Emotet malware adds email exfiltration, researcher hides Complete Works of Shakespeare inside Twitter image and contact info easily viewable on locked iOS 12.1 devices on episode 154 of our daily podcast.
Latest Hacking News Podcast #154 on Latest Hacking News.
The third prize of the Alibaba Cloud competition goes to David Banham. His winning entry is a succinct tutorial on statically compiling a Go program, and using Docker to containerize and distribute it.
Alibaba Cloud’s Container Service is a great example of how Docker and Kubernetes are revolutionising the cloud landscape. The curmudgeons will rail that it’s all still just some software running on someone else’s computer, but the transformative difference is that k8s and Docker provide what is effectively a platform-agnostic management API. If you build your DevOps pipelines against k8s you have the lowest possible switching friction between AWS, Google Cloud, Azure and Alibaba. The closer we can get to the dream of write once, run anywhere, the better!
Another tool I love for enhancing software portability is the Go language. Cross compilation in Go is as easy as falling off a log. I develop software on my Linux laptop and in the blink of an eye I can have binaries built for Windows, OSX, WASM, etc! Here’s the Makefile snippet I use to do it:
name = demo
PLATFORMS := linux/amd64 windows/amd64 linux/arm darwin/amd64
temp = $(subst /, ,$@)
os = $(word 1, $(temp))
arch = $(word 2, $(temp))
release:
make -l inner_release
inner_release: $(PLATFORMS)
$(PLATFORMS):
@-mkdir -p ../web/api/clients/$(os)-$(arch)
@-rm ../web/api/clients/$(os)-$(arch)/*
GOOS=$(os) GOARCH=$(arch) go build -o '../web/api/clients/$(os)-$(arch)/$(name) .
@chmod +x ../web/api/clients/$(os)-$(arch)/$(name)
@if [ $(os) = windows ]; then mv ../web/api/clients/$(os)-$(arch)/$(name) ../web/api/clients/$(os)-$(arch)/$(name).exe; fi
zip --junk-paths ../web/api/clients/$(os)-$(arch)/$(name)$(os)-$(arch).zip ../web/api/clients/$(os)-$(arch)/*
@if [ $(os) = windows ]; then cp ../web/api/clients/$(os)-$(arch)/$(name).exe ../web/api/clients/$(os)-$(arch)/$(name); fi
Neat! That will get you a tidy little binary that will run on your target operating systems. Even that is overkill if you’re targeting a Docker host like Cloud Container Service. All you need to do there is just GOOS=linux GOARCH=amd64 go build and you’re done! Then, you just need to choose your favorite Linux distribution and build that into the Dockerfile.
What if we wanted to simplify our lives even further, though? What if we could do away with the Linux distribution entirely?
Go supports the compilation of statically linked binaries. That means we can write code that doesn’t rely on any external DLLs at all. Observe this magic Dockerfile:
The post Statically Compiled Go on Alibaba Cloud Container Service appeared first on SitePoint.
Once again, a crypto exchange allegedly suffered a major cyber attack losing millions of dollars. This time, the victim is
Canadian Crypto Exchange MapleChange Got Hacked – People Suspect An Exit Scam on Latest Hacking News.
The need to defend a growing threat surface highlights the widening cybersecurity skills gap
The post Growing pains: Skills gap meets expanding threat surface appeared first on WeLiveSecurity
The banking sector has always been a target of hackers worldwide. This time they have targeted Pakistan. The victim Bank
Bank Islami Cyber Attack Marks The Biggest In History for Pakistan on Latest Hacking News.
How can we help kids avoid security horrors and stay safe from rogue online “neighbors” at Halloween and thereafter?
The post Five ways to make Halloween less cyber-scary for kids appeared first on WeLiveSecurity
GPlayed Banking Trojan discovered, an employee infects US Govt system after browsing 9,000 porn pages and Apple's T2 prevents eavesdropping through the microphone on episode 153 of our daily podcast.
Latest Hacking News Podcast #153 on Latest Hacking News.
ch4inrulz: 1.0.1 is an intermediate level CTF machine available at Vulnhub. The box was developed by ASKAR and released on
ch4inrulz: 1.0.1 | Vulnhub Hacking Challenge Walkthrough on Latest Hacking News.
Recently, we heard of a massive hacking attack in Gabon (West Africa). As revealed, hackers from Anonymous claimed responsibility having
Numerous Gabon Government Websites Hacked By Anonymous Hackers Group on Latest Hacking News.
