' ),
290	implode( ', ', $activated ),
291	$activated_last
292	) : $activated_last;
293
294	$error = sprintf(
295	/* Translators: the variable is a module name. */
296	_n( 'The module %s was activated.', 'The modules %s were activated.', $activated_count, 'jetpack' ),
297	$activated_text
298	) . ' ';
299	}
300
301	$failed_count = count( $failed );
302	if ( count( $failed ) > 0 ) {
303	$failed_last = array_pop( $failed );
304	$failed_text = $failed_count > 1 ? sprintf(
305	/* Translators: first variable is a list followed by the last item, which is the second variable. Example: dog, cat and bird. */
306	__( '%1$s and %2$s', 'jetpack' ),
307	implode( ', ', $failed ),
308	$failed_last
309	) : $failed_last;
310
311	$error = sprintf(
312	/* Translators: the variable is a module name. */
313	_n( 'The module %s failed to be activated.', 'The modules %s failed to be activated.', $failed_count, 'jetpack' ),
314	$failed_text
315	) . ' ';
316	}
317
318	return new WP_Error(
319	'activation_failed',
320	esc_html( $error ),
321	array( 'status' => 424 )
322	);
323	}
324
325	/**
326	* A WordPress REST API permission callback method that accepts a request object and decides
327	* if the current user has enough privileges to act.
328	*
329	* @since 4.3.0
330	*
331	* @param WP_REST_Request $request The request sent to the WP REST API.
332	*
333	* @return bool does the current user have enough privilege.
334	*/
335	public function can_request( $request ) {
336	if ( 'GET' === $request->get_method() ) {
337	return current_user_can( 'jetpack_admin_page' );
338	} else {
339	return current_user_can( 'jetpack_manage_modules' );
340	}
341	}
342	}
343
344	/**
345	* Class that manages updating of Jetpack module options and general Jetpack settings or retrieving module data.
346	* If no module is specified, all module settings are retrieved/updated.
347	*
348	* @since 4.3.0
349	* @since 4.4.0 Renamed Jetpack_Core_API_Module_Endpoint from to Jetpack_Core_API_Data.
350	*
351	* @author Automattic
352	*
353	* // phpcs:disable Generic.Files.OneObjectStructurePerFile.MultipleFound
354	*/
355	class Jetpack_Core_API_Data extends Jetpack_Core_API_XMLRPC_Consumer_Endpoint {
356	// phpcs:enable Generic.Files.OneObjectStructurePerFile.MultipleFound
357
358	/**
359	* Process request by returning the module or updating it.
360	* If no module is specified, settings for all modules are assumed.
361	*
362	* @since 4.3.0
363	*
364	* @param WP_REST_Request $request WP API request.
365	*
366	* @return bool\|mixed\|void\|WP_Error
367	*/
368	public function process( $request ) {
369	if ( 'GET' === $request->get_method() ) {
370	if ( isset( $request['slug'] ) ) {
371	return $this->get_module( $request );
372	}
373
374	return $this->get_all_options();
375	} else {
376	return $this->update_data( $request );
377	}
378	}
379
380	/**
381	* Get information about a specific and valid Jetpack module.
382	*
383	* @since 4.3.0
384	*
385	* @param WP_REST_Request $request {
386	* Array of parameters received by request.
387	*
388	* @type string $slug Module slug.
389	* }
390	*
391	* @return mixed\|void\|WP_Error
392	*/
393	public function get_module( $request ) {
394	if ( Jetpack::is_module( $request['slug'] ) ) {
395
396	$module = Jetpack::get_module( $request['slug'] );
397
398	$module['options'] = Jetpack_Core_Json_Api_Endpoints::prepare_options_for_response( $request['slug'] );
399
400	if (
401	isset( $module['requires_connection'] )
402	&& $module['requires_connection']
403	&& ( new Status() )->is_offline_mode()
404	) {
405	$module['activated'] = false;
406	}
407
408	$i18n = jetpack_get_module_i18n( $request['slug'] );
409	if ( isset( $module['name'] ) ) {
410	$module['name'] = $i18n['name'];
411	}
412	if ( isset( $module['description'] ) ) {
413	$module['description'] = $i18n['description'];
414	$module['short_description'] = $i18n['description'];
415	}
416	if ( isset( $module['module_tags'] ) ) {
417	$module['module_tags'] = array_map( 'jetpack_get_module_i18n_tag', $module['module_tags'] );
418	}
419
420	return Jetpack_Core_Json_Api_Endpoints::prepare_modules_for_response( $module );
421	}
422
423	return new WP_Error(
424	'not_found',
425	esc_html__( 'The requested Jetpack module was not found.', 'jetpack' ),
426	array( 'status' => 404 )
427	);
428	}
429
430	/**
431	* Get information about all Jetpack module options and settings.
432	*
433	* @since 4.6.0
434	*
435	* @return WP_REST_Response $response
436	*/
437	public function get_all_options() {
438	$response = array();
439
440	$modules = Jetpack::get_available_modules();
441	if ( is_array( $modules ) && ! empty( $modules ) ) {
442	foreach ( $modules as $module ) {
443	// Add all module options.
444	$options = Jetpack_Core_Json_Api_Endpoints::prepare_options_for_response( $module );
445	foreach ( $options as $option_name => $option ) {
446	$response[ $option_name ] = $option['current_value'];
447	}
448
449	// Add the module activation state.
450	$response[ $module ] = Jetpack::is_module_active( $module );
451	}
452	}
453
454	$settings = Jetpack_Core_Json_Api_Endpoints::get_updateable_data_list( 'settings' );
455
456	if ( ! function_exists( 'is_plugin_active' ) ) {
457	require_once ABSPATH . 'wp-admin/includes/plugin.php';
458	}
459
460	$response['categories'] = get_categories( array( 'get' => 'all' ) );
461
462	foreach ( $settings as $setting => $properties ) {
463	switch ( $setting ) {
464	case 'lang_id':
465	if ( ! current_user_can( 'install_languages' ) ) {
466	// The user doesn't have caps to install language packs, so warn the client.
467	$response[ $setting ] = 'error_cap';
468	break;
469	}
470
471	$value = get_option( 'WPLANG', '' );
472	if ( empty( $value ) && defined( 'WPLANG' ) ) {
473	$value = WPLANG;
474	}
475	$response[ $setting ] = empty( $value ) ? 'en_US' : $value;
476	break;
477
478	case 'wordpress_api_key':
479	// When field is clear, return empty. Otherwise it would return "false".
480	if ( '' === get_option( 'wordpress_api_key', '' ) ) {
481	$response[ $setting ] = '';
482	} else {
483	if ( ! class_exists( 'Akismet' ) ) {
484	if ( is_readable( WP_PLUGIN_DIR . '/akismet/class.akismet.php' ) ) {
485	require_once WP_PLUGIN_DIR . '/akismet/class.akismet.php';
486	}
487	}
488	$response[ $setting ] = class_exists( 'Akismet' ) ? Akismet::get_api_key() : '';
489	}
490	break;
491
492	case 'search_auto_config':
493	// Only writable.
