Pages:`. * @type string $after HTML or text to append to each link. Default is `

` tags. Default 'Pages'. * @type string $item_spacing Whether to preserve whitespace within the menu's HTML. Accepts 'preserve' or 'discard'. * Default 'preserve'. * @type Walker $walker Walker instance to use for listing pages. Default empty which results in a * Walker_Page instance being used. * } * @return void|string Void if 'echo' argument is true, HTML list of pages if 'echo' is false. */ function wp_list_pages( $args = '' ) { $defaults = array( 'depth' => 0, 'show_date' => '', 'date_format' => get_option( 'date_format' ), 'child_of' => 0, 'exclude' => '', 'title_li' => __( 'Pages' ), 'echo' => 1, 'authors' => '', 'sort_column' => 'menu_order, post_title', 'link_before' => '', 'link_after' => '', 'item_spacing' => 'preserve', 'walker' => '', ); $parsed_args = wp_parse_args( $args, $defaults ); if ( ! in_array( $parsed_args['item_spacing'], array( 'preserve', 'discard' ), true ) ) { // Invalid value, fall back to default. $parsed_args['item_spacing'] = $defaults['item_spacing']; } $output = ''; $current_page = 0; // Sanitize, mostly to keep spaces out. $parsed_args['exclude'] = preg_replace( '/[^0-9,]/', '', $parsed_args['exclude'] ); // Allow plugins to filter an array of excluded pages (but don't put a nullstring into the array). $exclude_array = ( $parsed_args['exclude'] ) ? explode( ',', $parsed_args['exclude'] ) : array(); /** * Filters the array of pages to exclude from the pages list. * * @since 2.1.0 * * @param string[] $exclude_array An array of page IDs to exclude. */ $parsed_args['exclude'] = implode( ',', apply_filters( 'wp_list_pages_excludes', $exclude_array ) ); $parsed_args['hierarchical'] = 0; // Query pages. $pages = get_pages( $parsed_args ); if ( ! empty( $pages ) ) { if ( $parsed_args['title_li'] ) { $output .= '
• ' . $parsed_args['title_li'] . '
  '; } global $wp_query; if ( is_page() || is_attachment() || $wp_query->is_posts_page ) { $current_page = get_queried_object_id(); } elseif ( is_singular() ) { $queried_object = get_queried_object(); if ( is_post_type_hierarchical( $queried_object->post_type ) ) { $current_page = $queried_object->ID; } } $output .= walk_page_tree( $pages, $parsed_args['depth'], $current_page, $parsed_args ); if ( $parsed_args['title_li'] ) { $output .= '
'; } } /** * Filters the HTML output of the pages to list. * * @since 1.5.1 * @since 4.4.0 `$pages` added as arguments. * * @see wp_list_pages() * * @param string $output HTML output of the pages list. * @param array $parsed_args An array of page-listing arguments. See wp_list_pages() * for information on accepted arguments. * @param WP_Post[] $pages Array of the page objects. */ $html = apply_filters( 'wp_list_pages', $output, $parsed_args, $pages ); if ( $parsed_args['echo'] ) { echo $html; } else { return $html; } } /** * Displays or retrieves a list of pages with an optional home link. * * The arguments are listed below and part of the arguments are for wp_list_pages() function. * Check that function for more info on those arguments. * * @since 2.7.0 * @since 4.4.0 Added `menu_id`, `container`, `before`, `after`, and `walker` arguments. * @since 4.7.0 Added the `item_spacing` argument. * * @param array|string $args { * Optional. Array or string of arguments to generate a page menu. See wp_list_pages() for additional arguments. * * @type string $sort_column How to sort the list of pages. Accepts post column names. * Default 'menu_order, post_title'. * @type string $menu_id ID for the div containing the page list. Default is empty string. * @type string $menu_class Class to use for the element containing the page list. Default 'menu'. * @type string $container Element to use for the element containing the page list. Default 'div'. * @type bool $echo Whether to echo the list or return it. Accepts true (echo) or false (return). * Default true. * @type int|bool|string $show_home Whether to display the link to the home page. Can just enter the text * you'd like shown for the home link. 1|true defaults to 'Home'. * @type string $link_before The HTML or text to prepend to $show_home text. Default empty. * @type string $link_after The HTML or text to append to $show_home text. Default empty. * @type string $before The HTML or text to prepend to the menu. Default is '
'. * @type string $after The HTML or text to append to the menu. Default is '
'. * @type string $item_spacing Whether to preserve whitespace within the menu's HTML. Accepts 'preserve' * or 'discard'. Default 'discard'. * @type Walker $walker Walker instance to use for listing pages. Default empty which results in a * Walker_Page instance being used. * } * @return void|string Void if 'echo' argument is true, HTML menu if 'echo' is false. */ function wp_page_menu( $args = array() ) { $defaults = array( 'sort_column' => 'menu_order, post_title', 'menu_id' => '', 'menu_class' => 'menu', 'container' => 'div', 'echo' => true, 'link_before' => '', 'link_after' => '', 'before' => '
', 'after' => '
', 'item_spacing' => 'discard', 'walker' => '', ); $args = wp_parse_args( $args, $defaults ); if ( ! in_array( $args['item_spacing'], array( 'preserve', 'discard' ), true ) ) { // Invalid value, fall back to default. $args['item_spacing'] = $defaults['item_spacing']; } if ( 'preserve' === $args['item_spacing'] ) { $t = "\t"; $n = "\n"; } else { $t = ''; $n = ''; } /** * Filters the arguments used to generate a page-based menu. * * @since 2.7.0 * * @see wp_page_menu() * * @param array $args An array of page menu arguments. See wp_page_menu() * for information on accepted arguments. */ $args = apply_filters( 'wp_page_menu_args', $args ); $menu = ''; $list_args = $args; // Show Home in the menu. if ( ! empty( $args['show_home'] ) ) { if ( true === $args['show_home'] || '1' === $args['show_home'] || 1 === $args['show_home'] ) { $text = __( 'Home' ); } else { $text = $args['show_home']; } $class = ''; if ( is_front_page() && ! is_paged() ) { $class = 'class="current_page_item"'; } $menu .= '
• ' . $args['link_before'] . $text . $args['link_after'] . '
'; // If the front page is a page, add it to the exclude list. if ( 'page' === get_option( 'show_on_front' ) ) { if ( ! empty( $list_args['exclude'] ) ) { $list_args['exclude'] .= ','; } else { $list_args['exclude'] = ''; } $list_args['exclude'] .= get_option( 'page_on_front' ); } } $list_args['echo'] = false; $list_args['title_li'] = ''; $menu .= wp_list_pages( $list_args ); $container = sanitize_text_field( $args['container'] ); // Fallback in case `wp_nav_menu()` was called without a container. if ( empty( $container ) ) { $container = 'div'; } if ( $menu ) { // wp_nav_menu() doesn't set before and after. if ( isset( $args['fallback_cb'] ) && 'wp_page_menu' === $args['fallback_cb'] && 'ul' !== $container ) { $args['before'] = "
{$n}"; $args['after'] = '
'; } $menu = $args['before'] . $menu . $args['after']; } $attrs = ''; if ( ! empty( $args['menu_id'] ) ) { $attrs .= ' id="' . esc_attr( $args['menu_id'] ) . '"'; } if ( ! empty( $args['menu_class'] ) ) { $attrs .= ' class="' . esc_attr( $args['menu_class'] ) . '"'; } $menu = "<{$container}{$attrs}>" . $menu . "{$n}"; /** * Filters the HTML output of a page-based menu. * * @since 2.7.0 * * @see wp_page_menu() * * @param string $menu The HTML output. * @param array $args An array of arguments. See wp_page_menu() * for information on accepted arguments. */ $menu = apply_filters( 'wp_page_menu', $menu, $args ); if ( $args['echo'] ) { echo $menu; } else { return $menu; } } // // Page helpers. // /** * Retrieves HTML list content for page list. * * @uses Walker_Page to create HTML list content. * @since 2.1.0 * * @param array $pages * @param int $depth * @param int $current_page * @param array $args * @return string */ function walk_page_tree( $pages, $depth, $current_page, $args ) { if ( empty( $args['walker'] ) ) { $walker = new Walker_Page(); } else { /** * @var Walker $walker */ $walker = $args['walker']; } foreach ( (array) $pages as $page ) { if ( $page->post_parent ) { $args['pages_with_children'][ $page->post_parent ] = true; } } return $walker->walk( $pages, $depth, $args, $current_page ); } /** * Retrieves HTML dropdown (select) content for page list. * * @since 2.1.0 * @since 5.3.0 Formalized the existing `...$args` parameter by adding it * to the function signature. * * @uses Walker_PageDropdown to create HTML dropdown content. * @see Walker_PageDropdown::walk() for parameters and return description. * * @param mixed ...$args Elements array, maximum hierarchical depth and optional additional arguments. * @return string */ function walk_page_dropdown_tree( ...$args ) { if ( empty( $args[2]['walker'] ) ) { // The user's options are the third parameter. $walker = new Walker_PageDropdown(); } else { /** * @var Walker $walker */ $walker = $args[2]['walker']; } return $walker->walk( ...$args ); } // // Attachments. // /** * Displays an attachment page link using an image or icon. * * @since 2.0.0 * * @param int|WP_Post $post Optional. Post ID or post object. * @param bool $fullsize Optional. Whether to use full size. Default false. * @param bool $deprecated Deprecated. Not used. * @param bool $permalink Optional. Whether to include permalink. Default false. */ function the_attachment_link( $post = 0, $fullsize = false, $deprecated = false, $permalink = false ) { if ( ! empty( $deprecated ) ) { _deprecated_argument( __FUNCTION__, '2.5.0' ); } if ( $fullsize ) { echo wp_get_attachment_link( $post, 'full', $permalink ); } else { echo wp_get_attachment_link( $post, 'thumbnail', $permalink ); } } /** * Retrieves an attachment page link using an image or icon, if possible. * * @since 2.5.0 * @since 4.4.0 The `$post` parameter can now accept either a post ID or `WP_Post` object. * * @param int|WP_Post $post Optional. Post ID or post object. * @param string|int[] $size Optional. Image size. Accepts any registered image size name, or an array * of width and height values in pixels (in that order). Default 'thumbnail'. * @param bool $permalink Optional. Whether to add permalink to image. Default false. * @param bool $icon Optional. Whether the attachment is an icon. Default false. * @param string|false $text Optional. Link text to use. Activated by passing a string, false otherwise. * Default false. * @param array|string $attr Optional. Array or string of attributes. Default empty. * @return string HTML content. */ function wp_get_attachment_link( $post = 0, $size = 'thumbnail', $permalink = false, $icon = false, $text = false, $attr = '' ) { $_post = get_post( $post ); if ( empty( $_post ) || ( 'attachment' !== $_post->post_type ) || ! wp_get_attachment_url( $_post->ID ) ) { return __( 'Missing Attachment' ); } $url = wp_get_attachment_url( $_post->ID ); if ( $permalink ) { $url = get_attachment_link( $_post->ID ); } if ( $text ) { $link_text = $text; } elseif ( $size && 'none' !== $size ) { $link_text = wp_get_attachment_image( $_post->ID, $size, $icon, $attr ); } else { $link_text = ''; } if ( '' === trim( $link_text ) ) { $link_text = $_post->post_title; } if ( '' === trim( $link_text ) ) { $link_text = esc_html( pathinfo( get_attached_file( $_post->ID ), PATHINFO_FILENAME ) ); } /** * Filters the list of attachment link attributes. * * @since 6.2.0 * * @param array $attributes An array of attributes for the link markup, * keyed on the attribute name. * @param int $id Post ID. */ $attributes = apply_filters( 'wp_get_attachment_link_attributes', array( 'href' => $url ), $_post->ID ); $link_attributes = ''; foreach ( $attributes as $name => $value ) { $value = 'href' === $name ? esc_url( $value ) : esc_attr( $value ); $link_attributes .= ' ' . esc_attr( $name ) . "='" . $value . "'"; } $link_html = "$link_text"; /** * Filters a retrieved attachment page link. * * @since 2.7.0 * @since 5.1.0 Added the `$attr` parameter. * * @param string $link_html The page link HTML output. * @param int|WP_Post $post Post ID or object. Can be 0 for the current global post. * @param string|int[] $size Requested image size. Can be any registered image size name, or * an array of width and height values in pixels (in that order). * @param bool $permalink Whether to add permalink to image. Default false. * @param bool $icon Whether to include an icon. * @param string|false $text If string, will be link text. * @param array|string $attr Array or string of attributes. */ return apply_filters( 'wp_get_attachment_link', $link_html, $post, $size, $permalink, $icon, $text, $attr ); } /** * Wraps attachment in paragraph tag before content. * * @since 2.0.0 * * @param string $content * @return string */ function prepend_attachment( $content ) { $post = get_post(); if ( empty( $post->post_type ) || 'attachment' !== $post->post_type ) { return $content; } if ( wp_attachment_is( 'video', $post ) ) { $meta = wp_get_attachment_metadata( get_the_ID() ); $atts = array( 'src' => wp_get_attachment_url() ); if ( ! empty( $meta['width'] ) && ! empty( $meta['height'] ) ) { $atts['width'] = (int) $meta['width']; $atts['height'] = (int) $meta['height']; } if ( has_post_thumbnail() ) { $atts['poster'] = wp_get_attachment_url( get_post_thumbnail_id() ); } $p = wp_video_shortcode( $atts ); } elseif ( wp_attachment_is( 'audio', $post ) ) { $p = wp_audio_shortcode( array( 'src' => wp_get_attachment_url() ) ); } else { $p = '

'; // Show the medium sized image representation of the attachment if available, and link to the raw file. $p .= wp_get_attachment_link( 0, 'medium', false ); $p .= '

'; } /** * Filters the attachment markup to be prepended to the post content. * * @since 2.0.0 * * @see prepend_attachment() * * @param string $p The attachment HTML output. */ $p = apply_filters( 'prepend_attachment', $p ); return "$p\n$content"; } // // Misc. // /** * Retrieves protected post password form content. * * @since 1.0.0 * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is global $post. * @return string HTML content for password form for password protected post. */ function get_the_password_form( $post = 0 ) { $post = get_post( $post ); $label = 'pwbox-' . ( empty( $post->ID ) ? rand() : $post->ID ); $output = '

' . __( 'This content is password protected. To view it please enter your password below:' ) . '

' . __( 'Password:' ) . '

'; /** * Filters the HTML output for the protected post password form. * * If modifying the password field, please note that the WordPress database schema * limits the password field to 255 characters regardless of the value of the * `minlength` or `maxlength` attributes or other validation that may be added to * the input. * * @since 2.7.0 * @since 5.8.0 Added the `$post` parameter. * * @param string $output The password form HTML output. * @param WP_Post $post Post object. */ return apply_filters( 'the_password_form', $output, $post ); } /** * Determines whether the current post uses a page template. * * This template tag allows you to determine if you are in a page template. * You can optionally provide a template filename or array of template filenames * and then the check will be specific to that template. * * For more information on this and similar theme functions, check out * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ * Conditional Tags} article in the Theme Developer Handbook. * * @since 2.5.0 * @since 4.2.0 The `$template` parameter was changed to also accept an array of page templates. * @since 4.7.0 Now works with any post type, not just pages. * * @param string|string[] $template The specific template filename or array of templates to match. * @return bool True on success, false on failure. */ function is_page_template( $template = '' ) { if ( ! is_singular() ) { return false; } $page_template = get_page_template_slug( get_queried_object_id() ); if ( empty( $template ) ) { return (bool) $page_template; } if ( $template === $page_template ) { return true; } if ( is_array( $template ) ) { if ( ( in_array( 'default', $template, true ) && ! $page_template ) || in_array( $page_template, $template, true ) ) { return true; } } return ( 'default' === $template && ! $page_template ); } /** * Gets the specific template filename for a given post. * * @since 3.4.0 * @since 4.7.0 Now works with any post type, not just pages. * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is global $post. * @return string|false Page template filename. Returns an empty string when the default page template * is in use. Returns false if the post does not exist. */ function get_page_template_slug( $post = null ) { $post = get_post( $post ); if ( ! $post ) { return false; } $template = get_post_meta( $post->ID, '_wp_page_template', true ); if ( ! $template || 'default' === $template ) { return ''; } return $template; } /** * Retrieves formatted date timestamp of a revision (linked to that revisions's page). * * @since 2.6.0 * * @param int|WP_Post $revision Revision ID or revision object. * @param bool $link Optional. Whether to link to revision's page. Default true. * @return string|false i18n formatted datetimestamp or localized 'Current Revision'. */ function wp_post_revision_title( $revision, $link = true ) { $revision = get_post( $revision ); if ( ! $revision ) { return $revision; } if ( ! in_array( $revision->post_type, array( 'post', 'page', 'revision' ), true ) ) { return false; } /* translators: Revision date format, see https://www.php.net/manual/datetime.format.php */ $datef = _x( 'F j, Y @ H:i:s', 'revision date format' ); /* translators: %s: Revision date. */ $autosavef = __( '%s [Autosave]' ); /* translators: %s: Revision date. */ $currentf = __( '%s [Current Revision]' ); $date = date_i18n( $datef, strtotime( $revision->post_modified ) ); $edit_link = get_edit_post_link( $revision->ID ); if ( $link && current_user_can( 'edit_post', $revision->ID ) && $edit_link ) { $date = "$date"; } if ( ! wp_is_post_revision( $revision ) ) { $date = sprintf( $currentf, $date ); } elseif ( wp_is_post_autosave( $revision ) ) { $date = sprintf( $autosavef, $date ); } return $date; } /** * Retrieves formatted date timestamp of a revision (linked to that revisions's page). * * @since 3.6.0 * * @param int|WP_Post $revision Revision ID or revision object. * @param bool $link Optional. Whether to link to revision's page. Default true. * @return string|false gravatar, user, i18n formatted datetimestamp or localized 'Current Revision'. */ function wp_post_revision_title_expanded( $revision, $link = true ) { $revision = get_post( $revision ); if ( ! $revision ) { return $revision; } if ( ! in_array( $revision->post_type, array( 'post', 'page', 'revision' ), true ) ) { return false; } $author = get_the_author_meta( 'display_name', $revision->post_author ); /* translators: Revision date format, see https://www.php.net/manual/datetime.format.php */ $datef = _x( 'F j, Y @ H:i:s', 'revision date format' ); $gravatar = get_avatar( $revision->post_author, 24 ); $date = date_i18n( $datef, strtotime( $revision->post_modified ) ); $edit_link = get_edit_post_link( $revision->ID ); if ( $link && current_user_can( 'edit_post', $revision->ID ) && $edit_link ) { $date = "$date"; } $revision_date_author = sprintf( /* translators: Post revision title. 