diff options
| author | Charles Cabergs <me@cacharle.xyz> | 2020-07-27 10:05:23 +0200 |
|---|---|---|
| committer | Charles Cabergs <me@cacharle.xyz> | 2020-07-27 10:05:23 +0200 |
| commit | 5bf66662a9bdd62c5bccab15e607cd95cfb8fcab (patch) | |
| tree | 39a1a4629749056191c05dfd899f931701b7acf3 /srcs/wordpress/wp-includes/rest-api/endpoints | |
| parent | 5afd237bbd22028b85532b8c0b3fcead49a00764 (diff) | |
| download | ft_server-5bf66662a9bdd62c5bccab15e607cd95cfb8fcab.tar.gz ft_server-5bf66662a9bdd62c5bccab15e607cd95cfb8fcab.tar.bz2 ft_server-5bf66662a9bdd62c5bccab15e607cd95cfb8fcab.zip | |
Removed wordpress and phpmyadmin, my server doesn't handle it well and it brings shame on my famillyHEADmaster
Diffstat (limited to 'srcs/wordpress/wp-includes/rest-api/endpoints')
16 files changed, 0 insertions, 11970 deletions
diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php deleted file mode 100644 index 571d207..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php +++ /dev/null @@ -1,930 +0,0 @@ -<?php -/** - * REST API: WP_REST_Attachments_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core controller used to access attachments via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Posts_Controller - */ -class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { - - public function register_routes() { - parent::register_routes(); - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<id>[\d]+)/post-process', - array( - 'methods' => WP_REST_Server::CREATABLE, - 'callback' => array( $this, 'post_process_item' ), - 'permission_callback' => array( $this, 'post_process_item_permissions_check' ), - 'args' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - ), - 'action' => array( - 'type' => 'string', - 'enum' => array( 'create-image-subsizes' ), - 'required' => true, - ), - ), - ) - ); - } - - /** - * Determines the allowed query_vars for a get_items() response and - * prepares for WP_Query. - * - * @since 4.7.0 - * - * @param array $prepared_args Optional. Array of prepared arguments. Default empty array. - * @param WP_REST_Request $request Optional. Request to prepare items for. - * @return array Array of query arguments. - */ - protected function prepare_items_query( $prepared_args = array(), $request = null ) { - $query_args = parent::prepare_items_query( $prepared_args, $request ); - - if ( empty( $query_args['post_status'] ) ) { - $query_args['post_status'] = 'inherit'; - } - - $media_types = $this->get_media_types(); - - if ( ! empty( $request['media_type'] ) && isset( $media_types[ $request['media_type'] ] ) ) { - $query_args['post_mime_type'] = $media_types[ $request['media_type'] ]; - } - - if ( ! empty( $request['mime_type'] ) ) { - $parts = explode( '/', $request['mime_type'] ); - if ( isset( $media_types[ $parts[0] ] ) && in_array( $request['mime_type'], $media_types[ $parts[0] ], true ) ) { - $query_args['post_mime_type'] = $request['mime_type']; - } - } - - // Filter query clauses to include filenames. - if ( isset( $query_args['s'] ) ) { - add_filter( 'posts_clauses', '_filter_query_attachment_filenames' ); - } - - return $query_args; - } - - /** - * Checks if a given request has access to create an attachment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|true Boolean true if the attachment may be created, or a WP_Error if not. - */ - public function create_item_permissions_check( $request ) { - $ret = parent::create_item_permissions_check( $request ); - - if ( ! $ret || is_wp_error( $ret ) ) { - return $ret; - } - - if ( ! current_user_can( 'upload_files' ) ) { - return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to upload media on this site.' ), array( 'status' => 400 ) ); - } - - // Attaching media to a post requires ability to edit said post. - if ( ! empty( $request['post'] ) ) { - $parent = get_post( (int) $request['post'] ); - $post_parent_type = get_post_type_object( $parent->post_type ); - - if ( ! current_user_can( $post_parent_type->cap->edit_post, $request['post'] ) ) { - return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to upload media to this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - } - - return true; - } - - /** - * Creates a single attachment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, WP_Error object on failure. - */ - public function create_item( $request ) { - - if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) { - return new WP_Error( 'rest_invalid_param', __( 'Invalid parent type.' ), array( 'status' => 400 ) ); - } - - $insert = $this->insert_attachment( $request ); - - if ( is_wp_error( $insert ) ) { - return $insert; - } - - // Extract by name. - $attachment_id = $insert['attachment_id']; - $file = $insert['file']; - - if ( isset( $request['alt_text'] ) ) { - update_post_meta( $attachment_id, '_wp_attachment_image_alt', sanitize_text_field( $request['alt_text'] ) ); - } - - $attachment = get_post( $attachment_id ); - $fields_update = $this->update_additional_fields_for_object( $attachment, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** - * Fires after a single attachment is completely created or updated via the REST API. - * - * @since 5.0.0 - * - * @param WP_Post $attachment Inserted or updated attachment object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating an attachment, false when updating. - */ - do_action( 'rest_after_insert_attachment', $attachment, $request, true ); - - if ( defined( 'REST_REQUEST' ) && REST_REQUEST ) { - // Set a custom header with the attachment_id. - // Used by the browser/client to resume creating image sub-sizes after a PHP fatal error. - header( 'X-WP-Upload-Attachment-ID: ' . $attachment_id ); - } - - // Include admin function to get access to wp_generate_attachment_metadata(). - require_once ABSPATH . 'wp-admin/includes/media.php'; - - // Post-process the upload (create image sub-sizes, make PDF thumbnalis, etc.) and insert attachment meta. - // At this point the server may run out of resources and post-processing of uploaded images may fail. - wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $file ) ); - - $response = $this->prepare_item_for_response( $attachment, $request ); - $response = rest_ensure_response( $response ); - $response->set_status( 201 ); - $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $attachment_id ) ) ); - - return $response; - } - - /** - * Inserts the attachment post in the database. Does not update the attachment meta. - * - * @since 5.3.0 - * - * @param WP_REST_Request $request - * @return array|WP_Error - */ - protected function insert_attachment( $request ) { - // Get the file via $_FILES or raw data. - $files = $request->get_file_params(); - $headers = $request->get_headers(); - - if ( ! empty( $files ) ) { - $file = $this->upload_from_file( $files, $headers ); - } else { - $file = $this->upload_from_data( $request->get_body(), $headers ); - } - - if ( is_wp_error( $file ) ) { - return $file; - } - - $name = wp_basename( $file['file'] ); - $name_parts = pathinfo( $name ); - $name = trim( substr( $name, 0, -( 1 + strlen( $name_parts['extension'] ) ) ) ); - - $url = $file['url']; - $type = $file['type']; - $file = $file['file']; - - // Include image functions to get access to wp_read_image_metadata(). - require_once ABSPATH . 'wp-admin/includes/image.php'; - - // use image exif/iptc data for title and caption defaults if possible - $image_meta = wp_read_image_metadata( $file ); - - if ( ! empty( $image_meta ) ) { - if ( empty( $request['title'] ) && trim( $image_meta['title'] ) && ! is_numeric( sanitize_title( $image_meta['title'] ) ) ) { - $request['title'] = $image_meta['title']; - } - - if ( empty( $request['caption'] ) && trim( $image_meta['caption'] ) ) { - $request['caption'] = $image_meta['caption']; - } - } - - $attachment = $this->prepare_item_for_database( $request ); - - $attachment->post_mime_type = $type; - $attachment->guid = $url; - - if ( empty( $attachment->post_title ) ) { - $attachment->post_title = preg_replace( '/\.[^.]+$/', '', wp_basename( $file ) ); - } - - // $post_parent is inherited from $attachment['post_parent']. - $id = wp_insert_attachment( wp_slash( (array) $attachment ), $file, 0, true ); - - if ( is_wp_error( $id ) ) { - if ( 'db_update_error' === $id->get_error_code() ) { - $id->add_data( array( 'status' => 500 ) ); - } else { - $id->add_data( array( 'status' => 400 ) ); - } - - return $id; - } - - $attachment = get_post( $id ); - - /** - * Fires after a single attachment is created or updated via the REST API. - * - * @since 4.7.0 - * - * @param WP_Post $attachment Inserted or updated attachment - * object. - * @param WP_REST_Request $request The request sent to the API. - * @param bool $creating True when creating an attachment, false when updating. - */ - do_action( 'rest_insert_attachment', $attachment, $request, true ); - - return array( - 'attachment_id' => $id, - 'file' => $file, - ); - } - - /** - * Updates a single attachment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, WP_Error object on failure. - */ - public function update_item( $request ) { - if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) { - return new WP_Error( 'rest_invalid_param', __( 'Invalid parent type.' ), array( 'status' => 400 ) ); - } - - $response = parent::update_item( $request ); - - if ( is_wp_error( $response ) ) { - return $response; - } - - $response = rest_ensure_response( $response ); - $data = $response->get_data(); - - if ( isset( $request['alt_text'] ) ) { - update_post_meta( $data['id'], '_wp_attachment_image_alt', $request['alt_text'] ); - } - - $attachment = get_post( $request['id'] ); - - $fields_update = $this->update_additional_fields_for_object( $attachment, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php */ - do_action( 'rest_after_insert_attachment', $attachment, $request, false ); - - $response = $this->prepare_item_for_response( $attachment, $request ); - $response = rest_ensure_response( $response ); - - return $response; - } - - /** - * Performs post processing on an attachment. - * - * @since 5.3.0 - * - * @param WP_REST_Request $request - * @return WP_REST_Response|WP_Error - */ - public function post_process_item( $request ) { - switch ( $request['action'] ) { - case 'create-image-subsizes': - require_once ABSPATH . 'wp-admin/includes/image.php'; - wp_update_image_subsizes( $request['id'] ); - break; - } - - $request['context'] = 'edit'; - - return $this->prepare_item_for_response( get_post( $request['id'] ), $request ); - } - - /** - * Checks if a given request can perform post processing on an attachment. - * - * @sicne 5.3.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. - */ - public function post_process_item_permissions_check( $request ) { - return $this->update_item_permissions_check( $request ); - } - - /** - * Prepares a single attachment for create or update. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Request object. - * @return WP_Error|stdClass $prepared_attachment Post object. - */ - protected function prepare_item_for_database( $request ) { - $prepared_attachment = parent::prepare_item_for_database( $request ); - - // Attachment caption (post_excerpt internally) - if ( isset( $request['caption'] ) ) { - if ( is_string( $request['caption'] ) ) { - $prepared_attachment->post_excerpt = $request['caption']; - } elseif ( isset( $request['caption']['raw'] ) ) { - $prepared_attachment->post_excerpt = $request['caption']['raw']; - } - } - - // Attachment description (post_content internally) - if ( isset( $request['description'] ) ) { - if ( is_string( $request['description'] ) ) { - $prepared_attachment->post_content = $request['description']; - } elseif ( isset( $request['description']['raw'] ) ) { - $prepared_attachment->post_content = $request['description']['raw']; - } - } - - if ( isset( $request['post'] ) ) { - $prepared_attachment->post_parent = (int) $request['post']; - } - - return $prepared_attachment; - } - - /** - * Prepares a single attachment output for response. - * - * @since 4.7.0 - * - * @param WP_Post $post Attachment object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $post, $request ) { - $response = parent::prepare_item_for_response( $post, $request ); - $fields = $this->get_fields_for_response( $request ); - $data = $response->get_data(); - - if ( in_array( 'description', $fields, true ) ) { - $data['description'] = array( - 'raw' => $post->post_content, - /** This filter is documented in wp-includes/post-template.php */ - 'rendered' => apply_filters( 'the_content', $post->post_content ), - ); - } - - if ( in_array( 'caption', $fields, true ) ) { - /** This filter is documented in wp-includes/post-template.php */ - $caption = apply_filters( 'the_excerpt', apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ) ); - $data['caption'] = array( - 'raw' => $post->post_excerpt, - 'rendered' => $caption, - ); - } - - if ( in_array( 'alt_text', $fields, true ) ) { - $data['alt_text'] = get_post_meta( $post->ID, '_wp_attachment_image_alt', true ); - } - - if ( in_array( 'media_type', $fields, true ) ) { - $data['media_type'] = wp_attachment_is_image( $post->ID ) ? 'image' : 'file'; - } - - if ( in_array( 'mime_type', $fields, true ) ) { - $data['mime_type'] = $post->post_mime_type; - } - - if ( in_array( 'media_details', $fields, true ) ) { - $data['media_details'] = wp_get_attachment_metadata( $post->ID ); - - // Ensure empty details is an empty object. - if ( empty( $data['media_details'] ) ) { - $data['media_details'] = new stdClass; - } elseif ( ! empty( $data['media_details']['sizes'] ) ) { - - foreach ( $data['media_details']['sizes'] as $size => &$size_data ) { - - if ( isset( $size_data['mime-type'] ) ) { - $size_data['mime_type'] = $size_data['mime-type']; - unset( $size_data['mime-type'] ); - } - - // Use the same method image_downsize() does. - $image_src = wp_get_attachment_image_src( $post->ID, $size ); - if ( ! $image_src ) { - continue; - } - - $size_data['source_url'] = $image_src[0]; - } - - $full_src = wp_get_attachment_image_src( $post->ID, 'full' ); - - if ( ! empty( $full_src ) ) { - $data['media_details']['sizes']['full'] = array( - 'file' => wp_basename( $full_src[0] ), - 'width' => $full_src[1], - 'height' => $full_src[2], - 'mime_type' => $post->post_mime_type, - 'source_url' => $full_src[0], - ); - } - } else { - $data['media_details']['sizes'] = new stdClass; - } - } - - if ( in_array( 'post', $fields, true ) ) { - $data['post'] = ! empty( $post->post_parent ) ? (int) $post->post_parent : null; - } - - if ( in_array( 'source_url', $fields, true ) ) { - $data['source_url'] = wp_get_attachment_url( $post->ID ); - } - - if ( in_array( 'missing_image_sizes', $fields, true ) ) { - require_once ABSPATH . 'wp-admin/includes/image.php'; - $data['missing_image_sizes'] = array_keys( wp_get_missing_image_subsizes( $post->ID ) ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - - $data = $this->filter_response_by_context( $data, $context ); - - $links = $response->get_links(); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - foreach ( $links as $rel => $rel_links ) { - foreach ( $rel_links as $link ) { - $response->add_link( $rel, $link['href'], $link['attributes'] ); - } - } - - /** - * Filters an attachment returned from the REST API. - * - * Allows modification of the attachment right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param WP_Post $post The original attachment post. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_attachment', $response, $post, $request ); - } - - /** - * Retrieves the attachment's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema as an array. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = parent::get_item_schema(); - - $schema['properties']['alt_text'] = array( - 'description' => __( 'Alternative text to display when attachment is not displayed.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ); - - $schema['properties']['caption'] = array( - 'description' => __( 'The attachment caption.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() - ), - 'properties' => array( - 'raw' => array( - 'description' => __( 'Caption for the attachment, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - 'rendered' => array( - 'description' => __( 'HTML caption for the attachment, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ); - - $schema['properties']['description'] = array( - 'description' => __( 'The attachment description.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() - ), - 'properties' => array( - 'raw' => array( - 'description' => __( 'Description for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - 'rendered' => array( - 'description' => __( 'HTML description for the object, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - ), - ); - - $schema['properties']['media_type'] = array( - 'description' => __( 'Attachment type.' ), - 'type' => 'string', - 'enum' => array( 'image', 'file' ), - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ); - - $schema['properties']['mime_type'] = array( - 'description' => __( 'The attachment MIME type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ); - - $schema['properties']['media_details'] = array( - 'description' => __( 'Details about the media file, specific to its type.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ); - - $schema['properties']['post'] = array( - 'description' => __( 'The ID for the associated post of the attachment.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit' ), - ); - - $schema['properties']['source_url'] = array( - 'description' => __( 'URL to the original attachment file.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ); - - $schema['properties']['missing_image_sizes'] = array( - 'description' => __( 'List of the missing image sizes of the attachment.' ), - 'type' => 'array', - 'items' => array( 'type' => 'string' ), - 'context' => array( 'edit' ), - 'readonly' => true, - ); - - unset( $schema['properties']['password'] ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Handles an upload via raw POST data. - * - * @since 4.7.0 - * - * @param array $data Supplied file data. - * @param array $headers HTTP headers from the request. - * @return array|WP_Error Data from wp_handle_sideload(). - */ - protected function upload_from_data( $data, $headers ) { - if ( empty( $data ) ) { - return new WP_Error( 'rest_upload_no_data', __( 'No data supplied.' ), array( 'status' => 400 ) ); - } - - if ( empty( $headers['content_type'] ) ) { - return new WP_Error( 'rest_upload_no_content_type', __( 'No Content-Type supplied.' ), array( 'status' => 400 ) ); - } - - if ( empty( $headers['content_disposition'] ) ) { - return new WP_Error( 'rest_upload_no_content_disposition', __( 'No Content-Disposition supplied.' ), array( 'status' => 400 ) ); - } - - $filename = self::get_filename_from_disposition( $headers['content_disposition'] ); - - if ( empty( $filename ) ) { - return new WP_Error( 'rest_upload_invalid_disposition', __( 'Invalid Content-Disposition supplied. Content-Disposition needs to be formatted as `attachment; filename="image.png"` or similar.' ), array( 'status' => 400 ) ); - } - - if ( ! empty( $headers['content_md5'] ) ) { - $content_md5 = array_shift( $headers['content_md5'] ); - $expected = trim( $content_md5 ); - $actual = md5( $data ); - - if ( $expected !== $actual ) { - return new WP_Error( 'rest_upload_hash_mismatch', __( 'Content hash did not match expected.' ), array( 'status' => 412 ) ); - } - } - - // Get the content-type. - $type = array_shift( $headers['content_type'] ); - - /** Include admin functions to get access to wp_tempnam() and wp_handle_sideload(). */ - require_once ABSPATH . 'wp-admin/includes/file.php'; - - // Save the file. - $tmpfname = wp_tempnam( $filename ); - - $fp = fopen( $tmpfname, 'w+' ); - - if ( ! $fp ) { - return new WP_Error( 'rest_upload_file_error', __( 'Could not open file handle.' ), array( 'status' => 500 ) ); - } - - fwrite( $fp, $data ); - fclose( $fp ); - - // Now, sideload it in. - $file_data = array( - 'error' => null, - 'tmp_name' => $tmpfname, - 'name' => $filename, - 'type' => $type, - ); - - $size_check = self::check_upload_size( $file_data ); - if ( is_wp_error( $size_check ) ) { - return $size_check; - } - - $overrides = array( - 'test_form' => false, - ); - - $sideloaded = wp_handle_sideload( $file_data, $overrides ); - - if ( isset( $sideloaded['error'] ) ) { - @unlink( $tmpfname ); - - return new WP_Error( 'rest_upload_sideload_error', $sideloaded['error'], array( 'status' => 500 ) ); - } - - return $sideloaded; - } - - /** - * Parses filename from a Content-Disposition header value. - * - * As per RFC6266: - * - * content-disposition = "Content-Disposition" ":" - * disposition-type *( ";" disposition-parm ) - * - * disposition-type = "inline" | "attachment" | disp-ext-type - * ; case-insensitive - * disp-ext-type = token - * - * disposition-parm = filename-parm | disp-ext-parm - * - * filename-parm = "filename" "=" value - * | "filename*" "=" ext-value - * - * disp-ext-parm = token "=" value - * | ext-token "=" ext-value - * ext-token = <the characters in token, followed by "*"> - * - * @since 4.7.0 - * - * @link http://tools.ietf.org/html/rfc2388 - * @link http://tools.ietf.org/html/rfc6266 - * - * @param string[] $disposition_header List of Content-Disposition header values. - * @return string|null Filename if available, or null if not found. - */ - public static function get_filename_from_disposition( $disposition_header ) { - // Get the filename. - $filename = null; - - foreach ( $disposition_header as $value ) { - $value = trim( $value ); - - if ( strpos( $value, ';' ) === false ) { - continue; - } - - list( $type, $attr_parts ) = explode( ';', $value, 2 ); - - $attr_parts = explode( ';', $attr_parts ); - $attributes = array(); - - foreach ( $attr_parts as $part ) { - if ( strpos( $part, '=' ) === false ) { - continue; - } - - list( $key, $value ) = explode( '=', $part, 2 ); - - $attributes[ trim( $key ) ] = trim( $value ); - } - - if ( empty( $attributes['filename'] ) ) { - continue; - } - - $filename = trim( $attributes['filename'] ); - - // Unquote quoted filename, but after trimming. - if ( substr( $filename, 0, 1 ) === '"' && substr( $filename, -1, 1 ) === '"' ) { - $filename = substr( $filename, 1, -1 ); - } - } - - return $filename; - } - - /** - * Retrieves the query params for collections of attachments. - * - * @since 4.7.0 - * - * @return array Query parameters for the attachment collection as an array. - */ - public function get_collection_params() { - $params = parent::get_collection_params(); - $params['status']['default'] = 'inherit'; - $params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' ); - $media_types = $this->get_media_types(); - - $params['media_type'] = array( - 'default' => null, - 'description' => __( 'Limit result set to attachments of a particular media type.' ), - 'type' => 'string', - 'enum' => array_keys( $media_types ), - ); - - $params['mime_type'] = array( - 'default' => null, - 'description' => __( 'Limit result set to attachments of a particular MIME type.' ), - 'type' => 'string', - ); - - return $params; - } - - /** - * Handles an upload via multipart/form-data ($_FILES). - * - * @since 4.7.0 - * - * @param array $files Data from the `$_FILES` superglobal. - * @param array $headers HTTP headers from the request. - * @return array|WP_Error Data from wp_handle_upload(). - */ - protected function upload_from_file( $files, $headers ) { - if ( empty( $files ) ) { - return new WP_Error( 'rest_upload_no_data', __( 'No data supplied.' ), array( 'status' => 400 ) ); - } - - // Verify hash, if given. - if ( ! empty( $headers['content_md5'] ) ) { - $content_md5 = array_shift( $headers['content_md5'] ); - $expected = trim( $content_md5 ); - $actual = md5_file( $files['file']['tmp_name'] ); - - if ( $expected !== $actual ) { - return new WP_Error( 'rest_upload_hash_mismatch', __( 'Content hash did not match expected.' ), array( 'status' => 412 ) ); - } - } - - // Pass off to WP to handle the actual upload. - $overrides = array( - 'test_form' => false, - ); - - // Bypasses is_uploaded_file() when running unit tests. - if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) { - $overrides['action'] = 'wp_handle_mock_upload'; - } - - $size_check = self::check_upload_size( $files['file'] ); - if ( is_wp_error( $size_check ) ) { - return $size_check; - } - - /** Include admin function to get access to wp_handle_upload(). */ - require_once ABSPATH . 'wp-admin/includes/file.php'; - - $file = wp_handle_upload( $files['file'], $overrides ); - - if ( isset( $file['error'] ) ) { - return new WP_Error( 'rest_upload_unknown_error', $file['error'], array( 'status' => 500 ) ); - } - - return $file; - } - - /** - * Retrieves the supported media types. - * - * Media types are considered the MIME type category. - * - * @since 4.7.0 - * - * @return array Array of supported media types. - */ - protected function get_media_types() { - $media_types = array(); - - foreach ( get_allowed_mime_types() as $mime_type ) { - $parts = explode( '/', $mime_type ); - - if ( ! isset( $media_types[ $parts[0] ] ) ) { - $media_types[ $parts[0] ] = array(); - } - - $media_types[ $parts[0] ][] = $mime_type; - } - - return $media_types; - } - - /** - * Determine if uploaded file exceeds space quota on multisite. - * - * Replicates check_upload_size(). - * - * @since 4.9.8 - * - * @param array $file $_FILES array for a given file. - * @return true|WP_Error True if can upload, error for errors. - */ - protected function check_upload_size( $file ) { - if ( ! is_multisite() ) { - return true; - } - - if ( get_site_option( 'upload_space_check_disabled' ) ) { - return true; - } - - $space_left = get_upload_space_available(); - - $file_size = filesize( $file['tmp_name'] ); - if ( $space_left < $file_size ) { - /* translators: %s: Required disk space in kilobytes. */ - return new WP_Error( 'rest_upload_limited_space', sprintf( __( 'Not enough space to upload. %s KB needed.' ), number_format( ( $file_size - $space_left ) / KB_IN_BYTES ) ), array( 'status' => 400 ) ); - } - - if ( $file_size > ( KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ) ) ) { - /* translators: %s: Maximum allowed file size in kilobytes. */ - return new WP_Error( 'rest_upload_file_too_big', sprintf( __( 'This file is too big. Files must be less than %s KB in size.' ), get_site_option( 'fileupload_maxk', 1500 ) ), array( 'status' => 400 ) ); - } - - // Include admin function to get access to upload_is_user_over_quota(). - require_once ABSPATH . 'wp-admin/includes/ms.php'; - - if ( upload_is_user_over_quota( false ) ) { - return new WP_Error( 'rest_upload_user_quota_exceeded', __( 'You have used your space quota. Please delete files before uploading.' ), array( 'status' => 400 ) ); - } - return true; - } - -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php deleted file mode 100644 index a72541a..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php +++ /dev/null @@ -1,433 +0,0 @@ -<?php -/** - * REST API: WP_REST_Autosaves_Controller class. - * - * @package WordPress - * @subpackage REST_API - * @since 5.0.0 - */ - -/** - * Core class used to access autosaves via the REST API. - * - * @since 5.0.0 - * - * @see WP_REST_Revisions_Controller - * @see WP_REST_Controller - */ -class WP_REST_Autosaves_Controller extends WP_REST_Revisions_Controller { - - /** - * Parent post type. - * - * @since 5.0.0 - * @var string - */ - private $parent_post_type; - - /** - * Parent post controller. - * - * @since 5.0.0 - * @var WP_REST_Controller - */ - private $parent_controller; - - /** - * Revision controller. - * - * @since 5.0.0 - * @var WP_REST_Controller - */ - private $revisions_controller; - - /** - * The base of the parent controller's route. - * - * @since 5.0.0 - * @var string - */ - private $parent_base; - - /** - * Constructor. - * - * @since 5.0.0 - * - * @param string $parent_post_type Post type of the parent. - */ - public function __construct( $parent_post_type ) { - $this->parent_post_type = $parent_post_type; - $post_type_object = get_post_type_object( $parent_post_type ); - $parent_controller = $post_type_object->get_rest_controller(); - - if ( ! $parent_controller ) { - $parent_controller = new WP_REST_Posts_Controller( $parent_post_type ); - } - - $this->parent_controller = $parent_controller; - $this->revisions_controller = new WP_REST_Revisions_Controller( $parent_post_type ); - $this->rest_namespace = 'wp/v2'; - $this->rest_base = 'autosaves'; - $this->parent_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name; - } - - /** - * Registers routes for autosaves. - * - * @since 5.0.0 - * - * @see register_rest_route() - */ - public function register_routes() { - register_rest_route( - $this->rest_namespace, - '/' . $this->parent_base . '/(?P<id>[\d]+)/' . $this->rest_base, - array( - 'args' => array( - 'parent' => array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - array( - 'methods' => WP_REST_Server::CREATABLE, - 'callback' => array( $this, 'create_item' ), - 'permission_callback' => array( $this, 'create_item_permissions_check' ), - 'args' => $this->parent_controller->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->rest_namespace, - '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', - array( - 'args' => array( - 'parent' => array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - ), - 'id' => array( - 'description' => __( 'The ID for the object.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this->revisions_controller, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - } - - /** - * Get the parent post. - * - * @since 5.0.0 - * - * @param int $parent_id Supplied ID. - * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. - */ - protected function get_parent( $parent_id ) { - return $this->revisions_controller->get_parent( $parent_id ); - } - - /** - * Checks if a given request has access to get autosaves. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return true|WP_Error True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - $parent = $this->get_parent( $request['id'] ); - if ( is_wp_error( $parent ) ) { - return $parent; - } - - $parent_post_type_obj = get_post_type_object( $parent->post_type ); - if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view autosaves of this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Checks if a given request has access to create an autosave revision. - * - * Autosave revisions inherit permissions from the parent post, - * check if the current user has permission to edit the post. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to create the item, WP_Error object otherwise. - */ - public function create_item_permissions_check( $request ) { - $id = $request->get_param( 'id' ); - if ( empty( $id ) ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid item ID.' ), array( 'status' => 404 ) ); - } - - return $this->parent_controller->update_item_permissions_check( $request ); - } - - /** - * Creates, updates or deletes an autosave revision. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function create_item( $request ) { - - if ( ! defined( 'DOING_AUTOSAVE' ) ) { - define( 'DOING_AUTOSAVE', true ); - } - - $post = get_post( $request['id'] ); - - if ( is_wp_error( $post ) ) { - return $post; - } - - $prepared_post = $this->parent_controller->prepare_item_for_database( $request ); - $prepared_post->ID = $post->ID; - $user_id = get_current_user_id(); - - if ( ( 'draft' === $post->post_status || 'auto-draft' === $post->post_status ) && $post->post_author == $user_id ) { - // Draft posts for the same author: autosaving updates the post and does not create a revision. - // Convert the post object to an array and add slashes, wp_update_post expects escaped array. - $autosave_id = wp_update_post( wp_slash( (array) $prepared_post ), true ); - } else { - // Non-draft posts: create or update the post autosave. - $autosave_id = $this->create_post_autosave( (array) $prepared_post ); - } - - if ( is_wp_error( $autosave_id ) ) { - return $autosave_id; - } - - $autosave = get_post( $autosave_id ); - $request->set_param( 'context', 'edit' ); - - $response = $this->prepare_item_for_response( $autosave, $request ); - $response = rest_ensure_response( $response ); - - return $response; - } - - /** - * Get the autosave, if the ID is valid. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. - */ - public function get_item( $request ) { - $parent_id = (int) $request->get_param( 'parent' ); - - if ( $parent_id <= 0 ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); - } - - $autosave = wp_get_post_autosave( $parent_id ); - - if ( ! $autosave ) { - return new WP_Error( 'rest_post_no_autosave', __( 'There is no autosave revision for this post.' ), array( 'status' => 404 ) ); - } - - $response = $this->prepare_item_for_response( $autosave, $request ); - return $response; - } - - /** - * Gets a collection of autosaves using wp_get_post_autosave. - * - * Contains the user's autosave, for empty if it doesn't exist. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - $parent = $this->get_parent( $request['id'] ); - if ( is_wp_error( $parent ) ) { - return $parent; - } - - $response = array(); - $parent_id = $parent->ID; - $revisions = wp_get_post_revisions( $parent_id, array( 'check_enabled' => false ) ); - - foreach ( $revisions as $revision ) { - if ( false !== strpos( $revision->post_name, "{$parent_id}-autosave" ) ) { - $data = $this->prepare_item_for_response( $revision, $request ); - $response[] = $this->prepare_response_for_collection( $data ); - } - } - - return rest_ensure_response( $response ); - } - - - /** - * Retrieves the autosave's schema, conforming to JSON Schema. - * - * @since 5.0.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = $this->revisions_controller->get_item_schema(); - - $schema['properties']['preview_link'] = array( - 'description' => __( 'Preview link for the post.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'edit' ), - 'readonly' => true, - ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Creates autosave for the specified post. - * - * From wp-admin/post.php. - * - * @since 5.0.0 - * - * @param mixed $post_data Associative array containing the post data. - * @return mixed The autosave revision ID or WP_Error. - */ - public function create_post_autosave( $post_data ) { - - $post_id = (int) $post_data['ID']; - $post = get_post( $post_id ); - - if ( is_wp_error( $post ) ) { - return $post; - } - - $user_id = get_current_user_id(); - - // Store one autosave per author. If there is already an autosave, overwrite it. - $old_autosave = wp_get_post_autosave( $post_id, $user_id ); - - if ( $old_autosave ) { - $new_autosave = _wp_post_revision_data( $post_data, true ); - $new_autosave['ID'] = $old_autosave->ID; - $new_autosave['post_author'] = $user_id; - - // If the new autosave has the same content as the post, delete the autosave. - $autosave_is_different = false; - - foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields( $post ) ) ) as $field ) { - if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) { - $autosave_is_different = true; - break; - } - } - - if ( ! $autosave_is_different ) { - wp_delete_post_revision( $old_autosave->ID ); - return new WP_Error( 'rest_autosave_no_changes', __( 'There is nothing to save. The autosave and the post content are the same.' ), array( 'status' => 400 ) ); - } - - /** This filter is documented in wp-admin/post.php */ - do_action( 'wp_creating_autosave', $new_autosave ); - - // wp_update_post expects escaped array. - return wp_update_post( wp_slash( $new_autosave ) ); - } - - // Create the new autosave as a special post revision. - return _wp_put_post_revision( $post_data, true ); - } - - /** - * Prepares the revision for the REST response. - * - * @since 5.0.0 - * - * @param WP_Post $post Post revision object. - * @param WP_REST_Request $request Request object. - * - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $post, $request ) { - - $response = $this->revisions_controller->prepare_item_for_response( $post, $request ); - - $fields = $this->get_fields_for_response( $request ); - - if ( in_array( 'preview_link', $fields, true ) ) { - $parent_id = wp_is_post_autosave( $post ); - $preview_post_id = false === $parent_id ? $post->ID : $parent_id; - $preview_query_args = array(); - - if ( false !== $parent_id ) { - $preview_query_args['preview_id'] = $parent_id; - $preview_query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $parent_id ); - } - - $response->data['preview_link'] = get_preview_post_link( $preview_post_id, $preview_query_args ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $response->data = $this->add_additional_fields_to_object( $response->data, $request ); - $response->data = $this->filter_response_by_context( $response->data, $context ); - - /** - * Filters a revision returned from the API. - * - * Allows modification of the revision right before it is returned. - * - * @since 5.0.0 - * - * @param WP_REST_Response $response The response object. - * @param WP_Post $post The original revision object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_autosave', $response, $post, $request ); - } - - /** - * Retrieves the query params for the autosaves collection. - * - * @since 5.0.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - return array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ); - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-block-renderer-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-block-renderer-controller.php deleted file mode 100644 index b5b3323..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-block-renderer-controller.php +++ /dev/null @@ -1,183 +0,0 @@ -<?php -/** - * Block Renderer REST API: WP_REST_Block_Renderer_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 5.0.0 - */ - -/** - * Controller which provides REST endpoint for rendering a block. - * - * @since 5.0.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Block_Renderer_Controller extends WP_REST_Controller { - - /** - * Constructs the controller. - * - * @since 5.0.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'block-renderer'; - } - - /** - * Registers the necessary REST API routes, one for each dynamic block. - * - * @since 5.0.0 - */ - public function register_routes() { - $block_types = WP_Block_Type_Registry::get_instance()->get_all_registered(); - - foreach ( $block_types as $block_type ) { - if ( ! $block_type->is_dynamic() ) { - continue; - } - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<name>' . $block_type->name . ')', - array( - 'args' => array( - 'name' => array( - 'description' => __( 'Unique registered name for the block.' ), - 'type' => 'string', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - 'attributes' => array( - /* translators: %s: The name of the block. */ - 'description' => sprintf( __( 'Attributes for %s block' ), $block_type->name ), - 'type' => 'object', - 'additionalProperties' => false, - 'properties' => $block_type->get_attributes(), - 'default' => array(), - ), - 'post_id' => array( - 'description' => __( 'ID of the post context.' ), - 'type' => 'integer', - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - } - - /** - * Checks if a given request has access to read blocks. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Request. - * @return true|WP_Error True if the request has read access, WP_Error object otherwise. - */ - public function get_item_permissions_check( $request ) { - global $post; - - $post_id = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0; - - if ( 0 < $post_id ) { - $post = get_post( $post_id ); - - if ( ! $post || ! current_user_can( 'edit_post', $post->ID ) ) { - return new WP_Error( - 'block_cannot_read', - __( 'Sorry, you are not allowed to read blocks of this post.' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - } else { - if ( ! current_user_can( 'edit_posts' ) ) { - return new WP_Error( - 'block_cannot_read', - __( 'Sorry, you are not allowed to read blocks as this user.' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - } - - return true; - } - - /** - * Returns block output from block's registered render_callback. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - global $post; - - $post_id = isset( $request['post_id'] ) ? intval( $request['post_id'] ) : 0; - - if ( 0 < $post_id ) { - $post = get_post( $post_id ); - - // Set up postdata since this will be needed if post_id was set. - setup_postdata( $post ); - } - $registry = WP_Block_Type_Registry::get_instance(); - $block = $registry->get_registered( $request['name'] ); - - if ( null === $block ) { - return new WP_Error( - 'block_invalid', - __( 'Invalid block.' ), - array( - 'status' => 404, - ) - ); - } - - $data = array( - 'rendered' => $block->render( $request->get_param( 'attributes' ) ), - ); - return rest_ensure_response( $data ); - } - - /** - * Retrieves block's output schema, conforming to JSON Schema. - * - * @since 5.0.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->schema; - } - - $this->schema = array( - '$schema' => 'http://json-schema.org/schema#', - 'title' => 'rendered-block', - 'type' => 'object', - 'properties' => array( - 'rendered' => array( - 'description' => __( 'The rendered block.' ), - 'type' => 'string', - 'required' => true, - 'context' => array( 'edit' ), - ), - ), - ); - return $this->schema; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-blocks-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-blocks-controller.php deleted file mode 100644 index 36d1573..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-blocks-controller.php +++ /dev/null @@ -1,93 +0,0 @@ -<?php -/** - * Reusable blocks REST API: WP_REST_Blocks_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 5.0.0 - */ - -/** - * Controller which provides a REST endpoint for the editor to read, create, - * edit and delete reusable blocks. Blocks are stored as posts with the wp_block - * post type. - * - * @since 5.0.0 - * - * @see WP_REST_Posts_Controller - * @see WP_REST_Controller - */ -class WP_REST_Blocks_Controller extends WP_REST_Posts_Controller { - - /** - * Checks if a block can be read. - * - * @since 5.0.0 - * - * @param object $post Post object that backs the block. - * @return bool Whether the block can be read. - */ - public function check_read_permission( $post ) { - // Ensure that the user is logged in and has the read_blocks capability. - $post_type = get_post_type_object( $post->post_type ); - if ( ! current_user_can( $post_type->cap->read_post, $post->ID ) ) { - return false; - } - - return parent::check_read_permission( $post ); - } - - /** - * Filters a response based on the context defined in the schema. - * - * @since 5.0.0 - * - * @param array $data Response data to fiter. - * @param string $context Context defined in the schema. - * @return array Filtered response. - */ - public function filter_response_by_context( $data, $context ) { - $data = parent::filter_response_by_context( $data, $context ); - - /* - * Remove `title.rendered` and `content.rendered` from the response. It - * doesn't make sense for a reusable block to have rendered content on its - * own, since rendering a block requires it to be inside a post or a page. - */ - unset( $data['title']['rendered'] ); - unset( $data['content']['rendered'] ); - - return $data; - } - - /** - * Retrieves the block's schema, conforming to JSON Schema. - * - * @since 5.0.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - // Do not cache this schema because all properties are derived from parent controller. - $schema = parent::get_item_schema(); - - /* - * Allow all contexts to access `title.raw` and `content.raw`. Clients always - * need the raw markup of a reusable block to do anything useful, e.g. parse - * it or display it in an editor. - */ - $schema['properties']['title']['properties']['raw']['context'] = array( 'view', 'edit' ); - $schema['properties']['content']['properties']['raw']['context'] = array( 'view', 'edit' ); - - /* - * Remove `title.rendered` and `content.rendered` from the schema. It doesn’t - * make sense for a reusable block to have rendered content on its own, since - * rendering a block requires it to be inside a post or a page. - */ - unset( $schema['properties']['title']['properties']['rendered'] ); - unset( $schema['properties']['content']['properties']['rendered'] ); - - return $schema; - } - -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php deleted file mode 100644 index 376959a..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php +++ /dev/null @@ -1,1710 +0,0 @@ -<?php -/** - * REST API: WP_REST_Comments_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core controller used to access comments via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Comments_Controller extends WP_REST_Controller { - - /** - * Instance of a comment meta fields object. - * - * @since 4.7.0 - * @var WP_REST_Comment_Meta_Fields - */ - protected $meta; - - /** - * Constructor. - * - * @since 4.7.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'comments'; - - $this->meta = new WP_REST_Comment_Meta_Fields(); - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - array( - 'methods' => WP_REST_Server::CREATABLE, - 'callback' => array( $this, 'create_item' ), - 'permission_callback' => array( $this, 'create_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<id>[\d]+)', - array( - 'args' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - 'password' => array( - 'description' => __( 'The password for the parent post of the comment (if the post is password protected).' ), - 'type' => 'string', - ), - ), - ), - array( - 'methods' => WP_REST_Server::EDITABLE, - 'callback' => array( $this, 'update_item' ), - 'permission_callback' => array( $this, 'update_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - ), - array( - 'methods' => WP_REST_Server::DELETABLE, - 'callback' => array( $this, 'delete_item' ), - 'permission_callback' => array( $this, 'delete_item_permissions_check' ), - 'args' => array( - 'force' => array( - 'type' => 'boolean', - 'default' => false, - 'description' => __( 'Whether to bypass trash and force deletion.' ), - ), - 'password' => array( - 'description' => __( 'The password for the parent post of the comment (if the post is password protected).' ), - 'type' => 'string', - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks if a given request has access to read comments. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has read access, error object otherwise. - */ - public function get_items_permissions_check( $request ) { - - if ( ! empty( $request['post'] ) ) { - foreach ( (array) $request['post'] as $post_id ) { - $post = get_post( $post_id ); - - if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post, $request ) ) { - return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); - } elseif ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read comments without a post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - } - } - - if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! current_user_can( 'edit_posts' ) ) { - $protected_params = array( 'author', 'author_exclude', 'author_email', 'type', 'status' ); - $forbidden_params = array(); - - foreach ( $protected_params as $param ) { - if ( 'status' === $param ) { - if ( 'approve' !== $request[ $param ] ) { - $forbidden_params[] = $param; - } - } elseif ( 'type' === $param ) { - if ( 'comment' !== $request[ $param ] ) { - $forbidden_params[] = $param; - } - } elseif ( ! empty( $request[ $param ] ) ) { - $forbidden_params[] = $param; - } - } - - if ( ! empty( $forbidden_params ) ) { - return new WP_Error( - 'rest_forbidden_param', - /* translators: %s: List of forbidden parameters. */ - sprintf( __( 'Query parameter not permitted: %s' ), implode( ', ', $forbidden_params ) ), - array( 'status' => rest_authorization_required_code() ) - ); - } - } - - return true; - } - - /** - * Retrieves a list of comment items. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. - */ - public function get_items( $request ) { - - // Retrieve the list of registered collection query parameters. - $registered = $this->get_collection_params(); - - /* - * This array defines mappings between public API query parameters whose - * values are accepted as-passed, and their internal WP_Query parameter - * name equivalents (some are the same). Only values which are also - * present in $registered will be set. - */ - $parameter_mappings = array( - 'author' => 'author__in', - 'author_email' => 'author_email', - 'author_exclude' => 'author__not_in', - 'exclude' => 'comment__not_in', - 'include' => 'comment__in', - 'offset' => 'offset', - 'order' => 'order', - 'parent' => 'parent__in', - 'parent_exclude' => 'parent__not_in', - 'per_page' => 'number', - 'post' => 'post__in', - 'search' => 'search', - 'status' => 'status', - 'type' => 'type', - ); - - $prepared_args = array(); - - /* - * For each known parameter which is both registered and present in the request, - * set the parameter's value on the query $prepared_args. - */ - foreach ( $parameter_mappings as $api_param => $wp_param ) { - if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { - $prepared_args[ $wp_param ] = $request[ $api_param ]; - } - } - - // Ensure certain parameter values default to empty strings. - foreach ( array( 'author_email', 'search' ) as $param ) { - if ( ! isset( $prepared_args[ $param ] ) ) { - $prepared_args[ $param ] = ''; - } - } - - if ( isset( $registered['orderby'] ) ) { - $prepared_args['orderby'] = $this->normalize_query_param( $request['orderby'] ); - } - - $prepared_args['no_found_rows'] = false; - - $prepared_args['date_query'] = array(); - - // Set before into date query. Date query must be specified as an array of an array. - if ( isset( $registered['before'], $request['before'] ) ) { - $prepared_args['date_query'][0]['before'] = $request['before']; - } - - // Set after into date query. Date query must be specified as an array of an array. - if ( isset( $registered['after'], $request['after'] ) ) { - $prepared_args['date_query'][0]['after'] = $request['after']; - } - - if ( isset( $registered['page'] ) && empty( $request['offset'] ) ) { - $prepared_args['offset'] = $prepared_args['number'] * ( absint( $request['page'] ) - 1 ); - } - - /** - * Filters arguments, before passing to WP_Comment_Query, when querying comments via the REST API. - * - * @since 4.7.0 - * - * @link https://developer.wordpress.org/reference/classes/wp_comment_query/ - * - * @param array $prepared_args Array of arguments for WP_Comment_Query. - * @param WP_REST_Request $request The current request. - */ - $prepared_args = apply_filters( 'rest_comment_query', $prepared_args, $request ); - - $query = new WP_Comment_Query; - $query_result = $query->query( $prepared_args ); - - $comments = array(); - - foreach ( $query_result as $comment ) { - if ( ! $this->check_read_permission( $comment, $request ) ) { - continue; - } - - $data = $this->prepare_item_for_response( $comment, $request ); - $comments[] = $this->prepare_response_for_collection( $data ); - } - - $total_comments = (int) $query->found_comments; - $max_pages = (int) $query->max_num_pages; - - if ( $total_comments < 1 ) { - // Out-of-bounds, run the query again without LIMIT for total count. - unset( $prepared_args['number'], $prepared_args['offset'] ); - - $query = new WP_Comment_Query; - $prepared_args['count'] = true; - - $total_comments = $query->query( $prepared_args ); - $max_pages = ceil( $total_comments / $request['per_page'] ); - } - - $response = rest_ensure_response( $comments ); - $response->header( 'X-WP-Total', $total_comments ); - $response->header( 'X-WP-TotalPages', $max_pages ); - - $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); - - if ( $request['page'] > 1 ) { - $prev_page = $request['page'] - 1; - - if ( $prev_page > $max_pages ) { - $prev_page = $max_pages; - } - - $prev_link = add_query_arg( 'page', $prev_page, $base ); - $response->link_header( 'prev', $prev_link ); - } - - if ( $max_pages > $request['page'] ) { - $next_page = $request['page'] + 1; - $next_link = add_query_arg( 'page', $next_page, $base ); - - $response->link_header( 'next', $next_link ); - } - - return $response; - } - - /** - * Get the comment, if the ID is valid. - * - * @since 4.7.2 - * - * @param int $id Supplied ID. - * @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise. - */ - protected function get_comment( $id ) { - $error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); - if ( (int) $id <= 0 ) { - return $error; - } - - $id = (int) $id; - $comment = get_comment( $id ); - if ( empty( $comment ) ) { - return $error; - } - - if ( ! empty( $comment->comment_post_ID ) ) { - $post = get_post( (int) $comment->comment_post_ID ); - if ( empty( $post ) ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); - } - } - - return $comment; - } - - /** - * Checks if a given request has access to read the comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has read access for the item, error object otherwise. - */ - public function get_item_permissions_check( $request ) { - $comment = $this->get_comment( $request['id'] ); - if ( is_wp_error( $comment ) ) { - return $comment; - } - - if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - $post = get_post( $comment->comment_post_ID ); - - if ( ! $this->check_read_permission( $comment, $request ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read this comment.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( $post && ! $this->check_read_post_permission( $post, $request ) ) { - return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Retrieves a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. - */ - public function get_item( $request ) { - $comment = $this->get_comment( $request['id'] ); - if ( is_wp_error( $comment ) ) { - return $comment; - } - - $data = $this->prepare_item_for_response( $comment, $request ); - $response = rest_ensure_response( $data ); - - return $response; - } - - /** - * Checks if a given request has access to create a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has access to create items, error object otherwise. - */ - public function create_item_permissions_check( $request ) { - if ( ! is_user_logged_in() ) { - if ( get_option( 'comment_registration' ) ) { - return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) ); - } - - /** - * Filter whether comments can be created without authentication. - * - * Enables creating comments for anonymous users. - * - * @since 4.7.0 - * - * @param bool $allow_anonymous Whether to allow anonymous comments to - * be created. Default `false`. - * @param WP_REST_Request $request Request used to generate the - * response. - */ - $allow_anonymous = apply_filters( 'rest_allow_anonymous_comments', false, $request ); - if ( ! $allow_anonymous ) { - return new WP_Error( 'rest_comment_login_required', __( 'Sorry, you must be logged in to comment.' ), array( 'status' => 401 ) ); - } - } - - // Limit who can set comment `author`, `author_ip` or `status` to anything other than the default. - if ( isset( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( - 'rest_comment_invalid_author', - /* translators: %s: Request parameter. */ - sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author' ), - array( 'status' => rest_authorization_required_code() ) - ); - } - - if ( isset( $request['author_ip'] ) && ! current_user_can( 'moderate_comments' ) ) { - if ( empty( $_SERVER['REMOTE_ADDR'] ) || $request['author_ip'] !== $_SERVER['REMOTE_ADDR'] ) { - return new WP_Error( - 'rest_comment_invalid_author_ip', - /* translators: %s: Request parameter. */ - sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'author_ip' ), - array( 'status' => rest_authorization_required_code() ) - ); - } - } - - if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) { - return new WP_Error( - 'rest_comment_invalid_status', - /* translators: %s: Request parameter. */ - sprintf( __( "Sorry, you are not allowed to edit '%s' for comments." ), 'status' ), - array( 'status' => rest_authorization_required_code() ) - ); - } - - if ( empty( $request['post'] ) ) { - return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) ); - } - - $post = get_post( (int) $request['post'] ); - if ( ! $post ) { - return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) ); - } - - if ( 'draft' === $post->post_status ) { - return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); - } - - if ( 'trash' === $post->post_status ) { - return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); - } - - if ( ! $this->check_read_post_permission( $post, $request ) ) { - return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! comments_open( $post->ID ) ) { - return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed for this item.' ), array( 'status' => 403 ) ); - } - - return true; - } - - /** - * Creates a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. - */ - public function create_item( $request ) { - if ( ! empty( $request['id'] ) ) { - return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) ); - } - - // Do not allow comments to be created with a non-default type. - if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) { - return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) ); - } - - $prepared_comment = $this->prepare_item_for_database( $request ); - if ( is_wp_error( $prepared_comment ) ) { - return $prepared_comment; - } - - $prepared_comment['comment_type'] = ''; - - /* - * Do not allow a comment to be created with missing or empty - * comment_content. See wp_handle_comment_submission(). - */ - if ( empty( $prepared_comment['comment_content'] ) ) { - return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) ); - } - - // Setting remaining values before wp_insert_comment so we can use wp_allow_comment(). - if ( ! isset( $prepared_comment['comment_date_gmt'] ) ) { - $prepared_comment['comment_date_gmt'] = current_time( 'mysql', true ); - } - - // Set author data if the user's logged in. - $missing_author = empty( $prepared_comment['user_id'] ) - && empty( $prepared_comment['comment_author'] ) - && empty( $prepared_comment['comment_author_email'] ) - && empty( $prepared_comment['comment_author_url'] ); - - if ( is_user_logged_in() && $missing_author ) { - $user = wp_get_current_user(); - - $prepared_comment['user_id'] = $user->ID; - $prepared_comment['comment_author'] = $user->display_name; - $prepared_comment['comment_author_email'] = $user->user_email; - $prepared_comment['comment_author_url'] = $user->user_url; - } - - // Honor the discussion setting that requires a name and email address of the comment author. - if ( get_option( 'require_name_email' ) ) { - if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) { - return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) ); - } - } - - if ( ! isset( $prepared_comment['comment_author_email'] ) ) { - $prepared_comment['comment_author_email'] = ''; - } - - if ( ! isset( $prepared_comment['comment_author_url'] ) ) { - $prepared_comment['comment_author_url'] = ''; - } - - if ( ! isset( $prepared_comment['comment_agent'] ) ) { - $prepared_comment['comment_agent'] = ''; - } - - $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment ); - if ( is_wp_error( $check_comment_lengths ) ) { - $error_code = $check_comment_lengths->get_error_code(); - return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); - } - - $prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true ); - - if ( is_wp_error( $prepared_comment['comment_approved'] ) ) { - $error_code = $prepared_comment['comment_approved']->get_error_code(); - $error_message = $prepared_comment['comment_approved']->get_error_message(); - - if ( 'comment_duplicate' === $error_code ) { - return new WP_Error( $error_code, $error_message, array( 'status' => 409 ) ); - } - - if ( 'comment_flood' === $error_code ) { - return new WP_Error( $error_code, $error_message, array( 'status' => 400 ) ); - } - - return $prepared_comment['comment_approved']; - } - - /** - * Filters a comment before it is inserted via the REST API. - * - * Allows modification of the comment right before it is inserted via wp_insert_comment(). - * Returning a WP_Error value from the filter will shortcircuit insertion and allow - * skipping further processing. - * - * @since 4.7.0 - * @since 4.8.0 `$prepared_comment` can now be a WP_Error to shortcircuit insertion. - * - * @param array|WP_Error $prepared_comment The prepared comment data for wp_insert_comment(). - * @param WP_REST_Request $request Request used to insert the comment. - */ - $prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request ); - if ( is_wp_error( $prepared_comment ) ) { - return $prepared_comment; - } - - $comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) ); - - if ( ! $comment_id ) { - return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) ); - } - - if ( isset( $request['status'] ) ) { - $this->handle_status_param( $request['status'], $comment_id ); - } - - $comment = get_comment( $comment_id ); - - /** - * Fires after a comment is created or updated via the REST API. - * - * @since 4.7.0 - * - * @param WP_Comment $comment Inserted or updated comment object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a comment, false - * when updating. - */ - do_action( 'rest_insert_comment', $comment, $request, true ); - - $schema = $this->get_item_schema(); - - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $comment_id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $fields_update = $this->update_additional_fields_for_object( $comment, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $context = current_user_can( 'moderate_comments' ) ? 