494	$response[ $setting ] = 1;
495	break;
496
497	default:
498	$default = isset( $settings[ $setting ]['default'] ) ? $settings[ $setting ]['default'] : false;
499	$response[ $setting ] = Jetpack_Core_Json_Api_Endpoints::cast_value( get_option( $setting, $default ), $settings[ $setting ] );
500	break;
501	}
502	}
503
504	$response['akismet'] = is_plugin_active( 'akismet/akismet.php' );
505
506	require_once JETPACK__PLUGIN_DIR . '/modules/memberships/class-jetpack-memberships.php';
507	if ( class_exists( 'Jetpack_Memberships' ) ) {
508	$response['newsletter_has_active_plan'] = count( Jetpack_Memberships::get_all_newsletter_plan_ids( false ) ) > 0;
509	}
510
511	// Make sure we are returning a consistent type
512	if ( ! class_exists( 'Jetpack_Newsletter_Category_Helper' ) ) {
513	require_once JETPACK__PLUGIN_DIR . '_inc/lib/class-jetpack-newsletter-category-helper.php';
514	}
515	$response['wpcom_newsletter_categories'] = Jetpack_Newsletter_Category_Helper::get_category_ids();
516
517	return rest_ensure_response( $response );
518	}
519
520	/**
521	* If it's a valid Jetpack module and configuration parameters have been sent, update it.
522	*
523	* @since 4.3.0
524	*
525	* @param WP_REST_Request $request {
526	* Array of parameters received by request.
527	*
528	* @type string $slug Module slug.
529	* }
530	*
531	* @return bool\|WP_REST_Response\|WP_Error True or a WP_REST_Response if module was updated. Otherwise, a WP_Error instance with the corresponding error.
532	*/
533	public function update_data( $request ) {
534
535	// If it's null, we're trying to update many module options from different modules.
536	if ( $request['slug'] === null ) {
537
538	// Value admitted by Jetpack_Core_Json_Api_Endpoints::get_updateable_data_list that will make it return all module options.
539	// It will not be passed. It's just checked in this method to pass that method a string or array.
540	$request['slug'] = 'any';
541	} else {
542	if ( ! Jetpack::is_module( $request['slug'] ) ) {
543	return new WP_Error( 'not_found', esc_html__( 'The requested Jetpack module was not found.', 'jetpack' ), array( 'status' => 404 ) );
544	}
545
546	if ( ! Jetpack::is_module_active( $request['slug'] ) ) {
547	return new WP_Error( 'inactive', esc_html__( 'The requested Jetpack module is inactive.', 'jetpack' ), array( 'status' => 409 ) );
548	}
549	}
550
551	/*
552	* Get parameters to update the module.
553	* We cannot simply use $request->get_params() because when we registered this route,
554	* we are adding the entire output of Jetpack_Core_Json_Api_Endpoints::get_updateable_data_list()
555	* to the current request object's params. We are interested in body of the actual request.
556	* This may be JSON:
557	*/
558	$params = $request->get_json_params();
559	if ( ! is_array( $params ) ) {
560	// Or it may be standard POST key-value pairs.
561	$params = $request->get_body_params();
562	}
563
564	// Exit if no parameters were passed.
565	if ( ! is_array( $params ) ) {
566	return new WP_Error( 'missing_options', esc_html__( 'Missing options.', 'jetpack' ), array( 'status' => 404 ) );
567	}
568
569	// If $params was set via `get_body_params()` there may be some additional variables in the request that can
570	// cause validation to fail. This method verifies that each param was in fact updated and will throw a `some_updated`
571	// error if unused variables are included in the request.
572	foreach ( array_keys( $params ) as $key ) {
573	if ( is_int( $key ) \|\| 'slug' === $key \|\| 'context' === $key ) {
574	unset( $params[ $key ] );
575	}
576	}
577
578	// Get available module options.
579	$options = Jetpack_Core_Json_Api_Endpoints::get_updateable_data_list(
580	'any' === $request['slug']
581	? $params
582	: $request['slug']
583	);
584
585	// Prepare to toggle module if needed.
586	$toggle_module = new Jetpack_Core_API_Module_Toggle_Endpoint( new Jetpack_IXR_Client() );
587
588	// Options that are invalid or failed to update.
589	$invalid = array_keys( array_diff_key( $params, $options ) );
590	$not_updated = array();
591
592	// Remove invalid options.
593	$params = array_intersect_key( $params, $options );
594
595	// Used if response is successful. The message can be overwritten and additional data can be added here.
596	$response = array(
597	'code' => 'success',
598	'message' => esc_html__( 'The requested Jetpack data updates were successful.', 'jetpack' ),
599	);
600
601	// If there are modules to activate, activate them first so they're ready when their options are set.
602	foreach ( $params as $option => $value ) {
603	if ( 'modules' === $options[ $option ]['jp_group'] ) {
604
605	// Used if there was an error. Can be overwritten with specific error messages.
606	$error = '';
607
608	// Set to true if the module toggling was successful.
609	$updated = false;
610
611	// Check if user can toggle the module.
612	if ( $toggle_module->can_request() ) {
613
614	// Activate or deactivate the module according to the value passed.
615	$toggle_result = $value
616	? $toggle_module->activate_module( $option )
617	: $toggle_module->deactivate_module( $option );
618
619	if (
620	is_wp_error( $toggle_result )
621	&& 'already_inactive' === $toggle_result->get_error_code()
622	) {
623
624	// If the module is already inactive, we don't fail.
625	$updated = true;
626	} elseif ( is_wp_error( $toggle_result ) ) {
627	$error = $toggle_result->get_error_message();
628	} else {
629	$updated = true;
630	}
631	} else {
632	$error = REST_Connector::get_user_permissions_error_msg();
633	}
634
635	// The module was not toggled.
636	if ( ! $updated ) {
637	$not_updated[ $option ] = $error;
638	}
639
640	if ( $updated ) {
641	// Return the module state.
642	$response[ $option ] = $value;
643	}
644
645	// Remove module from list so we don't go through it again.
646	unset( $params[ $option ] );
647	}
648	}
649
650	if ( ! class_exists( 'Jetpack_Newsletter_Category_Helper' ) ) {
651	require_once JETPACK__PLUGIN_DIR . '_inc/lib/class-jetpack-newsletter-category-helper.php';
652	}
653
654	foreach ( $params as $option => $value ) {
655
656	// Used if there was an error. Can be overwritten with specific error messages.
657	$error = '';
658
659	// Set to true if the option update was successful.
660	$updated = false;
661
662	// Get option attributes, including the group it belongs to.
663	$option_attrs = $options[ $option ];
664
665	// If this is a module option and the related module isn't active for any reason, continue with the next one.