1: Author avatar, 2: Author name, 3: Time ago, 4: Date. */ __( '%1$s %2$s, %3$s ago (%4$s)' ), $gravatar, $author, human_time_diff( strtotime( $revision->post_modified_gmt ) ), $date ); /* translators: %s: Revision date with author avatar. */ $autosavef = __( '%s [Autosave]' ); /* translators: %s: Revision date with author avatar. */ $currentf = __( '%s [Current Revision]' ); if ( ! wp_is_post_revision( $revision ) ) { $revision_date_author = sprintf( $currentf, $revision_date_author ); } elseif ( wp_is_post_autosave( $revision ) ) { $revision_date_author = sprintf( $autosavef, $revision_date_author ); } /** * Filters the formatted author and date for a revision. * * @since 4.4.0 * * @param string $revision_date_author The formatted string. * @param WP_Post $revision The revision object. * @param bool $link Whether to link to the revisions page, as passed into * wp_post_revision_title_expanded(). */ return apply_filters( 'wp_post_revision_title_expanded', $revision_date_author, $revision, $link ); } /** * Displays a list of a post's revisions. * * Can output either a UL with edit links or a TABLE with diff interface, and * restore action links. * * @since 2.6.0 * * @param int|WP_Post $post Optional. Post ID or WP_Post object. Default is global $post. * @param string $type 'all' (default), 'revision' or 'autosave' */ function wp_list_post_revisions( $post = 0, $type = 'all' ) { $post = get_post( $post ); if ( ! $post ) { return; } // $args array with (parent, format, right, left, type) deprecated since 3.6. if ( is_array( $type ) ) { $type = ! empty( $type['type'] ) ? $type['type'] : $type; _deprecated_argument( __FUNCTION__, '3.6.0' ); } $revisions = wp_get_post_revisions( $post->ID ); if ( ! $revisions ) { return; } $rows = ''; foreach ( $revisions as $revision ) { if ( ! current_user_can( 'read_post', $revision->ID ) ) { continue; } $is_autosave = wp_is_post_autosave( $revision ); if ( ( 'revision' === $type && $is_autosave ) || ( 'autosave' === $type && ! $is_autosave ) ) { continue; } $rows .= "\t
• " . wp_post_revision_title_expanded( $revision ) . "
\n"; } echo "

" . __( 'JavaScript must be enabled to use this feature.' ) . "

\n"; echo "
\n"; echo $rows; echo '
'; } /** * Retrieves the parent post object for the given post. * * @since 5.7.0 * * @param int|WP_Post|null $post Optional. Post ID or WP_Post object. Default is global $post. * @return WP_Post|null Parent post object, or null if there isn't one. */ function get_post_parent( $post = null ) { $wp_post = get_post( $post ); return ! empty( $wp_post->post_parent ) ? get_post( $wp_post->post_parent ) : null; } /** * Returns whether the given post has a parent post. * * @since 5.7.0 * * @param int|WP_Post|null $post Optional. Post ID or WP_Post object. Default is global $post. * @return bool Whether the post has a parent post. */ function has_post_parent( $post = null ) { return (bool) get_post_parent( $post ); } /** * Comment API: WP_Comment class * * @package WordPress * @subpackage Comments * @since 4.4.0 */ /** * Core class used to organize comments as instantiated objects with defined members. * * @since 4.4.0 */ #[AllowDynamicProperties] final class WP_Comment { /** * Comment ID. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_ID; /** * ID of the post the comment is associated with. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_post_ID = 0; /** * Comment author name. * * @since 4.4.0 * @var string */ public $comment_author = ''; /** * Comment author email address. * * @since 4.4.0 * @var string */ public $comment_author_email = ''; /** * Comment author URL. * * @since 4.4.0 * @var string */ public $comment_author_url = ''; /** * Comment author IP address (IPv4 format). * * @since 4.4.0 * @var string */ public $comment_author_IP = ''; /** * Comment date in YYYY-MM-DD HH:MM:SS format. * * @since 4.4.0 * @var string */ public $comment_date = '0000-00-00 00:00:00'; /** * Comment GMT date in YYYY-MM-DD HH::MM:SS format. * * @since 4.4.0 * @var string */ public $comment_date_gmt = '0000-00-00 00:00:00'; /** * Comment content. * * @since 4.4.0 * @var string */ public $comment_content; /** * Comment karma count. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_karma = 0; /** * Comment approval status. * * @since 4.4.0 * @var string */ public $comment_approved = '1'; /** * Comment author HTTP user agent. * * @since 4.4.0 * @var string */ public $comment_agent = ''; /** * Comment type. * * @since 4.4.0 * @since 5.5.0 Default value changed to `comment`. * @var string */ public $comment_type = 'comment'; /** * Parent comment ID. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $comment_parent = 0; /** * Comment author ID. * * A numeric string, for compatibility reasons. * * @since 4.4.0 * @var string */ public $user_id = 0; /** * Comment children. * * @since 4.4.0 * @var array */ protected $children; /** * Whether children have been populated for this comment object. * * @since 4.4.0 * @var bool */ protected $populated_children = false; /** * Post fields. * * @since 4.4.0 * @var array */ protected $post_fields = array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_content_filtered', 'post_parent', 'guid', 'menu_order', 'post_type', 'post_mime_type', 'comment_count' ); /** * Retrieves a WP_Comment instance. * * @since 4.4.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param int $id Comment ID. * @return WP_Comment|false Comment object, otherwise false. */ public static function get_instance( $id ) { global $wpdb; $comment_id = (int) $id; if ( ! $comment_id ) { return false; } $_comment = wp_cache_get( $comment_id, 'comment' ); if ( ! $_comment ) { $_comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id ) ); if ( ! $_comment ) { return false; } wp_cache_add( $_comment->comment_ID, $_comment, 'comment' ); } return new WP_Comment( $_comment ); } /** * Constructor. * * Populates properties with object vars. * * @since 4.4.0 * * @param WP_Comment $comment Comment object. */ public function __construct( $comment ) { foreach ( get_object_vars( $comment ) as $key => $value ) { $this->$key = $value; } } /** * Converts object to array. * * @since 4.4.0 * * @return array Object as array. */ public function to_array() { return get_object_vars( $this ); } /** * Gets the children of a comment. * * @since 4.4.0 * * @param array $args { * Array of arguments used to pass to get_comments() and determine format. * * @type string $format Return value format. 'tree' for a hierarchical tree, 'flat' for a flattened array. * Default 'tree'. * @type string $status Comment status to limit results by. Accepts 'hold' (`comment_status=0`), * 'approve' (`comment_status=1`), 'all', or a custom comment status. * Default 'all'. * @type string $hierarchical Whether to include comment descendants in the results. * 'threaded' returns a tree, with each comment's children * stored in a `children` property on the `WP_Comment` object. * 'flat' returns a flat array of found comments plus their children. * Pass `false` to leave out descendants. * The parameter is ignored (forced to `false`) when `$fields` is 'ids' or 'counts'. * Accepts 'threaded', 'flat', or false. Default: 'threaded'. * @type string|array $orderby Comment status or array of statuses. To use 'meta_value' * or 'meta_value_num', `$meta_key` must also be defined. * To sort by a specific `$meta_query` clause, use that * clause's array key. Accepts 'comment_agent', * 'comment_approved', 'comment_author', * 'comment_author_email', 'comment_author_IP', * 'comment_author_url', 'comment_content', 'comment_date', * 'comment_date_gmt', 'comment_ID', 'comment_karma', * 'comment_parent', 'comment_post_ID', 'comment_type', * 'user_id', 'comment__in', 'meta_value', 'meta_value_num', * the value of $meta_key, and the array keys of * `$meta_query`. Also accepts false, an empty array, or * 'none' to disable `ORDER BY` clause. * } * @return WP_Comment[] Array of `WP_Comment` objects. */ public function get_children( $args = array() ) { $defaults = array( 'format' => 'tree', 'status' => 'all', 'hierarchical' => 'threaded', 'orderby' => '', ); $_args = wp_parse_args( $args, $defaults ); $_args['parent'] = $this->comment_ID; if ( is_null( $this->children ) ) { if ( $this->populated_children ) { $this->children = array(); } else { $this->children = get_comments( $_args ); } } if ( 'flat' === $_args['format'] ) { $children = array(); foreach ( $this->children as $child ) { $child_args = $_args; $child_args['format'] = 'flat'; // get_children() resets this value automatically. unset( $child_args['parent'] ); $children = array_merge( $children, array( $child ), $child->get_children( $child_args ) ); } } else { $children = $this->children; } return $children; } /** * Adds a child to the comment. * * Used by `WP_Comment_Query` when bulk-filling descendants. * * @since 4.4.0 * * @param WP_Comment $child Child comment. */ public function add_child( WP_Comment $child ) { $this->children[ $child->comment_ID ] = $child; } /** * Gets a child comment by ID. * * @since 4.4.0 * * @param int $child_id ID of the child. * @return WP_Comment|false Returns the comment object if found, otherwise false. */ public function get_child( $child_id ) { if ( isset( $this->children[ $child_id ] ) ) { return $this->children[ $child_id ]; } return false; } /** * Sets the 'populated_children' flag. * * This flag is important for ensuring that calling `get_children()` on a childless comment will not trigger * unneeded database queries. * * @since 4.4.0 * * @param bool $set Whether the comment's children have already been populated. */ public function populated_children( $set ) { $this->populated_children = (bool) $set; } /** * Determines whether a non-public property is set. * * If `$name` matches a post field, the comment post will be loaded and the post's value checked. * * @since 4.4.0 * * @param string $name Property name. * @return bool */ public function __isset( $name ) { if ( in_array( $name, $this->post_fields, true ) && 0 !== (int) $this->comment_post_ID ) { $post = get_post( $this->comment_post_ID ); return property_exists( $post, $name ); } } /** * Magic getter. * * If `$name` matches a post field, the comment post will be loaded and the post's value returned. * * @since 4.4.0 * * @param string $name Property name. * @return mixed */ public function __get( $name ) { if ( in_array( $name, $this->post_fields, true ) ) { $post = get_post( $this->comment_post_ID ); return $post->$name; } } } /** * Canonical API to handle WordPress Redirecting * * Based on "Permalink Redirect" from Scott Yang and "Enforce www. Preference" * by Mark Jaquith * * @package WordPress * @since 2.3.0 */ /** * Redirects incoming links to the proper URL based on the site url. * * Search engines consider www.somedomain.com and somedomain.com to be two * different URLs when they both go to the same location. This SEO enhancement * prevents penalty for duplicate content by redirecting all incoming links to * one or the other. * * Prevents redirection for feeds, trackbacks, searches, and * admin URLs. Does not redirect on non-pretty-permalink-supporting IIS 7+, * page/post previews, WP admin, Trackbacks, robots.txt, favicon.ico, searches, * or on POST requests. * * Will also attempt to find the correct link when a user enters a URL that does * not exist based on exact WordPress query. Will instead try to parse the URL * or query in an attempt to figure the correct page to go to. * * @since 2.3.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. * @global bool $is_IIS * @global WP_Query $wp_query WordPress Query object. * @global wpdb $wpdb WordPress database abstraction object. * @global WP $wp Current WordPress environment instance. * * @param string $requested_url Optional. The URL that was requested, used to * figure if redirect is needed. * @param bool $do_redirect Optional. Redirect to the new URL. * @return string|void The string of the URL, if redirect needed. */ function redirect_canonical( $requested_url = null, $do_redirect = true ) { global $wp_rewrite, $is_IIS, $wp_query, $wpdb, $wp; if ( isset( $_SERVER['REQUEST_METHOD'] ) && ! in_array( strtoupper( $_SERVER['REQUEST_METHOD'] ), array( 'GET', 'HEAD' ), true ) ) { return; } /* * If we're not in wp-admin and the post has been published and preview nonce * is non-existent or invalid then no need for preview in query. */ if ( is_preview() && get_query_var( 'p' ) && 'publish' === get_post_status( get_query_var( 'p' ) ) ) { if ( ! isset( $_GET['preview_id'] ) || ! isset( $_GET['preview_nonce'] ) || ! wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . (int) $_GET['preview_id'] ) ) { $wp_query->is_preview = false; } } if ( is_admin() || is_search() || is_preview() || is_trackback() || is_favicon() || ( $is_IIS && ! iis7_supports_permalinks() ) ) { return; } if ( ! $requested_url && isset( $_SERVER['HTTP_HOST'] ) ) { // Build the URL in the address bar. $requested_url = is_ssl() ? 'https://' : 'http://'; $requested_url .= $_SERVER['HTTP_HOST']; $requested_url .= $_SERVER['REQUEST_URI']; } $original = parse_url( $requested_url ); if ( false === $original ) { return; } $redirect = $original; $redirect_url = false; $redirect_obj = false; // Notice fixing. if ( ! isset( $redirect['path'] ) ) { $redirect['path'] = ''; } if ( ! isset( $redirect['query'] ) ) { $redirect['query'] = ''; } /* * If the original URL ended with non-breaking spaces, they were almost * certainly inserted by accident. Let's remove them, so the reader doesn't * see a 404 error with no obvious cause. */ $redirect['path'] = preg_replace( '|(%C2%A0)+$|i', '', $redirect['path'] ); // It's not a preview, so remove it from URL. if ( get_query_var( 'preview' ) ) { $redirect['query'] = remove_query_arg( 'preview', $redirect['query'] ); } $post_id = get_query_var( 'p' ); if ( is_feed() && $post_id ) { $redirect_url = get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) ); $redirect_obj = get_post( $post_id ); if ( $redirect_url ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type', 'feed' ), $redirect_url ); $redirect['path'] = parse_url( $redirect_url, PHP_URL_PATH ); } } if ( is_singular() && $wp_query->post_count < 1 && $post_id ) { $vars = $wpdb->get_results( $wpdb->prepare( "SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $post_id ) ); if ( ! empty( $vars[0] ) ) { $vars = $vars[0]; if ( 'revision' === $vars->post_type && $vars->post_parent > 0 ) { $post_id = $vars->post_parent; } $redirect_url = get_permalink( $post_id ); $redirect_obj = get_post( $post_id ); if ( $redirect_url ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url ); } } } // These tests give us a WP-generated permalink. if ( is_404() ) { // Redirect ?page_id, ?p=, ?attachment_id= to their respective URLs. $post_id = max( get_query_var( 'p' ), get_query_var( 'page_id' ), get_query_var( 'attachment_id' ) ); $redirect_post = $post_id ? get_post( $post_id ) : false; if ( $redirect_post ) { $post_type_obj = get_post_type_object( $redirect_post->post_type ); if ( $post_type_obj && $post_type_obj->public && 'auto-draft' !