HEX
Server: LiteSpeed
System: Linux node612.namehero.net 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User: dfwparty (1186)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/dfwparty/dfwmagic.com/wp-content/plugins/ws-form-pro/api/class-ws-form-api.php
<?php

	// Exit if accessed directly
	if ( ! defined( 'ABSPATH' ) ) {
		exit;
	}

	class WS_Form_API {

		public $error;
		public $error_message;
		public $error_code;

		protected $loader;

		public function __construct() {

			$this->error = false;
			$this->error_message = '';
			$this->error_code = 0;
		}

		// Throw API error
		public function api_throw_error($message, $error_code = 400) {

			$this->error = true;
			$this->error_message = $message;
			$this->error_code = $error_code;

			$this->api_json_response();
		}

		// Handle JSON response
		public function api_json_response($data = false, $form_id = 0, $history = false, $form_full = true, $form_published = false, $form_parse = false, $form_public = false) {

			$response_array = [];

			// Set error
			$response_array['error'] = $this->error;

			// New data
			if($data !== false) { $response_array['data'] = $data; }

			// Set HTTP content type head
			header('Content-Type: application/json');
			http_response_code(200);

			// API error
			if($this->error) {

				// Set error message
				$response_array['error_message'] = $this->error_message;

				// Set response code
				switch($this->error_code) {

					case '403' :
					case '404' :

						http_response_code($this->error_code);
						break;

					default :

						http_response_code(400);
				}
			}

			if($form_id > 0) {

				// Build form array
				$ws_form_form = new WS_Form_Form();
				$ws_form_form->id = $form_id;

				try {

					if($form_published) {

						// Published
						$form_object = $ws_form_form->db_read_published($form_parse);

					} else {

						// Draft
						$form_object = $ws_form_form->db_read($form_full, $form_full, false, $form_parse);
					}

				} catch (Exception $e) {

					self::api_throw_error($e->getMessage());
				}

				if($form_public) {

					// Convert for public
					$ws_form_form->form_public($form_object);
				}

				$response_array['form'] = $form_object;

				$response_array['form_full'] = $form_full || $form_published;

				if(is_array($history)) {

					// Check WordPress version
					$wp_new = WS_Form_Common::wp_version_at_least('5.3');

					// History data array (Describes what changed), or false for do not store in history
					$history['date'] = $wp_new ? wp_date(get_option('date_format')) : gmdate(get_option('date_format'), current_time('timestamp'));
					$history['time'] = $wp_new ? wp_date(get_option('time_format')) : gmdate(get_option('time_format'), current_time('timestamp'));
					$response_array['history'] = $history;
				}
			}

			// Strip any 'Location' headers that might have been added by third party hooks and would break our response
			header_remove('Location');

			// Push JSON response
			$response_json = wp_json_encode(

				// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- All hooks prefixed with wsf_
				apply_filters('wsf_api_response_array', $response_array)
			);
			if(json_last_error() !== 0) {

				// Set response code
				http_response_code(400);

				// Build error JSON
				$response_array = array(

					'error' => 			true,
					'error_message' =>	'JSON encoding error: ' . json_last_error_msg() . ' (' . json_last_error() . ')'
				);

				// JSON encode array
				$response_json = wp_json_encode($response_array);
			}

			// Run wsf_api_response action
			// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- All hooks prefixed with wsf_
			do_action('wsf_api_response');

			// Output JSON return
			// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- All hooks prefixed with wsf_
			WS_Form_Common::echo_json(apply_filters('wsf_api_response_json', $response_json));

			// Stop execution
			exit;
		}

		// Set up RESTful API
		public function api_rest_api_init() {

			/* API - Config */
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-config.php';
			$plugin_api_config = new WS_Form_API_Config();

			// API - Config (Public)
			// Intentionally public endpoint. This route serves config data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/config/', array('methods' => 'GET', 'callback' => array($plugin_api_config, 'api_get'), 'permission_callback' => function () { return true; }));

			// API - Helper
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-helper.php';
			$plugin_api_helper = new WS_Form_API_Helper();

			// Intentionally public endpoint. This route serves test data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/test/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_test'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/system/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_system'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/intro/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_intro'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/framework-detect/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_framework_detect'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/api-check/dismiss/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_api_check_dismiss'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			// Intentionally public endpoint. This route serves CSS data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/ws-form-css/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_ws_form_css'), 'permission_callback' => function () { return true; }));

			if(WS_Form_Common::customizer_enabled()) {

				// Intentionally public endpoint. This route serves CSS data only and does not expose sensitive data.
				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/ws-form-css-skin/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_ws_form_css_skin'), 'permission_callback' => function () { return true; }));
			}