666	if ( 'settings' !== $option_attrs['jp_group'] ) {
667	if ( ! Jetpack::is_module( $option_attrs['jp_group'] ) ) {
668	$not_updated[ $option ] = esc_html__( 'The requested Jetpack module was not found.', 'jetpack' );
669	continue;
670	}
671
672	if (
673	'any' !== $request['slug']
674	&& ! Jetpack::is_module_active( $option_attrs['jp_group'] )
675	) {
676
677	// We only take note of skipped options when updating one module.
678	$not_updated[ $option ] = esc_html__( 'The requested Jetpack module is inactive.', 'jetpack' );
679	continue;
680	}
681	}
682
683	// Properly cast value based on its type defined in endpoint accepted args.
684	$value = Jetpack_Core_Json_Api_Endpoints::cast_value( $value, $option_attrs );
685
686	switch ( $option ) {
687	case 'lang_id':
688	if ( ! current_user_can( 'install_languages' ) ) {
689	// We can't affect this setting.
690	$updated = false;
691	break;
692	}
693
694	if ( 'en_US' === $value \|\| empty( $value ) ) {
695	return delete_option( 'WPLANG' );
696	}
697
698	if ( ! function_exists( 'request_filesystem_credentials' ) ) {
699	require_once ABSPATH . 'wp-admin/includes/file.php';
700	}
701
702	if ( ! function_exists( 'wp_download_language_pack' ) ) {
703	require_once ABSPATH . 'wp-admin/includes/translation-install.php';
704	}
705
706	// `wp_download_language_pack` only tries to download packs if they're not already available.
707	$language = wp_download_language_pack( $value );
708	if ( false === $language ) {
709	// The language pack download failed.
710	$updated = false;
711	break;
712	}
713	$updated = get_option( 'WPLANG' ) === $language ? true : update_option( 'WPLANG', $language );
714	break;
715
716	case 'monitor_receive_notifications':
717	$monitor = new Jetpack_Monitor();
718
719	// If we got true as response, consider it done.
720	$updated = true === $monitor->update_option_receive_jetpack_monitor_notification( $value );
721	break;
722
723	case 'post_by_email_address':
724	$result = Jetpack_Post_By_Email::init()->process_api_request( $value );
725
726	// If we got an email address (create or regenerate) or 1 (delete), consider it done.
727	if ( is_string( $result ) && preg_match( '/[a-z0-9]+@post.wordpress.com/', $result ) ) {
728	$response[ $option ] = $result;
729	$updated = true;
730	} elseif ( 1 == $result ) { // phpcs:ignore Universal.Operators.StrictComparisons.LooseEqual
731	$updated = true;
732	} elseif ( is_array( $result ) && isset( $result['message'] ) ) {
733	$error = $result['message'];
734	}
735	break;
736
737	case 'jetpack_protect_key':
738	$brute_force_protection = Brute_Force_Protection::instance();
739	if ( 'create' === $value ) {
740	$result = $brute_force_protection->get_protect_key();
741	} else {
742	$result = false;
743	}
744
745	// If we got one of Protect keys, consider it done.
746	if ( is_string( $result ) && preg_match( '/[a-z0-9]{40,}/i', $result ) ) {
747	$response[ $option ] = $result;
748	$updated = true;
749	}
750	break;
751
752	case 'jetpack_protect_global_whitelist':
753	$updated = Brute_Force_Protection_Shared_Functions::save_allow_list( explode( PHP_EOL, str_replace( array( ' ', ',' ), array( '', "\n" ), $value ) ) );
754
755	if ( is_wp_error( $updated ) ) {
756	$error = $updated->get_error_message();
757	}
758	break;
759
760	case 'show_headline':
761	case 'show_thumbnails':
762	$grouped_options_current = (array) Jetpack_Options::get_option( 'relatedposts' );
763	$grouped_options = $grouped_options_current;
764	$grouped_options[ $option ] = $value;
765
766	// If option value was the same, consider it done.
767	$updated = $grouped_options_current !== $grouped_options ? Jetpack_Options::update_option( 'relatedposts', $grouped_options ) : true;
768	break;
769
770	case 'search_auto_config':
771	if ( ! $value ) {
772	// Skip execution if no value is specified.
773	$updated = true;
774	} else {
775	$plan = new Automattic\Jetpack\Search\Plan();
776	if ( ! $plan->supports_instant_search() ) {
777	$updated = new WP_Error( 'instant_search_not_supported', 'Instant Search is not supported by this site', array( 'status' => 400 ) );
778	$error = $updated->get_error_message();
779	} elseif ( ! Automattic\Jetpack\Search\Options::is_instant_enabled() ) {
780	$updated = new WP_Error( 'instant_search_disabled', 'Instant Search is disabled', array( 'status' => 400 ) );
781	$error = $updated->get_error_message();
782	} else {
783	$blog_id = Automattic\Jetpack\Search\Helper::get_wpcom_site_id();
784	$instance = Automattic\Jetpack\Search\Instant_Search::instance( $blog_id );
785	$instance->auto_config_search();
786	$updated = true;
787	}
788	}
789	break;
790
791	case 'google':
792	case 'bing':
793	case 'pinterest':
794	case 'yandex':
795	case 'facebook':
796	$grouped_options_current = (array) get_option( 'verification_services_codes' );
797	$grouped_options = $grouped_options_current;
798
799	// Extracts the content attribute from the HTML meta tag if needed.
800	if ( preg_match( '#.<meta name="(?:[^"]+)" content="([^"]+)" />.#i', $value, $matches ) ) {
801	$grouped_options[ $option ] = $matches[1];
802	} else {
803	$grouped_options[ $option ] = $value;
804	}
805
806	// If option value was the same, consider it done.
807	$updated = $grouped_options_current !== $grouped_options
808	? update_option( 'verification_services_codes', $grouped_options )
809	: true;
810	break;
811
812	case 'sharing_services':
813	if ( ! class_exists( 'Sharing_Service' ) && ! include_once JETPACK__PLUGIN_DIR . 'modules/sharedaddy/sharing-service.php' ) {
814	break;
815	}
816
817	$sharer = new Sharing_Service();
818
819	// If option value was the same, consider it done.
820	$updated = $value !== $sharer->get_blog_services()
821	? $sharer->set_blog_services( $value['visible'], $value['hidden'] )
822	: true;
823	break;
824
825	case 'button_style':
826	case 'sharing_label':
827	case 'show':
828	if ( ! class_exists( 'Sharing_Service' ) && ! include_once JETPACK__PLUGIN_DIR . 'modules/sharedaddy/sharing-service.php' ) {
829	break;
830	}
831
832	$sharer = new Sharing_Service();
833	$grouped_options = $sharer->get_global_options();
834	$grouped_options[ $option ] = $value;
835	$updated = $sharer->set_global_options( $grouped_options );
836	break;
837
838	case 'custom':
839	if ( ! class_exists( 'Sharing_Service' ) && ! include_once JETPACK__PLUGIN_DIR . 'modules/sharedaddy/sharing-service.php' ) {
840	break;
841	}
842
843	$sharer = new Sharing_Service();
844	$updated = $sharer->new_service( stripslashes( $value['sharing_name'] ), stripslashes( $value['sharing_url'] ), stripslashes( $value['sharing_icon'] ) );
845
846	// Return new custom service.