== $redirect_post->post_status ) { $redirect_url = get_permalink( $redirect_post ); $redirect_obj = get_post( $redirect_post ); $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url ); } } $year = get_query_var( 'year' ); $month = get_query_var( 'monthnum' ); $day = get_query_var( 'day' ); if ( $year && $month && $day ) { $date = sprintf( '%04d-%02d-%02d', $year, $month, $day ); if ( ! wp_checkdate( $month, $day, $year, $date ) ) { $redirect_url = get_month_link( $year, $month ); $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'year', 'monthnum', 'day' ), $redirect_url ); } } elseif ( $year && $month && $month > 12 ) { $redirect_url = get_year_link( $year ); $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'year', 'monthnum' ), $redirect_url ); } // Strip off non-existing links from single posts or pages. if ( get_query_var( 'page' ) ) { $post_id = 0; if ( $wp_query->queried_object instanceof WP_Post ) { $post_id = $wp_query->queried_object->ID; } elseif ( $wp_query->post ) { $post_id = $wp_query->post->ID; } if ( $post_id ) { $redirect_url = get_permalink( $post_id ); $redirect_obj = get_post( $post_id ); $redirect['path'] = rtrim( $redirect['path'], (int) get_query_var( 'page' ) . '/' ); $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); } } if ( ! $redirect_url ) { $redirect_url = redirect_guess_404_permalink(); if ( $redirect_url ) { $redirect['query'] = _remove_qs_args_if_not_in_url( $redirect['query'], array( 'page', 'feed', 'p', 'page_id', 'attachment_id', 'pagename', 'name', 'post_type' ), $redirect_url ); } } } elseif ( is_object( $wp_rewrite ) && $wp_rewrite->using_permalinks() ) { // Rewriting of old ?p=X, ?m=2004, ?m=200401, ?m=20040101. if ( is_attachment() && ! array_diff( array_keys( $wp->query_vars ), array( 'attachment', 'attachment_id' ) ) && ! $redirect_url ) { if ( ! empty( $_GET['attachment_id'] ) ) { $redirect_url = get_attachment_link( get_query_var( 'attachment_id' ) ); $redirect_obj = get_post( get_query_var( 'attachment_id' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'attachment_id', $redirect['query'] ); } } else { $redirect_url = get_attachment_link(); $redirect_obj = get_post(); } } elseif ( is_single() && ! empty( $_GET['p'] ) && ! $redirect_url ) { $redirect_url = get_permalink( get_query_var( 'p' ) ); $redirect_obj = get_post( get_query_var( 'p' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( array( 'p', 'post_type' ), $redirect['query'] ); } } elseif ( is_single() && ! empty( $_GET['name'] ) && ! $redirect_url ) { $redirect_url = get_permalink( $wp_query->get_queried_object_id() ); $redirect_obj = get_post( $wp_query->get_queried_object_id() ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'name', $redirect['query'] ); } } elseif ( is_page() && ! empty( $_GET['page_id'] ) && ! $redirect_url ) { $redirect_url = get_permalink( get_query_var( 'page_id' ) ); $redirect_obj = get_post( get_query_var( 'page_id' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] ); } } elseif ( is_page() && ! is_feed() && ! $redirect_url && 'page' === get_option( 'show_on_front' ) && get_queried_object_id() === (int) get_option( 'page_on_front' ) ) { $redirect_url = home_url( '/' ); } elseif ( is_home() && ! empty( $_GET['page_id'] ) && ! $redirect_url && 'page' === get_option( 'show_on_front' ) && get_query_var( 'page_id' ) === (int) get_option( 'page_for_posts' ) ) { $redirect_url = get_permalink( get_option( 'page_for_posts' ) ); $redirect_obj = get_post( get_option( 'page_for_posts' ) ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'page_id', $redirect['query'] ); } } elseif ( ! empty( $_GET['m'] ) && ( is_year() || is_month() || is_day() ) ) { $m = get_query_var( 'm' ); switch ( strlen( $m ) ) { case 4: // Yearly. $redirect_url = get_year_link( $m ); break; case 6: // Monthly. $redirect_url = get_month_link( substr( $m, 0, 4 ), substr( $m, 4, 2 ) ); break; case 8: // Daily. $redirect_url = get_day_link( substr( $m, 0, 4 ), substr( $m, 4, 2 ), substr( $m, 6, 2 ) ); break; } if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'm', $redirect['query'] ); } // Now moving on to non ?m=X year/month/day links. } elseif ( is_date() ) { $year = get_query_var( 'year' ); $month = get_query_var( 'monthnum' ); $day = get_query_var( 'day' ); if ( is_day() && $year && $month && ! empty( $_GET['day'] ) ) { $redirect_url = get_day_link( $year, $month, $day ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( array( 'year', 'monthnum', 'day' ), $redirect['query'] ); } } elseif ( is_month() && $year && ! empty( $_GET['monthnum'] ) ) { $redirect_url = get_month_link( $year, $month ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( array( 'year', 'monthnum' ), $redirect['query'] ); } } elseif ( is_year() && ! empty( $_GET['year'] ) ) { $redirect_url = get_year_link( $year ); if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'year', $redirect['query'] ); } } } elseif ( is_author() && ! empty( $_GET['author'] ) && is_string( $_GET['author'] ) && preg_match( '|^[0-9]+$|', $_GET['author'] ) ) { $author = get_userdata( get_query_var( 'author' ) ); if ( false !== $author && $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE $wpdb->posts.post_author = %d AND $wpdb->posts.post_status = 'publish' LIMIT 1", $author->ID ) ) ) { $redirect_url = get_author_posts_url( $author->ID, $author->user_nicename ); $redirect_obj = $author; if ( $redirect_url ) { $redirect['query'] = remove_query_arg( 'author', $redirect['query'] ); } } } elseif ( is_category() || is_tag() || is_tax() ) { // Terms (tags/categories). $term_count = 0; foreach ( $wp_query->tax_query->queried_terms as $tax_query ) { if ( isset( $tax_query['terms'] ) && is_countable( $tax_query['terms'] ) ) { $term_count += count( $tax_query['terms'] ); } } $obj = $wp_query->get_queried_object(); if ( $term_count <= 1 && ! empty( $obj->term_id ) ) { $tax_url = get_term_link( (int) $obj->term_id, $obj->taxonomy ); if ( $tax_url && ! is_wp_error( $tax_url ) ) { if ( ! empty( $redirect['query'] ) ) { // Strip taxonomy query vars off the URL. $qv_remove = array( 'term', 'taxonomy' ); if ( is_category() ) { $qv_remove[] = 'category_name'; $qv_remove[] = 'cat'; } elseif ( is_tag() ) { $qv_remove[] = 'tag'; $qv_remove[] = 'tag_id'; } else { // Custom taxonomies will have a custom query var, remove those too. $tax_obj = get_taxonomy( $obj->taxonomy ); if ( false !== $tax_obj->query_var ) { $qv_remove[] = $tax_obj->query_var; } } $rewrite_vars = array_diff( array_keys( $wp_query->query ), array_keys( $_GET ) ); // Check to see if all the query vars are coming from the rewrite, none are set via $_GET. if ( ! array_diff( $rewrite_vars, array_keys( $_GET ) ) ) { // Remove all of the per-tax query vars. $redirect['query'] = remove_query_arg( $qv_remove, $redirect['query'] ); // Create the destination URL for this taxonomy. $tax_url = parse_url( $tax_url ); if ( ! empty( $tax_url['query'] ) ) { // Taxonomy accessible via ?taxonomy=...&term=... or any custom query var. parse_str( $tax_url['query'], $query_vars ); $redirect['query'] = add_query_arg( $query_vars, $redirect['query'] ); } else { // Taxonomy is accessible via a "pretty URL". $redirect['path'] = $tax_url['path']; } } else { // Some query vars are set via $_GET. Unset those from $_GET that exist via the rewrite. foreach ( $qv_remove as $_qv ) { if ( isset( $rewrite_vars[ $_qv ] ) ) { $redirect['query'] = remove_query_arg( $_qv, $redirect['query'] ); } } } } } } } elseif ( is_single() && str_contains( $wp_rewrite->permalink_structure, '%category%' ) ) { $category_name = get_query_var( 'category_name' ); if ( $category_name ) { $category = get_category_by_path( $category_name ); if ( ! $category || is_wp_error( $category ) || ! has_term( $category->term_id, 'category', $wp_query->get_queried_object_id() ) ) { $redirect_url = get_permalink( $wp_query->get_queried_object_id() ); $redirect_obj = get_post( $wp_query->get_queried_object_id() ); } } } // Post paging. if ( is_singular() && get_query_var( 'page' ) ) { $page = get_query_var( 'page' ); if ( ! $redirect_url ) { $redirect_url = get_permalink( get_queried_object_id() ); $redirect_obj = get_post( get_queried_object_id() ); } if ( $page > 1 ) { $redirect_url = trailingslashit( $redirect_url ); if ( is_front_page() ) { $redirect_url .= user_trailingslashit( "$wp_rewrite->pagination_base/$page", 'paged' ); } else { $redirect_url .= user_trailingslashit( $page, 'single_paged' ); } } $redirect['query'] = remove_query_arg( 'page', $redirect['query'] ); } if ( get_query_var( 'sitemap' ) ) { $redirect_url = get_sitemap_url( get_query_var( 'sitemap' ), get_query_var( 'sitemap-subtype' ), get_query_var( 'paged' ) ); $redirect['query'] = remove_query_arg( array( 'sitemap', 'sitemap-subtype', 'paged' ), $redirect['query'] ); } elseif ( get_query_var( 'paged' ) || is_feed() || get_query_var( 'cpage' ) ) { // Paging and feeds. $paged = get_query_var( 'paged' ); $feed = get_query_var( 'feed' ); $cpage = get_query_var( 'cpage' ); while ( preg_match( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", $redirect['path'] ) || preg_match( '#/(comments/?)?(feed|rss2?|rdf|atom)(/+)?$#', $redirect['path'] ) || preg_match( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+(/+)?$#", $redirect['path'] ) ) { // Strip off any existing paging. $redirect['path'] = preg_replace( "#/$wp_rewrite->pagination_base/?[0-9]+?(/+)?$#", '/', $redirect['path'] ); // Strip off feed endings. $redirect['path'] = preg_replace( '#/(comments/?)?(feed|rss2?|rdf|atom)(/+|$)#', '/', $redirect['path'] ); // Strip off any existing comment paging. $redirect['path'] = preg_replace( "#/{$wp_rewrite->comments_pagination_base}-[0-9]+?(/+)?$#", '/', $redirect['path'] ); } $addl_path = ''; $default_feed = get_default_feed(); if ( is_feed() && in_array( $feed, $wp_rewrite->feeds, true ) ) { $addl_path = ! empty( $addl_path ) ? trailingslashit( $addl_path ) : ''; if ( ! is_singular() && get_query_var( 'withcomments' ) ) { $addl_path .= 'comments/'; } if ( ( 'rss' === $default_feed && 'feed' === $feed ) || 'rss' === $feed ) { $format = ( 'rss2' === $default_feed ) ? '' : 'rss2'; } else { $format = ( $default_feed === $feed || 'feed' === $feed ) ? '' : $feed; } $addl_path .= user_trailingslashit( 'feed/' . $format, 'feed' ); $redirect['query'] = remove_query_arg( 'feed', $redirect['query'] ); } elseif ( is_feed() && 'old' === $feed ) { $old_feed_files = array( 'wp-atom.php' => 'atom', 'wp-commentsrss2.php' => 'comments_rss2', 'wp-feed.php' => $default_feed, 'wp-rdf.php' => 'rdf', 'wp-rss.php' => 'rss2', 'wp-rss2.php' => 'rss2', ); if ( isset( $old_feed_files[ basename( $redirect['path'] ) ] ) ) { $redirect_url = get_feed_link( $old_feed_files[ basename( $redirect['path'] ) ] ); wp_redirect( $redirect_url, 301 ); die(); } } if ( $paged > 0 ) { $redirect['query'] = remove_query_arg( 'paged', $redirect['query'] ); if ( ! is_feed() ) { if ( ! is_single() ) { $addl_path = ! empty( $addl_path ) ? trailingslashit( $addl_path ) : ''; if ( $paged > 1 ) { $addl_path .= user_trailingslashit( "$wp_rewrite->pagination_base/$paged", 'paged' ); } } } elseif ( $paged > 1 ) { $redirect['query'] = add_query_arg( 'paged', $paged, $redirect['query'] ); } } $default_comments_page = get_option( 'default_comments_page' ); if ( get_option( 'page_comments' ) && ( 'newest' === $default_comments_page && $cpage > 0 || 'newest' !== $default_comments_page && $cpage > 1 ) ) { $addl_path = ( ! empty( $addl_path ) ? trailingslashit( $addl_path ) : '' ); $addl_path .= user_trailingslashit( $wp_rewrite->comments_pagination_base . '-' . $cpage, 'commentpaged' ); $redirect['query'] = remove_query_arg( 'cpage', $redirect['query'] ); } // Strip off trailing /index.php/. $redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/?$|', '/', $redirect['path'] ); $redirect['path'] = user_trailingslashit( $redirect['path'] ); if ( ! empty( $addl_path ) && $wp_rewrite->using_index_permalinks() && ! str_contains( $redirect['path'], '/' . $wp_rewrite->index . '/' ) ) { $redirect['path'] = trailingslashit( $redirect['path'] ) . $wp_rewrite->index . '/'; } if ( ! empty( $addl_path ) ) { $redirect['path'] = trailingslashit( $redirect['path'] ) . $addl_path; } $redirect_url = $redirect['scheme'] . '://' . $redirect['host'] . $redirect['path']; } if ( 'wp-register.php' === basename( $redirect['path'] ) ) { if ( is_multisite() ) { /** This filter is documented in wp-login.php */ $redirect_url = apply_filters( 'wp_signup_location', network_site_url( 'wp-signup.php' ) ); } else { $redirect_url = wp_registration_url(); } wp_redirect( $redirect_url, 301 ); die(); } } $is_attachment_redirect = false; if ( is_attachment() && ! get_option( 'wp_attachment_pages_enabled' ) ) { $attachment_id = get_query_var( 'attachment_id' ); $attachment_post = get_post( $attachment_id ); $attachment_parent_id = $attachment_post ? $attachment_post->post_parent : 0; $attachment_url = wp_get_attachment_url( $attachment_id ); if ( $attachment_url !== $redirect_url ) { /* * If an attachment is attached to a post, it inherits the parent post's status. * Fetch the parent post to check its status later. */ if ( $attachment_parent_id ) { $redirect_obj = get_post( $attachment_parent_id ); } $redirect_url = $attachment_url; } $is_attachment_redirect = true; } $redirect['query'] = preg_replace( '#^\??&*?#', '', $redirect['query'] ); // Tack on any additional query vars. if ( $redirect_url && ! empty( $redirect['query'] ) ) { parse_str( $redirect['query'], $_parsed_query ); $redirect = parse_url( $redirect_url ); if ( ! empty( $_parsed_query['name'] ) && ! empty( $redirect['query'] ) ) { parse_str( $redirect['query'], $_parsed_redirect_query ); if ( empty( $_parsed_redirect_query['name'] ) ) { unset( $_parsed_query['name'] ); } } $_parsed_query = array_combine( rawurlencode_deep( array_keys( $_parsed_query ) ), rawurlencode_deep( array_values( $_parsed_query ) ) ); $redirect_url = add_query_arg( $_parsed_query, $redirect_url ); } if ( $redirect_url ) { $redirect = parse_url( $redirect_url ); } // www.example.com vs. example.com $user_home = parse_url( home_url() ); if ( ! empty( $user_home['host'] ) ) { $redirect['host'] = $user_home['host']; } if ( empty( $user_home['path'] ) ) { $user_home['path'] = '/'; } // Handle ports. if ( ! empty( $user_home['port'] ) ) { $redirect['port'] = $user_home['port']; } else { unset( $redirect['port'] ); } // Trailing /index.php. $redirect['path'] = preg_replace( '|/' . preg_quote( $wp_rewrite->index, '|' ) . '/*?$|', '/', $redirect['path'] ); $punctuation_pattern = implode( '|', array_map( 'preg_quote', array( ' ', '%20', // Space. '!', '%21', // Exclamation mark. '"', '%22', // Double quote. "'", '%27', // Single quote. '(', '%28', // Opening bracket. ')', '%29', // Closing bracket. ',', '%2C', // Comma. '.', '%2E', // Period. ';', '%3B', // Semicolon. '{', '%7B', // Opening curly bracket. '}', '%7D', // Closing curly bracket. '%E2%80%9C', // Opening curly quote. '%E2%80%9D', // Closing curly quote. ) ) ); // Remove trailing spaces and end punctuation from the path. $redirect['path'] = preg_replace( "#($punctuation_pattern)+$#", '', $redirect['path'] ); if ( ! empty( $redirect['query'] ) ) { // Remove trailing spaces and end punctuation from certain terminating query string args. $redirect['query'] = preg_replace( "#((^|&)(p|page_id|cat|tag)=[^&]*?)($punctuation_pattern)+$#", '$1', $redirect['query'] ); // Clean up empty query strings. $redirect['query'] = trim( preg_replace( '#(^|&)(p|page_id|cat|tag)=?(&|$)#', '&', $redirect['query'] ), '&' ); // Redirect obsolete feeds. $redirect['query'] = preg_replace( '#(^|&)feed=rss(&|$)#', '$1feed=rss2$2', $redirect['query'] ); // Remove redundant leading ampersands. $redirect['query'] = preg_replace( '#^\??&*?#', '', $redirect['query'] ); } // Strip /index.php/ when we're not using PATHINFO permalinks. if ( ! $wp_rewrite->using_index_permalinks() ) { $redirect['path'] = str_replace( '/' . $wp_rewrite->index . '/', '/', $redirect['path'] ); } // Trailing slashes. if ( is_object( $wp_rewrite ) && $wp_rewrite->using_permalinks() && ! $is_attachment_redirect && ! is_404() && ( ! is_front_page() || is_front_page() && get_query_var( 'paged' ) > 1 ) ) { $user_ts_type = ''; if ( get_query_var( 'paged' ) > 0 ) { $user_ts_type = 'paged'; } else { foreach ( array( 'single', 'category', 'page', 'day', 'month', 'year', 'home' ) as $type ) { $func = 'is_' . $type; if ( call_user_func( $func ) ) { $user_ts_type = $type; break; } } } $redirect['path'] = user_trailingslashit( $redirect['path'], $user_ts_type ); } elseif ( is_front_page() ) { $redirect['path'] = trailingslashit( $redirect['path'] ); } // Remove trailing slash for robots.txt or sitemap requests. if ( is_robots() || ! empty( get_query_var( 'sitemap' ) ) || ! empty( get_query_var( 'sitemap-stylesheet' ) ) ) { $redirect['path'] = untrailingslashit( $redirect['path'] ); } // Strip multiple slashes out of the URL. if ( str_contains( $redirect['path'], '//' ) ) { $redirect['path'] = preg_replace( '|/+|', '/', $redirect['path'] ); } // Always trailing slash the Front Page URL. if ( trailingslashit( $redirect['path'] ) === trailingslashit( $user_home['path'] ) ) { $redirect['path'] = trailingslashit( $redirect['path'] ); } $original_host_low = strtolower( $original['host'] ); $redirect_host_low = strtolower( $redirect['host'] ); /* * Ignore differences in host capitalization, as this can lead to infinite redirects. * Only redirect no-www <=> yes-www. */ if ( $original_host_low === $redirect_host_low || ( 'www.' . $original_host_low !== $redirect_host_low && 'www.' . $redirect_host_low !== $original_host_low ) ) { $redirect['host'] = $original['host']; } $compare_original = array( $original['host'], $original['path'] ); if ( ! empty( $original['port'] ) ) { $compare_original[] = $original['port']; } if ( ! empty( $original['query'] ) ) { $compare_original[] = $original['query']; } $compare_redirect = array( $redirect['host'], $redirect['path'] ); if ( ! empty( $redirect['port'] ) ) { $compare_redirect[] = $redirect['port']; } if ( ! empty( $redirect['query'] ) ) { $compare_redirect[] = $redirect['query']; } if ( $compare_original !== $compare_redirect ) { $redirect_url = $redirect['scheme'] . '://' . $redirect['host']; if ( ! empty( $redirect['port'] ) ) { $redirect_url .= ':' . $redirect['port']; } $redirect_url .= $redirect['path']; if ( ! empty( $redirect['query'] ) ) { $redirect_url .= '?' . $redirect['query']; } } if ( ! $redirect_url || $redirect_url === $requested_url ) { return; } // Hex-encoded octets are case-insensitive. if ( str_contains( $requested_url, '%' ) ) { if ( ! function_exists( 'lowercase_octets' ) ) { /** * Converts the first hex-encoded octet match to lowercase. * * @since 3.1.0 * @ignore * * @param array $matches Hex-encoded octet matches for the requested URL. * @return string Lowercased version of the first match. */ function lowercase_octets( $matches ) { return strtolower( $matches[0] ); } } $requested_url = preg_replace_callback( '|%[a-fA-F0-9][a-fA-F0-9]|', 'lowercase_octets', $requested_url ); } if ( $redirect_obj instanceof WP_Post ) { $post_status_obj = get_post_status_object( get_post_status( $redirect_obj ) ); /* * Unset the redirect object and URL if they are not readable by the user. * This condition is a little confusing as the condition needs to pass if * the post is not readable by the user. That's why there are ! (not) conditions * throughout. */ if ( // Private post statuses only redirect if the user can read them. ! ( $post_status_obj->private && current_user_can( 'read_post', $redirect_obj->ID ) ) && // For other posts, only redirect if publicly viewable. ! is_post_publicly_viewable( $redirect_obj ) ) { $redirect_obj = false; $redirect_url = false; } } /** * Filters the canonical redirect URL. * * Returning false to this filter will cancel the redirect. * * @since 2.3.0 * * @param string $redirect_url The redirect URL. * @param string $requested_url The requested URL. */ $redirect_url = apply_filters( 'redirect_canonical', $redirect_url, $requested_url ); // Yes, again -- in case the filter aborted the request. if ( ! $redirect_url || strip_fragment_from_url( $redirect_url ) === strip_fragment_from_url( $requested_url ) ) { return; } if ( $do_redirect ) { // Protect against chained redirects. if ( ! redirect_canonical( $redirect_url, false ) ) { wp_redirect( $redirect_url, 301 ); exit; } else { // Debug. // die("1: $redirect_url