In this tutorial, we’ll learn how to integrate Vue.js with a WordPress plugin to provide a modern UI experience to our WordPress users.
Vue.js is a very popular progressive JavaScript library for building modern and rich user interfaces similar to Angular and React in terms of popularity, performance and component-based architecture. We’ll dive into the entire process of building a very simple WordPress plugin with a Vue interface that interacts with the WordPress REST API through the JavaScript Fetch API.
We’ll create a shortcode that will allow us to add a latest published posts widget in our WordPress website. The UI of the widget is a Vue app which fetches the latest published posts via the /wp-json/wp/v2/posts?filter[orderby]=date WP-API endpoint.
This tutorial assumes some familiarity with Vue.js. We’ll see how to create a Vue instance, use life-cycle hooks like mounted(), and also the JavaScript Fetch API to interact with the WordPress REST API.
In this section, we’ll see how to create a WordPress plugin that registers a shortcode in a few steps.
wp-content/pluginsLet’s start by creating the back-end part of our plugin. Plugins live inside the wp-content/plugins folder. Navigate to this folder inside your WordPress installation folder and create a sub-folder for your plugin. Let’s call it vueplugin:
cd /var/www/html/wp-content/plugins
mkdir vueplugin
Inside your plugin folder, create a vueplugin.php file and add the initial content:
<?php
/*
Plugin Name: Latest Posts
Description: Latest posts shortcode
Version: 1.0
*/
These comments are used as meta information for the plugin. In our case, we simply provide a plugin name, description and version.
If you visit the plugins page in the admin interface you should be able to see your plugin listed:
Shortcodes are used via WordPress plugins to enable users to add content to posts and pages. To register a shortcode you need to add the following minimal code in your plugin file:
function handle_shortcode() {
return 'My Latest Posts Widget';
}
add_shortcode('latestPosts', 'handle_shortcode');
We’re registering a shortcode named latestPosts.
WordPress provides the built-in add_shortcode() function to create the shortcode in your WordPress plugin. The function takes a name as the first parameter and the handler function that processes your shortcode logic and returns an output as a second parameter.
At this point, we’re only returning a static string from our shortcode, but shortcodes are more useful when used to insert dynamic content.
Now, let’s activate the plugin from the admin interface by clicking on the Activate link below the plugin name:
You can use a shortcode by enclosing it in square brackets — that is, [SHORTCODE_NAME]. The text inside the brackets is the name we passed as the first parameter to the add_shortcode() function. It gets replaced by the output returned by the PHP function passed as the second parameter.
To test if our shortcode is successfully registered, we can create a new post and add [latestPosts] in the post content:
You should see My Latest Posts Widget sentence rendered:
Now, instead of displaying the static My Latest Posts Widget string, let’s display the latest posts using Vue.js.
The post Building a WordPress Plugin with Vue appeared first on SitePoint.
We received a lot of great entries in our recent competition to find the best tip for making the most out of Alibaba Cloud services. It was a fun but challenging task for our judges to pick the winners amongst so many helpful and interesting entries. But alas after fiery deliberations and heated debates they've decided that the second prize of the competition goes to Nhi Nam Ha. His winning tip is a part of a series on serverless app architecture on Alibaba Cloud, and it covers several Alibaba products.
This tutorial will show you how to deploy a MongoDB database on Alibaba Cloud and use Function Compute to develop a back-end API system to interact with the database.
Relational databases have been selected as the primary system to manage data in software development for a long time. Its ACID principals promote the data persistency, transaction integrity and concurrency control. Over the last few years, NoSQL (Not only SQL) has become popular. This model solves the impedance mismatch between the relational data structures (tables, rows, fields) and the in-memory data structures of the application (objects). Most importantly, NoSQL is designed to scale horizontally which makes it an excellent choice for modern web applications.
NoSQL could be categorized into 4 groups:
MongoDB is the most popular system within the document database group. As defined on mongodb.com,
A record in MongoDB is a document, which is a data structure composed of field and value pairs. MongoDB documents are similar to JSON objects. The values of fields may include other documents, arrays, and arrays of documents.
MongoDB databases can be deployed on Alibaba Cloud via its ApsaraDB for MongoDB service. Users can select among 3 pricing schemes:
Replication and sharding refers to the data distribution models:
In the Alibaba Cloud console, click on Products and you will see ApsaraDB for MongoDB under the ApsaraDB group. Alternatively, you can use the search box to filter the desired service.