847	$response[ $option ] = $updated;
848	break;
849
850	case 'sharing_delete_service':
851	if ( ! class_exists( 'Sharing_Service' ) && ! include_once JETPACK__PLUGIN_DIR . 'modules/sharedaddy/sharing-service.php' ) {
852	break;
853	}
854
855	$sharer = new Sharing_Service();
856	$updated = $sharer->delete_service( $value );
857	break;
858
859	case 'jetpack-twitter-cards-site-tag':
860	$value = trim( ltrim( wp_strip_all_tags( $value ), '@' ) );
861	$updated = get_option( $option ) !== $value ? update_option( $option, $value ) : true;
862	break;
863
864	case 'admin_bar':
865	case 'roles':
866	case 'count_roles':
867	case 'blog_id':
868	case 'do_not_track':
869	case 'version':
870	case 'collapse_nudges':
871	$grouped_options_current = (array) get_option( 'stats_options' );
872	$grouped_options = $grouped_options_current;
873	$grouped_options[ $option ] = $value;
874
875	// If option value was the same, consider it done.
876	$updated = $grouped_options_current !== $grouped_options
877	? update_option( 'stats_options', $grouped_options )
878	: true;
879	break;
880
881	case 'enable_odyssey_stats':
882	$updated = Stats_Admin_Main::update_new_stats_status( $value );
883
884	break;
885
886	case 'akismet_show_user_comments_approved':
887	// Save Akismet option '1' or '0' like it's done in akismet/class.akismet-admin.php.
888	$updated = get_option( $option ) != $value // phpcs:ignore Universal.Operators.StrictComparisons.LooseNotEqual
889	? update_option( $option, $value ? '1' : '0' )
890	: true;
891	break;
892
893	case 'wordpress_api_key':
894	if ( ! file_exists( WP_PLUGIN_DIR . '/akismet/class.akismet.php' ) ) {
895	$error = esc_html__( 'Please install Akismet.', 'jetpack' );
896	$updated = false;
897	break;
898	}
899
900	if ( ! defined( 'AKISMET_VERSION' ) ) {
901	$error = esc_html__( 'Please activate Akismet.', 'jetpack' );
902	$updated = false;
903	break;
904	}
905
906	// Allow to clear the API key field.
907	if ( '' === $value ) {
908	$updated = get_option( $option ) !== $value
909	? update_option( $option, $value )
910	: true;
911	break;
912	}
913
914	require_once WP_PLUGIN_DIR . '/akismet/class.akismet.php';
915	require_once WP_PLUGIN_DIR . '/akismet/class.akismet-admin.php';
916
917	if ( class_exists( 'Akismet_Admin' ) && method_exists( 'Akismet_Admin', 'save_key' ) ) {
918	if ( Akismet::verify_key( $value ) === 'valid' ) {
919	$akismet_user = Akismet_Admin::get_akismet_user( $value );
920	if ( $akismet_user ) {
921	if ( in_array( $akismet_user->status, array( 'active', 'active-dunning', 'no-sub' ), true ) ) {
922	$updated = get_option( $option ) !== $value
923	? update_option( $option, $value )
924	: true;
925	break;
926	} else {
927	$error = esc_html__( "Akismet user status doesn't allow to update the key", 'jetpack' );
928	}
929	} else {
930	$error = esc_html__( 'Invalid Akismet user', 'jetpack' );
931	}
932	} else {
933	$error = esc_html__( 'Invalid Akismet key', 'jetpack' );
934	}
935	} else {
936	$error = esc_html__( 'Akismet is not installed or active', 'jetpack' );
937	}
938	$updated = false;
939	break;
940
941	case 'google_analytics_tracking_id':
942	$grouped_options_current = (array) get_option( 'jetpack_wga' );
943	$grouped_options = $grouped_options_current;
944	$grouped_options['code'] = $value;
945
946	// If option value was the same, consider it done.
947	$updated = $grouped_options_current !== $grouped_options
948	? update_option( 'jetpack_wga', $grouped_options )
949	: true;
950	break;
951
952	case 'dismiss_empty_stats_card':
953	case 'dismiss_dash_backup_getting_started':
954	case 'dismiss_dash_agencies_learn_more':
955	// If option value was the same, consider it done.
956	$updated = get_option( $option ) != $value // phpcs:ignore Universal.Operators.StrictComparisons.LooseNotEqual -- ensure we support bools or strings saved by update_option.
957	? update_option( $option, (bool) $value )
958	: true;
959	break;
960
961	case 'jetpack_subscriptions_reply_to':
962	// If option value was the same, consider it done.
963	require_once JETPACK__PLUGIN_DIR . 'modules/subscriptions/class-settings.php';
964	$sub_value = Automattic\Jetpack\Modules\Subscriptions\Settings::is_valid_reply_to( $value )
965	? $value
966	: Automattic\Jetpack\Modules\Subscriptions\Settings::$default_reply_to;
967
968	$updated = (string) get_option( $option ) !== (string) $sub_value ? update_option( $option, $sub_value ) : true;
969	break;
970	case 'jetpack_subscriptions_from_name':
971	// If option value was the same, consider it done.
972	$sub_value = sanitize_text_field( $value );
973	$updated = (string) get_option( $option ) !== (string) $sub_value ? update_option( $option, $sub_value ) : true;
974	break;
975
976	case 'stb_enabled':
977	case 'stc_enabled':
978	case 'sm_enabled':
979	case 'jetpack_subscribe_overlay_enabled':
980	case 'jetpack_subscribe_floating_button_enabled':
981	case 'wpcom_newsletter_categories_enabled':
982	case 'wpcom_featured_image_in_email':
983	case 'jetpack_gravatar_in_email':
984	case 'jetpack_author_in_email':
985	case 'jetpack_post_date_in_email':
986	case 'wpcom_subscription_emails_use_excerpt':
987	case 'jetpack_subscriptions_subscribe_post_end_enabled':
988	case 'jetpack_subscriptions_login_navigation_enabled':
989	case 'jetpack_subscriptions_subscribe_navigation_enabled':
990	// Convert the false value to 0. This allows the option to be updated if it doesn't exist yet.