'edit' : 'view'; - $request->set_param( 'context', $context ); - - /** - * Fires completely after a comment is created or updated via the REST API. - * - * @since 5.0.0 - * - * @param WP_Comment $comment Inserted or updated comment object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a comment, false - * when updating. - */ - do_action( 'rest_after_insert_comment', $comment, $request, true ); - - $response = $this->prepare_item_for_response( $comment, $request ); - $response = rest_ensure_response( $response ); - - $response->set_status( 201 ); - $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment_id ) ) ); - - return $response; - } - - /** - * Checks if a given REST request has access to update a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has access to update the item, error object otherwise. - */ - public function update_item_permissions_check( $request ) { - $comment = $this->get_comment( $request['id'] ); - if ( is_wp_error( $comment ) ) { - return $comment; - } - - if ( ! $this->check_edit_permission( $comment ) ) { - return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Updates a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. - */ - public function update_item( $request ) { - $comment = $this->get_comment( $request['id'] ); - if ( is_wp_error( $comment ) ) { - return $comment; - } - - $id = $comment->comment_ID; - - if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) { - return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) ); - } - - $prepared_args = $this->prepare_item_for_database( $request ); - - if ( is_wp_error( $prepared_args ) ) { - return $prepared_args; - } - - if ( ! empty( $prepared_args['comment_post_ID'] ) ) { - $post = get_post( $prepared_args['comment_post_ID'] ); - if ( empty( $post ) ) { - return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) ); - } - } - - if ( empty( $prepared_args ) && isset( $request['status'] ) ) { - // Only the comment status is being changed. - $change = $this->handle_status_param( $request['status'], $id ); - - if ( ! $change ) { - return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment status failed.' ), array( 'status' => 500 ) ); - } - } elseif ( ! empty( $prepared_args ) ) { - if ( is_wp_error( $prepared_args ) ) { - return $prepared_args; - } - - if ( isset( $prepared_args['comment_content'] ) && empty( $prepared_args['comment_content'] ) ) { - return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) ); - } - - $prepared_args['comment_ID'] = $id; - - $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args ); - if ( is_wp_error( $check_comment_lengths ) ) { - $error_code = $check_comment_lengths->get_error_code(); - return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); - } - - $updated = wp_update_comment( wp_slash( (array) $prepared_args ) ); - - if ( false === $updated ) { - return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); - } - - if ( isset( $request['status'] ) ) { - $this->handle_status_param( $request['status'], $id ); - } - } - - $comment = get_comment( $id ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */ - do_action( 'rest_insert_comment', $comment, $request, false ); - - $schema = $this->get_item_schema(); - - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $fields_update = $this->update_additional_fields_for_object( $comment, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */ - do_action( 'rest_after_insert_comment', $comment, $request, false ); - - $response = $this->prepare_item_for_response( $comment, $request ); - - return rest_ensure_response( $response ); - } - - /** - * Checks if a given request has access to delete a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has access to delete the item, error object otherwise. - */ - public function delete_item_permissions_check( $request ) { - $comment = $this->get_comment( $request['id'] ); - if ( is_wp_error( $comment ) ) { - return $comment; - } - - if ( ! $this->check_edit_permission( $comment ) ) { - return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this comment.' ), array( 'status' => rest_authorization_required_code() ) ); - } - return true; - } - - /** - * Deletes a comment. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or error object on failure. - */ - public function delete_item( $request ) { - $comment = $this->get_comment( $request['id'] ); - if ( is_wp_error( $comment ) ) { - return $comment; - } - - $force = isset( $request['force'] ) ? (bool) $request['force'] : false; - - /** - * Filters whether a comment can be trashed. - * - * Return false to disable trash support for the post. - * - * @since 4.7.0 - * - * @param bool $supports_trash Whether the post type support trashing. - * @param WP_Post $comment The comment object being considered for trashing support. - */ - $supports_trash = apply_filters( 'rest_comment_trashable', ( EMPTY_TRASH_DAYS > 0 ), $comment ); - - $request->set_param( 'context', 'edit' ); - - if ( $force ) { - $previous = $this->prepare_item_for_response( $comment, $request ); - $result = wp_delete_comment( $comment->comment_ID, true ); - $response = new WP_REST_Response(); - $response->set_data( - array( - 'deleted' => true, - 'previous' => $previous->get_data(), - ) - ); - } else { - // If this type doesn't support trashing, error out. - if ( ! $supports_trash ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "The comment does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); - } - - if ( 'trash' === $comment->comment_approved ) { - return new WP_Error( 'rest_already_trashed', __( 'The comment has already been trashed.' ), array( 'status' => 410 ) ); - } - - $result = wp_trash_comment( $comment->comment_ID ); - $comment = get_comment( $comment->comment_ID ); - $response = $this->prepare_item_for_response( $comment, $request ); - } - - if ( ! $result ) { - return new WP_Error( 'rest_cannot_delete', __( 'The comment cannot be deleted.' ), array( 'status' => 500 ) ); - } - - /** - * Fires after a comment is deleted via the REST API. - * - * @since 4.7.0 - * - * @param WP_Comment $comment The deleted comment data. - * @param WP_REST_Response $response The response returned from the API. - * @param WP_REST_Request $request The request sent to the API. - */ - do_action( 'rest_delete_comment', $comment, $response, $request ); - - return $response; - } - - /** - * Prepares a single comment output for response. - * - * @since 4.7.0 - * - * @param WP_Comment $comment Comment object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $comment, $request ) { - - $fields = $this->get_fields_for_response( $request ); - $data = array(); - - if ( in_array( 'id', $fields, true ) ) { - $data['id'] = (int) $comment->comment_ID; - } - - if ( in_array( 'post', $fields, true ) ) { - $data['post'] = (int) $comment->comment_post_ID; - } - - if ( in_array( 'parent', $fields, true ) ) { - $data['parent'] = (int) $comment->comment_parent; - } - - if ( in_array( 'author', $fields, true ) ) { - $data['author'] = (int) $comment->user_id; - } - - if ( in_array( 'author_name', $fields, true ) ) { - $data['author_name'] = $comment->comment_author; - } - - if ( in_array( 'author_email', $fields, true ) ) { - $data['author_email'] = $comment->comment_author_email; - } - - if ( in_array( 'author_url', $fields, true ) ) { - $data['author_url'] = $comment->comment_author_url; - } - - if ( in_array( 'author_ip', $fields, true ) ) { - $data['author_ip'] = $comment->comment_author_IP; - } - - if ( in_array( 'author_user_agent', $fields, true ) ) { - $data['author_user_agent'] = $comment->comment_agent; - } - - if ( in_array( 'date', $fields, true ) ) { - $data['date'] = mysql_to_rfc3339( $comment->comment_date ); - } - - if ( in_array( 'date_gmt', $fields, true ) ) { - $data['date_gmt'] = mysql_to_rfc3339( $comment->comment_date_gmt ); - } - - if ( in_array( 'content', $fields, true ) ) { - $data['content'] = array( - /** This filter is documented in wp-includes/comment-template.php */ - 'rendered' => apply_filters( 'comment_text', $comment->comment_content, $comment ), - 'raw' => $comment->comment_content, - ); - } - - if ( in_array( 'link', $fields, true ) ) { - $data['link'] = get_comment_link( $comment ); - } - - if ( in_array( 'status', $fields, true ) ) { - $data['status'] = $this->prepare_status_response( $comment->comment_approved ); - } - - if ( in_array( 'type', $fields, true ) ) { - $data['type'] = get_comment_type( $comment->comment_ID ); - } - - if ( in_array( 'author_avatar_urls', $fields, true ) ) { - $data['author_avatar_urls'] = rest_get_avatar_urls( $comment ); - } - - if ( in_array( 'meta', $fields, true ) ) { - $data['meta'] = $this->meta->get_value( $comment->comment_ID, $request ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - $response->add_links( $this->prepare_links( $comment ) ); - - /** - * Filters a comment returned from the API. - * - * Allows modification of the comment right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param WP_Comment $comment The original comment object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_comment', $response, $comment, $request ); - } - - /** - * Prepares links for the request. - * - * @since 4.7.0 - * - * @param WP_Comment $comment Comment object. - * @return array Links for the given comment. - */ - protected function prepare_links( $comment ) { - $links = array( - 'self' => array( - 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_ID ) ), - ), - 'collection' => array( - 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), - ), - ); - - if ( 0 !== (int) $comment->user_id ) { - $links['author'] = array( - 'href' => rest_url( 'wp/v2/users/' . $comment->user_id ), - 'embeddable' => true, - ); - } - - if ( 0 !== (int) $comment->comment_post_ID ) { - $post = get_post( $comment->comment_post_ID ); - - if ( ! empty( $post->ID ) ) { - $obj = get_post_type_object( $post->post_type ); - $base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name; - - $links['up'] = array( - 'href' => rest_url( 'wp/v2/' . $base . '/' . $comment->comment_post_ID ), - 'embeddable' => true, - 'post_type' => $post->post_type, - ); - } - } - - if ( 0 !== (int) $comment->comment_parent ) { - $links['in-reply-to'] = array( - 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_parent ) ), - 'embeddable' => true, - ); - } - - // Only grab one comment to verify the comment has children. - $comment_children = $comment->get_children( - array( - 'number' => 1, - 'count' => true, - ) - ); - - if ( ! empty( $comment_children ) ) { - $args = array( - 'parent' => $comment->comment_ID, - ); - - $rest_url = add_query_arg( $args, rest_url( $this->namespace . '/' . $this->rest_base ) ); - - $links['children'] = array( - 'href' => $rest_url, - ); - } - - return $links; - } - - /** - * Prepends internal property prefix to query parameters to match our response fields. - * - * @since 4.7.0 - * - * @param string $query_param Query parameter. - * @return string The normalized query parameter. - */ - protected function normalize_query_param( $query_param ) { - $prefix = 'comment_'; - - switch ( $query_param ) { - case 'id': - $normalized = $prefix . 'ID'; - break; - case 'post': - $normalized = $prefix . 'post_ID'; - break; - case 'parent': - $normalized = $prefix . 'parent'; - break; - case 'include': - $normalized = 'comment__in'; - break; - default: - $normalized = $prefix . $query_param; - break; - } - - return $normalized; - } - - /** - * Checks comment_approved to set comment status for single comment output. - * - * @since 4.7.0 - * - * @param string|int $comment_approved comment status. - * @return string Comment status. - */ - protected function prepare_status_response( $comment_approved ) { - - switch ( $comment_approved ) { - case 'hold': - case '0': - $status = 'hold'; - break; - - case 'approve': - case '1': - $status = 'approved'; - break; - - case 'spam': - case 'trash': - default: - $status = $comment_approved; - break; - } - - return $status; - } - - /** - * Prepares a single comment to be inserted into the database. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Request object. - * @return array|WP_Error Prepared comment, otherwise WP_Error object. - */ - protected function prepare_item_for_database( $request ) { - $prepared_comment = array(); - - /* - * Allow the comment_content to be set via the 'content' or - * the 'content.raw' properties of the Request object. - */ - if ( isset( $request['content'] ) && is_string( $request['content'] ) ) { - $prepared_comment['comment_content'] = $request['content']; - } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) { - $prepared_comment['comment_content'] = $request['content']['raw']; - } - - if ( isset( $request['post'] ) ) { - $prepared_comment['comment_post_ID'] = (int) $request['post']; - } - - if ( isset( $request['parent'] ) ) { - $prepared_comment['comment_parent'] = $request['parent']; - } - - if ( isset( $request['author'] ) ) { - $user = new WP_User( $request['author'] ); - - if ( $user->exists() ) { - $prepared_comment['user_id'] = $user->ID; - $prepared_comment['comment_author'] = $user->display_name; - $prepared_comment['comment_author_email'] = $user->user_email; - $prepared_comment['comment_author_url'] = $user->user_url; - } else { - return new WP_Error( 'rest_comment_author_invalid', __( 'Invalid comment author ID.' ), array( 'status' => 400 ) ); - } - } - - if ( isset( $request['author_name'] ) ) { - $prepared_comment['comment_author'] = $request['author_name']; - } - - if ( isset( $request['author_email'] ) ) { - $prepared_comment['comment_author_email'] = $request['author_email']; - } - - if ( isset( $request['author_url'] ) ) { - $prepared_comment['comment_author_url'] = $request['author_url']; - } - - if ( isset( $request['author_ip'] ) && current_user_can( 'moderate_comments' ) ) { - $prepared_comment['comment_author_IP'] = $request['author_ip']; - } elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) && rest_is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) { - $prepared_comment['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; - } else { - $prepared_comment['comment_author_IP'] = '127.0.0.1'; - } - - if ( ! empty( $request['author_user_agent'] ) ) { - $prepared_comment['comment_agent'] = $request['author_user_agent']; - } elseif ( $request->get_header( 'user_agent' ) ) { - $prepared_comment['comment_agent'] = $request->get_header( 'user_agent' ); - } - - if ( ! empty( $request['date'] ) ) { - $date_data = rest_get_date_with_gmt( $request['date'] ); - - if ( ! empty( $date_data ) ) { - list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data; - } - } elseif ( ! empty( $request['date_gmt'] ) ) { - $date_data = rest_get_date_with_gmt( $request['date_gmt'], true ); - - if ( ! empty( $date_data ) ) { - list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data; - } - } - - /** - * Filters a comment after it is prepared for the database. - * - * Allows modification of the comment right after it is prepared for the database. - * - * @since 4.7.0 - * - * @param array $prepared_comment The prepared comment data for `wp_insert_comment`. - * @param WP_REST_Request $request The current request. - */ - return apply_filters( 'rest_preprocess_comment', $prepared_comment, $request ); - } - - /** - * Retrieves the comment's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'comment', - 'type' => 'object', - 'properties' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'author' => array( - 'description' => __( 'The ID of the user object, if author was a user.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'author_email' => array( - 'description' => __( 'Email address for the object author.' ), - 'type' => 'string', - 'format' => 'email', - 'context' => array( 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => array( $this, 'check_comment_author_email' ), - 'validate_callback' => null, // skip built-in validation of 'email'. - ), - ), - 'author_ip' => array( - 'description' => __( 'IP address for the object author.' ), - 'type' => 'string', - 'format' => 'ip', - 'context' => array( 'edit' ), - ), - 'author_name' => array( - 'description' => __( 'Display name for the object author.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ), - 'author_url' => array( - 'description' => __( 'URL for the object author.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'author_user_agent' => array( - 'description' => __( 'User agent for the object author.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ), - 'content' => array( - 'description' => __( 'The content for the object.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() - ), - 'properties' => array( - 'raw' => array( - 'description' => __( 'Content for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - 'rendered' => array( - 'description' => __( 'HTML content for the object, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ), - 'date' => array( - 'description' => __( "The date the object was published, in the site's timezone." ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'date_gmt' => array( - 'description' => __( 'The date the object was published, as GMT.' ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - ), - 'link' => array( - 'description' => __( 'URL to the object.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'parent' => array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - 'default' => 0, - ), - 'post' => array( - 'description' => __( 'The ID of the associated post object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit' ), - 'default' => 0, - ), - 'status' => array( - 'description' => __( 'State of the object.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_key', - ), - ), - 'type' => array( - 'description' => __( 'Type of Comment for the object.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ); - - if ( get_option( 'show_avatars' ) ) { - $avatar_properties = array(); - - $avatar_sizes = rest_get_avatar_sizes(); - foreach ( $avatar_sizes as $size ) { - $avatar_properties[ $size ] = array( - /* translators: %d: Avatar image size in pixels. */ - 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'embed', 'view', 'edit' ), - ); - } - - $schema['properties']['author_avatar_urls'] = array( - 'description' => __( 'Avatar URLs for the object author.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - 'properties' => $avatar_properties, - ); - } - - $schema['properties']['meta'] = $this->meta->get_field_schema(); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Comments collection parameters. - */ - public function get_collection_params() { - $query_params = parent::get_collection_params(); - - $query_params['context']['default'] = 'view'; - - $query_params['after'] = array( - 'description' => __( 'Limit response to comments published after a given ISO8601 compliant date.' ), - 'type' => 'string', - 'format' => 'date-time', - ); - - $query_params['author'] = array( - 'description' => __( 'Limit result set to comments assigned to specific user IDs. Requires authorization.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ); - - $query_params['author_exclude'] = array( - 'description' => __( 'Ensure result set excludes comments assigned to specific user IDs. Requires authorization.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ); - - $query_params['author_email'] = array( - 'default' => null, - 'description' => __( 'Limit result set to that from a specific author email. Requires authorization.' ), - 'format' => 'email', - 'type' => 'string', - ); - - $query_params['before'] = array( - 'description' => __( 'Limit response to comments published before a given ISO8601 compliant date.' ), - 'type' => 'string', - 'format' => 'date-time', - ); - - $query_params['exclude'] = array( - 'description' => __( 'Ensure result set excludes specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['include'] = array( - 'description' => __( 'Limit result set to specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['offset'] = array( - 'description' => __( 'Offset the result set by a specific number of items.' ), - 'type' => 'integer', - ); - - $query_params['order'] = array( - 'description' => __( 'Order sort attribute ascending or descending.' ), - 'type' => 'string', - 'default' => 'desc', - 'enum' => array( - 'asc', - 'desc', - ), - ); - - $query_params['orderby'] = array( - 'description' => __( 'Sort collection by object attribute.' ), - 'type' => 'string', - 'default' => 'date_gmt', - 'enum' => array( - 'date', - 'date_gmt', - 'id', - 'include', - 'post', - 'parent', - 'type', - ), - ); - - $query_params['parent'] = array( - 'default' => array(), - 'description' => __( 'Limit result set to comments of specific parent IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ); - - $query_params['parent_exclude'] = array( - 'default' => array(), - 'description' => __( 'Ensure result set excludes specific parent IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ); - - $query_params['post'] = array( - 'default' => array(), - 'description' => __( 'Limit result set to comments assigned to specific post IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ); - - $query_params['status'] = array( - 'default' => 'approve', - 'description' => __( 'Limit result set to comments assigned a specific status. Requires authorization.' ), - 'sanitize_callback' => 'sanitize_key', - 'type' => 'string', - 'validate_callback' => 'rest_validate_request_arg', - ); - - $query_params['type'] = array( - 'default' => 'comment', - 'description' => __( 'Limit result set to comments assigned a specific type. Requires authorization.' ), - 'sanitize_callback' => 'sanitize_key', - 'type' => 'string', - 'validate_callback' => 'rest_validate_request_arg', - ); - - $query_params['password'] = array( - 'description' => __( 'The password for the post if it is password protected.' ), - 'type' => 'string', - ); - - /** - * Filter collection parameters for the comments controller. - * - * This filter registers the collection parameter, but does not map the - * collection parameter to an internal WP_Comment_Query parameter. Use the - * `rest_comment_query` filter to set WP_Comment_Query parameters. - * - * @since 4.7.0 - * - * @param array $query_params JSON Schema-formatted collection parameters. - */ - return apply_filters( 'rest_comment_collection_params', $query_params ); - } - - /** - * Sets the comment_status of a given comment object when creating or updating a comment. - * - * @since 4.7.0 - * - * @param string|int $new_status New comment status. - * @param int $comment_id Comment ID. - * @return bool Whether the status was changed. - */ - protected function handle_status_param( $new_status, $comment_id ) { - $old_status = wp_get_comment_status( $comment_id ); - - if ( $new_status === $old_status ) { - return false; - } - - switch ( $new_status ) { - case 'approved': - case 'approve': - case '1': - $changed = wp_set_comment_status( $comment_id, 'approve' ); - break; - case 'hold': - case '0': - $changed = wp_set_comment_status( $comment_id, 'hold' ); - break; - case 'spam': - $changed = wp_spam_comment( $comment_id ); - break; - case 'unspam': - $changed = wp_unspam_comment( $comment_id ); - break; - case 'trash': - $changed = wp_trash_comment( $comment_id ); - break; - case 'untrash': - $changed = wp_untrash_comment( $comment_id ); - break; - default: - $changed = false; - break; - } - - return $changed; - } - - /** - * Checks if the post can be read. - * - * Correctly handles posts with the inherit status. - * - * @since 4.7.0 - * - * @param WP_Post $post Post object. - * @param WP_REST_Request $request Request data to check. - * @return bool Whether post can be read. - */ - protected function check_read_post_permission( $post, $request ) { - $post_type = get_post_type_object( $post->post_type ); - $posts_controller = $post_type->get_rest_controller(); - - // Ensure the posts controller is specifically a WP_REST_Posts_Controller instance - // before using methods specific to that controller. - if ( ! $posts_controller instanceof WP_REST_Posts_Controller ) { - $posts_controller = new WP_REST_Posts_Controller( $post->post_type ); - } - - $has_password_filter = false; - - // Only check password if a specific post was queried for or a single comment - $requested_post = ! empty( $request['post'] ) && ( ! is_array( $request['post'] ) || 1 === count( $request['post'] ) ); - $requested_comment = ! empty( $request['id'] ); - if ( ( $requested_post || $requested_comment ) && $posts_controller->can_access_password_content( $post, $request ) ) { - add_filter( 'post_password_required', '__return_false' ); - - $has_password_filter = true; - } - - if ( post_password_required( $post ) ) { - $result = current_user_can( $post_type->cap->edit_post, $post->ID ); - } else { - $result = $posts_controller->check_read_permission( $post ); - } - - if ( $has_password_filter ) { - remove_filter( 'post_password_required', '__return_false' ); - } - - return $result; - } - - /** - * Checks if the comment can be read. - * - * @since 4.7.0 - * - * @param WP_Comment $comment Comment object. - * @param WP_REST_Request $request Request data to check. - * @return bool Whether the comment can be read. - */ - protected function check_read_permission( $comment, $request ) { - if ( ! empty( $comment->comment_post_ID ) ) { - $post = get_post( $comment->comment_post_ID ); - if ( $post ) { - if ( $this->check_read_post_permission( $post, $request ) && 1 === (int) $comment->comment_approved ) { - return true; - } - } - } - - if ( 0 === get_current_user_id() ) { - return false; - } - - if ( empty( $comment->comment_post_ID ) && ! current_user_can( 'moderate_comments' ) ) { - return false; - } - - if ( ! empty( $comment->user_id ) && get_current_user_id() === (int) $comment->user_id ) { - return true; - } - - return current_user_can( 'edit_comment', $comment->comment_ID ); - } - - /** - * Checks if a comment can be edited or deleted. - * - * @since 4.7.0 - * - * @param object $comment Comment object. - * @return bool Whether the comment can be edited or deleted. - */ - protected function check_edit_permission( $comment ) { - if ( 0 === (int) get_current_user_id() ) { - return false; - } - - if ( current_user_can( 'moderate_comments' ) ) { - return true; - } - - return current_user_can( 'edit_comment', $comment->comment_ID ); - } - - /** - * Checks a comment author email for validity. - * - * Accepts either a valid email address or empty string as a valid comment - * author email address. Setting the comment author email to an empty - * string is allowed when a comment is being updated. - * - * @since 4.7.0 - * - * @param string $value Author email value submitted. - * @param WP_REST_Request $request Full details about the request. - * @param string $param The parameter name. - * @return WP_Error|string The sanitized email address, if valid, - * otherwise an error. - */ - public function check_comment_author_email( $value, $request, $param ) { - $email = (string) $value; - if ( empty( $email ) ) { - return $email; - } - - $check_email = rest_validate_request_arg( $email, $request, $param ); - if ( is_wp_error( $check_email ) ) { - return $check_email; - } - - return $email; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-controller.php deleted file mode 100644 index 1bc3812..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-controller.php +++ /dev/null @@ -1,672 +0,0 @@ -<?php -/** - * REST API: WP_REST_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core base controller for managing and interacting with REST API items. - * - * @since 4.7.0 - */ -abstract class WP_REST_Controller { - - /** - * The namespace of this controller's route. - * - * @since 4.7.0 - * @var string - */ - protected $namespace; - - /** - * The base of this controller's route. - * - * @since 4.7.0 - * @var string - */ - protected $rest_base; - - /** - * Cached results of get_item_schema. - * - * @since 5.3.0 - * @var array - */ - protected $schema; - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - */ - public function register_routes() { - /* translators: %s: register_routes() */ - _doing_it_wrong( 'WP_REST_Controller::register_routes', sprintf( __( "Method '%s' must be overridden." ), __METHOD__ ), '4.7' ); - } - - /** - * Checks if a given request has access to get items. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|bool True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Retrieves a collection of items. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Checks if a given request has access to get a specific item. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|bool True if the request has read access for the item, WP_Error object otherwise. - */ - public function get_item_permissions_check( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Retrieves one item from the collection. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Checks if a given request has access to create items. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|bool True if the request has access to create items, WP_Error object otherwise. - */ - public function create_item_permissions_check( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Creates one item from the collection. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function create_item( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Checks if a given request has access to update a specific item. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|bool True if the request has access to update the item, WP_Error object otherwise. - */ - public function update_item_permissions_check( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Updates one item from the collection. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function update_item( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Checks if a given request has access to delete a specific item. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|bool True if the request has access to delete the item, WP_Error object otherwise. - */ - public function delete_item_permissions_check( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Deletes one item from the collection. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function delete_item( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Prepares one item for create or update operation. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Request object. - * @return WP_Error|object The prepared item, or WP_Error object on failure. - */ - protected function prepare_item_for_database( $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Prepares the item for the REST response. - * - * @since 4.7.0 - * - * @param mixed $item WordPress representation of the item. - * @param WP_REST_Request $request Request object. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function prepare_item_for_response( $item, $request ) { - /* translators: %s: Method name. */ - return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); - } - - /** - * Prepares a response for insertion into a collection. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response Response object. - * @return array|mixed Response data, ready for insertion into collection data. - */ - public function prepare_response_for_collection( $response ) { - if ( ! ( $response instanceof WP_REST_Response ) ) { - return $response; - } - - $data = (array) $response->get_data(); - $server = rest_get_server(); - $links = $server::get_compact_response_links( $response ); - - if ( ! empty( $links ) ) { - $data['_links'] = $links; - } - - return $data; - } - - /** - * Filters a response based on the context defined in the schema. - * - * @since 4.7.0 - * - * @param array $data Response data to fiter. - * @param string $context Context defined in the schema. - * @return array Filtered response. - */ - public function filter_response_by_context( $data, $context ) { - - $schema = $this->get_item_schema(); - - foreach ( $data as $key => $value ) { - if ( empty( $schema['properties'][ $key ] ) || empty( $schema['properties'][ $key ]['context'] ) ) { - continue; - } - - if ( ! in_array( $context, $schema['properties'][ $key ]['context'], true ) ) { - unset( $data[ $key ] ); - continue; - } - - if ( 'object' === $schema['properties'][ $key ]['type'] && ! empty( $schema['properties'][ $key ]['properties'] ) ) { - foreach ( $schema['properties'][ $key ]['properties'] as $attribute => $details ) { - if ( empty( $details['context'] ) ) { - continue; - } - - if ( ! in_array( $context, $details['context'], true ) ) { - if ( isset( $data[ $key ][ $attribute ] ) ) { - unset( $data[ $key ][ $attribute ] ); - } - } - } - } - } - - return $data; - } - - /** - * Retrieves the item's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - return $this->add_additional_fields_schema( array() ); - } - - /** - * Retrieves the item's schema for display / public consumption purposes. - * - * @since 4.7.0 - * - * @return array Public item schema data. - */ - public function get_public_item_schema() { - - $schema = $this->get_item_schema(); - - foreach ( $schema['properties'] as &$property ) { - unset( $property['arg_options'] ); - } - - return $schema; - } - - /** - * Retrieves the query params for the collections. - * - * @since 4.7.0 - * - * @return array Query parameters for the collection. - */ - public function get_collection_params() { - return array( - 'context' => $this->get_context_param(), - 'page' => array( - 'description' => __( 'Current page of the collection.' ), - 'type' => 'integer', - 'default' => 1, - 'sanitize_callback' => 'absint', - 'validate_callback' => 'rest_validate_request_arg', - 'minimum' => 1, - ), - 'per_page' => array( - 'description' => __( 'Maximum number of items to be returned in result set.' ), - 'type' => 'integer', - 'default' => 10, - 'minimum' => 1, - 'maximum' => 100, - 'sanitize_callback' => 'absint', - 'validate_callback' => 'rest_validate_request_arg', - ), - 'search' => array( - 'description' => __( 'Limit results to those matching a string.' ), - 'type' => 'string', - 'sanitize_callback' => 'sanitize_text_field', - 'validate_callback' => 'rest_validate_request_arg', - ), - ); - } - - /** - * Retrieves the magical context param. - * - * Ensures consistent descriptions between endpoints, and populates enum from schema. - * - * @since 4.7.0 - * - * @param array $args Optional. Additional arguments for context parameter. Default empty array. - * @return array Context parameter details. - */ - public function get_context_param( $args = array() ) { - $param_details = array( - 'description' => __( 'Scope under which the request is made; determines fields present in response.' ), - 'type' => 'string', - 'sanitize_callback' => 'sanitize_key', - 'validate_callback' => 'rest_validate_request_arg', - ); - - $schema = $this->get_item_schema(); - - if ( empty( $schema['properties'] ) ) { - return array_merge( $param_details, $args ); - } - - $contexts = array(); - - foreach ( $schema['properties'] as $attributes ) { - if ( ! empty( $attributes['context'] ) ) { - $contexts = array_merge( $contexts, $attributes['context'] ); - } - } - - if ( ! empty( $contexts ) ) { - $param_details['enum'] = array_unique( $contexts ); - rsort( $param_details['enum'] ); - } - - return array_merge( $param_details, $args ); - } - - /** - * Adds the values from additional fields to a data object. - * - * @since 4.7.0 - * - * @param array $prepared Prepared response array. - * @param WP_REST_Request $request Full details about the request. - * @return array Modified data object with additional fields. - */ - protected function add_additional_fields_to_object( $prepared, $request ) { - - $additional_fields = $this->get_additional_fields(); - - $requested_fields = $this->get_fields_for_response( $request ); - - foreach ( $additional_fields as $field_name => $field_options ) { - - if ( ! $field_options['get_callback'] ) { - continue; - } - - if ( ! in_array( $field_name, $requested_fields, true ) ) { - continue; - } - - $prepared[ $field_name ] = call_user_func( $field_options['get_callback'], $prepared, $field_name, $request, $this->get_object_type() ); - } - - return $prepared; - } - - /** - * Updates the values of additional fields added to a data object. - * - * @since 4.7.0 - * - * @param object $object Data model like WP_Term or WP_Post. - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True on success, WP_Error object if a field cannot be updated. - */ - protected function update_additional_fields_for_object( $object, $request ) { - $additional_fields = $this->get_additional_fields(); - - foreach ( $additional_fields as $field_name => $field_options ) { - if ( ! $field_options['update_callback'] ) { - continue; - } - - // Don't run the update callbacks if the data wasn't passed in the request. - if ( ! isset( $request[ $field_name ] ) ) { - continue; - } - - $result = call_user_func( $field_options['update_callback'], $request[ $field_name ], $object, $field_name, $request, $this->get_object_type() ); - - if ( is_wp_error( $result ) ) { - return $result; - } - } - - return true; - } - - /** - * Adds the schema from additional fields to a schema array. - * - * The type of object is inferred from the passed schema. - * - * @since 4.7.0 - * - * @param array $schema Schema array. - * @return array Modified Schema array. - */ - protected function add_additional_fields_schema( $schema ) { - if ( empty( $schema['title'] ) ) { - return $schema; - } - - // Can't use $this->get_object_type otherwise we cause an inf loop. - $object_type = $schema['title']; - - $additional_fields = $this->get_additional_fields( $object_type ); - - foreach ( $additional_fields as $field_name => $field_options ) { - if ( ! $field_options['schema'] ) { - continue; - } - - $schema['properties'][ $field_name ] = $field_options['schema']; - } - - return $schema; - } - - /** - * Retrieves all of the registered additional fields for a given object-type. - * - * @since 4.7.0 - * - * @param string $object_type Optional. The object type. - * @return array Registered additional fields (if any), empty array if none or if the object type could - * not be inferred. - */ - protected function get_additional_fields( $object_type = null ) { - - if ( ! $object_type ) { - $object_type = $this->get_object_type(); - } - - if ( ! $object_type ) { - return array(); - } - - global $wp_rest_additional_fields; - - if ( ! $wp_rest_additional_fields || ! isset( $wp_rest_additional_fields[ $object_type ] ) ) { - return array(); - } - - return $wp_rest_additional_fields[ $object_type ]; - } - - /** - * Retrieves the object type this controller is responsible for managing. - * - * @since 4.7.0 - * - * @return string Object type for the controller. - */ - protected function get_object_type() { - $schema = $this->get_item_schema(); - - if ( ! $schema || ! isset( $schema['title'] ) ) { - return null; - } - - return $schema['title']; - } - - /** - * Gets an array of fields to be included on the response. - * - * Included fields are based on item schema and `_fields=` request argument. - * - * @since 4.9.6 - * - * @param WP_REST_Request $request Full details about the request. - * @return array Fields to be included in the response. - */ - public function get_fields_for_response( $request ) { - $schema = $this->get_item_schema(); - $properties = isset( $schema['properties'] ) ? $schema['properties'] : array(); - - $additional_fields = $this->get_additional_fields(); - foreach ( $additional_fields as $field_name => $field_options ) { - // For back-compat, include any field with an empty schema - // because it won't be present in $this->get_item_schema(). - if ( is_null( $field_options['schema'] ) ) { - $properties[ $field_name ] = $field_options; - } - } - - // Exclude fields that specify a different context than the request context. - $context = $request['context']; - if ( $context ) { - foreach ( $properties as $name => $options ) { - if ( ! empty( $options['context'] ) && ! in_array( $context, $options['context'], true ) ) { - unset( $properties[ $name ] ); - } - } - } - - $fields = array_keys( $properties ); - - if ( ! isset( $request['_fields'] ) ) { - return $fields; - } - $requested_fields = wp_parse_list( $request['_fields'] ); - if ( 0 === count( $requested_fields ) ) { - return $fields; - } - // Trim off outside whitespace from the comma delimited list. - $requested_fields = array_map( 'trim', $requested_fields ); - // Always persist 'id', because it can be needed for add_additional_fields_to_object(). - if ( in_array( 'id', $fields, true ) ) { - $requested_fields[] = 'id'; - } - // Return the list of all requested fields which appear in the schema. - return array_reduce( - $requested_fields, - function( $response_fields, $field ) use ( $fields ) { - if ( in_array( $field, $fields, true ) ) { - $response_fields[] = $field; - return $response_fields; - } - // Check for nested fields if $field is not a direct match. - $nested_fields = explode( '.', $field ); - // A nested field is included so long as its top-level property is - // present in the schema. - if ( in_array( $nested_fields[0], $fields, true ) ) { - $response_fields[] = $field; - } - return $response_fields; - }, - array() - ); - } - - /** - * Retrieves an array of endpoint arguments from the item schema for the controller. - * - * @since 4.7.0 - * - * @param string $method Optional. HTTP method of the request. The arguments for `CREATABLE` requests are - * checked for required values and may fall-back to a given default, this is not done - * on `EDITABLE` requests. Default WP_REST_Server::CREATABLE. - * @return array Endpoint arguments. - */ - public function get_endpoint_args_for_item_schema( $method = WP_REST_Server::CREATABLE ) { - - $schema = $this->get_item_schema(); - $schema_properties = ! empty( $schema['properties'] ) ? $schema['properties'] : array(); - $endpoint_args = array(); - - foreach ( $schema_properties as $field_id => $params ) { - - // Arguments specified as `readonly` are not allowed to be set. - if ( ! empty( $params['readonly'] ) ) { - continue; - } - - $endpoint_args[ $field_id ] = array( - 'validate_callback' => 'rest_validate_request_arg', - 'sanitize_callback' => 'rest_sanitize_request_arg', - ); - - if ( isset( $params['description'] ) ) { - $endpoint_args[ $field_id ]['description'] = $params['description']; - } - - if ( WP_REST_Server::CREATABLE === $method && isset( $params['default'] ) ) { - $endpoint_args[ $field_id ]['default'] = $params['default']; - } - - if ( WP_REST_Server::CREATABLE === $method && ! empty( $params['required'] ) ) { - $endpoint_args[ $field_id ]['required'] = true; - } - - foreach ( array( 'type', 'format', 'enum', 'items', 'properties', 'additionalProperties' ) as $schema_prop ) { - if ( isset( $params[ $schema_prop ] ) ) { - $endpoint_args[ $field_id ][ $schema_prop ] = $params[ $schema_prop ]; - } - } - - // Merge in any options provided by the schema property. - if ( isset( $params['arg_options'] ) ) { - - // Only use required / default from arg_options on CREATABLE endpoints. - if ( WP_REST_Server::CREATABLE !== $method ) { - $params['arg_options'] = array_diff_key( - $params['arg_options'], - array( - 'required' => '', - 'default' => '', - ) - ); - } - - $endpoint_args[ $field_id ] = array_merge( $endpoint_args[ $field_id ], $params['arg_options'] ); - } - } - - return $endpoint_args; - } - - /** - * Sanitizes the slug value. - * - * @since 4.7.0 - * - * @internal We can't use sanitize_title() directly, as the second - * parameter is the fallback title, which would end up being set to the - * request object. - * - * @see https://github.com/WP-API/WP-API/issues/1585 - * - * @todo Remove this in favour of https://core.trac.wordpress.org/ticket/34659 - * - * @param string $slug Slug value passed in request. - * @return string Sanitized value for the slug. - */ - public function sanitize_slug( $slug ) { - return sanitize_title( $slug ); - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php deleted file mode 100644 index c0cce24..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php +++ /dev/null @@ -1,352 +0,0 @@ -<?php -/** - * REST API: WP_REST_Post_Statuses_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class used to access post statuses via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Post_Statuses_Controller extends WP_REST_Controller { - - /** - * Constructor. - * - * @since 4.7.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'statuses'; - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<status>[\w-]+)', - array( - 'args' => array( - 'status' => array( - 'description' => __( 'An alphanumeric identifier for the status.' ), - 'type' => 'string', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks whether a given request has permission to read post statuses. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - if ( 'edit' === $request['context'] ) { - $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); - - foreach ( $types as $type ) { - if ( current_user_can( $type->cap->edit_posts ) ) { - return true; - } - } - return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to manage post statuses.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Retrieves all post statuses, depending on user context. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - $data = array(); - $statuses = get_post_stati( array( 'internal' => false ), 'object' ); - $statuses['trash'] = get_post_status_object( 'trash' ); - - foreach ( $statuses as $slug => $obj ) { - $ret = $this->check_read_permission( $obj ); - - if ( ! $ret ) { - continue; - } - - $status = $this->prepare_item_for_response( $obj, $request ); - $data[ $obj->name ] = $this->prepare_response_for_collection( $status ); - } - - return rest_ensure_response( $data ); - } - - /** - * Checks if a given request has access to read a post status. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|bool True if the request has read access for the item, WP_Error object otherwise. - */ - public function get_item_permissions_check( $request ) { - $status = get_post_status_object( $request['status'] ); - - if ( empty( $status ) ) { - return new WP_Error( 'rest_status_invalid', __( 'Invalid status.' ), array( 'status' => 404 ) ); - } - - $check = $this->check_read_permission( $status ); - - if ( ! $check ) { - return new WP_Error( 'rest_cannot_read_status', __( 'Cannot view status.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Checks whether a given post status should be visible. - * - * @since 4.7.0 - * - * @param object $status Post status. - * @return bool True if the post status is visible, otherwise false. - */ - protected function check_read_permission( $status ) { - if ( true === $status->public ) { - return true; - } - - if ( false === $status->internal || 'trash' === $status->name ) { - $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); - - foreach ( $types as $type ) { - if ( current_user_can( $type->cap->edit_posts ) ) { - return true; - } - } - } - - return false; - } - - /** - * Retrieves a specific post status. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $obj = get_post_status_object( $request['status'] ); - - if ( empty( $obj ) ) { - return new WP_Error( 'rest_status_invalid', __( 'Invalid status.' ), array( 'status' => 404 ) ); - } - - $data = $this->prepare_item_for_response( $obj, $request ); - - return rest_ensure_response( $data ); - } - - /** - * Prepares a post status object for serialization. - * - * @since 4.7.0 - * - * @param stdClass $status Post status data. - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response Post status data. - */ - public function prepare_item_for_response( $status, $request ) { - - $fields = $this->get_fields_for_response( $request ); - $data = array(); - - if ( in_array( 'name', $fields, true ) ) { - $data['name'] = $status->label; - } - - if ( in_array( 'private', $fields, true ) ) { - $data['private'] = (bool) $status->private; - } - - if ( in_array( 'protected', $fields, true ) ) { - $data['protected'] = (bool) $status->protected; - } - - if ( in_array( 'public', $fields, true ) ) { - $data['public'] = (bool) $status->public; - } - - if ( in_array( 'queryable', $fields, true ) ) { - $data['queryable'] = (bool) $status->publicly_queryable; - } - - if ( in_array( 'show_in_list', $fields, true ) ) { - $data['show_in_list'] = (bool) $status->show_in_admin_all_list; - } - - if ( in_array( 'slug', $fields, true ) ) { - $data['slug'] = $status->name; - } - - if ( in_array( 'date_floating', $fields, true ) ) { - $data['date_floating'] = $status->date_floating; - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - $response = rest_ensure_response( $data ); - - if ( 'publish' === $status->name ) { - $response->add_link( 'archives', rest_url( 'wp/v2/posts' ) ); - } else { - $response->add_link( 'archives', add_query_arg( 'status', $status->name, rest_url( 'wp/v2/posts' ) ) ); - } - - /** - * Filters a status returned from the REST API. - * - * Allows modification of the status data right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param object $status The original status object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_status', $response, $status, $request ); - } - - /** - * Retrieves the post status' schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'status', - 'type' => 'object', - 'properties' => array( - 'name' => array( - 'description' => __( 'The title for the status.' ), - 'type' => 'string', - 'context' => array( 'embed', 'view', 'edit' ), - 'readonly' => true, - ), - 'private' => array( - 'description' => __( 'Whether posts with this status should be private.' ), - 'type' => 'boolean', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'protected' => array( - 'description' => __( 'Whether posts with this status should be protected.' ), - 'type' => 'boolean', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'public' => array( - 'description' => __( 'Whether posts of this status should be shown in the front end of the site.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'queryable' => array( - 'description' => __( 'Whether posts with this status should be publicly-queryable.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'show_in_list' => array( - 'description' => __( 'Whether to include posts in the edit listing for their post type.' ), - 'type' => 'boolean', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the status.' ), - 'type' => 'string', - 'context' => array( 'embed', 'view', 'edit' ), - 'readonly' => true, - ), - 'date_floating' => array( - 'description' => __( 'Whether posts of this status may have floating published dates.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - ), - ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - return array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ); - } - -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php deleted file mode 100644 index 99a3c77..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php +++ /dev/null @@ -1,337 +0,0 @@ -<?php -/** - * REST API: WP_REST_Post_Types_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class to access post types via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Post_Types_Controller extends WP_REST_Controller { - - /** - * Constructor. - * - * @since 4.7.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'types'; - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<type>[\w-]+)', - array( - 'args' => array( - 'type' => array( - 'description' => __( 'An alphanumeric identifier for the post type.' ), - 'type' => 'string', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks whether a given request has permission to read types. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|true True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - if ( 'edit' === $request['context'] ) { - foreach ( get_post_types( array(), 'object' ) as $post_type ) { - if ( ! empty( $post_type->show_in_rest ) && current_user_can( $post_type->cap->edit_posts ) ) { - return true; - } - } - - return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Retrieves all public post types. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - $data = array(); - - foreach ( get_post_types( array(), 'object' ) as $obj ) { - if ( empty( $obj->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $obj->cap->edit_posts ) ) ) { - continue; - } - - $post_type = $this->prepare_item_for_response( $obj, $request ); - $data[ $obj->name ] = $this->prepare_response_for_collection( $post_type ); - } - - return rest_ensure_response( $data ); - } - - /** - * Retrieves a specific post type. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $obj = get_post_type_object( $request['type'] ); - - if ( empty( $obj ) ) { - return new WP_Error( 'rest_type_invalid', __( 'Invalid post type.' ), array( 'status' => 404 ) ); - } - - if ( empty( $obj->show_in_rest ) ) { - return new WP_Error( 'rest_cannot_read_type', __( 'Cannot view post type.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( 'edit' === $request['context'] && ! current_user_can( $obj->cap->edit_posts ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - $data = $this->prepare_item_for_response( $obj, $request ); - - return rest_ensure_response( $data ); - } - - /** - * Prepares a post type object for serialization. - * - * @since 4.7.0 - * - * @param WP_Post_Type $post_type Post type object. - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $post_type, $request ) { - $taxonomies = wp_list_filter( get_object_taxonomies( $post_type->name, 'objects' ), array( 'show_in_rest' => true ) ); - $taxonomies = wp_list_pluck( $taxonomies, 'name' ); - $base = ! empty( $post_type->rest_base ) ? $post_type->rest_base : $post_type->name; - $supports = get_all_post_type_supports( $post_type->name ); - - $fields = $this->get_fields_for_response( $request ); - $data = array(); - - if ( in_array( 'capabilities', $fields, true ) ) { - $data['capabilities'] = $post_type->cap; - } - - if ( in_array( 'description', $fields, true ) ) { - $data['description'] = $post_type->description; - } - - if ( in_array( 'hierarchical', $fields, true ) ) { - $data['hierarchical'] = $post_type->hierarchical; - } - - if ( in_array( 'viewable', $fields, true ) ) { - $data['viewable'] = is_post_type_viewable( $post_type ); - } - - if ( in_array( 'labels', $fields, true ) ) { - $data['labels'] = $post_type->labels; - } - - if ( in_array( 'name', $fields, true ) ) { - $data['name'] = $post_type->label; - } - - if ( in_array( 'slug', $fields, true ) ) { - $data['slug'] = $post_type->name; - } - - if ( in_array( 'supports', $fields, true ) ) { - $data['supports'] = $supports; - } - - if ( in_array( 'taxonomies', $fields, true ) ) { - $data['taxonomies'] = array_values( $taxonomies ); - } - - if ( in_array( 'rest_base', $fields, true ) ) { - $data['rest_base'] = $base; - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - $response->add_links( - array( - 'collection' => array( - 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), - ), - 'https://api.w.org/items' => array( - 'href' => rest_url( sprintf( 'wp/v2/%s', $base ) ), - ), - ) - ); - - /** - * Filters a post type returned from the API. - * - * Allows modification of the post type data right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param object $item The original post type object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_post_type', $response, $post_type, $request ); - } - - /** - * Retrieves the post type's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'type', - 'type' => 'object', - 'properties' => array( - 'capabilities' => array( - 'description' => __( 'All capabilities used by the post type.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'description' => array( - 'description' => __( 'A human-readable description of the post type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'hierarchical' => array( - 'description' => __( 'Whether or not the post type should have children.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'viewable' => array( - 'description' => __( 'Whether or not the post type can be viewed.' ), - 'type' => 'boolean', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'labels' => array( - 'description' => __( 'Human-readable labels for the post type for various contexts.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'name' => array( - 'description' => __( 'The title for the post type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the post type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'supports' => array( - 'description' => __( 'All features, supported by the post type.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'taxonomies' => array( - 'description' => __( 'Taxonomies associated with post type.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'rest_base' => array( - 'description' => __( 'REST base route for the post type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - return array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ); - } - -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php deleted file mode 100644 index e2a4224..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ /dev/null @@ -1,2616 +0,0 @@ -<?php -/** - * REST API: WP_REST_Posts_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class to access posts via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Posts_Controller extends WP_REST_Controller { - /** - * Post type. - * - * @since 4.7.0 - * @var string - */ - protected $post_type; - - /** - * Instance of a post meta fields object. - * - * @since 4.7.0 - * @var WP_REST_Post_Meta_Fields - */ - protected $meta; - - /** - * Constructor. - * - * @since 4.7.0 - * - * @param string $post_type Post type. - */ - public function __construct( $post_type ) { - $this->post_type = $post_type; - $this->namespace = 'wp/v2'; - $obj = get_post_type_object( $post_type ); - $this->rest_base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name; - - $this->meta = new WP_REST_Post_Meta_Fields( $this->post_type ); - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - array( - 'methods' => WP_REST_Server::CREATABLE, - 'callback' => array( $this, 'create_item' ), - 'permission_callback' => array( $this, 'create_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - $schema = $this->get_item_schema(); - $get_item_args = array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ); - if ( isset( $schema['properties']['password'] ) ) { - $get_item_args['password'] = array( - 'description' => __( 'The password for the post if it is password protected.' ), - 'type' => 'string', - ); - } - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<id>[\d]+)', - array( - 'args' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => $get_item_args, - ), - array( - 'methods' => WP_REST_Server::EDITABLE, - 'callback' => array( $this, 'update_item' ), - 'permission_callback' => array( $this, 'update_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - ), - array( - 'methods' => WP_REST_Server::DELETABLE, - 'callback' => array( $this, 'delete_item' ), - 'permission_callback' => array( $this, 'delete_item_permissions_check' ), - 'args' => array( - 'force' => array( - 'type' => 'boolean', - 'default' => false, - 'description' => __( 'Whether to bypass trash and force deletion.' ), - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks if a given request has access to read posts. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - - $post_type = get_post_type_object( $this->post_type ); - - if ( 'edit' === $request['context'] && ! current_user_can( $post_type->cap->edit_posts ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Retrieves a collection of posts. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - - // Ensure a search string is set in case the orderby is set to 'relevance'. - if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) { - return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) ); - } - - // Ensure an include parameter is set in case the orderby is set to 'include'. - if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) { - return new WP_Error( 'rest_orderby_include_missing_include', __( 'You need to define an include parameter to order by include.' ), array( 'status' => 400 ) ); - } - - // Retrieve the list of registered collection query parameters. - $registered = $this->get_collection_params(); - $args = array(); - - /* - * This array defines mappings between public API query parameters whose - * values are accepted as-passed, and their internal WP_Query parameter - * name equivalents (some are the same). Only values which are also - * present in $registered will be set. - */ - $parameter_mappings = array( - 'author' => 'author__in', - 'author_exclude' => 'author__not_in', - 'exclude' => 'post__not_in', - 'include' => 'post__in', - 'menu_order' => 'menu_order', - 'offset' => 'offset', - 'order' => 'order', - 'orderby' => 'orderby', - 'page' => 'paged', - 'parent' => 'post_parent__in', - 'parent_exclude' => 'post_parent__not_in', - 'search' => 's', - 'slug' => 'post_name__in', - 'status' => 'post_status', - ); - - /* - * For each known parameter which is both registered and present in the request, - * set the parameter's value on the query $args. - */ - foreach ( $parameter_mappings as $api_param => $wp_param ) { - if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { - $args[ $wp_param ] = $request[ $api_param ]; - } - } - - // Check for & assign any parameters which require special handling or setting. - $args['date_query'] = array(); - - // Set before into date query. Date query must be specified as an array of an array. - if ( isset( $registered['before'], $request['before'] ) ) { - $args['date_query'][0]['before'] = $request['before']; - } - - // Set after into date query. Date query must be specified as an array of an array. - if ( isset( $registered['after'], $request['after'] ) ) { - $args['date_query'][0]['after'] = $request['after']; - } - - // Ensure our per_page parameter overrides any provided posts_per_page filter. - if ( isset( $registered['per_page'] ) ) { - $args['posts_per_page'] = $request['per_page']; - } - - if ( isset( $registered['sticky'], $request['sticky'] ) ) { - $sticky_posts = get_option( 'sticky_posts', array() ); - if ( ! is_array( $sticky_posts ) ) { - $sticky_posts = array(); - } - if ( $request['sticky'] ) { - /* - * As post__in will be used to only get sticky posts, - * we have to support the case where post__in was already - * specified. - */ - $args['post__in'] = $args['post__in'] ? array_intersect( $sticky_posts, $args['post__in'] ) : $sticky_posts; - - /* - * If we intersected, but there are no post ids in common, - * WP_Query won't return "no posts" for post__in = array() - * so we have to fake it a bit. - */ - if ( ! $args['post__in'] ) { - $args['post__in'] = array( 0 ); - } - } elseif ( $sticky_posts ) { - /* - * As post___not_in will be used to only get posts that - * are not sticky, we have to support the case where post__not_in - * was already specified. - */ - $args['post__not_in'] = array_merge( $args['post__not_in'], $sticky_posts ); - } - } - - // Force the post_type argument, since it's not a user input variable. - $args['post_type'] = $this->post_type; - - /** - * Filters the query arguments for a request. - * - * Enables adding extra arguments or setting defaults for a post collection request. - * - * @since 4.7.0 - * - * @link https://developer.wordpress.org/reference/classes/wp_query/ - * - * @param array $args Key value array of query var to query value. - * @param WP_REST_Request $request The request used. - */ - $args = apply_filters( "rest_{$this->post_type}_query", $args, $request ); - $query_args = $this->prepare_items_query( $args, $request ); - - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - - foreach ( $taxonomies as $taxonomy ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - $tax_exclude = $base . '_exclude'; - - if ( ! empty( $request[ $base ] ) ) { - $query_args['tax_query'][] = array( - 'taxonomy' => $taxonomy->name, - 'field' => 'term_id', - 'terms' => $request[ $base ], - 'include_children' => false, - ); - } - - if ( ! empty( $request[ $tax_exclude ] ) ) { - $query_args['tax_query'][] = array( - 'taxonomy' => $taxonomy->name, - 'field' => 'term_id', - 'terms' => $request[ $tax_exclude ], - 'include_children' => false, - 'operator' => 'NOT IN', - ); - } - } - - $posts_query = new WP_Query(); - $query_result = $posts_query->query( $query_args ); - - // Allow access to all password protected posts if the context is edit. - if ( 'edit' === $request['context'] ) { - add_filter( 'post_password_required', '__return_false' ); - } - - $posts = array(); - - foreach ( $query_result as $post ) { - if ( ! $this->check_read_permission( $post ) ) { - continue; - } - - $data = $this->prepare_item_for_response( $post, $request ); - $posts[] = $this->prepare_response_for_collection( $data ); - } - - // Reset filter. - if ( 'edit' === $request['context'] ) { - remove_filter( 'post_password_required', '__return_false' ); - } - - $page = (int) $query_args['paged']; - $total_posts = $posts_query->found_posts; - - if ( $total_posts < 1 ) { - // Out-of-bounds, run the query again without LIMIT for total count. - unset( $query_args['paged'] ); - - $count_query = new WP_Query(); - $count_query->query( $query_args ); - $total_posts = $count_query->found_posts; - } - - $max_pages = ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] ); - - if ( $page > $max_pages && $total_posts > 0 ) { - return new WP_Error( 'rest_post_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) ); - } - - $response = rest_ensure_response( $posts ); - - $response->header( 'X-WP-Total', (int) $total_posts ); - $response->header( 'X-WP-TotalPages', (int) $max_pages ); - - $request_params = $request->get_query_params(); - $base = add_query_arg( urlencode_deep( $request_params ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); - - if ( $page > 1 ) { - $prev_page = $page - 1; - - if ( $prev_page > $max_pages ) { - $prev_page = $max_pages; - } - - $prev_link = add_query_arg( 'page', $prev_page, $base ); - $response->link_header( 'prev', $prev_link ); - } - if ( $max_pages > $page ) { - $next_page = $page + 1; - $next_link = add_query_arg( 'page', $next_page, $base ); - - $response->link_header( 'next', $next_link ); - } - - return $response; - } - - /** - * Get the post, if the ID is valid. - * - * @since 4.7.2 - * - * @param int $id Supplied ID. - * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. - */ - protected function get_post( $id ) { - $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); - if ( (int) $id <= 0 ) { - return $error; - } - - $post = get_post( (int) $id ); - if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { - return $error; - } - - return $post; - } - - /** - * Checks if a given request has access to read a post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise. - */ - public function get_item_permissions_check( $request ) { - $post = $this->get_post( $request['id'] ); - if ( is_wp_error( $post ) ) { - return $post; - } - - if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( $post && ! empty( $request['password'] ) ) { - // Check post password, and return error if invalid. - if ( ! hash_equals( $post->post_password, $request['password'] ) ) { - return new WP_Error( 'rest_post_incorrect_password', __( 'Incorrect post password.' ), array( 'status' => 403 ) ); - } - } - - // Allow access to all password protected posts if the context is edit. - if ( 'edit' === $request['context'] ) { - add_filter( 'post_password_required', '__return_false' ); - } - - if ( $post ) { - return $this->check_read_permission( $post ); - } - - return true; - } - - /** - * Checks if the user can access password-protected content. - * - * This method determines whether we need to override the regular password - * check in core with a filter. - * - * @since 4.7.0 - * - * @param WP_Post $post Post to check against. - * @param WP_REST_Request $request Request data to check. - * @return bool True if the user can access password-protected content, otherwise false. - */ - public function can_access_password_content( $post, $request ) { - if ( empty( $post->post_password ) ) { - // No filter required. - return false; - } - - // Edit context always gets access to password-protected posts. - if ( 'edit' === $request['context'] ) { - return true; - } - - // No password, no auth. - if ( empty( $request['password'] ) ) { - return false; - } - - // Double-check the request password. - return hash_equals( $post->post_password, $request['password'] ); - } - - /** - * Retrieves a single post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $post = $this->get_post( $request['id'] ); - if ( is_wp_error( $post ) ) { - return $post; - } - - $data = $this->prepare_item_for_response( $post, $request ); - $response = rest_ensure_response( $data ); - - if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) { - $response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) ); - } - - return $response; - } - - /** - * Checks if a given request has access to create a post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. - */ - public function create_item_permissions_check( $request ) { - if ( ! empty( $request['id'] ) ) { - return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); - } - - $post_type = get_post_type_object( $this->post_type ); - - if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) { - return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) { - return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! current_user_can( $post_type->cap->create_posts ) ) { - return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! $this->check_assign_terms_permission( $request ) ) { - return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Creates a single post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function create_item( $request ) { - if ( ! empty( $request['id'] ) ) { - return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); - } - - $prepared_post = $this->prepare_item_for_database( $request ); - - if ( is_wp_error( $prepared_post ) ) { - return $prepared_post; - } - - $prepared_post->post_type = $this->post_type; - - $post_id = wp_insert_post( wp_slash( (array) $prepared_post ), true ); - - if ( is_wp_error( $post_id ) ) { - - if ( 'db_insert_error' === $post_id->get_error_code() ) { - $post_id->add_data( array( 'status' => 500 ) ); - } else { - $post_id->add_data( array( 'status' => 400 ) ); - } - - return $post_id; - } - - $post = get_post( $post_id ); - - /** - * Fires after a single post is created or updated via the REST API. - * - * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. - * - * @since 4.7.0 - * - * @param WP_Post $post Inserted or updated post object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a post, false when updating. - */ - do_action( "rest_insert_{$this->post_type}", $post, $request, true ); - - $schema = $this->get_item_schema(); - - if ( ! empty( $schema['properties']['sticky'] ) ) { - if ( ! empty( $request['sticky'] ) ) { - stick_post( $post_id ); - } else { - unstick_post( $post_id ); - } - } - - if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) { - $this->handle_featured_media( $request['featured_media'], $post_id ); - } - - if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) { - set_post_format( $post, $request['format'] ); - } - - if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) { - $this->handle_template( $request['template'], $post_id, true ); - } - - $terms_update = $this->handle_terms( $post_id, $request ); - - if ( is_wp_error( $terms_update ) ) { - return $terms_update; - } - - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $post_id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $post = get_post( $post_id ); - $fields_update = $this->update_additional_fields_for_object( $post, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** - * Fires after a single post is completely created or updated via the REST API. - * - * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. - * - * @since 5.0.0 - * - * @param WP_Post $post Inserted or updated post object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a post, false when updating. - */ - do_action( "rest_after_insert_{$this->post_type}", $post, $request, true ); - - $response = $this->prepare_item_for_response( $post, $request ); - $response = rest_ensure_response( $response ); - - $response->set_status( 201 ); - $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $post_id ) ) ); - - return $response; - } - - /** - * Checks if a given request has access to update a post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. - */ - public function update_item_permissions_check( $request ) { - $post = $this->get_post( $request['id'] ); - if ( is_wp_error( $post ) ) { - return $post; - } - - $post_type = get_post_type_object( $this->post_type ); - - if ( $post && ! $this->check_update_permission( $post ) ) { - return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) { - return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to update posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) { - return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( ! $this->check_assign_terms_permission( $request ) ) { - return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Updates a single post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function update_item( $request ) { - $valid_check = $this->get_post( $request['id'] ); - if ( is_wp_error( $valid_check ) ) { - return $valid_check; - } - - $post = $this->prepare_item_for_database( $request ); - - if ( is_wp_error( $post ) ) { - return $post; - } - - // convert the post object to an array, otherwise wp_update_post will expect non-escaped input. - $post_id = wp_update_post( wp_slash( (array) $post ), true ); - - if ( is_wp_error( $post_id ) ) { - if ( 'db_update_error' === $post_id->get_error_code() ) { - $post_id->add_data( array( 'status' => 500 ) ); - } else { - $post_id->add_data( array( 'status' => 400 ) ); - } - return $post_id; - } - - $post = get_post( $post_id ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */ - do_action( "rest_insert_{$this->post_type}", $post, $request, false ); - - $schema = $this->get_item_schema(); - - if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) { - set_post_format( $post, $request['format'] ); - } - - if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) { - $this->handle_featured_media( $request['featured_media'], $post_id ); - } - - if ( ! empty( $schema['properties']['sticky'] ) && isset( $request['sticky'] ) ) { - if ( ! empty( $request['sticky'] ) ) { - stick_post( $post_id ); - } else { - unstick_post( $post_id ); - } - } - - if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) { - $this->handle_template( $request['template'], $post->ID ); - } - - $terms_update = $this->handle_terms( $post->ID, $request ); - - if ( is_wp_error( $terms_update ) ) { - return $terms_update; - } - - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $post->ID ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $post = get_post( $post_id ); - $fields_update = $this->update_additional_fields_for_object( $post, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - // Filter is fired in WP_REST_Attachments_Controller subclass. - if ( 'attachment' === $this->post_type ) { - $response = $this->prepare_item_for_response( $post, $request ); - return rest_ensure_response( $response ); - } - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */ - do_action( "rest_after_insert_{$this->post_type}", $post, $request, false ); - - $response = $this->prepare_item_for_response( $post, $request ); - - return rest_ensure_response( $response ); - } - - /** - * Checks if a given request has access to delete a post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. - */ - public function delete_item_permissions_check( $request ) { - $post = $this->get_post( $request['id'] ); - if ( is_wp_error( $post ) ) { - return $post; - } - - if ( $post && ! $this->check_delete_permission( $post ) ) { - return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Deletes a single post. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function delete_item( $request ) { - $post = $this->get_post( $request['id'] ); - if ( is_wp_error( $post ) ) { - return $post; - } - - $id = $post->ID; - $force = (bool) $request['force']; - - $supports_trash = ( EMPTY_TRASH_DAYS > 0 ); - - if ( 'attachment' === $post->post_type ) { - $supports_trash = $supports_trash && MEDIA_TRASH; - } - - /** - * Filters whether a post is trashable. - * - * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. - * - * Pass false to disable trash support for the post. - * - * @since 4.7.0 - * - * @param bool $supports_trash Whether the post type support trashing. - * @param WP_Post $post The Post object being considered for trashing support. - */ - $supports_trash = apply_filters( "rest_{$this->post_type}_trashable", $supports_trash, $post ); - - if ( ! $this->check_delete_permission( $post ) ) { - return new WP_Error( 'rest_user_cannot_delete_post', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - $request->set_param( 'context', 'edit' ); - - // If we're forcing, then delete permanently. - if ( $force ) { - $previous = $this->prepare_item_for_response( $post, $request ); - $result = wp_delete_post( $id, true ); - $response = new WP_REST_Response(); - $response->set_data( - array( - 'deleted' => true, - 'previous' => $previous->get_data(), - ) - ); - } else { - // If we don't support trashing for this type, error out. - if ( ! $supports_trash ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "The post does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); - } - - // Otherwise, only trash if we haven't already. - if ( 'trash' === $post->post_status ) { - return new WP_Error( 'rest_already_trashed', __( 'The post has already been deleted.' ), array( 'status' => 410 ) ); - } - - // (Note that internally this falls through to `wp_delete_post` if - // the trash is disabled.) - $result = wp_trash_post( $id ); - $post = get_post( $id ); - $response = $this->prepare_item_for_response( $post, $request ); - } - - if ( ! $result ) { - return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) ); - } - - /** - * Fires immediately after a single post is deleted or trashed via the REST API. - * - * They dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. - * - * @since 4.7.0 - * - * @param object $post The deleted or trashed post. - * @param WP_REST_Response $response The response data. - * @param WP_REST_Request $request The request sent to the API. - */ - do_action( "rest_delete_{$this->post_type}", $post, $response, $request ); - - return $response; - } - - /** - * Determines the allowed query_vars for a get_items() response and prepares - * them for WP_Query. - * - * @since 4.7.0 - * - * @param array $prepared_args Optional. Prepared WP_Query arguments. Default empty array. - * @param WP_REST_Request $request Optional. Full details about the request. - * @return array Items query arguments. - */ - protected function prepare_items_query( $prepared_args = array(), $request = null ) { - $query_args = array(); - - foreach ( $prepared_args as $key => $value ) { - /** - * Filters the query_vars used in get_items() for the constructed query. - * - * The dynamic portion of the hook name, `$key`, refers to the query_var key. - * - * @since 4.7.0 - * - * @param string $value The query_var value. - */ - $query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - } - - if ( 'post' !== $this->post_type || ! isset( $query_args['ignore_sticky_posts'] ) ) { - $query_args['ignore_sticky_posts'] = true; - } - - // Map to proper WP_Query orderby param. - if ( isset( $query_args['orderby'] ) && isset( $request['orderby'] ) ) { - $orderby_mappings = array( - 'id' => 'ID', - 'include' => 'post__in', - 'slug' => 'post_name', - 'include_slugs' => 'post_name__in', - ); - - if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) { - $query_args['orderby'] = $orderby_mappings[ $request['orderby'] ]; - } - } - - return $query_args; - } - - /** - * Checks the post_date_gmt or modified_gmt and prepare any post or - * modified date for single post output. - * - * @since 4.7.0 - * - * @param string $date_gmt GMT publication time. - * @param string|null $date Optional. Local publication time. Default null. - * @return string|null ISO8601/RFC3339 formatted datetime. - */ - protected function prepare_date_response( $date_gmt, $date = null ) { - // Use the date if passed. - if ( isset( $date ) ) { - return mysql_to_rfc3339( $date ); - } - - // Return null if $date_gmt is empty/zeros. - if ( '0000-00-00 00:00:00' === $date_gmt ) { - return null; - } - - // Return the formatted datetime. - return mysql_to_rfc3339( $date_gmt ); - } - - /** - * Prepares a single post for create or update. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Request object. - * @return stdClass|WP_Error Post object or WP_Error. - */ - protected function prepare_item_for_database( $request ) { - $prepared_post = new stdClass(); - - // Post ID. - if ( isset( $request['id'] ) ) { - $existing_post = $this->get_post( $request['id'] ); - if ( is_wp_error( $existing_post ) ) { - return $existing_post; - } - - $prepared_post->ID = $existing_post->ID; - } - - $schema = $this->get_item_schema(); - - // Post title. - if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { - if ( is_string( $request['title'] ) ) { - $prepared_post->post_title = $request['title']; - } elseif ( ! empty( $request['title']['raw'] ) ) { - $prepared_post->post_title = $request['title']['raw']; - } - } - - // Post content. - if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { - if ( is_string( $request['content'] ) ) { - $prepared_post->post_content = $request['content']; - } elseif ( isset( $request['content']['raw'] ) ) { - $prepared_post->post_content = $request['content']['raw']; - } - } - - // Post excerpt. - if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) { - if ( is_string( $request['excerpt'] ) ) { - $prepared_post->post_excerpt = $request['excerpt']; - } elseif ( isset( $request['excerpt']['raw'] ) ) { - $prepared_post->post_excerpt = $request['excerpt']['raw']; - } - } - - // Post type. - if ( empty( $request['id'] ) ) { - // Creating new post, use default type for the controller. - $prepared_post->post_type = $this->post_type; - } else { - // Updating a post, use previous type. - $prepared_post->post_type = get_post_type( $request['id'] ); - } - - $post_type = get_post_type_object( $prepared_post->post_type ); - - // Post status. - if ( ! empty( $schema['properties']['status'] ) && isset( $request['status'] ) ) { - $status = $this->handle_status_param( $request['status'], $post_type ); - - if ( is_wp_error( $status ) ) { - return $status; - } - - $prepared_post->post_status = $status; - } - - // Post date. - if ( ! empty( $schema['properties']['date'] ) && ! empty( $request['date'] ) ) { - $current_date = isset( $prepared_post->ID ) ? get_post( $prepared_post->ID )->post_date : false; - $date_data = rest_get_date_with_gmt( $request['date'] ); - - if ( ! empty( $date_data ) && $current_date !== $date_data[0] ) { - list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data; - $prepared_post->edit_date = true; - } - } elseif ( ! empty( $schema['properties']['date_gmt'] ) && ! empty( $request['date_gmt'] ) ) { - $current_date = isset( $prepared_post->ID ) ? get_post( $prepared_post->ID )->post_date_gmt : false; - $date_data = rest_get_date_with_gmt( $request['date_gmt'], true ); - - if ( ! empty( $date_data ) && $current_date !== $date_data[1] ) { - list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data; - $prepared_post->edit_date = true; - } - } - - // Sending a null date or date_gmt value resets date and date_gmt to their - // default values (`0000-00-00 00:00:00`). - if ( - ( ! empty( $schema['properties']['date_gmt'] ) && $request->has_param( 'date_gmt' ) && null === $request['date_gmt'] ) || - ( ! empty( $schema['properties']['date'] ) && $request->has_param( 'date' ) && null === $request['date'] ) - ) { - $prepared_post->post_date_gmt = null; - $prepared_post->post_date = null; - } - - // Post slug. - if ( ! empty( $schema['properties']['slug'] ) && isset( $request['slug'] ) ) { - $prepared_post->post_name = $request['slug']; - } - - // Author. - if ( ! empty( $schema['properties']['author'] ) && ! empty( $request['author'] ) ) { - $post_author = (int) $request['author']; - - if ( get_current_user_id() !== $post_author ) { - $user_obj = get_userdata( $post_author ); - - if ( ! $user_obj ) { - return new WP_Error( 'rest_invalid_author', __( 'Invalid author ID.' ), array( 'status' => 400 ) ); - } - } - - $prepared_post->post_author = $post_author; - } - - // Post password. - if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) ) { - $prepared_post->post_password = $request['password']; - - if ( '' !== $request['password'] ) { - if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) { - return new WP_Error( 'rest_invalid_field', __( 'A post can not be sticky and have a password.' ), array( 'status' => 400 ) ); - } - - if ( ! empty( $prepared_post->ID ) && is_sticky( $prepared_post->ID ) ) { - return new WP_Error( 'rest_invalid_field', __( 'A sticky post can not be password protected.' ), array( 'status' => 400 ) ); - } - } - } - - if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) { - if ( ! empty( $prepared_post->ID ) && post_password_required( $prepared_post->ID ) ) { - return new WP_Error( 'rest_invalid_field', __( 'A password protected post can not be set to sticky.' ), array( 'status' => 400 ) ); - } - } - - // Parent. - if ( ! empty( $schema['properties']['parent'] ) && isset( $request['parent'] ) ) { - if ( 0 === (int) $request['parent'] ) { - $prepared_post->post_parent = 0; - } else { - $parent = get_post( (int) $request['parent'] ); - if ( empty( $parent ) ) { - return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post parent ID.' ), array( 'status' => 400 ) ); - } - $prepared_post->post_parent = (int) $parent->ID; - } - } - - // Menu order. - if ( ! empty( $schema['properties']['menu_order'] ) && isset( $request['menu_order'] ) ) { - $prepared_post->menu_order = (int) $request['menu_order']; - } - - // Comment status. - if ( ! empty( $schema['properties']['comment_status'] ) && ! empty( $request['comment_status'] ) ) { - $prepared_post->comment_status = $request['comment_status']; - } - - // Ping status. - if ( ! empty( $schema['properties']['ping_status'] ) && ! empty( $request['ping_status'] ) ) { - $prepared_post->ping_status = $request['ping_status']; - } - - if ( ! empty( $schema['properties']['template'] ) ) { - // Force template to null so that it can be handled exclusively by the REST controller. - $prepared_post->page_template = null; - } - - /** - * Filters a post before it is inserted via the REST API. - * - * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. - * - * @since 4.7.0 - * - * @param stdClass $prepared_post An object representing a single post prepared - * for inserting or updating the database. - * @param WP_REST_Request $request Request object. - */ - return apply_filters( "rest_pre_insert_{$this->post_type}", $prepared_post, $request ); - - } - - /** - * Determines validity and normalizes the given status parameter. - * - * @since 4.7.0 - * - * @param string $post_status Post status. - * @param object $post_type Post type. - * @return string|WP_Error Post status or WP_Error if lacking the proper permission. - */ - protected function handle_status_param( $post_status, $post_type ) { - - switch ( $post_status ) { - case 'draft': - case 'pending': - break; - case 'private': - if ( ! current_user_can( $post_type->cap->publish_posts ) ) { - return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to create private posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); - } - break; - case 'publish': - case 'future': - if ( ! current_user_can( $post_type->cap->publish_posts ) ) { - return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to publish posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); - } - break; - default: - if ( ! get_post_status_object( $post_status ) ) { - $post_status = 'draft'; - } - break; - } - - return $post_status; - } - - /** - * Determines the featured media based on a request param. - * - * @since 4.7.0 - * - * @param int $featured_media Featured Media ID. - * @param int $post_id Post ID. - * @return bool|WP_Error Whether the post thumbnail was successfully deleted, otherwise WP_Error. - */ - protected function handle_featured_media( $featured_media, $post_id ) { - - $featured_media = (int) $featured_media; - if ( $featured_media ) { - $result = set_post_thumbnail( $post_id, $featured_media ); - if ( $result ) { - return true; - } else { - return new WP_Error( 'rest_invalid_featured_media', __( 'Invalid featured media ID.' ), array( 'status' => 400 ) ); - } - } else { - return delete_post_thumbnail( $post_id ); - } - - } - - /** - * Check whether the template is valid for the given post. - * - * @since 4.9.0 - * - * @param string $template Page template filename. - * @param WP_REST_Request $request Request. - * @return bool|WP_Error True if template is still valid or if the same as existing value, or false if template not supported. - */ - public function check_template( $template, $request ) { - - if ( ! $template ) { - return true; - } - - if ( $request['id'] ) { - $current_template = get_page_template_slug( $request['id'] ); - } else { - $current_template = ''; - } - - // Always allow for updating a post to the same template, even if that template is no longer supported. - if ( $template === $current_template ) { - return true; - } - - // If this is a create request, get_post() will return null and wp theme will fallback to the passed post type. - $allowed_templates = wp_get_theme()->get_page_templates( get_post( $request['id'] ), $this->post_type ); - - if ( isset( $allowed_templates[ $template ] ) ) { - return true; - } - - /* translators: 1: Parameter, 2: List of valid values. */ - return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not one of %2$s.' ), 'template', implode( ', ', array_keys( $allowed_templates ) ) ) ); - } - - /** - * Sets the template for a post. - * - * @since 4.7.0 - * @since 4.9.0 Added the `$validate` parameter. - * - * @param string $template Page template filename. - * @param integer $post_id Post ID. - * @param bool $validate Whether to validate that the template selected is valid. - */ - public function handle_template( $template, $post_id, $validate = false ) { - - if ( $validate && ! array_key_exists( $template, wp_get_theme()->get_page_templates( get_post( $post_id ) ) ) ) { - $template = ''; - } - - update_post_meta( $post_id, '_wp_page_template', $template ); - } - - /** - * Updates the post's terms from a REST request. - * - * @since 4.7.0 - * - * @param int $post_id The post ID to update the terms form. - * @param WP_REST_Request $request The request object with post and terms data. - * @return null|WP_Error WP_Error on an error assigning any of the terms, otherwise null. - */ - protected function handle_terms( $post_id, $request ) { - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - - foreach ( $taxonomies as $taxonomy ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - - if ( ! isset( $request[ $base ] ) ) { - continue; - } - - $result = wp_set_object_terms( $post_id, $request[ $base ], $taxonomy->name ); - - if ( is_wp_error( $result ) ) { - return $result; - } - } - } - - /** - * Checks whether current user can assign all terms sent with the current request. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request The request object with post and terms data. - * @return bool Whether the current user can assign the provided terms. - */ - protected function check_assign_terms_permission( $request ) { - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - foreach ( $taxonomies as $taxonomy ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - - if ( ! isset( $request[ $base ] ) ) { - continue; - } - - foreach ( $request[ $base ] as $term_id ) { - // Invalid terms will be rejected later. - if ( ! get_term( $term_id, $taxonomy->name ) ) { - continue; - } - - if ( ! current_user_can( 'assign_term', (int) $term_id ) ) { - return false; - } - } - } - - return true; - } - - /** - * Checks if a given post type can be viewed or managed. - * - * @since 4.7.0 - * - * @param object|string $post_type Post type name or object. - * @return bool Whether the post type is allowed in REST. - */ - protected function check_is_post_type_allowed( $post_type ) { - if ( ! is_object( $post_type ) ) { - $post_type = get_post_type_object( $post_type ); - } - - if ( ! empty( $post_type ) && ! empty( $post_type->show_in_rest ) ) { - return true; - } - - return false; - } - - /** - * Checks if a post can be read. - * - * Correctly handles posts with the inherit status. - * - * @since 4.7.0 - * - * @param object $post Post object. - * @return bool Whether the post can be read. - */ - public function check_read_permission( $post ) { - $post_type = get_post_type_object( $post->post_type ); - if ( ! $this->check_is_post_type_allowed( $post_type ) ) { - return false; - } - - // Is the post readable? - if ( 'publish' === $post->post_status || current_user_can( $post_type->cap->read_post, $post->ID ) ) { - return true; - } - - $post_status_obj = get_post_status_object( $post->post_status ); - if ( $post_status_obj && $post_status_obj->public ) { - return true; - } - - // Can we read the parent if we're inheriting? - if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) { - $parent = get_post( $post->post_parent ); - if ( $parent ) { - return $this->check_read_permission( $parent ); - } - } - - /* - * If there isn't a parent, but the status is set to inherit, assume - * it's published (as per get_post_status()). - */ - if ( 'inherit' === $post->post_status ) { - return true; - } - - return false; - } - - /** - * Checks if a post can be edited. - * - * @since 4.7.0 - * - * @param object $post Post object. - * @return bool Whether the post can be edited. - */ - protected function check_update_permission( $post ) { - $post_type = get_post_type_object( $post->post_type ); - - if ( ! $this->check_is_post_type_allowed( $post_type ) ) { - return false; - } - - return current_user_can( $post_type->cap->edit_post, $post->ID ); - } - - /** - * Checks if a post can be created. - * - * @since 4.7.0 - * - * @param object $post Post object. - * @return bool Whether the post can be created. - */ - protected function check_create_permission( $post ) { - $post_type = get_post_type_object( $post->post_type ); - - if ( ! $this->check_is_post_type_allowed( $post_type ) ) { - return false; - } - - return current_user_can( $post_type->cap->create_posts ); - } - - /** - * Checks if a post can be deleted. - * - * @since 4.7.0 - * - * @param object $post Post object. - * @return bool Whether the post can be deleted. - */ - protected function check_delete_permission( $post ) { - $post_type = get_post_type_object( $post->post_type ); - - if ( ! $this->check_is_post_type_allowed( $post_type ) ) { - return false; - } - - return current_user_can( $post_type->cap->delete_post, $post->ID ); - } - - /** - * Prepares a single post output for response. - * - * @since 4.7.0 - * - * @param WP_Post $post Post object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $post, $request ) { - $GLOBALS['post'] = $post; - - setup_postdata( $post ); - - $fields = $this->get_fields_for_response( $request ); - - // Base fields for every post. - $data = array(); - - if ( rest_is_field_included( 'id', $fields ) ) { - $data['id'] = $post->ID; - } - - if ( rest_is_field_included( 'date', $fields ) ) { - $data['date'] = $this->prepare_date_response( $post->post_date_gmt, $post->post_date ); - } - - if ( rest_is_field_included( 'date_gmt', $fields ) ) { - // For drafts, `post_date_gmt` may not be set, indicating that the - // date of the draft should be updated each time it is saved (see - // #38883). In this case, shim the value based on the `post_date` - // field with the site's timezone offset applied. - if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) { - $post_date_gmt = get_gmt_from_date( $post->post_date ); - } else { - $post_date_gmt = $post->post_date_gmt; - } - $data['date_gmt'] = $this->prepare_date_response( $post_date_gmt ); - } - - if ( rest_is_field_included( 'guid', $fields ) ) { - $data['guid'] = array( - /** This filter is documented in wp-includes/post-template.php */ - 'rendered' => apply_filters( 'get_the_guid', $post->guid, $post->ID ), - 'raw' => $post->guid, - ); - } - - if ( rest_is_field_included( 'modified', $fields ) ) { - $data['modified'] = $this->prepare_date_response( $post->post_modified_gmt, $post->post_modified ); - } - - if ( rest_is_field_included( 'modified_gmt', $fields ) ) { - // For drafts, `post_modified_gmt` may not be set (see - // `post_date_gmt` comments above). In this case, shim the value - // based on the `post_modified` field with the site's timezone - // offset applied. - if ( '0000-00-00 00:00:00' === $post->post_modified_gmt ) { - $post_modified_gmt = gmdate( 'Y-m-d H:i:s', strtotime( $post->post_modified ) - ( get_option( 'gmt_offset' ) * 3600 ) ); - } else { - $post_modified_gmt = $post->post_modified_gmt; - } - $data['modified_gmt'] = $this->prepare_date_response( $post_modified_gmt ); - } - - if ( rest_is_field_included( 'password', $fields ) ) { - $data['password'] = $post->post_password; - } - - if ( rest_is_field_included( 'slug', $fields ) ) { - $data['slug'] = $post->post_name; - } - - if ( rest_is_field_included( 'status', $fields ) ) { - $data['status'] = $post->post_status; - } - - if ( rest_is_field_included( 'type', $fields ) ) { - $data['type'] = $post->post_type; - } - - if ( rest_is_field_included( 'link', $fields ) ) { - $data['link'] = get_permalink( $post->ID ); - } - - if ( rest_is_field_included( 'title', $fields ) ) { - $data['title'] = array(); - } - if ( rest_is_field_included( 'title.raw', $fields ) ) { - $data['title']['raw'] = $post->post_title; - } - if ( rest_is_field_included( 'title.rendered', $fields ) ) { - add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); - - $data['title']['rendered'] = get_the_title( $post->ID ); - - remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); - } - - $has_password_filter = false; - - if ( $this->can_access_password_content( $post, $request ) ) { - // Allow access to the post, permissions already checked before. - add_filter( 'post_password_required', '__return_false' ); - - $has_password_filter = true; - } - - if ( rest_is_field_included( 'content', $fields ) ) { - $data['content'] = array(); - } - if ( rest_is_field_included( 'content.raw', $fields ) ) { - $data['content']['raw'] = $post->post_content; - } - if ( rest_is_field_included( 'content.rendered', $fields ) ) { - /** This filter is documented in wp-includes/post-template.php */ - $data['content']['rendered'] = post_password_required( $post ) ? '' : apply_filters( 'the_content', $post->post_content ); - } - if ( rest_is_field_included( 'content.protected', $fields ) ) { - $data['content']['protected'] = (bool) $post->post_password; - } - if ( rest_is_field_included( 'content.block_version', $fields ) ) { - $data['content']['block_version'] = block_version( $post->post_content ); - } - - if ( rest_is_field_included( 'excerpt', $fields ) ) { - /** This filter is documented in wp-includes/post-template.php */ - $excerpt = apply_filters( 'the_excerpt', apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ) ); - $data['excerpt'] = array( - 'raw' => $post->post_excerpt, - 'rendered' => post_password_required( $post ) ? '' : $excerpt, - 'protected' => (bool) $post->post_password, - ); - } - - if ( $has_password_filter ) { - // Reset filter. - remove_filter( 'post_password_required', '__return_false' ); - } - - if ( rest_is_field_included( 'author', $fields ) ) { - $data['author'] = (int) $post->post_author; - } - - if ( rest_is_field_included( 'featured_media', $fields ) ) { - $data['featured_media'] = (int) get_post_thumbnail_id( $post->ID ); - } - - if ( rest_is_field_included( 'parent', $fields ) ) { - $data['parent'] = (int) $post->post_parent; - } - - if ( rest_is_field_included( 'menu_order', $fields ) ) { - $data['menu_order'] = (int) $post->menu_order; - } - - if ( rest_is_field_included( 'comment_status', $fields ) ) { - $data['comment_status'] = $post->comment_status; - } - - if ( rest_is_field_included( 'ping_status', $fields ) ) { - $data['ping_status'] = $post->ping_status; - } - - if ( rest_is_field_included( 'sticky', $fields ) ) { - $data['sticky'] = is_sticky( $post->ID ); - } - - if ( rest_is_field_included( 'template', $fields ) ) { - $template = get_page_template_slug( $post->ID ); - if ( $template ) { - $data['template'] = $template; - } else { - $data['template'] = ''; - } - } - - if ( rest_is_field_included( 'format', $fields ) ) { - $data['format'] = get_post_format( $post->ID ); - - // Fill in blank post format. - if ( empty( $data['format'] ) ) { - $data['format'] = 'standard'; - } - } - - if ( rest_is_field_included( 'meta', $fields ) ) { - $data['meta'] = $this->meta->get_value( $post->ID, $request ); - } - - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - - foreach ( $taxonomies as $taxonomy ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - - if ( rest_is_field_included( $base, $fields ) ) { - $terms = get_the_terms( $post, $taxonomy->name ); - $data[ $base ] = $terms ? array_values( wp_list_pluck( $terms, 'term_id' ) ) : array(); - } - } - - $post_type_obj = get_post_type_object( $post->post_type ); - if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) { - $permalink_template_requested = rest_is_field_included( 'permalink_template', $fields ); - $generated_slug_requested = rest_is_field_included( 'generated_slug', $fields ); - - if ( $permalink_template_requested || $generated_slug_requested ) { - if ( ! function_exists( 'get_sample_permalink' ) ) { - require_once ABSPATH . 