2: " . redirect_canonical( $redirect_url, false ) ); return; } } else { return $redirect_url; } } /** * Removes arguments from a query string if they are not present in a URL * DO NOT use this in plugin code. * * @since 3.4.0 * @access private * * @param string $query_string * @param array $args_to_check * @param string $url * @return string The altered query string */ function _remove_qs_args_if_not_in_url( $query_string, array $args_to_check, $url ) { $parsed_url = parse_url( $url ); if ( ! empty( $parsed_url['query'] ) ) { parse_str( $parsed_url['query'], $parsed_query ); foreach ( $args_to_check as $qv ) { if ( ! isset( $parsed_query[ $qv ] ) ) { $query_string = remove_query_arg( $qv, $query_string ); } } } else { $query_string = remove_query_arg( $args_to_check, $query_string ); } return $query_string; } /** * Strips the #fragment from a URL, if one is present. * * @since 4.4.0 * * @param string $url The URL to strip. * @return string The altered URL. */ function strip_fragment_from_url( $url ) { $parsed_url = wp_parse_url( $url ); if ( ! empty( $parsed_url['host'] ) ) { $url = ''; if ( ! empty( $parsed_url['scheme'] ) ) { $url = $parsed_url['scheme'] . ':'; } $url .= '//' . $parsed_url['host']; if ( ! empty( $parsed_url['port'] ) ) { $url .= ':' . $parsed_url['port']; } if ( ! empty( $parsed_url['path'] ) ) { $url .= $parsed_url['path']; } if ( ! empty( $parsed_url['query'] ) ) { $url .= '?' . $parsed_url['query']; } } return $url; } /** * Attempts to guess the correct URL for a 404 request based on query vars. * * @since 2.3.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @return string|false The correct URL if one is found. False on failure. */ function redirect_guess_404_permalink() { global $wpdb; /** * Filters whether to attempt to guess a redirect URL for a 404 request. * * Returning a false value from the filter will disable the URL guessing * and return early without performing a redirect. * * @since 5.5.0 * * @param bool $do_redirect_guess Whether to attempt to guess a redirect URL * for a 404 request. Default true. */ if ( false === apply_filters( 'do_redirect_guess_404_permalink', true ) ) { return false; } /** * Short-circuits the redirect URL guessing for 404 requests. * * Returning a non-null value from the filter will effectively short-circuit * the URL guessing, returning the passed value instead. * * @since 5.5.0 * * @param null|string|false $pre Whether to short-circuit guessing the redirect for a 404. * Default null to continue with the URL guessing. */ $pre = apply_filters( 'pre_redirect_guess_404_permalink', null ); if ( null !== $pre ) { return $pre; } if ( get_query_var( 'name' ) ) { $publicly_viewable_statuses = array_filter( get_post_stati(), 'is_post_status_viewable' ); $publicly_viewable_post_types = array_filter( get_post_types( array( 'exclude_from_search' => false ) ), 'is_post_type_viewable' ); /** * Filters whether to perform a strict guess for a 404 redirect. * * Returning a truthy value from the filter will redirect only exact post_name matches. * * @since 5.5.0 * * @param bool $strict_guess Whether to perform a strict guess. Default false (loose guess). */ $strict_guess = apply_filters( 'strict_redirect_guess_404_permalink', false ); if ( $strict_guess ) { $where = $wpdb->prepare( 'post_name = %s', get_query_var( 'name' ) ); } else { $where = $wpdb->prepare( 'post_name LIKE %s', $wpdb->esc_like( get_query_var( 'name' ) ) . '%' ); } // If any of post_type, year, monthnum, or day are set, use them to refine the query. if ( get_query_var( 'post_type' ) ) { if ( is_array( get_query_var( 'post_type' ) ) ) { $post_types = array_intersect( get_query_var( 'post_type' ), $publicly_viewable_post_types ); if ( empty( $post_types ) ) { return false; } $where .= " AND post_type IN ('" . join( "', '", esc_sql( get_query_var( 'post_type' ) ) ) . "')"; } else { if ( ! in_array( get_query_var( 'post_type' ), $publicly_viewable_post_types, true ) ) { return false; } $where .= $wpdb->prepare( ' AND post_type = %s', get_query_var( 'post_type' ) ); } } else { $where .= " AND post_type IN ('" . implode( "', '", esc_sql( $publicly_viewable_post_types ) ) . "')"; } if ( get_query_var( 'year' ) ) { $where .= $wpdb->prepare( ' AND YEAR(post_date) = %d', get_query_var( 'year' ) ); } if ( get_query_var( 'monthnum' ) ) { $where .= $wpdb->prepare( ' AND MONTH(post_date) = %d', get_query_var( 'monthnum' ) ); } if ( get_query_var( 'day' ) ) { $where .= $wpdb->prepare( ' AND DAYOFMONTH(post_date) = %d', get_query_var( 'day' ) ); } // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared $post_id = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE $where AND post_status IN ('" . implode( "', '", esc_sql( $publicly_viewable_statuses ) ) . "')" ); if ( ! $post_id ) { return false; } if ( get_query_var( 'feed' ) ) { return get_post_comments_feed_link( $post_id, get_query_var( 'feed' ) ); } elseif ( get_query_var( 'page' ) > 1 ) { return trailingslashit( get_permalink( $post_id ) ) . user_trailingslashit( get_query_var( 'page' ), 'single_paged' ); } else { return get_permalink( $post_id ); } } return false; } /** * Redirects a variety of shorthand URLs to the admin. * * If a user visits example.com/admin, they'll be redirected to /wp-admin. * Visiting /login redirects to /wp-login.php, and so on. * * @since 3.4.0 * * @global WP_Rewrite $wp_rewrite WordPress rewrite component. */ function wp_redirect_admin_locations() { global $wp_rewrite; if ( ! ( is_404() && $wp_rewrite->using_permalinks() ) ) { return; } $admins = array( home_url( 'wp-admin', 'relative' ), home_url( 'dashboard', 'relative' ), home_url( 'admin', 'relative' ), site_url( 'dashboard', 'relative' ), site_url( 'admin', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $admins, true ) ) { wp_redirect( admin_url() ); exit; } $logins = array( home_url( 'wp-login.php', 'relative' ), home_url( 'login.php', 'relative' ), home_url( 'login', 'relative' ), site_url( 'login', 'relative' ), ); if ( in_array( untrailingslashit( $_SERVER['REQUEST_URI'] ), $logins, true ) ) { wp_redirect( wp_login_url() ); exit; } } /** * REST API: WP_REST_Posts_Controller class * * @package WordPress * @subpackage REST_API * @since 4.7.0 */ /** * Core class to access posts via the REST API. * * @since 4.7.0 * * @see WP_REST_Controller */ class WP_REST_Posts_Controller extends WP_REST_Controller { /** * Post type. * * @since 4.7.0 * @var string */ protected $post_type; /** * Instance of a post meta fields object. * * @since 4.7.0 * @var WP_REST_Post_Meta_Fields */ protected $meta; /** * Passwordless post access permitted. * * @since 5.7.1 * @var int[] */ protected $password_check_passed = array(); /** * Whether the controller supports batching. * * @since 5.9.0 * @var array */ protected $allow_batch = array( 'v1' => true ); /** * Constructor. * * @since 4.7.0 * * @param string $post_type Post type. */ public function __construct( $post_type ) { $this->post_type = $post_type; $obj = get_post_type_object( $post_type ); $this->rest_base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name; $this->namespace = ! empty( $obj->rest_namespace ) ? $obj->rest_namespace : 'wp/v2'; $this->meta = new WP_REST_Post_Meta_Fields( $this->post_type ); } /** * Registers the routes for posts. * * @since 4.7.0 * * @see register_rest_route() */ public function register_routes() { register_rest_route( $this->namespace, '/' . $this->rest_base, array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_items' ), 'permission_callback' => array( $this, 'get_items_permissions_check' ), 'args' => $this->get_collection_params(), ), array( 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( $this, 'create_item' ), 'permission_callback' => array( $this, 'create_item_permissions_check' ), 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), ), 'allow_batch' => $this->allow_batch, 'schema' => array( $this, 'get_public_item_schema' ), ) ); $schema = $this->get_item_schema(); $get_item_args = array( 'context' => $this->get_context_param( array( 'default' => 'view' ) ), ); if ( isset( $schema['properties']['excerpt'] ) ) { $get_item_args['excerpt_length'] = array( 'description' => __( 'Override the default excerpt length.' ), 'type' => 'integer', ); } if ( isset( $schema['properties']['password'] ) ) { $get_item_args['password'] = array( 'description' => __( 'The password for the post if it is password protected.' ), 'type' => 'string', ); } register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P[\d]+)', array( 'args' => array( 'id' => array( 'description' => __( 'Unique identifier for the post.' ), 'type' => 'integer', ), ), array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => array( $this, 'get_item_permissions_check' ), 'args' => $get_item_args, ), array( 'methods' => WP_REST_Server::EDITABLE, 'callback' => array( $this, 'update_item' ), 'permission_callback' => array( $this, 'update_item_permissions_check' ), 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), ), array( 'methods' => WP_REST_Server::DELETABLE, 'callback' => array( $this, 'delete_item' ), 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 'args' => array( 'force' => array( 'type' => 'boolean', 'default' => false, 'description' => __( 'Whether to bypass Trash and force deletion.' ), ), ), ), 'allow_batch' => $this->allow_batch, 'schema' => array( $this, 'get_public_item_schema' ), ) ); } /** * Checks if a given request has access to read posts. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_items_permissions_check( $request ) { $post_type = get_post_type_object( $this->post_type ); if ( 'edit' === $request['context'] && ! current_user_can( $post_type->cap->edit_posts ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Overrides the result of the post password check for REST requested posts. * * Allow users to read the content of password protected posts if they have * previously passed a permission check or if they have the `edit_post` capability * for the post being checked. * * @since 5.7.1 * * @param bool $required Whether the post requires a password check. * @param WP_Post $post The post been password checked. * @return bool Result of password check taking into account REST API considerations. */ public function check_password_required( $required, $post ) { if ( ! $required ) { return $required; } $post = get_post( $post ); if ( ! $post ) { return $required; } if ( ! empty( $this->password_check_passed[ $post->ID ] ) ) { // Password previously checked and approved. return false; } return ! current_user_can( 'edit_post', $post->ID ); } /** * Retrieves a collection of posts. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_items( $request ) { // Ensure a search string is set in case the orderby is set to 'relevance'. if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) { return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) ); } // Ensure an include parameter is set in case the orderby is set to 'include'. if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) { return new WP_Error( 'rest_orderby_include_missing_include', __( 'You need to define an include parameter to order by include.' ), array( 'status' => 400 ) ); } // Retrieve the list of registered collection query parameters. $registered = $this->get_collection_params(); $args = array(); /* * This array defines mappings between public API query parameters whose * values are accepted as-passed, and their internal WP_Query parameter * name equivalents (some are the same). Only values which are also * present in $registered will be set. */ $parameter_mappings = array( 'author' => 'author__in', 'author_exclude' => 'author__not_in', 'exclude' => 'post__not_in', 'include' => 'post__in', 'menu_order' => 'menu_order', 'offset' => 'offset', 'order' => 'order', 'orderby' => 'orderby', 'page' => 'paged', 'parent' => 'post_parent__in', 'parent_exclude' => 'post_parent__not_in', 'search' => 's', 'search_columns' => 'search_columns', 'slug' => 'post_name__in', 'status' => 'post_status', ); /* * For each known parameter which is both registered and present in the request, * set the parameter's value on the query $args. */ foreach ( $parameter_mappings as $api_param => $wp_param ) { if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { $args[ $wp_param ] = $request[ $api_param ]; } } // Check for & assign any parameters which require special handling or setting. $args['date_query'] = array(); if ( isset( $registered['before'], $request['before'] ) ) { $args['date_query'][] = array( 'before' => $request['before'], 'column' => 'post_date', ); } if ( isset( $registered['modified_before'], $request['modified_before'] ) ) { $args['date_query'][] = array( 'before' => $request['modified_before'], 'column' => 'post_modified', ); } if ( isset( $registered['after'], $request['after'] ) ) { $args['date_query'][] = array( 'after' => $request['after'], 'column' => 'post_date', ); } if ( isset( $registered['modified_after'], $request['modified_after'] ) ) { $args['date_query'][] = array( 'after' => $request['modified_after'], 'column' => 'post_modified', ); } // Ensure our per_page parameter overrides any provided posts_per_page filter. if ( isset( $registered['per_page'] ) ) { $args['posts_per_page'] = $request['per_page']; } if ( isset( $registered['sticky'], $request['sticky'] ) ) { $sticky_posts = get_option( 'sticky_posts', array() ); if ( ! is_array( $sticky_posts ) ) { $sticky_posts = array(); } if ( $request['sticky'] ) { /* * As post__in will be used to only get sticky posts, * we have to support the case where post__in was already * specified. */ $args['post__in'] = $args['post__in'] ? array_intersect( $sticky_posts, $args['post__in'] ) : $sticky_posts; /* * If we intersected, but there are no post IDs in common, * WP_Query won't return "no posts" for post__in = array() * so we have to fake it a bit. */ if ( ! $args['post__in'] ) { $args['post__in'] = array( 0 ); } } elseif ( $sticky_posts ) { /* * As post___not_in will be used to only get posts that * are not sticky, we have to support the case where post__not_in * was already specified. */ $args['post__not_in'] = array_merge( $args['post__not_in'], $sticky_posts ); } } if ( isset( $registered['search_semantics'], $request['search_semantics'] ) && 'exact' === $request['search_semantics'] ) { $args['exact'] = true; } $args = $this->prepare_tax_query( $args, $request ); if ( isset( $registered['format'], $request['format'] ) ) { $formats = $request['format']; /* * The relation needs to be set to `OR` since the request can contain * two separate conditions. The user may be querying for items that have * either the `standard` format or a specific format. */ $formats_query = array( 'relation' => 'OR' ); /* * The default post format, `standard`, is not stored in the database. * If `standard` is part of the request, the query needs to exclude all post items that * have a format assigned. */ if ( in_array( 'standard', $formats, true ) ) { $formats_query[] = array( 'taxonomy' => 'post_format', 'field' => 'slug', 'operator' => 'NOT EXISTS', ); // Remove the `standard` format, since it cannot be queried. unset( $formats[ array_search( 'standard', $formats, true ) ] ); } // Add any remaining formats to the formats query. if ( ! empty( $formats ) ) { // Add the `post-format-` prefix. $terms = array_map( static function ( $format ) { return "post-format-$format"; }, $formats ); $formats_query[] = array( 'taxonomy' => 'post_format', 'field' => 'slug', 'terms' => $terms, 'operator' => 'IN', ); } // Enable filtering by both post formats and other taxonomies by combining them with `AND`. if ( isset( $args['tax_query'] ) ) { $args['tax_query'][] = array( 'relation' => 'AND', $formats_query, ); } else { $args['tax_query'] = $formats_query; } } // Force the post_type argument, since it's not a user input variable. $args['post_type'] = $this->post_type; /** * Filters WP_Query arguments when