991	$sub_value = $value ? $value : 0;
992	$updated = (string) get_option( $option ) !== (string) $sub_value ? update_option( $option, $sub_value ) : true;
993	break;
994
995	case 'jetpack_blocks_disabled':
996	$updated = (bool) get_option( $option ) !== (bool) $value ? update_option( $option, (bool) $value ) : true;
997	break;
998
999	case 'subscription_options':
1000	if ( ! is_array( $value ) ) {
1001	break;
1002	}
1003
1004	$allowed_keys = array( 'invitation', 'comment_follow', 'welcome' );
1005	$filtered_value = array_filter(
1006	$value,
1007	function ( $key ) use ( $allowed_keys ) {
1008	return in_array( $key, $allowed_keys, true );
1009	},
1010	ARRAY_FILTER_USE_KEY
1011	);
1012
1013	if ( empty( $filtered_value ) ) {
1014	break;
1015	}
1016
1017	array_walk_recursive(
1018	$filtered_value,
1019	function ( &$value ) {
1020	$value = wp_kses(
1021	$value,
1022	array(
1023	'ul' => array(),
1024	'li' => array(),
1025	'p' => array(),
1026	'strong' => array(),
1027	'ol' => array(),
1028	'em' => array(),
1029	'a' => array(
1030	'href' => array(),
1031	),
1032	)
1033	);
1034	}
1035	);
1036
1037	$old_subscription_options = get_option( 'subscription_options' );
1038	if ( ! is_array( $old_subscription_options ) ) {
1039	$old_subscription_options = array();
1040	}
1041	$new_subscription_options = array_merge( $old_subscription_options, $filtered_value );
1042	$updated = true;
1043
1044	if ( serialize( $old_subscription_options ) === serialize( $new_subscription_options ) ) { // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_serialize
1045	break; // This prevents the option update to fail when the values are the same.
1046	}
1047
1048	if ( ! update_option( $option, $new_subscription_options ) ) {
1049	$updated = false;
1050	$error = esc_html__( 'Subscription Options failed to process.', 'jetpack' );
1051	}
1052	break;
1053
1054	case Jetpack_Newsletter_Category_Helper::NEWSLETTER_CATEGORIES_OPTION:
1055	if ( ! is_array( $value ) \|\| empty( $value ) ) {
1056	break;
1057	}
1058
1059	// If we are already current, do nothing
1060	$current_value = Jetpack_Newsletter_Category_Helper::get_category_ids();
1061	if ( $value === $current_value ) {
1062	break;
1063	}
1064
1065	if ( Jetpack_Newsletter_Category_Helper::save_category_ids( $value ) ) {
1066	$updated = true;
1067	} else {
1068	$updated = false;
1069	$error = esc_html__( 'Newsletter category did not update.', 'jetpack' );
1070	}
1071
1072	break;
1073
1074	default:
1075	// Boolean values are stored as 1 or 0.
1076	if ( isset( $options[ $option ]['type'] ) && 'boolean' === $options[ $option ]['type'] ) {
1077	$value = (int) $value;
1078	}
1079
1080	// If option value was the same as it's current value, or it's default, consider it done.
1081	$default = isset( $options[ $option ]['default'] ) ? $options[ $option ]['default'] : false;
1082	$updated = get_option( $option, $default ) != $value // phpcs:ignore Universal.Operators.StrictComparisons.LooseNotEqual -- ensure we support scalars or strings saved by update_option.
1083	? update_option( $option, $value )
1084	: true;
1085	break;
1086	}
1087
1088	// The option was not updated.
1089	if ( ! $updated ) {
1090	$not_updated[ $option ] = $error;
1091	}
1092	}
1093
1094	if ( empty( $invalid ) && empty( $not_updated ) ) {
1095	// The option was updated.
1096	return rest_ensure_response( $response );
1097	} else {
1098	$invalid_count = count( $invalid );
1099	$not_updated_count = count( $not_updated );
1100	$error = '';
1101	if ( $invalid_count > 0 ) {
1102	$error = sprintf(
1103	/* Translators: the plural variable is a comma-separated list. Example: dog, cat, bird. */
1104	_n( 'Invalid option: %s.', 'Invalid options: %s.', $invalid_count, 'jetpack' ),
1105	implode( ', ', $invalid )
1106	);
1107	}
1108	if ( $not_updated_count > 0 ) {
1109	$not_updated_messages = array();
1110	foreach ( $not_updated as $not_updated_option => $not_updated_message ) {
1111	if ( ! empty( $not_updated_message ) ) {
1112	$not_updated_messages[] = sprintf(
1113	/* Translators: the first variable is a module option or slug, or setting. The second is the error message . */
1114	__( '%1$s: %2$s', 'jetpack' ),
1115	$not_updated_option,
1116	$not_updated_message
1117	);
1118	}
1119	}
1120	if ( ! empty( $error ) ) {
1121	$error .= ' ';
1122	}
1123	if ( ! empty( $not_updated_messages ) ) {
1124	$error .= ' ' . implode( '. ', $not_updated_messages );
1125	}
1126	}
1127	// There was an error because some options were updated but others were invalid or failed to update.
1128	return new WP_Error( 'some_updated', esc_html( $error ), array( 'status' => 400 ) );
1129	}
1130	}
1131
1132	/**
1133	* Perform tasks in the site based on onboarding choices.
1134	*
1135	* @since 5.4.0
1136	*
1137	* @deprecated since 13.9
1138	*
1139	* @param array $data Onboarding choices made by user.
1140	*
1141	* @return string Result of onboarding processing and, if there is one, an error message.
1142	*/
1143	private function process_onboarding( $data ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
1144	_deprecated_function( __METHOD__, '13.9' );
1145	return '';
1146	}
1147
1148	/**
1149	* Add or update Business Address widget.
1150	*
1151	* @deprecated since 13.9
1152	*
1153	* @param array $address Array of business address fields.
1154	*
1155	* @return WP_Error\|true True if the data was saved correctly.
1156	*/
1157	private static function handle_business_address( $address ) {
1158	_deprecated_function( __METHOD__, '13.9' );
1159	$first_sidebar = Jetpack_Widgets::get_first_sidebar();
1160
1161	$widgets_module_active = Jetpack::is_module_active( 'widgets' );
1162	if ( ! $widgets_module_active ) {
1163	$widgets_module_active = Jetpack::activate_module( 'widgets', false, false );
1164	}
1165	if ( ! $widgets_module_active ) {
1166	return new WP_Error( 'module_activation_failed', 'Failed to activate the widgets module.', 400 );
1167	}
1168
1169	if ( $first_sidebar ) {
1170	$title = isset( $address['name'] ) ? sanitize_text_field( $address['name'] ) : '';
1171	$street = isset( $address['street'] ) ? sanitize_text_field( $address['street'] ) : '';
1172	$city = isset( $address['city'] ) ? sanitize_text_field( $address['city'] ) : '';
1173	$state = isset( $address['state'] ) ? sanitize_text_field( $address['state'] ) : '';
1174	$zip = isset( $address['zip'] ) ? sanitize_text_field( $address['zip'] ) : '';
1175	$country = isset( $address['country'] ) ? sanitize_text_field( $address['country'] ) : '';
1176
1177	$full_address = implode( ' ', array_filter( array( $street, $city, $state, $zip, $country ) ) );
1178
1179	$widget_options = array(
1180	'title' => $title,
1181	'address' => $full_address,
1182	'phone' => '',
1183	'hours' => '',
1184	'showmap' => false,
1185	'email' => '',
1186	);
1187
1188	$widget_updated = '';
1189	if ( ! self::has_business_address_widget( $first_sidebar ) ) {
1190	$widget_updated = Jetpack_Widgets::insert_widget_in_sidebar( 'widget_contact_info', $widget_options, $first_sidebar );
1191	} else {
1192	$widget_updated = Jetpack_Widgets::update_widget_in_sidebar( 'widget_contact_info', $widget_options, $first_sidebar );
1193	}
1194	if ( is_wp_error( $widget_updated ) ) {
1195	return new WP_Error( 'widget_update_failed', 'Widget could not be updated.', 400 );
1196	}
1197
1198	$address_save = array(
1199	'name' => $title,
1200	'street' => $street,
1201	'city' => $city,
1202	'state' => $state,
1203	'zip' => $zip,
1204	'country' => $country,
1205	);
1206	update_option( 'jpo_business_address', $address_save );
1207	return true;
1208	}
1209
1210	// No sidebar to place the widget.