Select the pricing scheme, the region, the server specification, and set a password for your database. Alibaba Cloud will tell you how much the service cost you based on what you chose.
More info about the instance parameters is here.
Note: if you are using a free trial account, remember to select a subscription instance. PAYG instances do not include in the trial program.
To ensure database security Alibaba Cloud automatically block all access to the database. You have to specify IP addresses in the whitelist to gain access to the target instance.
After you set your IP whitelist, click on “Database Connection” to see the connection parameters
Use this connection string to connect to the database in your Node.js code.
Function Compute lets you run code without provisioning or managing servers. This service prepares computing resources for you and runs your codes on your behalf elastically and reliably. You only pay for resources actually consumed when running the codes. If your code isn’t executed, you don’t pay.
Function Compute runs your code in response to events. When the event source service triggers an event, the associated function is automatically called to process the event.
From the Alibaba Cloud console, select Function Compute and click on the “+” icon to create a new service
In the newly created service, click on the “+” icon to create a new function. You will go through a multi-step wizard to select options for your function.
For Function Template, select “Empty Function”
In the “Configure Triggers” step, select “HTTP Trigger” and give it a name. Other settings are as the image below
In the “Configure Function Settings” step, set a name for your function and select “nodejs6” as runtime
Click “Next” in the last two steps to finish the wizard and create the fucntion.
Click on the function you have just created and click on the “Code” tab. This is where you provide your code for the function to run
Use the connection string from your MongoDB server.
Also in this screen you can view the HTTP trigger that will invoke your function. You can also run the trigger to test you function here.
In this tutorial we have learnt about NoSQL database with MongoDB as a popular example. Alibaba Cloud provides its ApsaraDB for MongoDB service to those who want to run MongoDB servers on its cloud. The tutorial then moves to discuss the Function Compute service as a new way to build your application following the emerging Serverless architecture. It shows an example of a Node.js function triggered by an HTTP request to connect to the MongoDB database and perform an “insert” command.
The post Building a Serverless REST API with Function Compute and MongoDB appeared first on SitePoint.
Recon-ng is a reconnaissance framework that can perform open source web based information gathering for a given target. Recon-ng is
Recon-ng – Open Source Intelligence (OSINT) Reconnaissance Framework on Latest Hacking News.
Take a look at a modern, digital camera today, and you’ll probably find it uses an SD card in order
EaseUS Data Recovery Wizard Review on Latest Hacking News.
Mac trojan masquerading as cryptocurrency ticker, Girl Scouts suffer data breach and as brain implant technology progresses the vulnerabilities become more dangerous on episode 152 of our daily podcast.
Latest Hacking News Podcast #152 on Latest Hacking News.
In this tutorial, we will deploy a Laravel application using Docker and Alibaba Cloud Container Service.
Before you begin this guide you’ll need the following:
First of all, you need a Laravel application that you can Dockerize. You can just copy my example from GitHub and push to your own git repository or you can create a new Laravel app using Composer with this command: composer create-project --prefer-dist laravel/laravel appname
We need to add some files to the root of the Laravel app.
You have to create an environment configuration file for the production environment, let’s call it .env.prod. You can copy your existing .env file, but don’t forget to modify the values(for example, set APP_ENV to production).
We will need a configuration file for the web server as well(we will use Apache), create a vhost.conf file for our virtual host.
<VirtualHost *:80>
DocumentRoot /app/public
<Directory "/app/public">
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
To build our container we need a Dockerfile, we will use multi-stage build:
#Install the dependencies using composer
FROM composer:1.7 as build
WORKDIR /app
COPY . /app
RUN composer install
COPY .env.prod .env
#Application
FROM php:7.2-apache
RUN docker-php-ext-install mysqli pdo pdo_mysql
EXPOSE 80
COPY --from=build /app /app
COPY vhost.conf /etc/apache2/sites-available/000-default.conf
RUN chown -R www-data:www-data /app \
&& a2enmod rewrite
We also need to exclude some files and folders from the container, so you should create a .dockerignore file (you can extend this list if you want):
.git/
vendor/
node_modules/
yarn-error.log
On the Alibaba Cloud Console, go to Products > Elastic Computing > Container Registry.
First, you need to set the registry login password.
We have to create a namespace, then we can create a repository for the application.
Make sure that you set the repository type to Private, otherwise the repository will be accessible without the password. You can select the region of your repository as well.
The Container Registry supports GitHub, GitLab and Bitbucket as a code source which is really useful. If you use one of them you can choose that, but for the simplicity, we will use the Local repository option in this tutorial.