			// Intentionally public endpoint. This route serves CSS data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/ws-form-css-conversational/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_ws_form_css_conversational'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/ws-form-css-admin/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_ws_form_css_admin'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			// Intentionally public endpoint. This route serves CSS data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/css-email/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_css_email'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/file_download/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_file_download'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/user_meta_hidden_column/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_user_meta_hidden_columns'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/support-contact-submit/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_support_contact_submit'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/deactivate-feedback-submit/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_deactivate_feedback_submit'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/count-submit-unread/', array('methods' => 'GET', 'callback' => array($plugin_api_helper, 'api_count_submit_unread'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/review-nag/dismiss/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_review_nag_dismiss'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/debug/(?P<helper_debug>[a-z]+)/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_debug'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/helper/styler/(?P<helper_styler>[a-z]+)/', array('methods' => 'POST', 'callback' => array($plugin_api_helper, 'api_styler'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			// API - Style
			if(WS_Form_Common::styler_enabled()) {

				require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-style.php';
				$plugin_api_style = new WS_Form_API_Style();

				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/(?P<style_id>[\d]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_style, 'api_get'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form_style'); }));

				// Intentionally public endpoint. This route serves generated CSS only and does not expose sensitive data.
				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/(?P<style_id>[\d]+)/css/', array('methods' => 'GET', 'callback' => array($plugin_api_style, 'api_get_css'), 'permission_callback' => function () { return true; }));

				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/(?P<style_id>[\d]+)/put/', array('methods' => 'POST', 'callback' => array($plugin_api_style, 'api_put'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form_style'); }));

				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/(?P<style_id>[\d]+)/upload/json/', array('methods' => 'POST', 'callback' => array($plugin_api_style, 'api_post_upload_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form_style'); }));

				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/upload/json/', array('methods' => 'POST', 'callback' => array($plugin_api_style, 'api_post_upload_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form_style'); }));

				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/css-variables/csv/', array('methods' => 'GET', 'callback' => array($plugin_api_style, 'api_get_css_variables_csv'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form_style'); }));

				register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/style/css-variables/json/', array('methods' => 'GET', 'callback' => array($plugin_api_style, 'api_get_css_variables_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form_style'); }));
			}

			// API - Form
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-form.php';
			$plugin_api_form = new WS_Form_API_Form();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/download/json/', array('methods' => 'POST', 'callback' => array($plugin_api_form, 'api_post_download_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('export_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/upload/json/', array('methods' => 'POST', 'callback' => array($plugin_api_form, 'api_post_upload_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/full/', array('methods' => 'GET', 'callback' => array($plugin_api_form, 'api_get_full'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form'); }));

			// Intentionally public endpoint. This route serves published form data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/published/', array('methods' => 'GET', 'callback' => array($plugin_api_form, 'api_get_published'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/full/put/', array('methods' => 'POST', 'callback' => array($plugin_api_form, 'api_put_full'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/put/', array('methods' => 'POST', 'callback' => array($plugin_api_form, 'api_put'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/publish/', array('methods' => 'POST', 'callback' => array($plugin_api_form, 'api_put_publish'), 'permission_callback' => function () { return WS_Form_Common::can_user('publish_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/draft/', array('methods' => 'POST', 'callback' => array($plugin_api_form, 'api_put_draft'), 'permission_callback' => function () { return WS_Form_Common::can_user('publish_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/locations/', array('methods' => 'GET', 'callback' => array($plugin_api_form, 'api_get_locations'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/svg/draft/', array('methods' => 'GET', 'callback' => array($plugin_api_form, 'api_get_svg_draft'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/svg/published/', array('methods' => 'GET', 'callback' => array($plugin_api_form, 'api_get_svg_published'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form'); }));

			// API - Form Stats
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-form-stat.php';
			$plugin_api_form_stat = new WS_Form_API_Form_Stat();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/stat/get-chart-data/', array('methods' => 'GET', 'callback' => array($plugin_api_form_stat, 'api_get_chart_data'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_submission'); }));