1211	return new WP_Error( 'sidebar_not_found', 'No sidebar.', 400 );
1212	}
1213
1214	/**
1215	* Check whether "Contact Info & Map" widget is present in a given sidebar.
1216	*
1217	* @param string $sidebar ID of the sidebar to which the widget will be added.
1218	*
1219	* @return bool Whether the widget is present in a given sidebar.
1220	*/
1221	private static function has_business_address_widget( $sidebar ) {
1222	$sidebars_widgets = get_option( 'sidebars_widgets', array() );
1223	if ( ! isset( $sidebars_widgets[ $sidebar ] ) ) {
1224	return false;
1225	}
1226	foreach ( $sidebars_widgets[ $sidebar ] as $widget ) {
1227	if ( str_contains( $widget, 'widget_contact_info' ) ) {
1228	return true;
1229	}
1230	}
1231	return false;
1232	}
1233
1234	/**
1235	* Check if user is allowed to perform the update.
1236	*
1237	* @since 4.3.0
1238	*
1239	* @param WP_REST_Request $request The request sent to the WP REST API.
1240	*
1241	* @return bool
1242	*/
1243	public function can_request( $request ) {
1244	if ( 'GET' === $request->get_method() ) {
1245	return current_user_can( 'jetpack_admin_page' );
1246	} else {
1247	$module = Jetpack_Core_Json_Api_Endpoints::get_module_requested();
1248	if ( empty( $module ) ) {
1249	$params = $request->get_json_params();
1250	if ( ! is_array( $params ) ) {
1251	$params = $request->get_body_params();
1252	}
1253	$options = Jetpack_Core_Json_Api_Endpoints::get_updateable_data_list( $params );
1254	foreach ( $options as $option => $definition ) {
1255	if ( in_array( $options[ $option ]['jp_group'], array( 'post-by-email' ), true ) ) {
1256	$module = $options[ $option ]['jp_group'];
1257	break;
1258	}
1259	}
1260	}
1261	// User is trying to create, regenerate or delete its PbE.
1262	if ( 'post-by-email' === $module ) {
1263	return current_user_can( 'edit_posts' ) && current_user_can( 'jetpack_admin_page' );
1264	}
1265	return current_user_can( 'jetpack_configure_modules' );
1266	}
1267	}
1268	}
1269
1270	/**
1271	* Get detailed data from a specific module.
1272	*
1273	* phpcs:disable Generic.Files.OneObjectStructurePerFile.MultipleFound
1274	*/
1275	class Jetpack_Core_API_Module_Data_Endpoint {
1276	// phpcs:disable Generic.Files.OneObjectStructurePerFile.MultipleFound
1277
1278	/**
1279	* Process request and return different data based on the module we are interested in.
1280	*
1281	* @param WP_REST_Request $request WP API request.
1282	*
1283	* @return WP_REST_Response\|WP_Error A REST response if the request was served successfully, otherwise an error.
1284	*/
1285	public function process( $request ) {
1286	switch ( $request['slug'] ) {
1287	case 'protect':
1288	return $this->get_protect_data();
1289	case 'stats':
1290	return $this->get_stats_data( $request );
1291	case 'akismet':
1292	return $this->get_akismet_data();
1293	case 'monitor':
1294	return $this->get_monitor_data();
1295	case 'verification-tools':
1296	return $this->get_verification_tools_data();
1297	case 'vaultpress':
1298	return $this->get_vaultpress_data();
1299	}
1300	}
1301
1302	/**
1303	* Decide against which service to check the key.
1304	*
1305	* @since 4.8.0
1306	*
1307	* @param WP_REST_Request $request WP API request.
1308	*
1309	* @return bool
1310	*/
1311	public function key_check( $request ) {
1312	switch ( $request['service'] ) {
1313	case 'akismet':
1314	$params = $request->get_json_params();
1315	if ( isset( $params['api_key'] ) && ! empty( $params['api_key'] ) ) {
1316	return $this->check_akismet_key( $params['api_key'] );
1317	}
1318	return $this->check_akismet_key();
1319	}
1320	return false;
1321	}
1322
1323	/**
1324	* Get number of blocked intrusion attempts.
1325	*
1326	* @since 4.3.0
1327	*
1328	* @return mixed\|WP_Error Number of blocked attempts if protection is enabled. Otherwise, a WP_Error instance with the corresponding error.
1329	*/
1330	public function get_protect_data() {
1331	if ( Jetpack::is_module_active( 'protect' ) ) {
1332	return (int) get_site_option( 'jetpack_protect_blocked_attempts', 0 );
1333	}
1334
1335	return new WP_Error(
1336	'not_active',
1337	esc_html__( 'The requested Jetpack module is not active.', 'jetpack' ),
1338	array( 'status' => 404 )
1339	);
1340	}
1341
1342	/**
1343	* Get number of spam messages blocked by Akismet.
1344	*
1345	* @since 4.3.0
1346	*
1347	* @return int\|string Number of spam blocked by Akismet. Otherwise, an error message.
1348	*/
1349	public function get_akismet_data() {
1350	$akismet_status = $this->akismet_is_active_and_registered();
1351	if ( ! is_wp_error( $akismet_status ) ) {
1352	return (int) get_option( 'akismet_spam_count', 0 );
1353	} else {
1354	return $akismet_status->get_error_code();
1355	}
1356	}
1357
1358	/**
1359	* Verify the Akismet API key.
1360	*
1361	* @since 4.8.0
1362	*
1363	* @param string $api_key Optional API key to check.
1364	*
1365	* @return array Information about the key. 'validKey' is true if key is valid, false otherwise.