You need to build the container on your local computer and push it to the registry (if you choose a Git hosting service Container Registry will build the containers automatically, so you can skip these steps.)
Run the following command in the root of your Laravel app to build the container (you can replace test/laravel:1.0 tag with your own).
docker build -t test/laravel:1.0 .
If you click on manage at the right of your repository in the Container Registry, you can find the address of your repository and a guide about how to log in to the registry and push an image to the repository.
So you have to run the following commands, but with your own region, namespace and repository:
docker login --username=user@example.com registry-intl.eu-central-1.aliyuncs.com
docker tag test/laravel:1.0 registry-intl.eu-central-1.aliyuncs.com/ma_test/laravel1:1.0
docker push registry-intl.eu-central-1.aliyuncs.com/ma_test/laravel1:1.0
When you successfully pushed the image, you will see it under the Tags tab.
On the Alibaba Cloud Console go to Products > Networking > Virtual Private Cloud and activate VPC.
Choose your region from the top menu and create a VPC and a VSwitch.
First you need to enable RAM (Products > Monitor and Management > Resource Access Management), then you can go to Products > Elastic Computing > Container Service.
Container Service supports both Swarm and Kubernetes. Now we will use Swarm, so you should select Swarm from the left menu.
Click on the Create Cluster button and configure your cluster (don’t forget to select the same region that you selected for your VPC).
I chose 2x (2 nodes) 1 Core 1GB ECS instances for the demo, but you can choose a different configuration if you want.
In the Login section, you need to create SSH keys or set a password. I highly recommend SSH keys, but for the simplicity, you can use passwords for now.
When you have finished with the configuration you can click on the Create button (a confirm dialog will show up with pricing information).
When the cluster creation is finished and you can see your cluster in the cluster list, click on Manage.
You need to log in to your private repository to access the images, so click on the Log on to Hub button. If you don’t know what the repository’s domain name is, you should go to the Container Registry control panel and click on Manage at the right of your repository. Copy the VPC address (for example: registry-intl-vpc.eu-central-1.aliyuncs.com/ma_test/laravel1) — that is your Repository Domain Name. Your username and password is the username and password of your registry.
Now the cluster nodes can pull your image from the private repository.
On the Container Service control panel click on Applications from the left menu, then click on Create Application.
Set the name and the version, check Pull Docker Image (this will ensure that you definitely end up with the latest version), then click on Create with Image button.
The post Deploy a Laravel App to Alibaba Cloud Using Docker appeared first on SitePoint.
Mini Latif decided she wanted to run her own business at the age of seven and that nothing was going to stand in her way. Turns out she was right.
She grew up thinking that everyone had their own business; in her mind it was just how it was done. Her Cypriot parents, who moved to Melbourne to escape the war, owned milk bars and worked in cafes long before the term barista even existed. And so it was here, living above her family’s milk bar, where the seven-year-old Mini decided on her career path: go work for a corporate organization to learn the policies and procedures behind running a business and then head out on her own. Not bad for a seven-year-old. And when asked if she’s ever doubted that decision, her reply is a swift: “Never.”
True to her word, Latif would eventually make the move to London to work for big corporate agencies with huge clients and even bigger budgets. She enjoyed her work, yet that plan for her own business never wavered.
I knew that I didn’t love the corporate world but understood that I needed the insight. It was through this work I learned the importance of policies, procedures and that I needed to be controlled with my thinking. When one of the agencies offered me as job as an Account Director, I stopped my internal train for five minutes and considered it but I couldn’t shake off the feeling that time was not on my side to take a career detour and it would only be a matter of time before someone else would beat me to my idea.
The idea she speaks of is her business Ottoman3, a brow bar, the seed of which was sown during her time overseas.
I would spend my lunch hour in John Lewis, a UK department store, getting my nails done and my eyebrows threaded and find myself there every three weeks. One day I just thought: “what if I could get these two things done at the same time?” That was where the idea for Ottoman3 came from.
The move back to Australia came with the sole aim of her opening the first Ottoman3.
I assumed it would take time, so I first got myself a good paying corporate job as I didn’t want to compromise my quality of life. What I mean by that is financial quality. I had already sacrificed so much to be able to take this chance on myself, that I didn’t want to have to count the pennies to survive. I think that would have affected my mental health. So before I contacted Myer, I first secured a good paying corporate job that was going to “support” my lifestyle financially. Once I had that secured, then I continued on with my business plan without having to worry about how I would pay the mortgage. I didn’t have my daughter then so it was easier to fit in an extra few hours of work a day. All the Ottoman3 stuff was done in addition to my “real job”.