'wp-admin/includes/post.php'; - } - - $sample_permalink = get_sample_permalink( $post->ID, $post->post_title, '' ); - - if ( $permalink_template_requested ) { - $data['permalink_template'] = $sample_permalink[0]; - } - - if ( $generated_slug_requested ) { - $data['generated_slug'] = $sample_permalink[1]; - } - } - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - $links = $this->prepare_links( $post ); - $response->add_links( $links ); - - if ( ! empty( $links['self']['href'] ) ) { - $actions = $this->get_available_actions( $post, $request ); - - $self = $links['self']['href']; - - foreach ( $actions as $rel ) { - $response->add_link( $rel, $self ); - } - } - - /** - * Filters the post data for a response. - * - * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param WP_Post $post Post object. - * @param WP_REST_Request $request Request object. - */ - return apply_filters( "rest_prepare_{$this->post_type}", $response, $post, $request ); - } - - /** - * Overwrites the default protected title format. - * - * By default, WordPress will show password protected posts with a title of - * "Protected: %s", as the REST API communicates the protected status of a post - * in a machine readable format, we remove the "Protected: " prefix. - * - * @since 4.7.0 - * - * @return string Protected title format. - */ - public function protected_title_format() { - return '%s'; - } - - /** - * Prepares links for the request. - * - * @since 4.7.0 - * - * @param WP_Post $post Post object. - * @return array Links for the given post. - */ - protected function prepare_links( $post ) { - $base = sprintf( '%s/%s', $this->namespace, $this->rest_base ); - - // Entity meta. - $links = array( - 'self' => array( - 'href' => rest_url( trailingslashit( $base ) . $post->ID ), - ), - 'collection' => array( - 'href' => rest_url( $base ), - ), - 'about' => array( - 'href' => rest_url( 'wp/v2/types/' . $this->post_type ), - ), - ); - - if ( ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'author' ) ) - && ! empty( $post->post_author ) ) { - $links['author'] = array( - 'href' => rest_url( 'wp/v2/users/' . $post->post_author ), - 'embeddable' => true, - ); - } - - if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'comments' ) ) { - $replies_url = rest_url( 'wp/v2/comments' ); - $replies_url = add_query_arg( 'post', $post->ID, $replies_url ); - - $links['replies'] = array( - 'href' => $replies_url, - 'embeddable' => true, - ); - } - - if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'revisions' ) ) { - $revisions = wp_get_post_revisions( $post->ID, array( 'fields' => 'ids' ) ); - $revisions_count = count( $revisions ); - - $links['version-history'] = array( - 'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions' ), - 'count' => $revisions_count, - ); - - if ( $revisions_count > 0 ) { - $last_revision = array_shift( $revisions ); - - $links['predecessor-version'] = array( - 'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions/' . $last_revision ), - 'id' => $last_revision, - ); - } - } - - $post_type_obj = get_post_type_object( $post->post_type ); - - if ( $post_type_obj->hierarchical && ! empty( $post->post_parent ) ) { - $links['up'] = array( - 'href' => rest_url( trailingslashit( $base ) . (int) $post->post_parent ), - 'embeddable' => true, - ); - } - - // If we have a featured media, add that. - $featured_media = get_post_thumbnail_id( $post->ID ); - if ( $featured_media ) { - $image_url = rest_url( 'wp/v2/media/' . $featured_media ); - - $links['https://api.w.org/featuredmedia'] = array( - 'href' => $image_url, - 'embeddable' => true, - ); - } - - if ( ! in_array( $post->post_type, array( 'attachment', 'nav_menu_item', 'revision' ), true ) ) { - $attachments_url = rest_url( 'wp/v2/media' ); - $attachments_url = add_query_arg( 'parent', $post->ID, $attachments_url ); - - $links['https://api.w.org/attachment'] = array( - 'href' => $attachments_url, - ); - } - - $taxonomies = get_object_taxonomies( $post->post_type ); - - if ( ! empty( $taxonomies ) ) { - $links['https://api.w.org/term'] = array(); - - foreach ( $taxonomies as $tax ) { - $taxonomy_obj = get_taxonomy( $tax ); - - // Skip taxonomies that are not public. - if ( empty( $taxonomy_obj->show_in_rest ) ) { - continue; - } - - $tax_base = ! empty( $taxonomy_obj->rest_base ) ? $taxonomy_obj->rest_base : $tax; - - $terms_url = add_query_arg( - 'post', - $post->ID, - rest_url( 'wp/v2/' . $tax_base ) - ); - - $links['https://api.w.org/term'][] = array( - 'href' => $terms_url, - 'taxonomy' => $tax, - 'embeddable' => true, - ); - } - } - - return $links; - } - - /** - * Get the link relations available for the post and current user. - * - * @since 4.9.8 - * - * @param WP_Post $post Post object. - * @param WP_REST_Request $request Request object. - * @return array List of link relations. - */ - protected function get_available_actions( $post, $request ) { - - if ( 'edit' !== $request['context'] ) { - return array(); - } - - $rels = array(); - - $post_type = get_post_type_object( $post->post_type ); - - if ( 'attachment' !== $this->post_type && current_user_can( $post_type->cap->publish_posts ) ) { - $rels[] = 'https://api.w.org/action-publish'; - } - - if ( current_user_can( 'unfiltered_html' ) ) { - $rels[] = 'https://api.w.org/action-unfiltered-html'; - } - - if ( 'post' === $post_type->name ) { - if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) { - $rels[] = 'https://api.w.org/action-sticky'; - } - } - - if ( post_type_supports( $post_type->name, 'author' ) ) { - if ( current_user_can( $post_type->cap->edit_others_posts ) ) { - $rels[] = 'https://api.w.org/action-assign-author'; - } - } - - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - - foreach ( $taxonomies as $tax ) { - $tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name; - $create_cap = is_taxonomy_hierarchical( $tax->name ) ? $tax->cap->edit_terms : $tax->cap->assign_terms; - - if ( current_user_can( $create_cap ) ) { - $rels[] = 'https://api.w.org/action-create-' . $tax_base; - } - - if ( current_user_can( $tax->cap->assign_terms ) ) { - $rels[] = 'https://api.w.org/action-assign-' . $tax_base; - } - } - - return $rels; - } - - /** - * Retrieves the post's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => $this->post_type, - 'type' => 'object', - // Base properties for every Post. - 'properties' => array( - 'date' => array( - 'description' => __( "The date the object was published, in the site's timezone." ), - 'type' => array( 'string', 'null' ), - 'format' => 'date-time', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'date_gmt' => array( - 'description' => __( 'The date the object was published, as GMT.' ), - 'type' => array( 'string', 'null' ), - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - ), - 'guid' => array( - 'description' => __( 'The globally unique identifier for the object.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - 'properties' => array( - 'raw' => array( - 'description' => __( 'GUID for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'rendered' => array( - 'description' => __( 'GUID for the object, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - ), - ), - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'link' => array( - 'description' => __( 'URL to the object.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'modified' => array( - 'description' => __( "The date the object was last modified, in the site's timezone." ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'modified_gmt' => array( - 'description' => __( 'The date the object was last modified, as GMT.' ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the object unique to its type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => array( $this, 'sanitize_slug' ), - ), - ), - 'status' => array( - 'description' => __( 'A named status for the object.' ), - 'type' => 'string', - 'enum' => array_keys( get_post_stati( array( 'internal' => false ) ) ), - 'context' => array( 'view', 'edit' ), - ), - 'type' => array( - 'description' => __( 'Type of Post for the object.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'password' => array( - 'description' => __( 'A password to protect access to the content and excerpt.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - ), - ); - - $post_type_obj = get_post_type_object( $this->post_type ); - if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) { - $schema['properties']['permalink_template'] = array( - 'description' => __( 'Permalink template for the object.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'readonly' => true, - ); - - $schema['properties']['generated_slug'] = array( - 'description' => __( 'Slug automatically generated from the object title.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'readonly' => true, - ); - } - - if ( $post_type_obj->hierarchical ) { - $schema['properties']['parent'] = array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit' ), - ); - } - - $post_type_attributes = array( - 'title', - 'editor', - 'author', - 'excerpt', - 'thumbnail', - 'comments', - 'revisions', - 'page-attributes', - 'post-formats', - 'custom-fields', - ); - $fixed_schemas = array( - 'post' => array( - 'title', - 'editor', - 'author', - 'excerpt', - 'thumbnail', - 'comments', - 'revisions', - 'post-formats', - 'custom-fields', - ), - 'page' => array( - 'title', - 'editor', - 'author', - 'excerpt', - 'thumbnail', - 'comments', - 'revisions', - 'page-attributes', - 'custom-fields', - ), - 'attachment' => array( - 'title', - 'author', - 'comments', - 'revisions', - 'custom-fields', - ), - ); - foreach ( $post_type_attributes as $attribute ) { - if ( isset( $fixed_schemas[ $this->post_type ] ) && ! in_array( $attribute, $fixed_schemas[ $this->post_type ], true ) ) { - continue; - } elseif ( ! isset( $fixed_schemas[ $this->post_type ] ) && ! post_type_supports( $this->post_type, $attribute ) ) { - continue; - } - - switch ( $attribute ) { - - case 'title': - $schema['properties']['title'] = array( - 'description' => __( 'The title for the object.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() - ), - 'properties' => array( - 'raw' => array( - 'description' => __( 'Title for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - 'rendered' => array( - 'description' => __( 'HTML title for the object, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ); - break; - - case 'editor': - $schema['properties']['content'] = array( - 'description' => __( 'The content for the object.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() - ), - 'properties' => array( - 'raw' => array( - 'description' => __( 'Content for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - 'rendered' => array( - 'description' => __( 'HTML content for the object, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'block_version' => array( - 'description' => __( 'Version of the content block format used by the object.' ), - 'type' => 'integer', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'protected' => array( - 'description' => __( 'Whether the content is protected with a password.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ); - break; - - case 'author': - $schema['properties']['author'] = array( - 'description' => __( 'The ID for the author of the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - ); - break; - - case 'excerpt': - $schema['properties']['excerpt'] = array( - 'description' => __( 'The excerpt for the object.' ), - 'type' => 'object', - 'context' => array( 'view', 'edit', 'embed' ), - 'arg_options' => array( - 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() - 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() - ), - 'properties' => array( - 'raw' => array( - 'description' => __( 'Excerpt for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - ), - 'rendered' => array( - 'description' => __( 'HTML excerpt for the object, transformed for display.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'protected' => array( - 'description' => __( 'Whether the excerpt is protected with a password.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - ), - ); - break; - - case 'thumbnail': - $schema['properties']['featured_media'] = array( - 'description' => __( 'The ID of the featured media for the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - ); - break; - - case 'comments': - $schema['properties']['comment_status'] = array( - 'description' => __( 'Whether or not comments are open on the object.' ), - 'type' => 'string', - 'enum' => array( 'open', 'closed' ), - 'context' => array( 'view', 'edit' ), - ); - $schema['properties']['ping_status'] = array( - 'description' => __( 'Whether or not the object can be pinged.' ), - 'type' => 'string', - 'enum' => array( 'open', 'closed' ), - 'context' => array( 'view', 'edit' ), - ); - break; - - case 'page-attributes': - $schema['properties']['menu_order'] = array( - 'description' => __( 'The order of the object in relation to other object of its type.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit' ), - ); - break; - - case 'post-formats': - // Get the native post formats and remove the array keys. - $formats = array_values( get_post_format_slugs() ); - - $schema['properties']['format'] = array( - 'description' => __( 'The format for the object.' ), - 'type' => 'string', - 'enum' => $formats, - 'context' => array( 'view', 'edit' ), - ); - break; - - case 'custom-fields': - $schema['properties']['meta'] = $this->meta->get_field_schema(); - break; - - } - } - - if ( 'post' === $this->post_type ) { - $schema['properties']['sticky'] = array( - 'description' => __( 'Whether or not the object should be treated as sticky.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit' ), - ); - } - - $schema['properties']['template'] = array( - 'description' => __( 'The theme file to use to display the object.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'arg_options' => array( - 'validate_callback' => array( $this, 'check_template' ), - ), - ); - - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - foreach ( $taxonomies as $taxonomy ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - $schema['properties'][ $base ] = array( - /* translators: %s: Taxonomy name. */ - 'description' => sprintf( __( 'The terms assigned to the object in the %s taxonomy.' ), $taxonomy->name ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'context' => array( 'view', 'edit' ), - ); - } - - $schema_links = $this->get_schema_links(); - - if ( $schema_links ) { - $schema['links'] = $schema_links; - } - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieve Link Description Objects that should be added to the Schema for the posts collection. - * - * @since 4.9.8 - * - * @return array - */ - protected function get_schema_links() { - - $href = rest_url( "{$this->namespace}/{$this->rest_base}/{id}" ); - - $links = array(); - - if ( 'attachment' !== $this->post_type ) { - $links[] = array( - 'rel' => 'https://api.w.org/action-publish', - 'title' => __( 'The current user can publish this post.' ), - 'href' => $href, - 'targetSchema' => array( - 'type' => 'object', - 'properties' => array( - 'status' => array( - 'type' => 'string', - 'enum' => array( 'publish', 'future' ), - ), - ), - ), - ); - } - - $links[] = array( - 'rel' => 'https://api.w.org/action-unfiltered-html', - 'title' => __( 'The current user can post unfiltered HTML markup and JavaScript.' ), - 'href' => $href, - 'targetSchema' => array( - 'type' => 'object', - 'properties' => array( - 'content' => array( - 'raw' => array( - 'type' => 'string', - ), - ), - ), - ), - ); - - if ( 'post' === $this->post_type ) { - $links[] = array( - 'rel' => 'https://api.w.org/action-sticky', - 'title' => __( 'The current user can sticky this post.' ), - 'href' => $href, - 'targetSchema' => array( - 'type' => 'object', - 'properties' => array( - 'sticky' => array( - 'type' => 'boolean', - ), - ), - ), - ); - } - - if ( post_type_supports( $this->post_type, 'author' ) ) { - $links[] = array( - 'rel' => 'https://api.w.org/action-assign-author', - 'title' => __( 'The current user can change the author on this post.' ), - 'href' => $href, - 'targetSchema' => array( - 'type' => 'object', - 'properties' => array( - 'author' => array( - 'type' => 'integer', - ), - ), - ), - ); - } - - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - - foreach ( $taxonomies as $tax ) { - $tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name; - - /* translators: %s: Taxonomy name. */ - $assign_title = sprintf( __( 'The current user can assign terms in the %s taxonomy.' ), $tax->name ); - /* translators: %s: Taxonomy name. */ - $create_title = sprintf( __( 'The current user can create terms in the %s taxonomy.' ), $tax->name ); - - $links[] = array( - 'rel' => 'https://api.w.org/action-assign-' . $tax_base, - 'title' => $assign_title, - 'href' => $href, - 'targetSchema' => array( - 'type' => 'object', - 'properties' => array( - $tax_base => array( - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ), - ), - ), - ); - - $links[] = array( - 'rel' => 'https://api.w.org/action-create-' . $tax_base, - 'title' => $create_title, - 'href' => $href, - 'targetSchema' => array( - 'type' => 'object', - 'properties' => array( - $tax_base => array( - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - ), - ), - ), - ); - } - - return $links; - } - - /** - * Retrieves the query params for the posts collection. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $query_params = parent::get_collection_params(); - - $query_params['context']['default'] = 'view'; - - $query_params['after'] = array( - 'description' => __( 'Limit response to posts published after a given ISO8601 compliant date.' ), - 'type' => 'string', - 'format' => 'date-time', - ); - - if ( post_type_supports( $this->post_type, 'author' ) ) { - $query_params['author'] = array( - 'description' => __( 'Limit result set to posts assigned to specific authors.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - $query_params['author_exclude'] = array( - 'description' => __( 'Ensure result set excludes posts assigned to specific authors.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - } - - $query_params['before'] = array( - 'description' => __( 'Limit response to posts published before a given ISO8601 compliant date.' ), - 'type' => 'string', - 'format' => 'date-time', - ); - - $query_params['exclude'] = array( - 'description' => __( 'Ensure result set excludes specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['include'] = array( - 'description' => __( 'Limit result set to specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) { - $query_params['menu_order'] = array( - 'description' => __( 'Limit result set to posts with a specific menu_order value.' ), - 'type' => 'integer', - ); - } - - $query_params['offset'] = array( - 'description' => __( 'Offset the result set by a specific number of items.' ), - 'type' => 'integer', - ); - - $query_params['order'] = array( - 'description' => __( 'Order sort attribute ascending or descending.' ), - 'type' => 'string', - 'default' => 'desc', - 'enum' => array( 'asc', 'desc' ), - ); - - $query_params['orderby'] = array( - 'description' => __( 'Sort collection by object attribute.' ), - 'type' => 'string', - 'default' => 'date', - 'enum' => array( - 'author', - 'date', - 'id', - 'include', - 'modified', - 'parent', - 'relevance', - 'slug', - 'include_slugs', - 'title', - ), - ); - - if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) { - $query_params['orderby']['enum'][] = 'menu_order'; - } - - $post_type = get_post_type_object( $this->post_type ); - - if ( $post_type->hierarchical || 'attachment' === $this->post_type ) { - $query_params['parent'] = array( - 'description' => __( 'Limit result set to items with particular parent IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - $query_params['parent_exclude'] = array( - 'description' => __( 'Limit result set to all items except those of a particular parent ID.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - } - - $query_params['slug'] = array( - 'description' => __( 'Limit result set to posts with one or more specific slugs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - 'sanitize_callback' => 'wp_parse_slug_list', - ); - - $query_params['status'] = array( - 'default' => 'publish', - 'description' => __( 'Limit result set to posts assigned one or more statuses.' ), - 'type' => 'array', - 'items' => array( - 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), - 'type' => 'string', - ), - 'sanitize_callback' => array( $this, 'sanitize_post_statuses' ), - ); - - $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); - - foreach ( $taxonomies as $taxonomy ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - - $query_params[ $base ] = array( - /* translators: %s: Taxonomy name. */ - 'description' => sprintf( __( 'Limit result set to all items that have the specified term assigned in the %s taxonomy.' ), $base ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params[ $base . '_exclude' ] = array( - /* translators: %s: Taxonomy name. */ - 'description' => sprintf( __( 'Limit result set to all items except those that have the specified term assigned in the %s taxonomy.' ), $base ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - } - - if ( 'post' === $this->post_type ) { - $query_params['sticky'] = array( - 'description' => __( 'Limit result set to items that are sticky.' ), - 'type' => 'boolean', - ); - } - - /** - * Filter collection parameters for the posts controller. - * - * The dynamic part of the filter `$this->post_type` refers to the post - * type slug for the controller. - * - * This filter registers the collection parameter, but does not map the - * collection parameter to an internal WP_Query parameter. Use the - * `rest_{$this->post_type}_query` filter to set WP_Query parameters. - * - * @since 4.7.0 - * - * @param array $query_params JSON Schema-formatted collection parameters. - * @param WP_Post_Type $post_type Post type object. - */ - return apply_filters( "rest_{$this->post_type}_collection_params", $query_params, $post_type ); - } - - /** - * Sanitizes and validates the list of post statuses, including whether the - * user can query private statuses. - * - * @since 4.7.0 - * - * @param string|array $statuses One or more post statuses. - * @param WP_REST_Request $request Full details about the request. - * @param string $parameter Additional parameter to pass to validation. - * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. - */ - public function sanitize_post_statuses( $statuses, $request, $parameter ) { - $statuses = wp_parse_slug_list( $statuses ); - - // The default status is different in WP_REST_Attachments_Controller - $attributes = $request->get_attributes(); - $default_status = $attributes['args']['status']['default']; - - foreach ( $statuses as $status ) { - if ( $status === $default_status ) { - continue; - } - - $post_type_obj = get_post_type_object( $this->post_type ); - - if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) { - $result = rest_validate_request_arg( $status, $request, $parameter ); - if ( is_wp_error( $result ) ) { - return $result; - } - } else { - return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); - } - } - - return $statuses; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php deleted file mode 100644 index 9edf6ec..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php +++ /dev/null @@ -1,789 +0,0 @@ -<?php -/** - * REST API: WP_REST_Revisions_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class used to access revisions via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Revisions_Controller extends WP_REST_Controller { - - /** - * Parent post type. - * - * @since 4.7.0 - * @var string - */ - private $parent_post_type; - - /** - * Parent controller. - * - * @since 4.7.0 - * @var WP_REST_Controller - */ - private $parent_controller; - - /** - * The base of the parent controller's route. - * - * @since 4.7.0 - * @var string - */ - private $parent_base; - - /** - * Constructor. - * - * @since 4.7.0 - * - * @param string $parent_post_type Post type of the parent. - */ - public function __construct( $parent_post_type ) { - $this->parent_post_type = $parent_post_type; - $this->namespace = 'wp/v2'; - $this->rest_base = 'revisions'; - $post_type_object = get_post_type_object( $parent_post_type ); - $this->parent_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name; - $this->parent_controller = $post_type_object->get_rest_controller(); - - if ( ! $this->parent_controller ) { - $this->parent_controller = new WP_REST_Posts_Controller( $parent_post_type ); - } - } - - /** - * Registers routes for revisions based on post types supporting revisions. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, - array( - 'args' => array( - 'parent' => array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', - array( - 'args' => array( - 'parent' => array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - ), - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - array( - 'methods' => WP_REST_Server::DELETABLE, - 'callback' => array( $this, 'delete_item' ), - 'permission_callback' => array( $this, 'delete_item_permissions_check' ), - 'args' => array( - 'force' => array( - 'type' => 'boolean', - 'default' => false, - 'description' => __( 'Required to be true, as revisions do not support trashing.' ), - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - } - - /** - * Get the parent post, if the ID is valid. - * - * @since 4.7.2 - * - * @param int $parent Supplied ID. - * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. - */ - protected function get_parent( $parent ) { - $error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); - if ( (int) $parent <= 0 ) { - return $error; - } - - $parent = get_post( (int) $parent ); - if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) { - return $error; - } - - return $parent; - } - - /** - * Checks if a given request has access to get revisions. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return true|WP_Error True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - $parent = $this->get_parent( $request['parent'] ); - if ( is_wp_error( $parent ) ) { - return $parent; - } - - $parent_post_type_obj = get_post_type_object( $parent->post_type ); - if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Get the revision, if the ID is valid. - * - * @since 4.7.2 - * - * @param int $id Supplied ID. - * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. - */ - protected function get_revision( $id ) { - $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); - if ( (int) $id <= 0 ) { - return $error; - } - - $revision = get_post( (int) $id ); - if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) { - return $error; - } - - return $revision; - } - - /** - * Gets a collection of revisions. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - $parent = $this->get_parent( $request['parent'] ); - if ( is_wp_error( $parent ) ) { - return $parent; - } - - // Ensure a search string is set in case the orderby is set to 'relevance'. - if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) { - return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) ); - } - - // Ensure an include parameter is set in case the orderby is set to 'include'. - if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) { - return new WP_Error( 'rest_orderby_include_missing_include', __( 'You need to define an include parameter to order by include.' ), array( 'status' => 400 ) ); - } - - if ( wp_revisions_enabled( $parent ) ) { - $registered = $this->get_collection_params(); - $args = array( - 'post_parent' => $parent->ID, - 'post_type' => 'revision', - 'post_status' => 'inherit', - 'posts_per_page' => -1, - 'orderby' => 'date ID', - 'order' => 'DESC', - 'suppress_filters' => true, - ); - - $parameter_mappings = array( - 'exclude' => 'post__not_in', - 'include' => 'post__in', - 'offset' => 'offset', - 'order' => 'order', - 'orderby' => 'orderby', - 'page' => 'paged', - 'per_page' => 'posts_per_page', - 'search' => 's', - ); - - foreach ( $parameter_mappings as $api_param => $wp_param ) { - if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { - $args[ $wp_param ] = $request[ $api_param ]; - } - } - - // For backward-compatibility, 'date' needs to resolve to 'date ID'. - if ( isset( $args['orderby'] ) && 'date' === $args['orderby'] ) { - $args['orderby'] = 'date ID'; - } - - /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */ - $args = apply_filters( 'rest_revision_query', $args, $request ); - $query_args = $this->prepare_items_query( $args, $request ); - - $revisions_query = new WP_Query(); - $revisions = $revisions_query->query( $query_args ); - $offset = isset( $query_args['offset'] ) ? (int) $query_args['offset'] : 0; - $page = (int) $query_args['paged']; - $total_revisions = $revisions_query->found_posts; - - if ( $total_revisions < 1 ) { - // Out-of-bounds, run the query again without LIMIT for total count. - unset( $query_args['paged'], $query_args['offset'] ); - - $count_query = new WP_Query(); - $count_query->query( $query_args ); - - $total_revisions = $count_query->found_posts; - } - - if ( $revisions_query->query_vars['posts_per_page'] > 0 ) { - $max_pages = ceil( $total_revisions / (int) $revisions_query->query_vars['posts_per_page'] ); - } else { - $max_pages = $total_revisions > 0 ? 1 : 0; - } - - if ( $total_revisions > 0 ) { - if ( $offset >= $total_revisions ) { - return new WP_Error( 'rest_revision_invalid_offset_number', __( 'The offset number requested is larger than or equal to the number of available revisions.' ), array( 'status' => 400 ) ); - } elseif ( ! $offset && $page > $max_pages ) { - return new WP_Error( 'rest_revision_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) ); - } - } - } else { - $revisions = array(); - $total_revisions = 0; - $max_pages = 0; - $page = (int) $request['page']; - } - - $response = array(); - foreach ( $revisions as $revision ) { - $data = $this->prepare_item_for_response( $revision, $request ); - $response[] = $this->prepare_response_for_collection( $data ); - } - - $response = rest_ensure_response( $response ); - - $response->header( 'X-WP-Total', (int) $total_revisions ); - $response->header( 'X-WP-TotalPages', (int) $max_pages ); - - $request_params = $request->get_query_params(); - $base = add_query_arg( urlencode_deep( $request_params ), rest_url( sprintf( '%s/%s/%d/%s', $this->namespace, $this->parent_base, $request['parent'], $this->rest_base ) ) ); - - if ( $page > 1 ) { - $prev_page = $page - 1; - - if ( $prev_page > $max_pages ) { - $prev_page = $max_pages; - } - - $prev_link = add_query_arg( 'page', $prev_page, $base ); - $response->link_header( 'prev', $prev_link ); - } - if ( $max_pages > $page ) { - $next_page = $page + 1; - $next_link = add_query_arg( 'page', $next_page, $base ); - - $response->link_header( 'next', $next_link ); - } - - return $response; - } - - /** - * Checks if a given request has access to get a specific revision. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise. - */ - public function get_item_permissions_check( $request ) { - return $this->get_items_permissions_check( $request ); - } - - /** - * Retrieves one revision from the collection. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full data about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $parent = $this->get_parent( $request['parent'] ); - if ( is_wp_error( $parent ) ) { - return $parent; - } - - $parent_post_type = get_post_type_object( $parent->post_type ); - if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) { - return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - $revision = $this->get_revision( $request['id'] ); - if ( is_wp_error( $revision ) ) { - return $revision; - } - - $response = $this->prepare_item_for_response( $revision, $request ); - return rest_ensure_response( $response ); - } - - /** - * Checks if a given request has access to delete a revision. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has access to delete the item, WP_Error object otherwise. - */ - public function delete_item_permissions_check( $request ) { - $parent = $this->get_parent( $request['parent'] ); - if ( is_wp_error( $parent ) ) { - return $parent; - } - - $revision = $this->get_revision( $request['id'] ); - if ( is_wp_error( $revision ) ) { - return $revision; - } - - $response = $this->get_items_permissions_check( $request ); - if ( ! $response || is_wp_error( $response ) ) { - return $response; - } - - $post_type = get_post_type_object( 'revision' ); - - if ( ! current_user_can( $post_type->cap->delete_post, $revision->ID ) ) { - return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this revision.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Deletes a single revision. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True on success, or WP_Error object on failure. - */ - public function delete_item( $request ) { - $revision = $this->get_revision( $request['id'] ); - if ( is_wp_error( $revision ) ) { - return $revision; - } - - $force = isset( $request['force'] ) ? (bool) $request['force'] : false; - - // We don't support trashing for revisions. - if ( ! $force ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Revisions do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); - } - - $previous = $this->prepare_item_for_response( $revision, $request ); - - $result = wp_delete_post( $request['id'], true ); - - /** - * Fires after a revision is deleted via the REST API. - * - * @since 4.7.0 - * - * @param (mixed) $result The revision object (if it was deleted or moved to the trash successfully) - * or false (failure). If the revision was moved to the trash, $result represents - * its new state; if it was deleted, $result represents its state before deletion. - * @param WP_REST_Request $request The request sent to the API. - */ - do_action( 'rest_delete_revision', $result, $request ); - - if ( ! $result ) { - return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) ); - } - - $response = new WP_REST_Response(); - $response->set_data( - array( - 'deleted' => true, - 'previous' => $previous->get_data(), - ) - ); - return $response; - } - - /** - * Determines the allowed query_vars for a get_items() response and prepares - * them for WP_Query. - * - * @since 5.0.0 - * - * @param array $prepared_args Optional. Prepared WP_Query arguments. Default empty array. - * @param WP_REST_Request $request Optional. Full details about the request. - * @return array Items query arguments. - */ - protected function prepare_items_query( $prepared_args = array(), $request = null ) { - $query_args = array(); - - foreach ( $prepared_args as $key => $value ) { - /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */ - $query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores - } - - // Map to proper WP_Query orderby param. - if ( isset( $query_args['orderby'] ) && isset( $request['orderby'] ) ) { - $orderby_mappings = array( - 'id' => 'ID', - 'include' => 'post__in', - 'slug' => 'post_name', - 'include_slugs' => 'post_name__in', - ); - - if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) { - $query_args['orderby'] = $orderby_mappings[ $request['orderby'] ]; - } - } - - return $query_args; - } - - /** - * Prepares the revision for the REST response. - * - * @since 4.7.0 - * - * @param WP_Post $post Post revision object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $post, $request ) { - $GLOBALS['post'] = $post; - - setup_postdata( $post ); - - $fields = $this->get_fields_for_response( $request ); - $data = array(); - - if ( in_array( 'author', $fields, true ) ) { - $data['author'] = (int) $post->post_author; - } - - if ( in_array( 'date', $fields, true ) ) { - $data['date'] = $this->prepare_date_response( $post->post_date_gmt, $post->post_date ); - } - - if ( in_array( 'date_gmt', $fields, true ) ) { - $data['date_gmt'] = $this->prepare_date_response( $post->post_date_gmt ); - } - - if ( in_array( 'id', $fields, true ) ) { - $data['id'] = $post->ID; - } - - if ( in_array( 'modified', $fields, true ) ) { - $data['modified'] = $this->prepare_date_response( $post->post_modified_gmt, $post->post_modified ); - } - - if ( in_array( 'modified_gmt', $fields, true ) ) { - $data['modified_gmt'] = $this->prepare_date_response( $post->post_modified_gmt ); - } - - if ( in_array( 'parent', $fields, true ) ) { - $data['parent'] = (int) $post->post_parent; - } - - if ( in_array( 'slug', $fields, true ) ) { - $data['slug'] = $post->post_name; - } - - if ( in_array( 'guid', $fields, true ) ) { - $data['guid'] = array( - /** This filter is documented in wp-includes/post-template.php */ - 'rendered' => apply_filters( 'get_the_guid', $post->guid, $post->ID ), - 'raw' => $post->guid, - ); - } - - if ( in_array( 'title', $fields, true ) ) { - $data['title'] = array( - 'raw' => $post->post_title, - 'rendered' => get_the_title( $post->ID ), - ); - } - - if ( in_array( 'content', $fields, true ) ) { - - $data['content'] = array( - 'raw' => $post->post_content, - /** This filter is documented in wp-includes/post-template.php */ - 'rendered' => apply_filters( 'the_content', $post->post_content ), - ); - } - - if ( in_array( 'excerpt', $fields, true ) ) { - $data['excerpt'] = array( - 'raw' => $post->post_excerpt, - 'rendered' => $this->prepare_excerpt_response( $post->post_excerpt, $post ), - ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - $response = rest_ensure_response( $data ); - - if ( ! empty( $data['parent'] ) ) { - $response->add_link( 'parent', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->parent_base, $data['parent'] ) ) ); - } - - /** - * Filters a revision returned from the API. - * - * Allows modification of the revision right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param WP_Post $post The original revision object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_revision', $response, $post, $request ); - } - - /** - * Checks the post_date_gmt or modified_gmt and prepare any post or - * modified date for single post output. - * - * @since 4.7.0 - * - * @param string $date_gmt GMT publication time. - * @param string|null $date Optional. Local publication time. Default null. - * @return string|null ISO8601/RFC3339 formatted datetime, otherwise null. - */ - protected function prepare_date_response( $date_gmt, $date = null ) { - if ( '0000-00-00 00:00:00' === $date_gmt ) { - return null; - } - - if ( isset( $date ) ) { - return mysql_to_rfc3339( $date ); - } - - return mysql_to_rfc3339( $date_gmt ); - } - - /** - * Retrieves the revision's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => "{$this->parent_post_type}-revision", - 'type' => 'object', - // Base properties for every Revision. - 'properties' => array( - 'author' => array( - 'description' => __( 'The ID for the author of the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'date' => array( - 'description' => __( "The date the object was published, in the site's timezone." ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'date_gmt' => array( - 'description' => __( 'The date the object was published, as GMT.' ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - ), - 'guid' => array( - 'description' => __( 'GUID for the object, as it exists in the database.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - ), - 'id' => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'modified' => array( - 'description' => __( "The date the object was last modified, in the site's timezone." ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - ), - 'modified_gmt' => array( - 'description' => __( 'The date the object was last modified, as GMT.' ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'view', 'edit' ), - ), - 'parent' => array( - 'description' => __( 'The ID for the parent of the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit', 'embed' ), - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the object unique to its type.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - ), - ), - ); - - $parent_schema = $this->parent_controller->get_item_schema(); - - if ( ! empty( $parent_schema['properties']['title'] ) ) { - $schema['properties']['title'] = $parent_schema['properties']['title']; - } - - if ( ! empty( $parent_schema['properties']['content'] ) ) { - $schema['properties']['content'] = $parent_schema['properties']['content']; - } - - if ( ! empty( $parent_schema['properties']['excerpt'] ) ) { - $schema['properties']['excerpt'] = $parent_schema['properties']['excerpt']; - } - - if ( ! empty( $parent_schema['properties']['guid'] ) ) { - $schema['properties']['guid'] = $parent_schema['properties']['guid']; - } - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $query_params = parent::get_collection_params(); - - $query_params['context']['default'] = 'view'; - - unset( $query_params['per_page']['default'] ); - - $query_params['exclude'] = array( - 'description' => __( 'Ensure result set excludes specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['include'] = array( - 'description' => __( 'Limit result set to specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['offset'] = array( - 'description' => __( 'Offset the result set by a specific number of items.' ), - 'type' => 'integer', - ); - - $query_params['order'] = array( - 'description' => __( 'Order sort attribute ascending or descending.' ), - 'type' => 'string', - 'default' => 'desc', - 'enum' => array( 'asc', 'desc' ), - ); - - $query_params['orderby'] = array( - 'description' => __( 'Sort collection by object attribute.' ), - 'type' => 'string', - 'default' => 'date', - 'enum' => array( - 'date', - 'id', - 'include', - 'relevance', - 'slug', - 'include_slugs', - 'title', - ), - ); - - return $query_params; - } - - /** - * Checks the post excerpt and prepare it for single post output. - * - * @since 4.7.0 - * - * @param string $excerpt The post excerpt. - * @param WP_Post $post Post revision object. - * @return string Prepared excerpt or empty string. - */ - protected function prepare_excerpt_response( $excerpt, $post ) { - - /** This filter is documented in wp-includes/post-template.php */ - $excerpt = apply_filters( 'the_excerpt', $excerpt, $post ); - - if ( empty( $excerpt ) ) { - return ''; - } - - return $excerpt; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php deleted file mode 100644 index b657311..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php +++ /dev/null @@ -1,364 +0,0 @@ -<?php -/** - * REST API: WP_REST_Search_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 5.0.0 - */ - -/** - * Core class to search through all WordPress content via the REST API. - * - * @since 5.0.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Search_Controller extends WP_REST_Controller { - - /** - * ID property name. - */ - const PROP_ID = 'id'; - - /** - * Title property name. - */ - const PROP_TITLE = 'title'; - - /** - * URL property name. - */ - const PROP_URL = 'url'; - - /** - * Type property name. - */ - const PROP_TYPE = 'type'; - - /** - * Subtype property name. - */ - const PROP_SUBTYPE = 'subtype'; - - /** - * Identifier for the 'any' type. - */ - const TYPE_ANY = 'any'; - - /** - * Search handlers used by the controller. - * - * @since 5.0.0 - * @var array - */ - protected $search_handlers = array(); - - /** - * Constructor. - * - * @since 5.0.0 - * - * @param array $search_handlers List of search handlers to use in the controller. Each search - * handler instance must extend the `WP_REST_Search_Handler` class. - */ - public function __construct( array $search_handlers ) { - $this->namespace = 'wp/v2'; - $this->rest_base = 'search'; - - foreach ( $search_handlers as $search_handler ) { - if ( ! $search_handler instanceof WP_REST_Search_Handler ) { - - /* translators: %s: PHP class name. */ - _doing_it_wrong( __METHOD__, sprintf( __( 'REST search handlers must extend the %s class.' ), 'WP_REST_Search_Handler' ), '5.0.0' ); - continue; - } - - $this->search_handlers[ $search_handler->get_type() ] = $search_handler; - } - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 5.0.0 - * - * @see register_rest_route() - */ - public function register_routes() { - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permission_check' ), - 'args' => $this->get_collection_params(), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks if a given request has access to search content. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has search access, WP_Error object otherwise. - */ - public function get_items_permission_check( $request ) { - return true; - } - - /** - * Retrieves a collection of search results. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - $handler = $this->get_search_handler( $request ); - if ( is_wp_error( $handler ) ) { - return $handler; - } - - $result = $handler->search_items( $request ); - - if ( ! isset( $result[ WP_REST_Search_Handler::RESULT_IDS ] ) || ! is_array( $result[ WP_REST_Search_Handler::RESULT_IDS ] ) || ! isset( $result[ WP_REST_Search_Handler::RESULT_TOTAL ] ) ) { - return new WP_Error( 'rest_search_handler_error', __( 'Internal search handler error.' ), array( 'status' => 500 ) ); - } - - $ids = array_map( 'absint', $result[ WP_REST_Search_Handler::RESULT_IDS ] ); - - $results = array(); - foreach ( $ids as $id ) { - $data = $this->prepare_item_for_response( $id, $request ); - $results[] = $this->prepare_response_for_collection( $data ); - } - - $total = (int) $result[ WP_REST_Search_Handler::RESULT_TOTAL ]; - $page = (int) $request['page']; - $per_page = (int) $request['per_page']; - $max_pages = ceil( $total / $per_page ); - - if ( $page > $max_pages && $total > 0 ) { - return new WP_Error( 'rest_search_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) ); - } - - $response = rest_ensure_response( $results ); - $response->header( 'X-WP-Total', $total ); - $response->header( 'X-WP-TotalPages', $max_pages ); - - $request_params = $request->get_query_params(); - $base = add_query_arg( urlencode_deep( $request_params ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); - - if ( $page > 1 ) { - $prev_link = add_query_arg( 'page', $page - 1, $base ); - $response->link_header( 'prev', $prev_link ); - } - if ( $page < $max_pages ) { - $next_link = add_query_arg( 'page', $page + 1, $base ); - $response->link_header( 'next', $next_link ); - } - - return $response; - } - - /** - * Prepares a single search result for response. - * - * @since 5.0.0 - * - * @param int $id ID of the item to prepare. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $id, $request ) { - $handler = $this->get_search_handler( $request ); - if ( is_wp_error( $handler ) ) { - return new WP_REST_Response(); - } - - $fields = $this->get_fields_for_response( $request ); - - $data = $handler->prepare_item( $id, $fields ); - $data = $this->add_additional_fields_to_object( $data, $request ); - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->filter_response_by_context( $data, $context ); - - $response = rest_ensure_response( $data ); - - $links = $handler->prepare_item_links( $id ); - $links['collection'] = array( - 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), - ); - $response->add_links( $links ); - - return $response; - } - - /** - * Retrieves the item schema, conforming to JSON Schema. - * - * @since 5.0.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $types = array(); - $subtypes = array(); - foreach ( $this->search_handlers as $search_handler ) { - $types[] = $search_handler->get_type(); - $subtypes = array_merge( $subtypes, $search_handler->get_subtypes() ); - } - - $types = array_unique( $types ); - $subtypes = array_unique( $subtypes ); - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'search-result', - 'type' => 'object', - 'properties' => array( - self::PROP_ID => array( - 'description' => __( 'Unique identifier for the object.' ), - 'type' => 'integer', - 'context' => array( 'view', 'embed' ), - 'readonly' => true, - ), - self::PROP_TITLE => array( - 'description' => __( 'The title for the object.' ), - 'type' => 'string', - 'context' => array( 'view', 'embed' ), - 'readonly' => true, - ), - self::PROP_URL => array( - 'description' => __( 'URL to the object.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'view', 'embed' ), - 'readonly' => true, - ), - self::PROP_TYPE => array( - 'description' => __( 'Object type.' ), - 'type' => 'string', - 'enum' => $types, - 'context' => array( 'view', 'embed' ), - 'readonly' => true, - ), - self::PROP_SUBTYPE => array( - 'description' => __( 'Object subtype.' ), - 'type' => 'string', - 'enum' => $subtypes, - 'context' => array( 'view', 'embed' ), - 'readonly' => true, - ), - ), - ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for the search results collection. - * - * @since 5.0.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $types = array(); - $subtypes = array(); - foreach ( $this->search_handlers as $search_handler ) { - $types[] = $search_handler->get_type(); - $subtypes = array_merge( $subtypes, $search_handler->get_subtypes() ); - } - - $types = array_unique( $types ); - $subtypes = array_unique( $subtypes ); - - $query_params = parent::get_collection_params(); - - $query_params['context']['default'] = 'view'; - - $query_params[ self::PROP_TYPE ] = array( - 'default' => $types[0], - 'description' => __( 'Limit results to items of an object type.' ), - 'type' => 'string', - 'enum' => $types, - ); - - $query_params[ self::PROP_SUBTYPE ] = array( - 'default' => self::TYPE_ANY, - 'description' => __( 'Limit results to items of one or more object subtypes.' ), - 'type' => 'array', - 'items' => array( - 'enum' => array_merge( $subtypes, array( self::TYPE_ANY ) ), - 'type' => 'string', - ), - 'sanitize_callback' => array( $this, 'sanitize_subtypes' ), - ); - - return $query_params; - } - - /** - * Sanitizes the list of subtypes, to ensure only subtypes of the passed type are included. - * - * @since 5.0.0 - * - * @param string|array $subtypes One or more subtypes. - * @param WP_REST_Request $request Full details about the request. - * @param string $parameter Parameter name. - * @return array|WP_Error List of valid subtypes, or WP_Error object on failure. - */ - public function sanitize_subtypes( $subtypes, $request, $parameter ) { - $subtypes = wp_parse_slug_list( $subtypes ); - - $subtypes = rest_parse_request_arg( $subtypes, $request, $parameter ); - if ( is_wp_error( $subtypes ) ) { - return $subtypes; - } - - // 'any' overrides any other subtype. - if ( in_array( self::TYPE_ANY, $subtypes, true ) ) { - return array( self::TYPE_ANY ); - } - - $handler = $this->get_search_handler( $request ); - if ( is_wp_error( $handler ) ) { - return $handler; - } - - return array_intersect( $subtypes, $handler->get_subtypes() ); - } - - /** - * Gets the search handler to handle the current request. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Search_Handler|WP_Error Search handler for the request type, or WP_Error object on failure. - */ - protected function get_search_handler( $request ) { - $type = $request->get_param( self::PROP_TYPE ); - - if ( ! $type || ! isset( $this->search_handlers[ $type ] ) ) { - return new WP_Error( 'rest_search_invalid_type', __( 'Invalid type parameter.' ), array( 'status' => 400 ) ); - } - - return $this->search_handlers[ $type ]; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php deleted file mode 100644 index c5cf1a7..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php +++ /dev/null @@ -1,348 +0,0 @@ -<?php -/** - * REST API: WP_REST_Settings_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class used to manage a site's settings via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Settings_Controller extends WP_REST_Controller { - - /** - * Constructor. - * - * @since 4.7.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'settings'; - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'args' => array(), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - ), - array( - 'methods' => WP_REST_Server::EDITABLE, - 'callback' => array( $this, 'update_item' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - } - - /** - * Checks if a given request has access to read and manage settings. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool True if the request has read access for the item, otherwise false. - */ - public function get_item_permissions_check( $request ) { - return current_user_can( 'manage_options' ); - } - - /** - * Retrieves the settings. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return array|WP_Error Array on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $options = $this->get_registered_options(); - $response = array(); - - foreach ( $options as $name => $args ) { - /** - * Filters the value of a setting recognized by the REST API. - * - * Allow hijacking the setting value and overriding the built-in behavior by returning a - * non-null value. The returned value will be presented as the setting value instead. - * - * @since 4.7.0 - * - * @param mixed $result Value to use for the requested setting. Can be a scalar - * matching the registered schema for the setting, or null to - * follow the default get_option() behavior. - * @param string $name Setting name (as shown in REST API responses). - * @param array $args Arguments passed to register_setting() for this setting. - */ - $response[ $name ] = apply_filters( 'rest_pre_get_setting', null, $name, $args ); - - if ( is_null( $response[ $name ] ) ) { - // Default to a null value as "null" in the response means "not set". - $response[ $name ] = get_option( $args['option_name'], $args['schema']['default'] ); - } - - /* - * Because get_option() is lossy, we have to - * cast values to the type they are registered with. - */ - $response[ $name ] = $this->prepare_value( $response[ $name ], $args['schema'] ); - } - - return $response; - } - - /** - * Prepares a value for output based off a schema array. - * - * @since 4.7.0 - * - * @param mixed $value Value to prepare. - * @param array $schema Schema to match. - * @return mixed The prepared value. - */ - protected function prepare_value( $value, $schema ) { - /* - * If the value is not valid by the schema, set the value to null. - * Null values are specifically non-destructive, so this will not cause - * overwriting the current invalid value to null. - */ - if ( is_wp_error( rest_validate_value_from_schema( $value, $schema ) ) ) { - return null; - } - return rest_sanitize_value_from_schema( $value, $schema ); - } - - /** - * Updates settings for the settings object. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return array|WP_Error Array on success, or error object on failure. - */ - public function update_item( $request ) { - $options = $this->get_registered_options(); - - $params = $request->get_params(); - - foreach ( $options as $name => $args ) { - if ( ! array_key_exists( $name, $params ) ) { - continue; - } - - /** - * Filters whether to preempt a setting value update. - * - * Allows hijacking the setting update logic and overriding the built-in behavior by - * returning true. - * - * @since 4.7.0 - * - * @param bool $result Whether to override the default behavior for updating the - * value of a setting. - * @param string $name Setting name (as shown in REST API responses). - * @param mixed $value Updated setting value. - * @param array $args Arguments passed to register_setting() for this setting. - */ - $updated = apply_filters( 'rest_pre_update_setting', false, $name, $request[ $name ], $args ); - - if ( $updated ) { - continue; - } - - /* - * A null value for an option would have the same effect as - * deleting the option from the database, and relying on the - * default value. - */ - if ( is_null( $request[ $name ] ) ) { - /* - * A null value is returned in the response for any option - * that has a non-scalar value. - * - * To protect clients from accidentally including the null - * values from a response object in a request, we do not allow - * options with values that don't pass validation to be updated to null. - * Without this added protection a client could mistakenly - * delete all options that have invalid values from the - * database. - */ - if ( is_wp_error( rest_validate_value_from_schema( get_option( $args['option_name'], false ), $args['schema'] ) ) ) { - return new WP_Error( - 'rest_invalid_stored_value', - /* translators: %s: Property name. */ - sprintf( __( 'The %s property has an invalid stored value, and cannot be updated to null.' ), $name ), - array( 'status' => 500 ) - ); - } - - delete_option( $args['option_name'] ); - } else { - update_option( $args['option_name'], $request[ $name ] ); - } - } - - return $this->get_item( $request ); - } - - /** - * Retrieves all of the registered options for the Settings API. - * - * @since 4.7.0 - * - * @return array Array of registered options. - */ - protected function get_registered_options() { - $rest_options = array(); - - foreach ( get_registered_settings() as $name => $args ) { - if ( empty( $args['show_in_rest'] ) ) { - continue; - } - - $rest_args = array(); - - if ( is_array( $args['show_in_rest'] ) ) { - $rest_args = $args['show_in_rest']; - } - - $defaults = array( - 'name' => ! empty( $rest_args['name'] ) ? $rest_args['name'] : $name, - 'schema' => array(), - ); - - $rest_args = array_merge( $defaults, $rest_args ); - - $default_schema = array( - 'type' => empty( $args['type'] ) ? null : $args['type'], - 'description' => empty( $args['description'] ) ? '' : $args['description'], - 'default' => isset( $args['default'] ) ? $args['default'] : null, - ); - - $rest_args['schema'] = array_merge( $default_schema, $rest_args['schema'] ); - $rest_args['option_name'] = $name; - - // Skip over settings that don't have a defined type in the schema. - if ( empty( $rest_args['schema']['type'] ) ) { - continue; - } - - /* - * Whitelist the supported types for settings, as we don't want invalid types - * to be updated with arbitrary values that we can't do decent sanitizing for. - */ - if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'integer', 'string', 'boolean', 'array', 'object' ), true ) ) { - continue; - } - - $rest_args['schema'] = $this->set_additional_properties_to_false( $rest_args['schema'] ); - - $rest_options[ $rest_args['name'] ] = $rest_args; - } - - return $rest_options; - } - - /** - * Retrieves the site setting schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $options = $this->get_registered_options(); - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'settings', - 'type' => 'object', - 'properties' => array(), - ); - - foreach ( $options as $option_name => $option ) { - $schema['properties'][ $option_name ] = $option['schema']; - $schema['properties'][ $option_name ]['arg_options'] = array( - 'sanitize_callback' => array( $this, 'sanitize_callback' ), - ); - } - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Custom sanitize callback used for all options to allow the use of 'null'. - * - * By default, the schema of settings will throw an error if a value is set to - * `null` as it's not a valid value for something like "type => string". We - * provide a wrapper sanitizer to whitelist the use of `null`. - * - * @since 4.7.0 - * - * @param mixed $value The value for the setting. - * @param WP_REST_Request $request The request object. - * @param string $param The parameter name. - * @return mixed|WP_Error - */ - public function sanitize_callback( $value, $request, $param ) { - if ( is_null( $value ) ) { - return $value; - } - return rest_parse_request_arg( $value, $request, $param ); - } - - /** - * Recursively add additionalProperties = false to all objects in a schema. - * - * This is need to restrict properties of objects in settings values to only - * registered items, as the REST API will allow additional properties by - * default. - * - * @since 4.9.0 - * - * @param array $schema The schema array. - * @return array - */ - protected function set_additional_properties_to_false( $schema ) { - switch ( $schema['type'] ) { - case 'object': - foreach ( $schema['properties'] as $key => $child_schema ) { - $schema['properties'][ $key ] = $this->set_additional_properties_to_false( $child_schema ); - } - $schema['additionalProperties'] = false; - break; - case 'array': - $schema['items'] = $this->set_additional_properties_to_false( $schema['items'] ); - break; - } - - return $schema; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php deleted file mode 100644 index 822f595..