1366	*/
1367	public function check_akismet_key( $api_key = '' ) {
1368	$akismet_status = $this->akismet_class_exists();
1369	if ( is_wp_error( $akismet_status ) ) {
1370	return rest_ensure_response(
1371	array(
1372	'validKey' => false,
1373	'invalidKeyCode' => $akismet_status->get_error_code(),
1374	'invalidKeyMessage' => $akismet_status->get_error_message(),
1375	)
1376	);
1377	}
1378
1379	$key_status = Akismet::check_key_status( empty( $api_key ) ? Akismet::get_api_key() : $api_key );
1380
1381	if ( ! $key_status \|\| 'invalid' === $key_status \|\| 'failed' === $key_status ) {
1382	return rest_ensure_response(
1383	array(
1384	'validKey' => false,
1385	'invalidKeyCode' => 'invalid_key',
1386	'invalidKeyMessage' => esc_html__( 'Invalid Akismet key. Please contact support.', 'jetpack' ),
1387	)
1388	);
1389	}
1390
1391	return rest_ensure_response(
1392	array(
1393	'validKey' => isset( $key_status[1] ) && 'valid' === $key_status[1],
1394	)
1395	);
1396	}
1397
1398	/**
1399	* Check if Akismet class file exists and if class is loaded.
1400	*
1401	* @since 4.8.0
1402	*
1403	* @return bool\|WP_Error Returns true if class file exists and class is loaded, WP_Error otherwise.
1404	*/
1405	private function akismet_class_exists() {
1406	if ( ! file_exists( WP_PLUGIN_DIR . '/akismet/class.akismet.php' ) ) {
1407	return new WP_Error( 'not_installed', esc_html__( 'Please install Akismet.', 'jetpack' ), array( 'status' => 400 ) );
1408	}
1409
1410	if ( ! class_exists( 'Akismet' ) ) {
1411	return new WP_Error( 'not_active', esc_html__( 'Please activate Akismet.', 'jetpack' ), array( 'status' => 400 ) );
1412	}
1413
1414	return true;
1415	}
1416
1417	/**
1418	* Is Akismet registered and active?
1419	*
1420	* @since 4.3.0
1421	*
1422	* @return bool\|WP_Error True if Akismet is active and registered. Otherwise, a WP_Error instance with the corresponding error.
1423	*/
1424	private function akismet_is_active_and_registered() {
1425	$akismet_exists = $this->akismet_class_exists();
1426	if ( is_wp_error( $akismet_exists ) ) {
1427	return $akismet_exists;
1428	}
1429
1430	// What about if Akismet is put in a sub-directory or maybe in mu-plugins?
1431	require_once WP_PLUGIN_DIR . '/akismet/class.akismet.php';
1432	require_once WP_PLUGIN_DIR . '/akismet/class.akismet-admin.php';
1433	$akismet_key = Akismet::verify_key( Akismet::get_api_key() );
1434
1435	if ( ! $akismet_key \|\| 'invalid' === $akismet_key \|\| 'failed' === $akismet_key ) {
1436	return new WP_Error( 'invalid_key', esc_html__( 'Invalid Akismet key. Please contact support.', 'jetpack' ), array( 'status' => 400 ) );
1437	}
1438
1439	return true;
1440	}
1441
1442	/**
1443	* Get stats data for this site
1444	*
1445	* @since 4.1.0
1446	*
1447	* @param WP_REST_Request $request {
1448	* Array of parameters received by request.
1449	*
1450	* @type string $date Date range to restrict results to.
1451	* }
1452	*
1453	* @return WP_Error\|WP_HTTP_Response\|WP_REST_Response Stats information relayed from WordPress.com.
1454	*/
1455	public function get_stats_data( WP_REST_Request $request ) {
1456	// Get parameters to fetch Stats data.
1457	$range = $request->get_param( 'range' );
1458
1459	// If no parameters were passed.
1460	if (
1461	empty( $range )
1462	\|\| ! in_array( $range, array( 'day', 'week', 'month' ), true )
1463	) {
1464	$range = 'day';
1465	}
1466
1467	$wpcom_stats = new WPCOM_Stats();
1468	switch ( $range ) {
1469
1470	// This is always called first on page load.
1471	case 'day':
1472	$initial_stats = $wpcom_stats->convert_stats_array_to_object( $wpcom_stats->get_stats() );
1473	return rest_ensure_response(
1474	array(
1475	'general' => $initial_stats,
1476
1477	// Build data for 'day' as if it was $wpcom_stats ->get_visits( array( 'unit' => 'day, 'quantity' => 30).
1478	'day' => isset( $initial_stats->visits )
1479	? $initial_stats->visits
1480	: array(),
1481	)
1482	);
1483	case 'week':
1484	return rest_ensure_response(
1485	array(
1486	'week' => $wpcom_stats->convert_stats_array_to_object(
1487	$wpcom_stats->get_visits(
1488	array(
1489	'unit' => 'week',
1490	'quantity' => 14,
1491	)
1492	)
1493	),
1494	)
1495	);
1496	case 'month':
1497	return rest_ensure_response(
1498	array(
1499	'month' => $wpcom_stats->convert_stats_array_to_object(
1500	$wpcom_stats->get_visits(
1501	array(
1502	'unit' => 'month',
1503	'quantity' => 12,
1504	)
1505	)
1506	),
1507	)
1508	);
1509	}
1510	}
1511
1512	/**
1513	* Get date of last downtime.
1514	*
1515	* @since 4.3.0
1516	*
1517	* @return mixed\|WP_Error Number of days since last downtime. Otherwise, a WP_Error instance with the corresponding error.
1518	*/
1519	public function get_monitor_data() {
1520	if ( ! Jetpack::is_module_active( 'monitor' ) ) {
1521	return new WP_Error(
1522	'not_active',
1523	esc_html__( 'The requested Jetpack module is not active.', 'jetpack' ),
1524	array( 'status' => 404 )
1525	);
1526	}
1527
1528	$monitor = new Jetpack_Monitor();
1529	$last_downtime = $monitor->monitor_get_last_downtime();
1530	if ( is_wp_error( $last_downtime ) ) {
1531	return $last_downtime;
1532	} elseif ( false === strtotime( $last_downtime ) ) {
1533	return rest_ensure_response(
1534	array(
1535	'code' => 'success',
1536	'date' => null,
1537	)
1538	);
1539	} else {
1540	return rest_ensure_response(
1541	array(
1542	'code' => 'success',
1543	'date' => human_time_diff( strtotime( $last_downtime ), strtotime( 'now' ) ),
1544	)
1545	);
1546	}
1547	}
1548
1549	/**
1550	* Get services that this site is verified with.
1551	*
1552	* @since 4.3.0
1553	*
1554	* @return mixed\|WP_Error List of services that verified this site. Otherwise, a WP_Error instance with the corresponding error.