			// Intentionally public endpoint. This route serves form view data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/stat/add-view/', array('methods' => 'POST', 'callback' => array($plugin_api_form_stat, 'api_add_view'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/(?P<form_id>[\d]+)/stat/reset/', array('methods' => 'POST', 'callback' => array($plugin_api_form_stat, 'api_reset'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/form/stat/report-form-statistics-test/', array('methods' => 'POST', 'callback' => array($plugin_api_form_stat, 'api_report_form_statistics_send'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			// API - Group
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-group.php';
			$plugin_api_group = new WS_Form_API_Group();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/download/json/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_post_download_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('export_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/upload/json/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_post_upload_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/template/add/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_post_template_add'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_post'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/put/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_put'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/sort-index/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_put_sort_index'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/clone/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_put_clone'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/group/(?P<group_id>[\d]+)/delete/', array('methods' => 'POST', 'callback' => array($plugin_api_group, 'api_delete'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			// API - Section
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-section.php';
			$plugin_api_section = new WS_Form_API_Section();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/download/json/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_post_download_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('export_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/upload/json/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_post_upload_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/template/add/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_post_template_add'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_post'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/template/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_post_template'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/put/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_put'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/sort-index/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_put_sort_index'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/clone/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_put_clone'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/section/(?P<section_id>[\d]+)/delete/', array('methods' => 'POST', 'callback' => array($plugin_api_section, 'api_delete'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			// API - Field
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-field.php';
			$plugin_api_field = new WS_Form_API_Field();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_field, 'api_get'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_post'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/upload/csv/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_post_upload_csv'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/download/csv/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_post_download_csv'), 'permission_callback' => function () { return WS_Form_Common::can_user('export_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/put/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_put'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/sort-index/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_put_sort_index'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/clone/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_put_clone'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/last-api-error/clear/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_put_last_api_error_clear'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/delete/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_delete'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			// Intentionally public endpoint. This route serves field cascade data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/cascade/', array('methods' => 'GET', 'callback' => array($plugin_api_field, 'api_cascade'), 'permission_callback' => function () { return true; }));

			// Intentionally public endpoint. This route serves field select AJAX data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/select-ajax/', array('methods' => 'GET', 'callback' => array($plugin_api_field, 'api_select_ajax'), 'permission_callback' => function () { return true; }));
			// Intentionally public endpoint. This route serves field dropzoneJS data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/field/(?P<field_id>[\d]+)/dropzonejs/', array('methods' => 'POST', 'callback' => array($plugin_api_field, 'api_dropzonejs'), 'permission_callback' => function () { return true; }));
			// API - Submit
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-submit.php';
			$plugin_api_submit = new WS_Form_API_Submit();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_submit, 'api_get'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_submission'); }));

			// Intentionally public endpoint. This route serves submit data only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_post'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/action/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_repost'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/put/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_put'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_submission'); }));

			// Intentionally public endpoint. This route serves submit data by hash only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/hash/(?P<wsf_hash>[a-zA-Z0-9]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_submit, 'api_get_by_hash'), 'permission_callback' => function () { return true; }));

			// Intentionally public endpoint. This route serves submit data by hash and token only and does not expose sensitive data.
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/hash/(?P<wsf_hash>[a-zA-Z0-9]+)/(?P<wsf_token>[a-zA-Z0-9]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_submit, 'api_get_by_hash'), 'permission_callback' => function () { return true; }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/starred/on/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_put_starred_on'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/starred/off/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_put_starred_off'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/viewed/on/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_put_viewed_on'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/(?P<submit_id>[\d]+)/viewed/off/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_put_viewed_off'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_submission'); }));
			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/error/report-submit-error-test/', array('methods' => 'POST', 'callback' => array($plugin_api_submit, 'api_report_submit_error_send'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));
			// API - Submit - Export
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-submit-export.php';
			$plugin_api_submit_export = new WS_Form_API_Submit_Export();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/export/', array('methods' => 'POST', 'callback' => array($plugin_api_submit_export, 'api_export'), 'permission_callback' => function () { return WS_Form_Common::can_user('export_submission'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/submit/export/(?P<wsf_hash>[a-zA-Z0-9]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_submit_export, 'api_export_get'), 'permission_callback' => function () { return WS_Form_Common::can_user('export_submission'); }));

			// API - Template
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-template.php';
			$plugin_api_template = new WS_Form_API_Template();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/template/upload/json/', array('methods' => 'POST', 'callback' => array($plugin_api_template, 'api_post_upload_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/template/download/json/', array('methods' => 'POST', 'callback' => array($plugin_api_template, 'api_post_download_json'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/template/action/', array('methods' => 'GET', 'callback' => array($plugin_api_template, 'api_get_actions'), 'permission_callback' => function () { return WS_Form_Common::can_user('create_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/template/action/(?P<action_id>[a-zA-Z0-9]+)/', array('methods' => 'GET', 'callback' => array($plugin_api_template, 'api_get_action_templates'), 'permission_callback' => function () { return WS_Form_Common::can_user('create_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/template/delete/', array('methods' => 'POST', 'callback' => array($plugin_api_template, 'api_delete'), 'permission_callback' => function () { return WS_Form_Common::can_user('manage_options_wsform'); }));