querying posts via the REST API. * * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_post_query` * - `rest_page_query` * - `rest_attachment_query` * * Enables adding extra arguments or setting defaults for a post collection request. * * @since 4.7.0 * @since 5.7.0 Moved after the `tax_query` query arg is generated. * * @link https://developer.wordpress.org/reference/classes/wp_query/ * * @param array $args Array of arguments for WP_Query. * @param WP_REST_Request $request The REST API request. */ $args = apply_filters( "rest_{$this->post_type}_query", $args, $request ); $query_args = $this->prepare_items_query( $args, $request ); $posts_query = new WP_Query(); $query_result = $posts_query->query( $query_args ); // Allow access to all password protected posts if the context is edit. if ( 'edit' === $request['context'] ) { add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 ); } $posts = array(); update_post_author_caches( $query_result ); update_post_parent_caches( $query_result ); if ( post_type_supports( $this->post_type, 'thumbnail' ) ) { update_post_thumbnail_cache( $posts_query ); } foreach ( $query_result as $post ) { if ( ! $this->check_read_permission( $post ) ) { continue; } $data = $this->prepare_item_for_response( $post, $request ); $posts[] = $this->prepare_response_for_collection( $data ); } // Reset filter. if ( 'edit' === $request['context'] ) { remove_filter( 'post_password_required', array( $this, 'check_password_required' ) ); } $page = (int) $query_args['paged']; $total_posts = $posts_query->found_posts; if ( $total_posts < 1 && $page > 1 ) { // Out-of-bounds, run the query again without LIMIT for total count. unset( $query_args['paged'] ); $count_query = new WP_Query(); $count_query->query( $query_args ); $total_posts = $count_query->found_posts; } $max_pages = (int) ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] ); if ( $page > $max_pages && $total_posts > 0 ) { return new WP_Error( 'rest_post_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) ); } $response = rest_ensure_response( $posts ); $response->header( 'X-WP-Total', (int) $total_posts ); $response->header( 'X-WP-TotalPages', (int) $max_pages ); $request_params = $request->get_query_params(); $collection_url = rest_url( rest_get_route_for_post_type_items( $this->post_type ) ); $base = add_query_arg( urlencode_deep( $request_params ), $collection_url ); if ( $page > 1 ) { $prev_page = $page - 1; if ( $prev_page > $max_pages ) { $prev_page = $max_pages; } $prev_link = add_query_arg( 'page', $prev_page, $base ); $response->link_header( 'prev', $prev_link ); } if ( $max_pages > $page ) { $next_page = $page + 1; $next_link = add_query_arg( 'page', $next_page, $base ); $response->link_header( 'next', $next_link ); } return $response; } /** * Gets the post, if the ID is valid. * * @since 4.7.2 * * @param int $id Supplied ID. * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. */ protected function get_post( $id ) { $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); if ( (int) $id <= 0 ) { return $error; } $post = get_post( (int) $id ); if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { return $error; } return $post; } /** * Checks if a given request has access to read a post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return bool|WP_Error True if the request has read access for the item, WP_Error object or false otherwise. */ public function get_item_permissions_check( $request ) { $post = $this->get_post( $request['id'] ); if ( is_wp_error( $post ) ) { return $post; } if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( $post && ! empty( $request->get_query_params()['password'] ) ) { // Check post password, and return error if invalid. if ( ! hash_equals( $post->post_password, $request->get_query_params()['password'] ) ) { return new WP_Error( 'rest_post_incorrect_password', __( 'Incorrect post password.' ), array( 'status' => 403 ) ); } } // Allow access to all password protected posts if the context is edit. if ( 'edit' === $request['context'] ) { add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 ); } if ( $post ) { return $this->check_read_permission( $post ); } return true; } /** * Checks if the user can access password-protected content. * * This method determines whether we need to override the regular password * check in core with a filter. * * @since 4.7.0 * * @param WP_Post $post Post to check against. * @param WP_REST_Request $request Request data to check. * @return bool True if the user can access password-protected content, otherwise false. */ public function can_access_password_content( $post, $request ) { if ( empty( $post->post_password ) ) { // No filter required. return false; } /* * Users always gets access to password protected content in the edit * context if they have the `edit_post` meta capability. */ if ( 'edit' === $request['context'] && current_user_can( 'edit_post', $post->ID ) ) { return true; } // No password, no auth. if ( empty( $request['password'] ) ) { return false; } // Double-check the request password. return hash_equals( $post->post_password, $request['password'] ); } /** * Retrieves a single post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_item( $request ) { $post = $this->get_post( $request['id'] ); if ( is_wp_error( $post ) ) { return $post; } $data = $this->prepare_item_for_response( $post, $request ); $response = rest_ensure_response( $data ); if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) { $response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) ); } return $response; } /** * Checks if a given request has access to create a post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. */ public function create_item_permissions_check( $request ) { if ( ! empty( $request['id'] ) ) { return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); } $post_type = get_post_type_object( $this->post_type ); if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) { return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! current_user_can( $post_type->cap->create_posts ) ) { return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! $this->check_assign_terms_permission( $request ) ) { return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Creates a single post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function create_item( $request ) { if ( ! empty( $request['id'] ) ) { return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); } $prepared_post = $this->prepare_item_for_database( $request ); if ( is_wp_error( $prepared_post ) ) { return $prepared_post; } $prepared_post->post_type = $this->post_type; if ( ! empty( $prepared_post->post_name ) && ! empty( $prepared_post->post_status ) && in_array( $prepared_post->post_status, array( 'draft', 'pending' ), true ) ) { /* * `wp_unique_post_slug()` returns the same slug for 'draft' or 'pending' posts. * * To ensure that a unique slug is generated, pass the post data with the 'publish' status. */ $prepared_post->post_name = wp_unique_post_slug( $prepared_post->post_name, $prepared_post->id, 'publish', $prepared_post->post_type, $prepared_post->post_parent ); } $post_id = wp_insert_post( wp_slash( (array) $prepared_post ), true, false ); if ( is_wp_error( $post_id ) ) { if ( 'db_insert_error' === $post_id->get_error_code() ) { $post_id->add_data( array( 'status' => 500 ) ); } else { $post_id->add_data( array( 'status' => 400 ) ); } return $post_id; } $post = get_post( $post_id ); /** * Fires after a single post is created or updated via the REST API. * * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_insert_post` * - `rest_insert_page` * - `rest_insert_attachment` * * @since 4.7.0 * * @param WP_Post $post Inserted or updated post object. * @param WP_REST_Request $request Request object. * @param bool $creating True when creating a post, false when updating. */ do_action( "rest_insert_{$this->post_type}", $post, $request, true ); $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['sticky'] ) ) { if ( ! empty( $request['sticky'] ) ) { stick_post( $post_id ); } else { unstick_post( $post_id ); } } if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) { $this->handle_featured_media( $request['featured_media'], $post_id ); } if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) { set_post_format( $post, $request['format'] ); } if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) { $this->handle_template( $request['template'], $post_id, true ); } $terms_update = $this->handle_terms( $post_id, $request ); if ( is_wp_error( $terms_update ) ) { return $terms_update; } if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], $post_id ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $post = get_post( $post_id ); $fields_update = $this->update_additional_fields_for_object( $post, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $request->set_param( 'context', 'edit' ); /** * Fires after a single post is completely created or updated via the REST API. * * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_after_insert_post` * - `rest_after_insert_page` * - `rest_after_insert_attachment` * * @since 5.0.0 * * @param WP_Post $post Inserted or updated post object. * @param WP_REST_Request $request Request object. * @param bool $creating True when creating a post, false when updating. */ do_action( "rest_after_insert_{$this->post_type}", $post, $request, true ); wp_after_insert_post( $post, false, null ); $response = $this->prepare_item_for_response( $post, $request ); $response = rest_ensure_response( $response ); $response->set_status( 201 ); $response->header( 'Location', rest_url( rest_get_route_for_post( $post ) ) ); return $response; } /** * Checks if a given request has access to update a post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. */ public function update_item_permissions_check( $request ) { $post = $this->get_post( $request['id'] ); if ( is_wp_error( $post ) ) { return $post; } $post_type = get_post_type_object( $this->post_type ); if ( $post && ! $this->check_update_permission( $post ) ) { return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to update posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) { return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! $this->check_assign_terms_permission( $request ) ) { return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Updates a single post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function update_item( $request ) { $valid_check = $this->get_post( $request['id'] ); if ( is_wp_error( $valid_check ) ) { return $valid_check; } $post_before = get_post( $request['id'] ); $post = $this->prepare_item_for_database( $request ); if ( is_wp_error( $post ) ) { return $post; } if ( ! empty( $post->post_status ) ) { $post_status = $post->post_status; } else { $post_status = $post_before->post_status; } /* * `wp_unique_post_slug()` returns the same slug for 'draft' or 'pending' posts. * * To ensure that a unique slug is generated, pass the post data with the 'publish' status. */ if ( ! empty( $post->post_name ) && in_array( $post_status, array( 'draft', 'pending' ), true ) ) { $post_parent = ! empty( $post->post_parent ) ? $post->post_parent : 0; $post->post_name = wp_unique_post_slug( $post->post_name, $post->ID, 'publish', $post->post_type, $post_parent ); } // Convert the post object to an array, otherwise wp_update_post() will expect non-escaped input. $post_id = wp_update_post( wp_slash( (array) $post ), true, false ); if ( is_wp_error( $post_id ) ) { if ( 'db_update_error' === $post_id->get_error_code() ) { $post_id->add_data( array( 'status' => 500 ) ); } else { $post_id->add_data( array( 'status' => 400 ) ); } return $post_id; } $post = get_post( $post_id ); /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */ do_action( "rest_insert_{$this->post_type}", $post, $request, false ); $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) { set_post_format( $post, $request['format'] ); } if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) { $this->handle_featured_media( $request['featured_media'], $post_id ); } if ( ! empty( $schema['properties']['sticky'] ) && isset( $request['sticky'] ) ) { if ( ! empty( $request['sticky'] ) ) { stick_post( $post_id ); } else { unstick_post( $post_id ); } } if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) { $this->handle_template( $request['template'], $post->ID ); } $terms_update = $this->handle_terms( $post->ID, $request ); if ( is_wp_error( $terms_update ) ) { return $terms_update; } if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], $post->ID ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $post = get_post( $post_id ); $fields_update = $this->update_additional_fields_for_object( $post, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $request->set_param( 'context', 'edit' ); // Filter is fired in WP_REST_Attachments_Controller subclass. if ( 'attachment' === $this->post_type ) { $response = $this->prepare_item_for_response( $post, $request ); return rest_ensure_response( $response ); } /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */ do_action( "rest_after_insert_{$this->post_type}", $post, $request, false ); wp_after_insert_post( $post, true, $post_before ); $response = $this->prepare_item_for_response( $post, $request ); return rest_ensure_response( $response ); } /** * Checks if a given request has access to delete a post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. */ public function delete_item_permissions_check( $request ) { $post = $this->get_post( $request['id'] ); if ( is_wp_error( $post ) ) { return $post; } if ( $post && ! $this->check_delete_permission( $post ) ) { return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Deletes a single post. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function delete_item( $request ) { $post = $this->get_post( $request['id'] ); if ( is_wp_error( $post ) ) { return $post; } $id = $post->ID; $force = (bool) $request['force']; $supports_trash = ( EMPTY_TRASH_DAYS > 0 ); if ( 'attachment' === $post->post_type ) { $supports_trash = $supports_trash && MEDIA_TRASH; } /** * Filters whether a post is trashable. * * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_post_trashable` * - `rest_page_trashable` * - `rest_attachment_trashable` * * Pass false to disable Trash support for the post. * * @since 4.7.0 * * @param bool $supports_trash Whether the post type support trashing. * @param WP_Post $post The Post object being considered for trashing support. */ $supports_trash = apply_filters( "rest_{$this->post_type}_trashable", $supports_trash, $post ); if ( ! $this->check_delete_permission( $post ) ) { return new WP_Error( 'rest_user_cannot_delete_post', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) ); } $request->set_param( 'context', 'edit' ); // If we're forcing, then delete permanently. if ( $force ) { $previous = $this->prepare_item_for_response( $post, $request ); $result = wp_delete_post( $id, true ); $response = new WP_REST_Response(); $response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data(), ) ); } else { // If we don't support trashing for this type, error out. if ( ! $supports_trash ) { return new WP_Error( 'rest_trash_not_supported', /* translators: %s: force=true */ sprintf( __( "The post does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); } // Otherwise, only trash if we haven't already. if ( 'trash' === $post->post_status ) { return new WP_Error( 'rest_already_trashed', __( 'The post has already been deleted.' ), array( 'status' => 410 ) ); } /* * (Note that internally this falls through to `wp_delete_post()` * if the Trash is disabled.) */ $result = wp_trash_post( $id ); $post = get_post( $id ); $response = $this->prepare_item_for_response( $post, $request ); } if ( ! $result ) { return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) ); } /** * Fires immediately after a single post is deleted or trashed via the REST API. * * They dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_delete_post` * - `rest_delete_page` * - `rest_delete_attachment` * * @since 4.7.0 * * @param WP_Post $post The deleted or trashed post. * @param WP_REST_Response $response The response data. * @param WP_REST_Request $request The request sent to the API. */ do_action( "rest_delete_{$this->post_type}", $post, $response, $request ); return $response; } /** * Determines the allowed query_vars for a get_items() response and prepares * them for WP_Query. * * @since 4.7.0 * * @param array $prepared_args Optional. Prepared WP_Query arguments. Default empty array. * @param WP_REST_Request $request Optional. Full details about the request. * @return array Items query arguments. */ protected function prepare_items_query( $prepared_args = array(), $request = null ) { $query_args = array(); foreach ( $prepared_args as $key => $value ) { /** * Filters the query_vars used in get_items() for the constructed query. * * The dynamic portion of the hook name, `$key`, refers to the query_var key. * * @since 4.7.0 * * @param string $value The query_var value. */ $query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores } if ( 'post' !