1555	*/
1556	public function get_verification_tools_data() {
1557	if ( ! Jetpack::is_module_active( 'verification-tools' ) ) {
1558	return new WP_Error(
1559	'not_active',
1560	esc_html__( 'The requested Jetpack module is not active.', 'jetpack' ),
1561	array( 'status' => 404 )
1562	);
1563	}
1564
1565	$verification_services_codes = get_option( 'verification_services_codes' );
1566	if (
1567	! is_array( $verification_services_codes )
1568	\|\| empty( $verification_services_codes )
1569	) {
1570	return new WP_Error(
1571	'empty',
1572	esc_html__( 'Site not verified with any service.', 'jetpack' ),
1573	array( 'status' => 404 )
1574	);
1575	}
1576
1577	$services = array();
1578	foreach ( jetpack_verification_services() as $name => $service ) {
1579	if ( is_array( $service ) && ! empty( $verification_services_codes[ $name ] ) ) {
1580	switch ( $name ) {
1581	case 'google':
1582	$services[] = 'Google';
1583	break;
1584	case 'bing':
1585	$services[] = 'Bing';
1586	break;
1587	case 'pinterest':
1588	$services[] = 'Pinterest';
1589	break;
1590	case 'yandex':
1591	$services[] = 'Yandex';
1592	break;
1593	case 'facebook':
1594	$services[] = 'Facebook';
1595	break;
1596	}
1597	}
1598	}
1599
1600	if ( empty( $services ) ) {
1601	return new WP_Error(
1602	'empty',
1603	esc_html__( 'Site not verified with any service.', 'jetpack' ),
1604	array( 'status' => 404 )
1605	);
1606	}
1607
1608	if ( 2 > count( $services ) ) {
1609	$message = esc_html(
1610	sprintf(
1611	/* translators: %s is a service name like Google, Bing, Pinterest, etc. */
1612	__( 'Your site is verified with %s.', 'jetpack' ),
1613	$services[0]
1614	)
1615	);
1616	} else {
1617	$copy_services = $services;
1618	$last = count( $copy_services ) - 1;
1619	$last_service = $copy_services[ $last ];
1620	unset( $copy_services[ $last ] );
1621	$message = esc_html(
1622	sprintf(
1623	/* translators: %1$s is a comma-separated list of services, and %2$s is a single service name like Google, Bing, Pinterest, etc. */
1624	__( 'Your site is verified with %1$s and %2$s.', 'jetpack' ),
1625	implode( ', ', $copy_services ),
1626	$last_service
1627	)
1628	);
1629	}
1630
1631	return rest_ensure_response(
1632	array(
1633	'code' => 'success',
1634	'message' => $message,
1635	'services' => $services,
1636	)
1637	);
1638	}
1639
1640	/**
1641	* Get VaultPress site data including, among other things, the date of the last backup if it was completed.
1642	*
1643	* @since 4.3.0
1644	*
1645	* @return mixed\|WP_Error VaultPress site data. Otherwise, a WP_Error instance with the corresponding error.
1646	*/
1647	public function get_vaultpress_data() {
1648	if ( ! class_exists( 'VaultPress' ) ) {
1649	return new WP_Error(
1650	'not_active',
1651	esc_html__( 'The requested Jetpack module is not active.', 'jetpack' ),
1652	array( 'status' => 404 )
1653	);
1654	}
1655
1656	$vaultpress = new VaultPress();
1657	if ( ! $vaultpress->is_registered() ) {
1658	return rest_ensure_response(
1659	array(
1660	'code' => 'not_registered',
1661	'message' => esc_html__( 'You need to register for VaultPress.', 'jetpack' ),
1662	)
1663	);
1664	}
1665
1666	$data = json_decode( base64_decode( $vaultpress->contact_service( 'plugin_data' ) ) ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
1667	if ( false === $data ) {
1668	return rest_ensure_response(
1669	array(
1670	'code' => 'not_registered',
1671	'message' => esc_html__( 'Could not connect to VaultPress.', 'jetpack' ),
1672	)
1673	);
1674	} elseif ( is_wp_error( $data ) \|\| ! isset( $data->backups->last_backup ) ) {
1675	return $data;
1676	} elseif ( empty( $data->backups->last_backup ) ) {
1677	return rest_ensure_response(
1678	array(
1679	'code' => 'success',
1680	'message' => esc_html__( 'VaultPress is active and will back up your site soon.', 'jetpack' ),
1681	'data' => $data,
1682	)
1683	);
1684	} else {
1685	return rest_ensure_response(
1686	array(
1687	'code' => 'success',
1688	'message' => esc_html(
1689	sprintf(
1690	/* translators: placeholder is a unit of time (1 hour, 5 days, ...) */
1691	esc_html__( 'Your site was successfully backed up %s ago.', 'jetpack' ),
1692	human_time_diff(
1693	$data->backups->last_backup,
1694	current_time( 'timestamp' ) // phpcs:ignore WordPress.DateTime.CurrentTimeTimestamp.Requested -- We cannot switch to time() or another "unix" timestamp option as long as $data->backups->last_backup uses WP timestamps.
1695	)
1696	)
1697	),
1698	'data' => $data,
1699	)
1700	);
1701	}
1702	}
1703
1704	/**
1705	* A WordPress REST API permission callback method that accepts a request object and
1706	* decides if the current user has enough privileges to act.
1707	*
1708	* @since 4.3.0
1709	*
1710	* @return bool does a current user have enough privileges.
1711	*/
1712	public function can_request() {
1713	return current_user_can( 'jetpack_admin_page' );
1714	}
1715	}
1716
1717	// phpcs:disable Universal.Files.SeparateFunctionsFromOO.Mixed -- TODO: Move these functions to some other file.
1718
1719	/**
1720	* Actions performed only when Gravatar Hovercards is activated through the endpoint call.
1721	*
1722	* @since 4.3.1
1723	*/
1724	function jetpack_do_after_gravatar_hovercards_activation() {
1725
1726	// When Gravatar Hovercards is activated, enable them automatically.
1727	update_option( 'gravatar_disable_hovercards', 'enabled' );
1728	}
1729	add_action( 'jetpack_activate_module_gravatar-hovercards', 'jetpack_do_after_gravatar_hovercards_activation' );
1730
1731	/**
1732	* Actions performed only when Gravatar Hovercards is activated through the endpoint call.
1733	*
1734	* @since 4.3.1
1735	*/
1736	function jetpack_do_after_gravatar_hovercards_deactivation() {
1737
1738	// When Gravatar Hovercards is deactivated, disable them automatically.
1739	update_option( 'gravatar_disable_hovercards', 'disabled' );
1740	}
1741	add_action( 'jetpack_deactivate_module_gravatar-hovercards', 'jetpack_do_after_gravatar_hovercards_deactivation' );
1742
1743	/**
1744	* Actions performed only when Markdown is activated through the endpoint call.
1745	*
1746	* @since 4.7.0
1747	*/
1748	function jetpack_do_after_markdown_activation() {
1749
1750	// When Markdown is activated, enable support for post editing automatically.
1751	update_option( 'wpcom_publish_posts_with_markdown', true );
1752	}
1753	add_action( 'jetpack_activate_module_markdown', 'jetpack_do_after_markdown_activation' );