			// API - Block
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-block.php';
			$plugin_api_block = new WS_Form_API_Block();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/block/forms/', array('methods' => 'GET', 'callback' => array($plugin_api_block, 'api_get_forms'), 'permission_callback' => function () { return WS_Form_Common::can_user('read_form'); }));

			// API - Sidebar
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-sidebar.php';
			$plugin_api_sidebar = new WS_Form_API_Sidebar();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/sidebar/width/', array('methods' => 'POST', 'callback' => array($plugin_api_sidebar, 'api_sidebar_width'), 'permission_callback' => function () { return WS_Form_Common::can_user('edit_form'); }));

			// API - Migrate
			require_once WS_FORM_PLUGIN_DIR_PATH . 'api/class-ws-form-api-migrate.php';
			$plugin_api_migrate = new WS_Form_API_Migrate();

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/migrate/field-mapping/', array('methods' => 'POST', 'callback' => array($plugin_api_migrate, 'api_field_mapping'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/migrate/submission/import/', array('methods' => 'POST', 'callback' => array($plugin_api_migrate, 'api_submission_import'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));

			register_rest_route(WS_FORM_RESTFUL_NAMESPACE, '/migrate/form/import/', array('methods' => 'POST', 'callback' => array($plugin_api_migrate, 'api_form_import'), 'permission_callback' => function () { return WS_Form_Common::can_user('import_form'); }));
		}

		// MCP adapter init
		public function mcp_adapter_init($adapter) {

			// Get abilities
			$abilities = WS_Form_Config::get_abilities('ability');

			$exposed_tools = array();
			$exposed_resources = array();
			$exposed_prompts = array();

			// Process each ability
			foreach($abilities as $ability_name => $ability) {

				// Get type
				$type =	(
							isset($ability['meta']) &&
							isset($ability['meta']['mcp']) &&
							isset($ability['meta']['mcp']['type'])

						) ? $ability['meta']['mcp']['type'] : 'tool';

				// Add to exposed array
				switch($type) {

					case 'prompt' :

						$exposed_prompts[] = $ability_name;
						break;

					case 'resource' :

						$exposed_resources[] = $ability_name;
						break;

					default :

						$exposed_tools[] = $ability_name;
				}
			}

			// Create MCP server
			$adapter->create_server(

				'ws-form',                           // Unique server identifier
				WS_FORM_RESTFUL_NAMESPACE,           // REST API namespace
				'mcp',                               // REST API route
				__('WS Form MCP Server', 'ws-form'), // Server name
				__('WS Form MCP Server', 'ws-form'), // Server description
				WS_FORM_VERSION,                     // Server version
				[                                    // Transport methods
					(class_exists('\WP\MCP\Transport\HttpTransport') ? \WP\MCP\Transport\HttpTransport::class : \WP\MCP\Transport\Http\RestTransport::class),
				],
				\WP\MCP\Infrastructure\ErrorHandling\ErrorLogMcpErrorHandler::class,     // Error handler
				\WP\MCP\Infrastructure\Observability\NullMcpObservabilityHandler::class, // Observability handler
				$exposed_tools,                      // Tools
				$exposed_resources,                  // Resources
				$exposed_prompts                     // Prompts
    		);
		}

		// No cache
		public function api_no_cache() {

			// Force no cache headers
			header('Cache-Control: no-store, no-cache, must-revalidate');
			header('Cache-Control: post-check=0, pre-check=0', false);
			header('Expires: Thu, 1 Jan 1970 00:00:00 GMT');
			header('Pragma: no-cache');
			header(sprintf('Last-Modified: %s GMT', gmdate('D, d M Y H:i:s')));

			// Run action to run additional no cache code
			// phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- All hooks prefixed with wsf_
			do_action('wsf_api_no_cache');
		}

		// CSS Cache Header
		public function api_css_header() {

			// Content type
			header("Content-type: text/css; charset: UTF-8");

			// Caching
			$css_cache_duration = 	WS_Form_Common::option_get('css_cache_duration', 86400);
			header("Pragma: public");
			header("Cache-Control: maxage=" . $css_cache_duration);
			header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $css_cache_duration) . ' GMT');
		}
	}