HEX
Server: LiteSpeed
System: Linux server315.web-hosting.com 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: globfdxw (6114)
PHP: 8.1.34
Disabled: NONE
$ pwd: /home/globfdxw/public_html/wp-content/plugins/kirki/includes/
Upload Files
File: //home/globfdxw/public_html/wp-content/plugins/kirki/includes/API.php
<?php

/**
 * Register routes for Media and Frontend
 *
 * @package kirki
 */

namespace Kirki;

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

use Kirki\API\ContentManager\ContentManagerRest;
use Kirki\API\KirkiComments\KirkiCommentsRest;
use Kirki\API\Media;
use Kirki\API\Frontend\FrontendApi;

/**
 * API Class
 */
class API {



	/**
	 * Initialize the class
	 *
	 * @return void
	 */
	public function __construct() {
		add_action( 'rest_api_init', array( $this, 'register_api' ) );
		add_action( 'init', array( $this, 'download_zip_endpoint' ) );
	}

	/**
	 * Register_api
	 *
	 * @return void
	 */
	public function register_api() {
		// Media apis.
		$media = new Media();
		$media->register_routes();

		$content_manager = new ContentManagerRest();
		$content_manager->register_routes();

		$kirki_comments = new KirkiCommentsRest();
		$kirki_comments->register_routes();

		FrontendApi::register();
	}

	public function download_zip_endpoint() {
		if (
			! isset( $_GET['page-export'], $_GET['file-name'] ) ||
			'true' !== $_GET['page-export']
		) {
			return;
		}

		if ( ! HelperFunctions::has_access( KIRKI_ACCESS_LEVELS['FULL_ACCESS'] ) ) {
			wp_send_json_error( 'Not authorized', 401 );
		}

		// TODO: need to check nonce
		$this->downloadZIP();
	}

	private function downloadZIP() {
		$upload_dir = wp_upload_dir();
		$file_name  = HelperFunctions::sanitize_text( $_GET['file-name'] );
		$file_name  = basename( $file_name );
		// Check if the file has a .zip extension
		if ( pathinfo( $file_name, PATHINFO_EXTENSION ) !== 'zip' ) {
			echo 'Invalid file type.';
			die();
		}
		$zipFilePath = $upload_dir['basedir'] . "/$file_name";
		// Send the zip file to the client.
		header( 'Content-Type: application/zip' );
		header( 'Content-Disposition: attachment; filename="' . $file_name . '"' );
		header( 'Content-Length: ' . filesize( $zipFilePath ) );
		$this->output_file_and_cleanup( $zipFilePath, $file_name );
		exit;
	}

	private function output_file_and_cleanup( $path, $name ) {
		global $wp_filesystem;
		if ( empty( $wp_filesystem ) ) {
			require_once ABSPATH . 'wp-admin/includes/file.php';
			WP_Filesystem();
		}

		if ( $wp_filesystem->exists( $path ) ) {
			echo $wp_filesystem->get_contents( $path ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
			wp_delete_file( $path );
		}
	}
}
@ Telegram