From fed6f3729834efda25d925f070f51fe18e40c3fa Mon Sep 17 00:00:00 2001
From: Mohan Raj <mohanraj.pachaiyappan@news.co.uk>
Date: Sat, 25 Mar 2023 18:13:25 +0000
Subject: [PATCH] Adds validation for POST method

---
 includes/Api/Flags.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/includes/Api/Flags.php b/includes/Api/Flags.php
index ccfcc42..5a717af 100644
--- a/includes/Api/Flags.php
+++ b/includes/Api/Flags.php
@@ -52,6 +52,7 @@ function () {
 							'permission_callback' => function () {
 								return current_user_can( 'manage_options' );
 							},
+							'validate_callback'   => [ $this, 'validate_flag_input' ],
 						],
 					]
 				);
@@ -98,4 +99,28 @@ public function post_flags( $request ) {
 		}
 	}
 
+	/**
+	 * Validates flag input from POST method.
+	 *
+	 * @param \WP_REST_Request $param Request object.
+	 *
+	 * @return bool
+	 */
+	public function validate_flag_input( $param ) {
+		$input_data = $param->get_json_params();
+		$valid_keys = [ 'id', 'name', 'enabled' ];
+
+		if ( ! isset( $input_data ) || ! is_array( $input_data ) || 0 === count( $input_data ) ) {
+			return false;
+		}
+
+		foreach ( $input_data as $flag_key => $flag ) {
+			foreach ( $valid_keys as $key => $value ) {
+				if ( ! array_key_exists( $value, $flag ) ) {
+					return false;
+				}
+			}
+		}
+		return true;
+	}
 }