== $this->post_type || ! isset( $query_args['ignore_sticky_posts'] ) ) { $query_args['ignore_sticky_posts'] = true; } // Map to proper WP_Query orderby param. if ( isset( $query_args['orderby'] ) && isset( $request['orderby'] ) ) { $orderby_mappings = array( 'id' => 'ID', 'include' => 'post__in', 'slug' => 'post_name', 'include_slugs' => 'post_name__in', ); if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) { $query_args['orderby'] = $orderby_mappings[ $request['orderby'] ]; } } return $query_args; } /** * Checks the post_date_gmt or modified_gmt and prepare any post or * modified date for single post output. * * @since 4.7.0 * * @param string $date_gmt GMT publication time. * @param string|null $date Optional. Local publication time. Default null. * @return string|null ISO8601/RFC3339 formatted datetime. */ protected function prepare_date_response( $date_gmt, $date = null ) { // Use the date if passed. if ( isset( $date ) ) { return mysql_to_rfc3339( $date ); } // Return null if $date_gmt is empty/zeros. if ( '0000-00-00 00:00:00' === $date_gmt ) { return null; } // Return the formatted datetime. return mysql_to_rfc3339( $date_gmt ); } /** * Prepares a single post for create or update. * * @since 4.7.0 * * @param WP_REST_Request $request Request object. * @return stdClass|WP_Error Post object or WP_Error. */ protected function prepare_item_for_database( $request ) { $prepared_post = new stdClass(); $current_status = ''; // Post ID. if ( isset( $request['id'] ) ) { $existing_post = $this->get_post( $request['id'] ); if ( is_wp_error( $existing_post ) ) { return $existing_post; } $prepared_post->ID = $existing_post->ID; $current_status = $existing_post->post_status; } $schema = $this->get_item_schema(); // Post title. if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { if ( is_string( $request['title'] ) ) { $prepared_post->post_title = $request['title']; } elseif ( ! empty( $request['title']['raw'] ) ) { $prepared_post->post_title = $request['title']['raw']; } } // Post content. if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { if ( is_string( $request['content'] ) ) { $prepared_post->post_content = $request['content']; } elseif ( isset( $request['content']['raw'] ) ) { $prepared_post->post_content = $request['content']['raw']; } } // Post excerpt. if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) { if ( is_string( $request['excerpt'] ) ) { $prepared_post->post_excerpt = $request['excerpt']; } elseif ( isset( $request['excerpt']['raw'] ) ) { $prepared_post->post_excerpt = $request['excerpt']['raw']; } } // Post type. if ( empty( $request['id'] ) ) { // Creating new post, use default type for the controller. $prepared_post->post_type = $this->post_type; } else { // Updating a post, use previous type. $prepared_post->post_type = get_post_type( $request['id'] ); } $post_type = get_post_type_object( $prepared_post->post_type ); // Post status. if ( ! empty( $schema['properties']['status'] ) && isset( $request['status'] ) && ( ! $current_status || $current_status !== $request['status'] ) ) { $status = $this->handle_status_param( $request['status'], $post_type ); if ( is_wp_error( $status ) ) { return $status; } $prepared_post->post_status = $status; } // Post date. if ( ! empty( $schema['properties']['date'] ) && ! empty( $request['date'] ) ) { $current_date = isset( $prepared_post->ID ) ? get_post( $prepared_post->ID )->post_date : false; $date_data = rest_get_date_with_gmt( $request['date'] ); if ( ! empty( $date_data ) && $current_date !== $date_data[0] ) { list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data; $prepared_post->edit_date = true; } } elseif ( ! empty( $schema['properties']['date_gmt'] ) && ! empty( $request['date_gmt'] ) ) { $current_date = isset( $prepared_post->ID ) ? get_post( $prepared_post->ID )->post_date_gmt : false; $date_data = rest_get_date_with_gmt( $request['date_gmt'], true ); if ( ! empty( $date_data ) && $current_date !== $date_data[1] ) { list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data; $prepared_post->edit_date = true; } } /* * Sending a null date or date_gmt value resets date and date_gmt to their * default values (`0000-00-00 00:00:00`). */ if ( ( ! empty( $schema['properties']['date_gmt'] ) && $request->has_param( 'date_gmt' ) && null === $request['date_gmt'] ) || ( ! empty( $schema['properties']['date'] ) && $request->has_param( 'date' ) && null === $request['date'] ) ) { $prepared_post->post_date_gmt = null; $prepared_post->post_date = null; } // Post slug. if ( ! empty( $schema['properties']['slug'] ) && isset( $request['slug'] ) ) { $prepared_post->post_name = $request['slug']; } // Author. if ( ! empty( $schema['properties']['author'] ) && ! empty( $request['author'] ) ) { $post_author = (int) $request['author']; if ( get_current_user_id() !== $post_author ) { $user_obj = get_userdata( $post_author ); if ( ! $user_obj ) { return new WP_Error( 'rest_invalid_author', __( 'Invalid author ID.' ), array( 'status' => 400 ) ); } } $prepared_post->post_author = $post_author; } // Post password. if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) ) { $prepared_post->post_password = $request['password']; if ( '' !== $request['password'] ) { if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) { return new WP_Error( 'rest_invalid_field', __( 'A post can not be sticky and have a password.' ), array( 'status' => 400 ) ); } if ( ! empty( $prepared_post->ID ) && is_sticky( $prepared_post->ID ) ) { return new WP_Error( 'rest_invalid_field', __( 'A sticky post can not be password protected.' ), array( 'status' => 400 ) ); } } } if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) { if ( ! empty( $prepared_post->ID ) && post_password_required( $prepared_post->ID ) ) { return new WP_Error( 'rest_invalid_field', __( 'A password protected post can not be set to sticky.' ), array( 'status' => 400 ) ); } } // Parent. if ( ! empty( $schema['properties']['parent'] ) && isset( $request['parent'] ) ) { if ( 0 === (int) $request['parent'] ) { $prepared_post->post_parent = 0; } else { $parent = get_post( (int) $request['parent'] ); if ( empty( $parent ) ) { return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post parent ID.' ), array( 'status' => 400 ) ); } $prepared_post->post_parent = (int) $parent->ID; } } // Menu order. if ( ! empty( $schema['properties']['menu_order'] ) && isset( $request['menu_order'] ) ) { $prepared_post->menu_order = (int) $request['menu_order']; } // Comment status. if ( ! empty( $schema['properties']['comment_status'] ) && ! empty( $request['comment_status'] ) ) { $prepared_post->comment_status = $request['comment_status']; } // Ping status. if ( ! empty( $schema['properties']['ping_status'] ) && ! empty( $request['ping_status'] ) ) { $prepared_post->ping_status = $request['ping_status']; } if ( ! empty( $schema['properties']['template'] ) ) { // Force template to null so that it can be handled exclusively by the REST controller. $prepared_post->page_template = null; } /** * Filters a post before it is inserted via the REST API. * * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_pre_insert_post` * - `rest_pre_insert_page` * - `rest_pre_insert_attachment` * * @since 4.7.0 * * @param stdClass $prepared_post An object representing a single post prepared * for inserting or updating the database. * @param WP_REST_Request $request Request object. */ return apply_filters( "rest_pre_insert_{$this->post_type}", $prepared_post, $request ); } /** * Checks whether the status is valid for the given post. * * Allows for sending an update request with the current status, even if that status would not be acceptable. * * @since 5.6.0 * * @param string $status The provided status. * @param WP_REST_Request $request The request object. * @param string $param The parameter name. * @return true|WP_Error True if the status is valid, or WP_Error if not. */ public function check_status( $status, $request, $param ) { if ( $request['id'] ) { $post = $this->get_post( $request['id'] ); if ( ! is_wp_error( $post ) && $post->post_status === $status ) { return true; } } $args = $request->get_attributes()['args'][ $param ]; return rest_validate_value_from_schema( $status, $args, $param ); } /** * Determines validity and normalizes the given status parameter. * * @since 4.7.0 * * @param string $post_status Post status. * @param WP_Post_Type $post_type Post type. * @return string|WP_Error Post status or WP_Error if lacking the proper permission. */ protected function handle_status_param( $post_status, $post_type ) { switch ( $post_status ) { case 'draft': case 'pending': break; case 'private': if ( ! current_user_can( $post_type->cap->publish_posts ) ) { return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to create private posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); } break; case 'publish': case 'future': if ( ! current_user_can( $post_type->cap->publish_posts ) ) { return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to publish posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); } break; default: if ( ! get_post_status_object( $post_status ) ) { $post_status = 'draft'; } break; } return $post_status; } /** * Determines the featured media based on a request param. * * @since 4.7.0 * * @param int $featured_media Featured Media ID. * @param int $post_id Post ID. * @return bool|WP_Error Whether the post thumbnail was successfully deleted, otherwise WP_Error. */ protected function handle_featured_media( $featured_media, $post_id ) { $featured_media = (int) $featured_media; if ( $featured_media ) { $result = set_post_thumbnail( $post_id, $featured_media ); if ( $result ) { return true; } else { return new WP_Error( 'rest_invalid_featured_media', __( 'Invalid featured media ID.' ), array( 'status' => 400 ) ); } } else { return delete_post_thumbnail( $post_id ); } } /** * Checks whether the template is valid for the given post. * * @since 4.9.0 * * @param string $template Page template filename. * @param WP_REST_Request $request Request. * @return true|WP_Error True if template is still valid or if the same as existing value, or a WP_Error if template not supported. */ public function check_template( $template, $request ) { if ( ! $template ) { return true; } if ( $request['id'] ) { $post = get_post( $request['id'] ); $current_template = get_page_template_slug( $request['id'] ); } else { $post = null; $current_template = ''; } // Always allow for updating a post to the same template, even if that template is no longer supported. if ( $template === $current_template ) { return true; } // If this is a create request, get_post() will return null and wp theme will fallback to the passed post type. $allowed_templates = wp_get_theme()->get_page_templates( $post, $this->post_type ); if ( isset( $allowed_templates[ $template ] ) ) { return true; } return new WP_Error( 'rest_invalid_param', /* translators: 1: Parameter, 2: List of valid values. */ sprintf( __( '%1$s is not one of %2$s.' ), 'template', implode( ', ', array_keys( $allowed_templates ) ) ) ); } /** * Sets the template for a post. * * @since 4.7.0 * @since 4.9.0 Added the `$validate` parameter. * * @param string $template Page template filename. * @param int $post_id Post ID. * @param bool $validate Whether to validate that the template selected is valid. */ public function handle_template( $template, $post_id, $validate = false ) { if ( $validate && ! array_key_exists( $template, wp_get_theme()->get_page_templates( get_post( $post_id ) ) ) ) { $template = ''; } update_post_meta( $post_id, '_wp_page_template', $template ); } /** * Updates the post's terms from a REST request. * * @since 4.7.0 * * @param int $post_id The post ID to update the terms form. * @param WP_REST_Request $request The request object with post and terms data. * @return null|WP_Error WP_Error on an error assigning any of the terms, otherwise null. */ protected function handle_terms( $post_id, $request ) { $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $taxonomy ) { $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; if ( ! isset( $request[ $base ] ) ) { continue; } $result = wp_set_object_terms( $post_id, $request[ $base ], $taxonomy->name ); if ( is_wp_error( $result ) ) { return $result; } } } /** * Checks whether current user can assign all terms sent with the current request. * * @since 4.7.0 * * @param WP_REST_Request $request The request object with post and terms data. * @return bool Whether the current user can assign the provided terms. */ protected function check_assign_terms_permission( $request ) { $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $taxonomy ) { $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; if ( ! isset( $request[ $base ] ) ) { continue; } foreach ( (array) $request[ $base ] as $term_id ) { // Invalid terms will be rejected later. if ( ! get_term( $term_id, $taxonomy->name ) ) { continue; } if ( ! current_user_can( 'assign_term', (int) $term_id ) ) { return false; } } } return true; } /** * Checks if a given post type can be viewed or managed. * * @since 4.7.0 * * @param WP_Post_Type|string $post_type Post type name or object. * @return bool Whether the post type is allowed in REST. */ protected function check_is_post_type_allowed( $post_type ) { if ( ! is_object( $post_type ) ) { $post_type = get_post_type_object( $post_type ); } if ( ! empty( $post_type ) && ! empty( $post_type->show_in_rest ) ) { return true; } return false; } /** * Checks if a post can be read. * * Correctly handles posts with the inherit status. * * @since 4.7.0 * * @param WP_Post $post Post object. * @return bool Whether the post can be read. */ public function check_read_permission( $post ) { $post_type = get_post_type_object( $post->post_type ); if ( ! $this->check_is_post_type_allowed( $post_type ) ) { return false; } // Is the post readable? if ( 'publish' === $post->post_status || current_user_can( 'read_post', $post->ID ) ) { return true; } $post_status_obj = get_post_status_object( $post->post_status ); if ( $post_status_obj && $post_status_obj->public ) { return true; } // Can we read the parent if we're inheriting? if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) { $parent = get_post( $post->post_parent ); if ( $parent ) { return $this->check_read_permission( $parent ); } } /* * If there isn't a parent, but the status is set to inherit, assume * it's published (as per get_post_status()). */ if ( 'inherit' === $post->post_status ) { return true; } return false; } /** * Checks if a post can be edited. * * @since 4.7.0 * * @param WP_Post $post Post object. * @return bool Whether the post can be edited. */ protected function check_update_permission( $post ) { $post_type = get_post_type_object( $post->post_type ); if ( ! $this->check_is_post_type_allowed( $post_type ) ) { return false; } return current_user_can( 'edit_post', $post->ID ); } /** * Checks if a post can be created. * * @since 4.7.0 * * @param WP_Post $post Post object. * @return bool Whether the post can be created. */ protected function check_create_permission( $post ) { $post_type = get_post_type_object( $post->post_type ); if ( ! $this->check_is_post_type_allowed( $post_type ) ) { return false; } return current_user_can( $post_type->cap->create_posts ); } /** * Checks if a post can be deleted. * * @since 4.7.0 * * @param WP_Post $post Post object. * @return bool Whether the post can be deleted. */ protected function check_delete_permission( $post ) { $post_type = get_post_type_object( $post->post_type ); if ( ! $this->check_is_post_type_allowed( $post_type ) ) { return false; } return current_user_can( 'delete_post', $post->ID ); } /** * Prepares a single post output for response. * * @since 4.7.0 * @since 5.9.0 Renamed `$post` to `$item` to match parent class for PHP 8 named parameter support. * * @global WP_Post $post Global post object. * * @param WP_Post $item Post object. * @param WP_REST_Request $request Request object. * @return WP_REST_Response Response object. */ public function prepare_item_for_response( $item, $request ) { // Restores the more descriptive, specific name for use within this method. $post = $item; $GLOBALS['post'] = $post; setup_postdata( $post ); $fields = $this->get_fields_for_response( $request ); // Base fields for every post. $data = array(); if ( rest_is_field_included( 'id', $fields ) ) { $data['id'] = $post->ID; } if ( rest_is_field_included( 'date', $fields ) ) { $data['date'] = $this->prepare_date_response( $post->post_date_gmt, $post->post_date ); } if ( rest_is_field_included( 'date_gmt', $fields ) ) { /* * For drafts, `post_date_gmt` may not be set, indicating that the date * of the draft should be updated each time it is saved (see #38883). * In this case, shim the value based on the `post_date` field * with the site's timezone offset applied. */ if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) { $post_date_gmt = get_gmt_from_date( $post->post_date ); } else { $post_date_gmt = $post->post_date_gmt; } $data['date_gmt'] = $this->prepare_date_response( $post_date_gmt ); } if ( rest_is_field_included( 'guid', $fields ) ) { $data['guid'] = array( /** This filter is documented in wp-includes/post-template.php */ 'rendered' => apply_filters( 'get_the_guid', $post->guid, $post->ID ), 'raw' => $post->guid, ); } if ( rest_is_field_included( 'modified', $fields ) ) { $data['modified'] = $this->prepare_date_response( $post->post_modified_gmt, $post->post_modified ); } if ( rest_is_field_included( 'modified_gmt', $fields ) ) { /* * For drafts, `post_modified_gmt` may not be set (see `post_date_gmt` comments * above). In this case, shim the value based on the `post_modified` field * with the site's timezone offset applied. */ if ( '0000-00-00 00:00:00' === $post->post_modified_gmt ) { $post_modified_gmt = gmdate( 'Y-m-d H:i:s', strtotime( $post->post_modified ) - (int) ( (float) get_option( 'gmt_offset' ) * HOUR_IN_SECONDS ) ); } else { $post_modified_gmt = $post->post_modified_gmt; } $data['modified_gmt'] = $this->prepare_date_response( $post_modified_gmt ); } if ( rest_is_field_included( 'password', $fields ) ) { $data['password'] = $post->post_password; } if ( rest_is_field_included( 'slug', $fields ) ) { $data['slug'] = $post->post_name; } if ( rest_is_field_included( 'status', $fields ) ) { $data['status'] = $post->post_status; } if ( rest_is_field_included( 'type', $fields ) ) { $data['type'] = $post->post_type; } if ( rest_is_field_included( 'link', $fields ) ) { $data['link'] = get_permalink( $post->ID ); } if ( rest_is_field_included( 'title', $fields ) ) { $data['title'] = array(); } if ( rest_is_field_included( 'title.raw', $fields ) ) { $data['title']['raw'] = $post->post_title; } if ( rest_is_field_included( 'title.rendered', $fields ) ) { add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); add_filter( 'private_title_format', array( $this, 'protected_title_format' ) ); $data['title']['rendered'] = get_the_title( $post->ID ); remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); remove_filter( 'private_title_format', array( $this, 'protected_title_format' ) ); } $has_password_filter = false; if ( $this->can_access_password_content( $post, $request ) ) { $this->password_check_passed[ $post->ID ] = true; // Allow access to the post, permissions already checked before. add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 ); $has_password_filter = true; } if ( rest_is_field_included( 'content', $fields ) ) { $data['content'] = array(); } if ( rest_is_field_included( 'content.raw', $fields ) ) { $data['content']['raw'] = $post->post_content; } if ( rest_is_field_included( 'content.rendered', $fields ) ) { /** This filter is documented in wp-includes/post-template.php */ $data['content']['rendered'] = post_password_required( $post ) ? '' : apply_filters( 'the_content', $post->post_content ); } if ( rest_is_field_included( 'content.protected', $fields ) ) { $data['content']['protected'] = (bool) $post->post_password; } if ( rest_is_field_included( 'content.block_version', $fields ) ) { $data['content']['block_version'] = block_version( $post->post_content ); } if ( rest_is_field_included( 'excerpt', $fields ) ) { if ( isset( $request['excerpt_length'] ) ) { $excerpt_length = $request['excerpt_length']; $override_excerpt_length = static function () use ( $excerpt_length ) { return $excerpt_length; }; add_filter( 'excerpt_length', $override_excerpt_length, 20 ); } /** This filter is documented in wp-includes/post-template.php */ $excerpt = apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ); /** This filter is documented in wp-includes/post-template.php */ $excerpt = apply_filters( 'the_excerpt', $excerpt ); $data['excerpt'] = array( 'raw' => $post->post_excerpt, 'rendered' => post_password_required( $post ) ? '' : $excerpt, 'protected' => (bool) $post->post_password, ); if ( isset( $override_excerpt_length ) ) { remove_filter( 'excerpt_length', $override_excerpt_length, 20 ); } } if ( $has_password_filter ) { // Reset filter. remove_filter( 'post_password_required', array( $this, 'check_password_required' ) ); } if ( rest_is_field_included( 'author', $fields ) ) { $data['author'] = (int) $post->post_author; } if ( rest_is_field_included( 'featured_media', $fields ) ) { $data['featured_media'] = (int) get_post_thumbnail_id( $post->ID ); } if ( rest_is_field_included( 'parent', $fields ) ) { $data['parent'] = (int) $post->post_parent; } if ( rest_is_field_included( 'menu_order', $fields ) ) { $data['menu_order'] = (int) $post->menu_order; } if ( rest_is_field_included( 'comment_status', $fields ) ) { $data['comment_status'] = $post->comment_status; } if ( rest_is_field_included( 'ping_status', $fields ) ) { $data['ping_status'] = $post->ping_status; } if ( rest_is_field_included( 'sticky', $fields ) ) { $data['sticky'] = is_sticky( $post->ID ); } if ( rest_is_field_included( 'template', $fields ) ) { $template = get_page_template_slug( $post->ID ); if ( $template ) { $data['template'] = $template; } else { $data['template'] = ''; } } if ( rest_is_field_included( 'format', $fields ) ) { $data['format'] = get_post_format( $post->ID ); // Fill in blank post format. if ( empty( $data['format'] ) ) { $data['format'] = 'standard'; } } if ( rest_is_field_included( 'meta', $fields ) ) { $data['meta'] = $this->meta->get_value( $post->ID, $request ); } $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $taxonomy ) { $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; if ( rest_is_field_included( $base, $fields ) ) { $terms = get_the_terms( $post, $taxonomy->name ); $data[ $base ] = $terms ? array_values( wp_list_pluck( $terms, 'term_id' ) ) : array(); } } $post_type_obj = get_post_type_object( $post->post_type ); if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) { $permalink_template_requested = rest_is_field_included( 'permalink_template', $fields ); $generated_slug_requested = rest_is_field_included( 'generated_slug', $fields ); if ( $permalink_template_requested || $generated_slug_requested ) { if ( ! function_exists( 'get_sample_permalink' ) ) { require_once ABSPATH . 'wp-admin/includes/post.php'; } $sample_permalink = get_sample_permalink( $post->ID, $post->post_title, '' ); if ( $permalink_template_requested ) { $data['permalink_template'] = $sample_permalink[0]; } if ( $generated_slug_requested ) { $data['generated_slug'] = $sample_permalink[1]; } } if ( rest_is_field_included( 'class_list', $fields ) ) { $data['class_list'] = get_post_class( array(), $post->ID ); } } $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; $data = $this->add_additional_fields_to_object( $data, $request ); $data = $this->filter_response_by_context( $data, $context ); // Wrap the data in a response object. $response = rest_ensure_response( $data ); if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) { $links = $this->prepare_links( $post ); $response->add_links( $links ); if ( ! empty( $links['self']['href'] ) ) { $actions = $this->get_available_actions( $post, $request ); $self = $links['self']['href']; foreach ( $actions as $rel ) { $response->add_link( $rel, $self ); } } } /** * Filters the post data for a REST API response. * * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. * * Possible hook names include: * * - `rest_prepare_post` * - `rest_prepare_page` * - `rest_prepare_attachment` * * @since 4.7.0 * * @param WP_REST_Response $response The response object. * @param WP_Post $post Post object. * @param WP_REST_Request $request Request object. */ return apply_filters( "rest_prepare_{$this->post_type}", $response, $post, $request ); } /** * Overwrites the default protected and private title format. * * By default, WordPress will show password protected or private posts with a title of * "Protected: %s" or "Private: %s", as the REST API communicates the status of a post * in a machine-readable format, we remove the prefix. * * @since 4.7.0 * * @return string Title format. */ public function protected_title_format() { return '%s'; } /** * Prepares links for the request. * * @since 4.7.0 * * @param WP_Post $post Post object. * @return array Links for the given post. */ protected function prepare_links( $post ) { // Entity meta. $links = array( 'self' => array( 'href' => rest_url( rest_get_route_for_post( $post->ID ) ), ), 'collection' => array( 'href' => rest_url( rest_get_route_for_post_type_items( $this->post_type ) ), ), 'about' => array( 'href' => rest_url( 'wp/v2/types/' . $this->post_type ), ), ); if ( ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'author' ) ) && ! empty( $post->post_author ) ) { $links['author'] = array( 'href' => rest_url( 'wp/v2/users/' . $post->post_author ), 'embeddable' => true, ); } if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'comments' ) ) { $replies_url = rest_url( 'wp/v2/comments' ); $replies_url = add_query_arg( 'post', $post->ID, $replies_url ); $links['replies'] = array( 'href' => $replies_url, 'embeddable' => true, ); } if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'revisions' ) ) { $revisions = wp_get_latest_revision_id_and_total_count( $post->ID ); $revisions_count = ! is_wp_error( $revisions ) ? $revisions['count'] : 0; $revisions_base = sprintf( '/%s/%s/%d/revisions', $this->namespace, $this->rest_base, $post->ID ); $links['version-history'] = array( 'href' => rest_url( $revisions_base ), 'count' => $revisions_count, ); if ( $revisions_count > 0 ) { $links['predecessor-version'] = array( 'href' => rest_url( $revisions_base . '/' . $revisions['latest_id'] ), 'id' => $revisions['latest_id'], ); } } $post_type_obj = get_post_type_object( $post->post_type ); if ( $post_type_obj->hierarchical && ! empty( $post->post_parent ) ) { $links['up'] = array( 'href' => rest_url( rest_get_route_for_post( $post->post_parent ) ), 'embeddable' => true, ); } // If we have a featured media, add that. $featured_media = get_post_thumbnail_id( $post->ID ); if ( $featured_media ) { $image_url = rest_url( rest_get_route_for_post( $featured_media ) ); $links['https://api.w.org/featuredmedia'] = array( 'href' => $image_url, 'embeddable' => true, ); } if ( ! in_array( $post->post_type, array( 'attachment', 'nav_menu_item', 'revision' ), true ) ) { $attachments_url = rest_url( rest_get_route_for_post_type_items( 'attachment' ) ); $attachments_url = add_query_arg( 'parent', $post->ID, $attachments_url ); $links['https://api.w.org/attachment'] = array( 'href' => $attachments_url, ); } $taxonomies = get_object_taxonomies( $post->post_type ); if ( ! empty( $taxonomies ) ) { $links['https://api.w.org/term'] = array(); foreach ( $taxonomies as $tax ) { $taxonomy_route = rest_get_route_for_taxonomy_items( $tax ); // Skip taxonomies that are not public. if ( empty( $taxonomy_route ) ) { continue; } $terms_url = add_query_arg( 'post', $post->ID, rest_url( $taxonomy_route ) ); $links['https://api.w.org/term'][] = array( 'href' => $terms_url, 'taxonomy' => $tax, 'embeddable' => true, ); } } return $links; } /** * Gets the link relations available for the post and current user. * * @since 4.9.8 * * @param WP_Post $post Post object. * @param WP_REST_Request $request Request object. * @return array List of link relations. */ protected function get_available_actions( $post, $request ) { if ( 'edit' !== $request['context'] ) { return array(); } $rels = array(); $post_type = get_post_type_object( $post->post_type ); if ( 'attachment' !== $this->post_type && current_user_can( $post_type->cap->publish_posts ) ) { $rels[] = 'https://api.w.org/action-publish'; } if ( current_user_can( 'unfiltered_html' ) ) { $rels[] = 'https://api.w.org/action-unfiltered-html'; } if ( 'post' === $post_type->name ) { if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) { $rels[] = 'https://api.w.org/action-sticky'; } } if ( post_type_supports( $post_type->name, 'author' ) ) { if ( current_user_can( $post_type->cap->edit_others_posts ) ) { $rels[] = 'https://api.w.org/action-assign-author'; } } $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $tax ) { $tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name; $create_cap = is_taxonomy_hierarchical( $tax->name ) ? $tax->cap->edit_terms : $tax->cap->assign_terms; if ( current_user_can( $create_cap ) ) { $rels[] = 'https://api.w.org/action-create-' . $tax_base; } if ( current_user_can( $tax->cap->assign_terms ) ) { $rels[] = 'https://api.w.org/action-assign-' . $tax_base; } } return $rels; } /** * Retrieves the post's schema, conforming to JSON Schema. * * @since 4.7.0 * * @return array Item schema data. */ public function get_item_schema() { if ( $this->schema ) { return $this->add_additional_fields_schema( $this->schema ); } $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => $this->post_type, 'type' => 'object', // Base properties for every Post. 'properties' => array( 'date' => array( 'description' => __( "The date the post was published, in the site's timezone." ), 'type' => array( 'string', 'null' ), 'format' => 'date-time', 'context' => array( 'view', 'edit', 'embed' ), ), 'date_gmt' => array( 'description' => __( 'The date the post was published, as GMT.' ), 'type' => array( 'string', 'null' ), 'format' => 'date-time', 'context' => array( 'view', 'edit' ), ), 'guid' => array( 'description' => __( 'The globally unique identifier for the post.' ), 'type' => 'object', 'context' => array( 'view', 'edit' ), 'readonly' => true, 'properties' => array( 'raw' => array( 'description' => __( 'GUID for the post, as it exists in the database.' ), 'type' => 'string', 'context' => array( 'edit' ), 'readonly' => true, ), 'rendered' => array( 'description' => __( 'GUID for the post, transformed for display.' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), ), ), 'id' => array( 'description' => __( 'Unique identifier for the post.' ), 'type' => 'integer', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'link' => array( 'description' => __( 'URL to the post.' ), 'type' => 'string', 'format' => 'uri', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'modified' => array( 'description' => __( "The date the post was last modified, in the site's timezone." ), 'type' => 'string', 'format' => 'date-time', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'modified_gmt' => array( 'description' => __( 'The date the post was last modified, as GMT.' ), 'type' => 'string', 'format' => 'date-time', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'slug' => array( 'description' => __( 'An alphanumeric identifier for the post unique to its type.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => array( $this, 'sanitize_slug' ), ), ), 'status' => array( 'description' => __( 'A named status for the post.' ), 'type' => 'string', 'enum' => array_keys( get_post_stati( array( 'internal' => false ) ) ), 'context' => array( 'view', 'edit' ), 'arg_options' => array( 'validate_callback' => array( $this, 'check_status' ), ), ), 'type' => array( 'description' => __( 'Type of post.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'password' => array( 'description' => __( 'A password to protect access to the content and excerpt.' ), 'type' => 'string', 'context' => array( 'edit' ), ), ), ); $post_type_obj = get_post_type_object( $this->post_type ); if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) { $schema['properties']['permalink_template'] = array( 'description' => __( 'Permalink template for the post.' ), 'type' => 'string', 'context' => array( 'edit' ), 'readonly' => true, ); $schema['properties']['generated_slug'] = array( 'description' => __( 'Slug automatically generated from the post title.' ), 'type' => 'string', 'context' => array( 'edit' ), 'readonly' => true, ); $schema['properties']['class_list'] = array( 'description' => __( 'An array of the class names for the post container element.' ), 'type' => 'array', 'context' => array( 'view', 'edit' ), 'readonly' => true, 'items' => array( 'type' => 'string', ), ); } if ( $post_type_obj->hierarchical ) { $schema['properties']['parent'] = array( 'description' => __( 'The ID for the parent of the post.' ), 'type' => 'integer', 'context' => array( 'view', 'edit' ), ); } $post_type_attributes = array( 'title', 'editor', 'author', 'excerpt', 'thumbnail', 'comments', 'revisions', 'page-attributes', 'post-formats', 'custom-fields', ); $fixed_schemas = array( 'post' => array( 'title', 'editor', 'author', 'excerpt', 'thumbnail', 'comments', 'revisions', 'post-formats', 'custom-fields', ), 'page' => array( 'title', 'editor', 'author', 'excerpt', 'thumbnail', 'comments', 'revisions', 'page-attributes', 'custom-fields', ), 'attachment' => array( 'title', 'author', 'comments', 'revisions', 'custom-fields', 'thumbnail', ), ); foreach ( $post_type_attributes as $attribute ) { if ( isset( $fixed_schemas[ $this->post_type ] ) && ! in_array( $attribute, $fixed_schemas[ $this->post_type ], true ) ) { continue; } elseif ( ! isset( $fixed_schemas[ $this->post_type ] ) && ! post_type_supports( $this->post_type, $attribute ) ) { continue; } switch ( $attribute ) { case 'title': $schema['properties']['title'] = array( 'description' => __( 'The title for the post.' ), 'type' => 'object', 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). ), 'properties' => array( 'raw' => array( 'description' => __( 'Title for the post, as it exists in the database.' ), 'type' => 'string', 'context' => array( 'edit' ), ), 'rendered' => array( 'description' => __( 'HTML title for the post, transformed for display.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), ), ); break; case 'editor': $schema['properties']['content'] = array( 'description' => __( 'The content for the post.' ), 'type' => 'object', 'context' => array( 'view', 'edit' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). ), 'properties' => array( 'raw' => array( 'description' => __( 'Content for the post, as it exists in the database.' ), 'type' => 'string', 'context' => array( 'edit' ), ), 'rendered' => array( 'description' => __( 'HTML content for the post, transformed for display.' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'block_version' => array( 'description' => __( 'Version of the content block format used by the post.' ), 'type' => 'integer', 'context' => array( 'edit' ), 'readonly' => true, ), 'protected' => array( 'description' => __( 'Whether the content is protected with a password.' ), 'type' => 'boolean', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), ), ); break; case 'author': $schema['properties']['author'] = array( 'description' => __( 'The ID for the author of the post.' ), 'type' => 'integer', 'context' => array( 'view', 'edit', 'embed' ), ); break; case 'excerpt': $schema['properties']['excerpt'] = array( 'description' => __( 'The excerpt for the post.' ), 'type' => 'object', 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). ), 'properties' => array( 'raw' => array( 'description' => __( 'Excerpt for the post, as it exists in the database.' ), 'type' => 'string', 'context' => array( 'edit' ), ), 'rendered' => array( 'description' => __( 'HTML excerpt for the post, transformed for display.