That real job was working as an online specialist for Medibank Private, something she did from 9am–5pm, five days a week.
It’s the biggest challenge with start-ups: there’s no money, and you need to be able to pay your mortgage and your bills at the same time as starting your business. Once we opened in Myer I was working full-time at Medibank, and then Thursday and Friday nights. As well as that, on Saturdays and Sundays I was in Myer at the brow bar and on the tools.
Mini Latif (right) at WeTeachMe’s Masters SeriesThe post The Importance of Resilience in Business appeared first on SitePoint.
Ransomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce risk
The post Ransomware and the enterprise: A new white paper appeared first on WeLiveSecurity
Introduction Name: Jarbas: 1 Date release: 3 Apr 2018 Jarbas :1 remains one of the best boxes for beginners, the
Jarbas: 1 Vulnhub CTF Challenge Walkthrough on Latest Hacking News.
An Indian researcher discovered an important local privilege escalation vulnerability that poses a security threat to most Linux distros and
Serious Vulnerability Discovered In X.Org Server Affects Major Linux and BSD Variants on Latest Hacking News.
What has the internet brought us? And how does privacy stay anchored in the data deluge of the digital age? Here’s a brief reflection to celebrate today’s Internet Day
The post Nothing exceeds like excess; or, a lack of privacy in the digital age appeared first on WeLiveSecurity
Interview with software developer Iain Row on the experience of reporting a vulnerability he discovered on the website of UK-based retailer Card Factory.
Latest Hacking News Podcast #151 on Latest Hacking News.
GrayKey technology gained significant popularity, particularly among the security officials, owing to its exceptional feature of cracking iPhone passcodes. While
Apple Blocks GrayKey Passcode Cracking Tech With The Latest iOS 12 Update on Latest Hacking News.
Researchers have discovered another way through which bad actors may phish! The method employs exploiting a vulnerability in the Microsoft
Vulnerability In Microsoft Word Online Video Feature Allows for Phishing on Latest Hacking News.
As the US elections are nearing, reports about hacks and data breaches involving political parties seem to repeatedly surface online.
Consulting Firm Leaked Data Of Democratic Party Fundraisers In Unsecured NAS Device on Latest Hacking News.
Last month, we heard of a shocking data breach at British Airways that affected thousands of customers. The hackers allegedly
British Airways Hack Update: 185,000 More Customers Found Affected on Latest Hacking News.
Cisco has recently fixed a serious privilege escalation vulnerability in its Webex Meetings app. The vulnerability could allow an attacker
Cisco Patched Privilege Escalation Vulnerability In Webex Meetings Desktop App on Latest Hacking News.
Cyberry:1 is a boot2root challenge designed for Beginners to intermediate.Its a Debian box that is supported by Vmware. Since DHCP
Cyberry: 1 Vulnhub Hacking Challenge Walkthrough on Latest Hacking News.
After all the madness that happened with Facebook, they now have to pay for their chaos. In July, we heard
Facebook Fine Of £500,000 Confirmed By UK ICO Over Cambridge Analytica on Latest Hacking News.
From my experience,I would rate this cool box posted by 0katz at Vulnhub as intermediate since you are required to think
Temple of Doom: 1 | Vulnhub Hacking Challenge Walkthrough on Latest Hacking News.
ESET research has found banking Trojans that continue to surface on Google Play
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Web Application Firewall, or WAF, serves as a primary defence against malicious attacks on web based products. However, like any
Cloudflare WAF Bypass Vulnerability Discovered on Latest Hacking News.
This article was originally published on the Okta developer blog. Thank you for supporting the partners who make SitePoint possible. Single-Page Applications (SPAs) improve user experience by offering rich UI interactions, fast feedback, and the relief of knowing you don’t need to download and install a traditional application. Browsers are now operating systems and websites […]
The post Build a Single-Page App with Go and Vue appeared first on SitePoint.
This tutorial walks you through creating a custom WP-API endpoint. We’ll first create a child theme of the default “Twenty Seventeen” theme, which will allow us to add functionality to our theme, and then proceed to register our custom API endpoint.
The WordPress REST API provides you with more than just a set of built-in routes. You can also create custom routes and endpoints using the same APIs used to create default routes (for example, the register_rest_route() function and the WP_Rest_Controller class etc.). With WP-API, you’ll have the possibility to integrate WordPress with other ecosystems, which makes WordPress a powerful and modern application development platform.
You can create or register custom endpoints either in plugins or themes.
Inside your WordPress installation folder, create a folder for your child theme. Let’s call it twentyseventeen-child:
cd /var/www/html/wp-content/themes
mkdir twentyseventeen-child
Next create a style.css file:
touch style.css
And add the following header information:
/*
Theme Name: Twenty Seventeen Child Theme
description: A child theme of the Twenty Seventeen WordPress theme
Author: Ahmed Bouchefra
Template: twentyseventeen
Version: 1.0.0
*/
The Template field refers to the folder’s name of the parent theme.
Go to Appearance -> Themes in the WordPress admin and choose your child theme:
Next, click on the Activate button to activate your child theme:
Inside the theme folder, add a functions.php file with the following initial code:
<?php
// Add code here.
We want to create a new route that will allow us to retrieve the latest recent posts by category ID with the following format:
http://localhost/wp-json/mytwentyseventeentheme/v1/latest-posts/<CATEGORY_ID>
At this point, if we visit the above URL in our browser we’ll get a 404 error with the message “No route was found matching the URL and request method”:
This is because we don’t actually have that route. Let’s change that!
In the functions.php file of your theme, add the following code:
add_action('rest_api_init', function () {
register_rest_route( 'mytwentyseventeentheme/v1', 'latest-posts/(?P<category_id>\d+)',array(
'methods' => 'GET',
'callback' => 'get_latest_posts_by_category'
));
});
We’re using the register_rest_route() with the following parameters:
mytwentyseventeentheme/v1latest-posts/(?P<category_id>\d+)get_latest_posts_by_category() callback function that handles the request.A namespace allows two plugins or themes to use the same route paths without conflict and the clients to detect the support for your custom API by simply using the /wp-json/wp/v2 API and checking the namespaces field.
You can see from the screenshot, the mytwentyseventeentheme/v1 namespace we used for our custom route is added to the namespaces field (this screenshot is taken after we fully implement our custom endpoint; please continue below).
Notice the ?P<category_id>\d+ part. It will enable us to retrieve the category ID from the current request. It’s simply a regex, so you can use normal regex logic to create any pattern.
At this point, if we visit our previous URL, WordPress recognizes the route, since we’ve defined it. But we still get a 500 error with the “The handler for the route is invalid” message.
After registering the custom route and specifying the get_latest_posts_by_category() function as the callback that will be called for processing and handling the GET request, let’s actually implement it:
function get_latest_posts_by_category($request) {
$args = array(
'category' => $request['category_id']
);
$posts = get_posts($args);
if (empty($posts)) {
return new WP_Error( 'empty_category', 'there is no post in this category', array('status' => 404) );
}
$response = new WP_REST_Response($posts);
$response->set_status(200);
return $response;
}
We first retrieve the category_id argument from the $request parameter by direct access. Next we create an $args array with the category key set to the value of category_id that will be extracted from the route.
We then call the get_posts() method to query for posts with the specified category ID. If we get an empty posts array, we return an error message comprised of an empy_category code, a there is no post in this category message and 404 status code — all of which are passed to the constructor of the WP_Error class.
This is a screenshot we get if we have an empty category:
We finally create a new instance of the WP_REST_Response class; we pass in the $posts array; we set the 200 status code; and we return the REST response. We can also directly return the $posts array and it will be automatically converted to JSON.
The WP_Error and WP_REST_Response classes are used to make sure that the endpoint returns a valid JSON response.
Now, if we return to our browser and visit for example this URL:
http://<YOUR_SITE_DOMAIN>/wp-json/mytwentyseventeentheme/v1/latest-posts/1
… we’ll either get an empty array or the posts belonging to the category of ID 1.
You can also provide sanitization and validation callbacks in addition to your main callback.
You can define arguments for each route as an array with the args option just like the callback option. In the array, you can add multiple arguments. The key is the name of the argument and the value is an array of options for that argument, such as sanitize_callback or validate_callback.
validate_callback is a callback function to validate the argument. It takes a function that will be passed the value of the argument and should return true if the value is valid or false otherwise.sanitize_callback is a callback function used for sanitizing the value of the argument before passing it to the main callback function. The value is passed as a parameter to this function.The post Creating Custom Endpoints for the WordPress REST API appeared first on SitePoint.