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'protected' => array( 'description' => __( 'Whether the excerpt is protected with a password.' ), 'type' => 'boolean', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), ), ); break; case 'thumbnail': $schema['properties']['featured_media'] = array( 'description' => __( 'The ID of the featured media for the post.' ), 'type' => 'integer', 'context' => array( 'view', 'edit', 'embed' ), ); break; case 'comments': $schema['properties']['comment_status'] = array( 'description' => __( 'Whether or not comments are open on the post.' ), 'type' => 'string', 'enum' => array( 'open', 'closed' ), 'context' => array( 'view', 'edit' ), ); $schema['properties']['ping_status'] = array( 'description' => __( 'Whether or not the post can be pinged.' ), 'type' => 'string', 'enum' => array( 'open', 'closed' ), 'context' => array( 'view', 'edit' ), ); break; case 'page-attributes': $schema['properties']['menu_order'] = array( 'description' => __( 'The order of the post in relation to other posts.' ), 'type' => 'integer', 'context' => array( 'view', 'edit' ), ); break; case 'post-formats': // Get the native post formats and remove the array keys. $formats = array_values( get_post_format_slugs() ); $schema['properties']['format'] = array( 'description' => __( 'The format for the post.' ), 'type' => 'string', 'enum' => $formats, 'context' => array( 'view', 'edit' ), ); break; case 'custom-fields': $schema['properties']['meta'] = $this->meta->get_field_schema(); break; } } if ( 'post' === $this->post_type ) { $schema['properties']['sticky'] = array( 'description' => __( 'Whether or not the post should be treated as sticky.' ), 'type' => 'boolean', 'context' => array( 'view', 'edit' ), ); } $schema['properties']['template'] = array( 'description' => __( 'The theme file to use to display the post.' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), 'arg_options' => array( 'validate_callback' => array( $this, 'check_template' ), ), ); $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $taxonomy ) { $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; if ( array_key_exists( $base, $schema['properties'] ) ) { $taxonomy_field_name_with_conflict = ! empty( $taxonomy->rest_base ) ? 'rest_base' : 'name'; _doing_it_wrong( 'register_taxonomy', sprintf( /* translators: 1: The taxonomy name, 2: The property name, either 'rest_base' or 'name', 3: The conflicting value. */ __( 'The "%1$s" taxonomy "%2$s" property (%3$s) conflicts with an existing property on the REST API Posts Controller. Specify a custom "rest_base" when registering the taxonomy to avoid this error.' ), $taxonomy->name, $taxonomy_field_name_with_conflict, $base ), '5.4.0' ); } $schema['properties'][ $base ] = array( /* translators: %s: Taxonomy name. */ 'description' => sprintf( __( 'The terms assigned to the post in the %s taxonomy.' ), $taxonomy->name ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'context' => array( 'view', 'edit' ), ); } $schema_links = $this->get_schema_links(); if ( $schema_links ) { $schema['links'] = $schema_links; } // Take a snapshot of which fields are in the schema pre-filtering. $schema_fields = array_keys( $schema['properties'] ); /** * Filters the post's schema. * * The dynamic portion of the filter, `$this->post_type`, refers to the * post type slug for the controller. * * Possible hook names include: * * - `rest_post_item_schema` * - `rest_page_item_schema` * - `rest_attachment_item_schema` * * @since 5.4.0 * * @param array $schema Item schema data. */ $schema = apply_filters( "rest_{$this->post_type}_item_schema", $schema ); // Emit a _doing_it_wrong warning if user tries to add new properties using this filter. $new_fields = array_diff( array_keys( $schema['properties'] ), $schema_fields ); if ( count( $new_fields ) > 0 ) { _doing_it_wrong( __METHOD__, sprintf( /* translators: %s: register_rest_field */ __( 'Please use %s to add new schema properties.' ), 'register_rest_field' ), '5.4.0' ); } $this->schema = $schema; return $this->add_additional_fields_schema( $this->schema ); } /** * Retrieves Link Description Objects that should be added to the Schema for the posts collection. * * @since 4.9.8 * * @return array */ protected function get_schema_links() { $href = rest_url( "{$this->namespace}/{$this->rest_base}/{id}" ); $links = array(); if ( 'attachment' !== $this->post_type ) { $links[] = array( 'rel' => 'https://api.w.org/action-publish', 'title' => __( 'The current user can publish this post.' ), 'href' => $href, 'targetSchema' => array( 'type' => 'object', 'properties' => array( 'status' => array( 'type' => 'string', 'enum' => array( 'publish', 'future' ), ), ), ), ); } $links[] = array( 'rel' => 'https://api.w.org/action-unfiltered-html', 'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ), 'href' => $href, 'targetSchema' => array( 'type' => 'object', 'properties' => array( 'content' => array( 'raw' => array( 'type' => 'string', ), ), ), ), ); if ( 'post' === $this->post_type ) { $links[] = array( 'rel' => 'https://api.w.org/action-sticky', 'title' => __( 'The current user can sticky this post.' ), 'href' => $href, 'targetSchema' => array( 'type' => 'object', 'properties' => array( 'sticky' => array( 'type' => 'boolean', ), ), ), ); } if ( post_type_supports( $this->post_type, 'author' ) ) { $links[] = array( 'rel' => 'https://api.w.org/action-assign-author', 'title' => __( 'The current user can change the author on this post.' ), 'href' => $href, 'targetSchema' => array( 'type' => 'object', 'properties' => array( 'author' => array( 'type' => 'integer', ), ), ), ); } $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $tax ) { $tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name; /* translators: %s: Taxonomy name. */ $assign_title = sprintf( __( 'The current user can assign terms in the %s taxonomy.' ), $tax->name ); /* translators: %s: Taxonomy name. */ $create_title = sprintf( __( 'The current user can create terms in the %s taxonomy.' ), $tax->name ); $links[] = array( 'rel' => 'https://api.w.org/action-assign-' . $tax_base, 'title' => $assign_title, 'href' => $href, 'targetSchema' => array( 'type' => 'object', 'properties' => array( $tax_base => array( 'type' => 'array', 'items' => array( 'type' => 'integer', ), ), ), ), ); $links[] = array( 'rel' => 'https://api.w.org/action-create-' . $tax_base, 'title' => $create_title, 'href' => $href, 'targetSchema' => array( 'type' => 'object', 'properties' => array( $tax_base => array( 'type' => 'array', 'items' => array( 'type' => 'integer', ), ), ), ), ); } return $links; } /** * Retrieves the query params for the posts collection. * * @since 4.7.0 * @since 5.4.0 The `tax_relation` query parameter was added. * @since 5.7.0 The `modified_after` and `modified_before` query parameters were added. * * @return array Collection parameters. */ public function get_collection_params() { $query_params = parent::get_collection_params(); $query_params['context']['default'] = 'view'; $query_params['after'] = array( 'description' => __( 'Limit response to posts published after a given ISO8601 compliant date.' ), 'type' => 'string', 'format' => 'date-time', ); $query_params['modified_after'] = array( 'description' => __( 'Limit response to posts modified after a given ISO8601 compliant date.' ), 'type' => 'string', 'format' => 'date-time', ); if ( post_type_supports( $this->post_type, 'author' ) ) { $query_params['author'] = array( 'description' => __( 'Limit result set to posts assigned to specific authors.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); $query_params['author_exclude'] = array( 'description' => __( 'Ensure result set excludes posts assigned to specific authors.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); } $query_params['before'] = array( 'description' => __( 'Limit response to posts published before a given ISO8601 compliant date.' ), 'type' => 'string', 'format' => 'date-time', ); $query_params['modified_before'] = array( 'description' => __( 'Limit response to posts modified before a given ISO8601 compliant date.' ), 'type' => 'string', 'format' => 'date-time', ); $query_params['exclude'] = array( 'description' => __( 'Ensure result set excludes specific IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); $query_params['include'] = array( 'description' => __( 'Limit result set to specific IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) { $query_params['menu_order'] = array( 'description' => __( 'Limit result set to posts with a specific menu_order value.' ), 'type' => 'integer', ); } $query_params['search_semantics'] = array( 'description' => __( 'How to interpret the search input.' ), 'type' => 'string', 'enum' => array( 'exact' ), ); $query_params['offset'] = array( 'description' => __( 'Offset the result set by a specific number of items.' ), 'type' => 'integer', ); $query_params['order'] = array( 'description' => __( 'Order sort attribute ascending or descending.' ), 'type' => 'string', 'default' => 'desc', 'enum' => array( 'asc', 'desc' ), ); $query_params['orderby'] = array( 'description' => __( 'Sort collection by post attribute.' ), 'type' => 'string', 'default' => 'date', 'enum' => array( 'author', 'date', 'id', 'include', 'modified', 'parent', 'relevance', 'slug', 'include_slugs', 'title', ), ); if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) { $query_params['orderby']['enum'][] = 'menu_order'; } $post_type = get_post_type_object( $this->post_type ); if ( $post_type->hierarchical || 'attachment' === $this->post_type ) { $query_params['parent'] = array( 'description' => __( 'Limit result set to items with particular parent IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); $query_params['parent_exclude'] = array( 'description' => __( 'Limit result set to all items except those of a particular parent ID.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); } $query_params['search_columns'] = array( 'default' => array(), 'description' => __( 'Array of column names to be searched.' ), 'type' => 'array', 'items' => array( 'enum' => array( 'post_title', 'post_content', 'post_excerpt' ), 'type' => 'string', ), ); $query_params['slug'] = array( 'description' => __( 'Limit result set to posts with one or more specific slugs.' ), 'type' => 'array', 'items' => array( 'type' => 'string', ), ); $query_params['status'] = array( 'default' => 'publish', 'description' => __( 'Limit result set to posts assigned one or more statuses.' ), 'type' => 'array', 'items' => array( 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), 'type' => 'string', ), 'sanitize_callback' => array( $this, 'sanitize_post_statuses' ), ); $query_params = $this->prepare_taxonomy_limit_schema( $query_params ); if ( 'post' === $this->post_type ) { $query_params['sticky'] = array( 'description' => __( 'Limit result set to items that are sticky.' ), 'type' => 'boolean', ); } if ( post_type_supports( $this->post_type, 'post-formats' ) ) { $query_params['format'] = array( 'description' => __( 'Limit result set to items assigned one or more given formats.' ), 'type' => 'array', 'uniqueItems' => true, 'items' => array( 'enum' => array_values( get_post_format_slugs() ), 'type' => 'string', ), ); } /** * Filters collection parameters for the posts controller. * * The dynamic part of the filter `$this->post_type` refers to the post * type slug for the controller. * * This filter registers the collection parameter, but does not map the * collection parameter to an internal WP_Query parameter. Use the * `rest_{$this->post_type}_query` filter to set WP_Query parameters. * * @since 4.7.0 * * @param array $query_params JSON Schema-formatted collection parameters. * @param WP_Post_Type $post_type Post type object. */ return apply_filters( "rest_{$this->post_type}_collection_params", $query_params, $post_type ); } /** * Sanitizes and validates the list of post statuses, including whether the * user can query private statuses. * * @since 4.7.0 * * @param string|array $statuses One or more post statuses. * @param WP_REST_Request $request Full details about the request. * @param string $parameter Additional parameter to pass to validation. * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. */ public function sanitize_post_statuses( $statuses, $request, $parameter ) { $statuses = wp_parse_slug_list( $statuses ); // The default status is different in WP_REST_Attachments_Controller. $attributes = $request->get_attributes(); $default_status = $attributes['args']['status']['default']; foreach ( $statuses as $status ) { if ( $status === $default_status ) { continue; } $post_type_obj = get_post_type_object( $this->post_type ); if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) { $result = rest_validate_request_arg( $status, $request, $parameter ); if ( is_wp_error( $result ) ) { return $result; } } else { return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); } } return $statuses; } /** * Prepares the 'tax_query' for a collection of posts. * * @since 5.7.0 * * @param array $args WP_Query arguments. * @param WP_REST_Request $request Full details about the request. * @return array Updated query arguments. */ private function prepare_tax_query( array $args, WP_REST_Request $request ) { $relation = $request['tax_relation']; if ( $relation ) { $args['tax_query'] = array( 'relation' => $relation ); } $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); foreach ( $taxonomies as $taxonomy ) { $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; $tax_include = $request[ $base ]; $tax_exclude = $request[ $base . '_exclude' ]; if ( $tax_include ) { $terms = array(); $include_children = false; $operator = 'IN'; if ( rest_is_array( $tax_include ) ) { $terms = $tax_include; } elseif ( rest_is_object( $tax_include ) ) { $terms = empty( $tax_include['terms'] ) ? array() : $tax_include['terms']; $include_children = ! empty( $tax_include['include_children'] ); if ( isset( $tax_include['operator'] ) && 'AND' === $tax_include['operator'] ) { $operator = 'AND'; } } if ( $terms ) { $args['tax_query'][] = array( 'taxonomy' => $taxonomy->name, 'field' => 'term_id', 'terms' => $terms, 'include_children' => $include_children, 'operator' => $operator, ); } } if ( $tax_exclude ) { $terms = array(); $include_children = false; if ( rest_is_array( $tax_exclude ) ) { $terms = $tax_exclude; } elseif ( rest_is_object( $tax_exclude ) ) { $terms = empty( $tax_exclude['terms'] ) ? array() : $tax_exclude['terms']; $include_children = ! empty( $tax_exclude['include_children'] ); } if ( $terms ) { $args['tax_query'][] = array( 'taxonomy' => $taxonomy->name, 'field' => 'term_id', 'terms' => $terms, 'include_children' => $include_children, 'operator' => 'NOT IN', ); } } } return $args; } /** * Prepares the collection schema for including and excluding items by terms. * * @since 5.7.0 * * @param array $query_params Collection schema. * @return array Updated schema. */ private function prepare_taxonomy_limit_schema( array $query_params ) { $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); if ( ! $taxonomies ) { return $query_params; } $query_params['tax_relation'] = array( 'description' => __( 'Limit result set based on relationship between multiple taxonomies.' ), 'type' => 'string', 'enum' => array( 'AND', 'OR' ), ); $limit_schema = array( 'type' => array( 'object', 'array' ), 'oneOf' => array( array( 'title' => __( 'Term ID List' ), 'description' => __( 'Match terms with the listed IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), ), array( 'title' => __( 'Term ID Taxonomy Query' ), 'description' => __( 'Perform an advanced term query.' ), 'type' => 'object', 'properties' => array( 'terms' => array( 'description' => __( 'Term IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ), 'include_children' => array( 'description' => __( 'Whether to include child terms in the terms limiting the result set.' ), 'type' => 'boolean', 'default' => false, ), ), 'additionalProperties' => false, ), ), ); $include_schema = array_merge( array( /* translators: %s: Taxonomy name. */ 'description' => __( 'Limit result set to items with specific terms assigned in the %s taxonomy.' ), ), $limit_schema ); // 'operator' is supported only for 'include' queries. $include_schema['oneOf'][1]['properties']['operator'] = array( 'description' => __( 'Whether items must be assigned all or any of the specified terms.' ), 'type' => 'string', 'enum' => array( 'AND', 'OR' ), 'default' => 'OR', ); $exclude_schema = array_merge( array( /* translators: %s: Taxonomy name. */ 'description' => __( 'Limit result set to items except those with specific terms assigned in the %s taxonomy.' ), ), $limit_schema ); foreach ( $taxonomies as $taxonomy ) { $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; $base_exclude = $base . '_exclude'; $query_params[ $base ] = $include_schema; $query_params[ $base ]['description'] = sprintf( $query_params[ $base ]['description'], $base ); $query_params[ $base_exclude ] = $exclude_schema; $query_params[ $base_exclude ]['description'] = sprintf( $query_params[ $base_exclude ]['description'], $base ); if ( ! $taxonomy->hierarchical ) { unset( $query_params[ $base ]['oneOf'][1]['properties']['include_children'] ); unset( $query_params[ $base_exclude ]['oneOf'][1]['properties']['include_children'] ); } } return $query_params; } }