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php +++ /dev/null @@ -1,402 +0,0 @@ -<?php -/** - * REST API: WP_REST_Taxonomies_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class used to manage taxonomies via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Taxonomies_Controller extends WP_REST_Controller { - - /** - * Constructor. - * - * @since 4.7.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'taxonomies'; - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<taxonomy>[\w-]+)', - array( - 'args' => array( - 'taxonomy' => array( - 'description' => __( 'An alphanumeric identifier for the taxonomy.' ), - 'type' => 'string', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks whether a given request has permission to read taxonomies. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has read access, WP_Error object otherwise. - */ - public function get_items_permissions_check( $request ) { - if ( 'edit' === $request['context'] ) { - if ( ! empty( $request['type'] ) ) { - $taxonomies = get_object_taxonomies( $request['type'], 'objects' ); - } else { - $taxonomies = get_taxonomies( '', 'objects' ); - } - foreach ( $taxonomies as $taxonomy ) { - if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap->assign_terms ) ) { - return true; - } - } - return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); - } - return true; - } - - /** - * Retrieves all public taxonomies. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - - // Retrieve the list of registered collection query parameters. - $registered = $this->get_collection_params(); - - if ( isset( $registered['type'] ) && ! empty( $request['type'] ) ) { - $taxonomies = get_object_taxonomies( $request['type'], 'objects' ); - } else { - $taxonomies = get_taxonomies( '', 'objects' ); - } - $data = array(); - foreach ( $taxonomies as $tax_type => $value ) { - if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap->assign_terms ) ) ) { - continue; - } - $tax = $this->prepare_item_for_response( $value, $request ); - $tax = $this->prepare_response_for_collection( $tax ); - $data[ $tax_type ] = $tax; - } - - if ( empty( $data ) ) { - // Response should still be returned as a JSON object when it is empty. - $data = (object) $data; - } - - return rest_ensure_response( $data ); - } - - /** - * Checks if a given request has access to a taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has read access for the item, otherwise false or WP_Error object. - */ - public function get_item_permissions_check( $request ) { - - $tax_obj = get_taxonomy( $request['taxonomy'] ); - - if ( $tax_obj ) { - if ( empty( $tax_obj->show_in_rest ) ) { - return false; - } - if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->assign_terms ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); - } - } - - return true; - } - - /** - * Retrieves a specific taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $tax_obj = get_taxonomy( $request['taxonomy'] ); - if ( empty( $tax_obj ) ) { - return new WP_Error( 'rest_taxonomy_invalid', __( 'Invalid taxonomy.' ), array( 'status' => 404 ) ); - } - $data = $this->prepare_item_for_response( $tax_obj, $request ); - return rest_ensure_response( $data ); - } - - /** - * Prepares a taxonomy object for serialization. - * - * @since 4.7.0 - * - * @param stdClass $taxonomy Taxonomy data. - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $taxonomy, $request ) { - $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; - - $fields = $this->get_fields_for_response( $request ); - $data = array(); - - if ( in_array( 'name', $fields, true ) ) { - $data['name'] = $taxonomy->label; - } - - if ( in_array( 'slug', $fields, true ) ) { - $data['slug'] = $taxonomy->name; - } - - if ( in_array( 'capabilities', $fields, true ) ) { - $data['capabilities'] = $taxonomy->cap; - } - - if ( in_array( 'description', $fields, true ) ) { - $data['description'] = $taxonomy->description; - } - - if ( in_array( 'labels', $fields, true ) ) { - $data['labels'] = $taxonomy->labels; - } - - if ( in_array( 'types', $fields, true ) ) { - $data['types'] = array_values( $taxonomy->object_type ); - } - - if ( in_array( 'show_cloud', $fields, true ) ) { - $data['show_cloud'] = $taxonomy->show_tagcloud; - } - - if ( in_array( 'hierarchical', $fields, true ) ) { - $data['hierarchical'] = $taxonomy->hierarchical; - } - - if ( in_array( 'rest_base', $fields, true ) ) { - $data['rest_base'] = $base; - } - - if ( in_array( 'visibility', $fields, true ) ) { - $data['visibility'] = array( - 'public' => (bool) $taxonomy->public, - 'publicly_queryable' => (bool) $taxonomy->publicly_queryable, - 'show_admin_column' => (bool) $taxonomy->show_admin_column, - 'show_in_nav_menus' => (bool) $taxonomy->show_in_nav_menus, - 'show_in_quick_edit' => (bool) $taxonomy->show_in_quick_edit, - 'show_ui' => (bool) $taxonomy->show_ui, - ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - $response->add_links( - array( - 'collection' => array( - 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), - ), - 'https://api.w.org/items' => array( - 'href' => rest_url( sprintf( 'wp/v2/%s', $base ) ), - ), - ) - ); - - /** - * Filters a taxonomy returned from the REST API. - * - * Allows modification of the taxonomy data right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param object $item The original taxonomy object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( 'rest_prepare_taxonomy', $response, $taxonomy, $request ); - } - - /** - * Retrieves the taxonomy's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'taxonomy', - 'type' => 'object', - 'properties' => array( - 'capabilities' => array( - 'description' => __( 'All capabilities used by the taxonomy.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'description' => array( - 'description' => __( 'A human-readable description of the taxonomy.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'hierarchical' => array( - 'description' => __( 'Whether or not the taxonomy should have children.' ), - 'type' => 'boolean', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'labels' => array( - 'description' => __( 'Human-readable labels for the taxonomy for various contexts.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'name' => array( - 'description' => __( 'The title for the taxonomy.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the taxonomy.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'show_cloud' => array( - 'description' => __( 'Whether or not the term cloud should be displayed.' ), - 'type' => 'boolean', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'types' => array( - 'description' => __( 'Types associated with the taxonomy.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'rest_base' => array( - 'description' => __( 'REST base route for the taxonomy.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit', 'embed' ), - 'readonly' => true, - ), - 'visibility' => array( - 'description' => __( 'The visibility settings for the taxonomy.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - 'properties' => array( - 'public' => array( - 'description' => __( 'Whether a taxonomy is intended for use publicly either via the admin interface or by front-end users.' ), - 'type' => 'boolean', - ), - 'publicly_queryable' => array( - 'description' => __( 'Whether the taxonomy is publicly queryable.' ), - 'type' => 'boolean', - ), - 'show_ui' => array( - 'description' => __( 'Whether to generate a default UI for managing this taxonomy.' ), - 'type' => 'boolean', - ), - 'show_admin_column' => array( - 'description' => __( 'Whether to allow automatic creation of taxonomy columns on associated post-types table.' ), - 'type' => 'boolean', - ), - 'show_in_nav_menus' => array( - 'description' => __( 'Whether to make the taxonomy available for selection in navigation menus.' ), - 'type' => 'boolean', - ), - 'show_in_quick_edit' => array( - 'description' => __( 'Whether to show the taxonomy in the quick/bulk edit panel.' ), - 'type' => 'boolean', - ), - - ), - ), - ), - ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $new_params = array(); - $new_params['context'] = $this->get_context_param( array( 'default' => 'view' ) ); - $new_params['type'] = array( - 'description' => __( 'Limit results to taxonomies associated with a specific post type.' ), - 'type' => 'string', - ); - return $new_params; - } - -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php deleted file mode 100644 index 5b0f845..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php +++ /dev/null @@ -1,1059 +0,0 @@ -<?php -/** - * REST API: WP_REST_Terms_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class used to managed terms associated with a taxonomy via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Terms_Controller extends WP_REST_Controller { - - /** - * Taxonomy key. - * - * @since 4.7.0 - * @var string - */ - protected $taxonomy; - - /** - * Instance of a term meta fields object. - * - * @since 4.7.0 - * @var WP_REST_Term_Meta_Fields - */ - protected $meta; - - /** - * Column to have the terms be sorted by. - * - * @since 4.7.0 - * @var string - */ - protected $sort_column; - - /** - * Number of terms that were found. - * - * @since 4.7.0 - * @var int - */ - protected $total_terms; - - /** - * Constructor. - * - * @since 4.7.0 - * - * @param string $taxonomy Taxonomy key. - */ - public function __construct( $taxonomy ) { - $this->taxonomy = $taxonomy; - $this->namespace = 'wp/v2'; - $tax_obj = get_taxonomy( $taxonomy ); - $this->rest_base = ! empty( $tax_obj->rest_base ) ? $tax_obj->rest_base : $tax_obj->name; - - $this->meta = new WP_REST_Term_Meta_Fields( $taxonomy ); - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - array( - 'methods' => WP_REST_Server::CREATABLE, - 'callback' => array( $this, 'create_item' ), - 'permission_callback' => array( $this, 'create_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<id>[\d]+)', - array( - 'args' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the term.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - array( - 'methods' => WP_REST_Server::EDITABLE, - 'callback' => array( $this, 'update_item' ), - 'permission_callback' => array( $this, 'update_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - ), - array( - 'methods' => WP_REST_Server::DELETABLE, - 'callback' => array( $this, 'delete_item' ), - 'permission_callback' => array( $this, 'delete_item_permissions_check' ), - 'args' => array( - 'force' => array( - 'type' => 'boolean', - 'default' => false, - 'description' => __( 'Required to be true, as terms do not support trashing.' ), - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks if a request has access to read terms in the specified taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has read access, otherwise false or WP_Error object. - */ - public function get_items_permissions_check( $request ) { - $tax_obj = get_taxonomy( $this->taxonomy ); - if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { - return false; - } - if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); - } - return true; - } - - /** - * Retrieves terms associated with a taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - - // Retrieve the list of registered collection query parameters. - $registered = $this->get_collection_params(); - - /* - * This array defines mappings between public API query parameters whose - * values are accepted as-passed, and their internal WP_Query parameter - * name equivalents (some are the same). Only values which are also - * present in $registered will be set. - */ - $parameter_mappings = array( - 'exclude' => 'exclude', - 'include' => 'include', - 'order' => 'order', - 'orderby' => 'orderby', - 'post' => 'post', - 'hide_empty' => 'hide_empty', - 'per_page' => 'number', - 'search' => 'search', - 'slug' => 'slug', - ); - - $prepared_args = array( 'taxonomy' => $this->taxonomy ); - - /* - * For each known parameter which is both registered and present in the request, - * set the parameter's value on the query $prepared_args. - */ - foreach ( $parameter_mappings as $api_param => $wp_param ) { - if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { - $prepared_args[ $wp_param ] = $request[ $api_param ]; - } - } - - if ( isset( $prepared_args['orderby'] ) && isset( $request['orderby'] ) ) { - $orderby_mappings = array( - 'include_slugs' => 'slug__in', - ); - - if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) { - $prepared_args['orderby'] = $orderby_mappings[ $request['orderby'] ]; - } - } - - if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) { - $prepared_args['offset'] = $request['offset']; - } else { - $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number']; - } - - $taxonomy_obj = get_taxonomy( $this->taxonomy ); - - if ( $taxonomy_obj->hierarchical && isset( $registered['parent'], $request['parent'] ) ) { - if ( 0 === $request['parent'] ) { - // Only query top-level terms. - $prepared_args['parent'] = 0; - } else { - if ( $request['parent'] ) { - $prepared_args['parent'] = $request['parent']; - } - } - } - - /** - * Filters the query arguments before passing them to get_terms(). - * - * The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug. - * - * Enables adding extra arguments or setting defaults for a terms - * collection request. - * - * @since 4.7.0 - * - * @link https://developer.wordpress.org/reference/functions/get_terms/ - * - * @param array $prepared_args Array of arguments to be - * passed to get_terms(). - * @param WP_REST_Request $request The current request. - */ - $prepared_args = apply_filters( "rest_{$this->taxonomy}_query", $prepared_args, $request ); - - if ( ! empty( $prepared_args['post'] ) ) { - $query_result = wp_get_object_terms( $prepared_args['post'], $this->taxonomy, $prepared_args ); - - // Used when calling wp_count_terms() below. - $prepared_args['object_ids'] = $prepared_args['post']; - } else { - $query_result = get_terms( $prepared_args ); - } - - $count_args = $prepared_args; - - unset( $count_args['number'], $count_args['offset'] ); - - $total_terms = wp_count_terms( $this->taxonomy, $count_args ); - - // wp_count_terms can return a falsy value when the term has no children. - if ( ! $total_terms ) { - $total_terms = 0; - } - - $response = array(); - - foreach ( $query_result as $term ) { - $data = $this->prepare_item_for_response( $term, $request ); - $response[] = $this->prepare_response_for_collection( $data ); - } - - $response = rest_ensure_response( $response ); - - // Store pagination values for headers. - $per_page = (int) $prepared_args['number']; - $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); - - $response->header( 'X-WP-Total', (int) $total_terms ); - - $max_pages = ceil( $total_terms / $per_page ); - - $response->header( 'X-WP-TotalPages', (int) $max_pages ); - - $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( $this->namespace . '/' . $this->rest_base ) ); - if ( $page > 1 ) { - $prev_page = $page - 1; - - if ( $prev_page > $max_pages ) { - $prev_page = $max_pages; - } - - $prev_link = add_query_arg( 'page', $prev_page, $base ); - $response->link_header( 'prev', $prev_link ); - } - if ( $max_pages > $page ) { - $next_page = $page + 1; - $next_link = add_query_arg( 'page', $next_page, $base ); - - $response->link_header( 'next', $next_link ); - } - - return $response; - } - - /** - * Get the term, if the ID is valid. - * - * @since 4.7.2 - * - * @param int $id Supplied ID. - * @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise. - */ - protected function get_term( $id ) { - $error = new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); - - if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { - return $error; - } - - if ( (int) $id <= 0 ) { - return $error; - } - - $term = get_term( (int) $id, $this->taxonomy ); - if ( empty( $term ) || $term->taxonomy !== $this->taxonomy ) { - return $error; - } - - return $term; - } - - /** - * Checks if a request has access to read or edit the specified term. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has read access for the item, otherwise false or WP_Error object. - */ - public function get_item_permissions_check( $request ) { - $term = $this->get_term( $request['id'] ); - if ( is_wp_error( $term ) ) { - return $term; - } - - if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) ); - } - return true; - } - - /** - * Gets a single term from a taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $term = $this->get_term( $request['id'] ); - if ( is_wp_error( $term ) ) { - return $term; - } - - $response = $this->prepare_item_for_response( $term, $request ); - - return rest_ensure_response( $response ); - } - - /** - * Checks if a request has access to create a term. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has access to create items, false or WP_Error object otherwise. - */ - public function create_item_permissions_check( $request ) { - - if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { - return false; - } - - $taxonomy_obj = get_taxonomy( $this->taxonomy ); - if ( ( is_taxonomy_hierarchical( $this->taxonomy ) - && ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) - || ( ! is_taxonomy_hierarchical( $this->taxonomy ) - && ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) ) { - return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create new terms.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Creates a single term in a taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function create_item( $request ) { - if ( isset( $request['parent'] ) ) { - if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { - return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Cannot set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) ); - } - - $parent = get_term( (int) $request['parent'], $this->taxonomy ); - - if ( ! $parent ) { - return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) ); - } - } - - $prepared_term = $this->prepare_item_for_database( $request ); - - $term = wp_insert_term( wp_slash( $prepared_term->name ), $this->taxonomy, wp_slash( (array) $prepared_term ) ); - if ( is_wp_error( $term ) ) { - /* - * If we're going to inform the client that the term already exists, - * give them the identifier for future use. - */ - $term_id = $term->get_error_data( 'term_exists' ); - if ( $term_id ) { - $existing_term = get_term( $term_id, $this->taxonomy ); - $term->add_data( $existing_term->term_id, 'term_exists' ); - $term->add_data( - array( - 'status' => 400, - 'term_id' => $term_id, - ) - ); - } - - return $term; - } - - $term = get_term( $term['term_id'], $this->taxonomy ); - - /** - * Fires after a single term is created or updated via the REST API. - * - * The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug. - * - * @since 4.7.0 - * - * @param WP_Term $term Inserted or updated term object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a term, false when updating. - */ - do_action( "rest_insert_{$this->taxonomy}", $term, $request, true ); - - $schema = $this->get_item_schema(); - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $term->term_id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $fields_update = $this->update_additional_fields_for_object( $term, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** - * Fires after a single term is completely created or updated via the REST API. - * - * The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug. - * - * @since 5.0.0 - * - * @param WP_Term $term Inserted or updated term object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a term, false when updating. - */ - do_action( "rest_after_insert_{$this->taxonomy}", $term, $request, true ); - - $response = $this->prepare_item_for_response( $term, $request ); - $response = rest_ensure_response( $response ); - - $response->set_status( 201 ); - $response->header( 'Location', rest_url( $this->namespace . '/' . $this->rest_base . '/' . $term->term_id ) ); - - return $response; - } - - /** - * Checks if a request has access to update the specified term. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has access to update the item, false or WP_Error object otherwise. - */ - public function update_item_permissions_check( $request ) { - $term = $this->get_term( $request['id'] ); - if ( is_wp_error( $term ) ) { - return $term; - } - - if ( ! current_user_can( 'edit_term', $term->term_id ) ) { - return new WP_Error( 'rest_cannot_update', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Updates a single term from a taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function update_item( $request ) { - $term = $this->get_term( $request['id'] ); - if ( is_wp_error( $term ) ) { - return $term; - } - - if ( isset( $request['parent'] ) ) { - if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { - return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Cannot set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) ); - } - - $parent = get_term( (int) $request['parent'], $this->taxonomy ); - - if ( ! $parent ) { - return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) ); - } - } - - $prepared_term = $this->prepare_item_for_database( $request ); - - // Only update the term if we have something to update. - if ( ! empty( $prepared_term ) ) { - $update = wp_update_term( $term->term_id, $term->taxonomy, wp_slash( (array) $prepared_term ) ); - - if ( is_wp_error( $update ) ) { - return $update; - } - } - - $term = get_term( $term->term_id, $this->taxonomy ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ - do_action( "rest_insert_{$this->taxonomy}", $term, $request, false ); - - $schema = $this->get_item_schema(); - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $term->term_id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $fields_update = $this->update_additional_fields_for_object( $term, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ - do_action( "rest_after_insert_{$this->taxonomy}", $term, $request, false ); - - $response = $this->prepare_item_for_response( $term, $request ); - - return rest_ensure_response( $response ); - } - - /** - * Checks if a request has access to delete the specified term. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return bool|WP_Error True if the request has access to delete the item, otherwise false or WP_Error object. - */ - public function delete_item_permissions_check( $request ) { - $term = $this->get_term( $request['id'] ); - if ( is_wp_error( $term ) ) { - return $term; - } - - if ( ! current_user_can( 'delete_term', $term->term_id ) ) { - return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this term.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Deletes a single term from a taxonomy. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function delete_item( $request ) { - $term = $this->get_term( $request['id'] ); - if ( is_wp_error( $term ) ) { - return $term; - } - - $force = isset( $request['force'] ) ? (bool) $request['force'] : false; - - // We don't support trashing for terms. - if ( ! $force ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Terms do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); - } - - $request->set_param( 'context', 'view' ); - - $previous = $this->prepare_item_for_response( $term, $request ); - - $retval = wp_delete_term( $term->term_id, $term->taxonomy ); - - if ( ! $retval ) { - return new WP_Error( 'rest_cannot_delete', __( 'The term cannot be deleted.' ), array( 'status' => 500 ) ); - } - - $response = new WP_REST_Response(); - $response->set_data( - array( - 'deleted' => true, - 'previous' => $previous->get_data(), - ) - ); - - /** - * Fires after a single term is deleted via the REST API. - * - * The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug. - * - * @since 4.7.0 - * - * @param WP_Term $term The deleted term. - * @param WP_REST_Response $response The response data. - * @param WP_REST_Request $request The request sent to the API. - */ - do_action( "rest_delete_{$this->taxonomy}", $term, $response, $request ); - - return $response; - } - - /** - * Prepares a single term for create or update. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Request object. - * @return object $prepared_term Term object. - */ - public function prepare_item_for_database( $request ) { - $prepared_term = new stdClass; - - $schema = $this->get_item_schema(); - if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { - $prepared_term->name = $request['name']; - } - - if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) { - $prepared_term->slug = $request['slug']; - } - - if ( isset( $request['taxonomy'] ) && ! empty( $schema['properties']['taxonomy'] ) ) { - $prepared_term->taxonomy = $request['taxonomy']; - } - - if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) { - $prepared_term->description = $request['description']; - } - - if ( isset( $request['parent'] ) && ! empty( $schema['properties']['parent'] ) ) { - $parent_term_id = 0; - $requested_parent = (int) $request['parent']; - - if ( $requested_parent ) { - $parent_term = get_term( $requested_parent, $this->taxonomy ); - - if ( $parent_term instanceof WP_Term ) { - $parent_term_id = $parent_term->term_id; - } - } - - $prepared_term->parent = $parent_term_id; - } - - /** - * Filters term data before inserting term via the REST API. - * - * The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug. - * - * @since 4.7.0 - * - * @param object $prepared_term Term object. - * @param WP_REST_Request $request Request object. - */ - return apply_filters( "rest_pre_insert_{$this->taxonomy}", $prepared_term, $request ); - } - - /** - * Prepares a single term output for response. - * - * @since 4.7.0 - * - * @param obj $item Term object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response $response Response object. - */ - public function prepare_item_for_response( $item, $request ) { - - $fields = $this->get_fields_for_response( $request ); - $data = array(); - - if ( in_array( 'id', $fields, true ) ) { - $data['id'] = (int) $item->term_id; - } - - if ( in_array( 'count', $fields, true ) ) { - $data['count'] = (int) $item->count; - } - - if ( in_array( 'description', $fields, true ) ) { - $data['description'] = $item->description; - } - - if ( in_array( 'link', $fields, true ) ) { - $data['link'] = get_term_link( $item ); - } - - if ( in_array( 'name', $fields, true ) ) { - $data['name'] = $item->name; - } - - if ( in_array( 'slug', $fields, true ) ) { - $data['slug'] = $item->slug; - } - - if ( in_array( 'taxonomy', $fields, true ) ) { - $data['taxonomy'] = $item->taxonomy; - } - - if ( in_array( 'parent', $fields, true ) ) { - $data['parent'] = (int) $item->parent; - } - - if ( in_array( 'meta', $fields, true ) ) { - $data['meta'] = $this->meta->get_value( $item->term_id, $request ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - $response = rest_ensure_response( $data ); - - $response->add_links( $this->prepare_links( $item ) ); - - /** - * Filters a term item returned from the API. - * - * The dynamic portion of the hook name, `$this->taxonomy`, refers to the taxonomy slug. - * - * Allows modification of the term data right before it is returned. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param object $item The original term object. - * @param WP_REST_Request $request Request used to generate the response. - */ - return apply_filters( "rest_prepare_{$this->taxonomy}", $response, $item, $request ); - } - - /** - * Prepares links for the request. - * - * @since 4.7.0 - * - * @param object $term Term object. - * @return array Links for the given term. - */ - protected function prepare_links( $term ) { - $base = $this->namespace . '/' . $this->rest_base; - $links = array( - 'self' => array( - 'href' => rest_url( trailingslashit( $base ) . $term->term_id ), - ), - 'collection' => array( - 'href' => rest_url( $base ), - ), - 'about' => array( - 'href' => rest_url( sprintf( 'wp/v2/taxonomies/%s', $this->taxonomy ) ), - ), - ); - - if ( $term->parent ) { - $parent_term = get_term( (int) $term->parent, $term->taxonomy ); - - if ( $parent_term ) { - $links['up'] = array( - 'href' => rest_url( trailingslashit( $base ) . $parent_term->term_id ), - 'embeddable' => true, - ); - } - } - - $taxonomy_obj = get_taxonomy( $term->taxonomy ); - - if ( empty( $taxonomy_obj->object_type ) ) { - return $links; - } - - $post_type_links = array(); - - foreach ( $taxonomy_obj->object_type as $type ) { - $post_type_object = get_post_type_object( $type ); - - if ( empty( $post_type_object->show_in_rest ) ) { - continue; - } - - $rest_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name; - $post_type_links[] = array( - 'href' => add_query_arg( $this->rest_base, $term->term_id, rest_url( sprintf( 'wp/v2/%s', $rest_base ) ) ), - ); - } - - if ( ! empty( $post_type_links ) ) { - $links['https://api.w.org/post_type'] = $post_type_links; - } - - return $links; - } - - /** - * Retrieves the term's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'post_tag' === $this->taxonomy ? 'tag' : $this->taxonomy, - 'type' => 'object', - 'properties' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the term.' ), - 'type' => 'integer', - 'context' => array( 'view', 'embed', 'edit' ), - 'readonly' => true, - ), - 'count' => array( - 'description' => __( 'Number of published posts for the term.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit' ), - 'readonly' => true, - ), - 'description' => array( - 'description' => __( 'HTML description of the term.' ), - 'type' => 'string', - 'context' => array( 'view', 'edit' ), - ), - 'link' => array( - 'description' => __( 'URL of the term.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'view', 'embed', 'edit' ), - 'readonly' => true, - ), - 'name' => array( - 'description' => __( 'HTML title for the term.' ), - 'type' => 'string', - 'context' => array( 'view', 'embed', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - 'required' => true, - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the term unique to its type.' ), - 'type' => 'string', - 'context' => array( 'view', 'embed', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => array( $this, 'sanitize_slug' ), - ), - ), - 'taxonomy' => array( - 'description' => __( 'Type attribution for the term.' ), - 'type' => 'string', - 'enum' => array_keys( get_taxonomies() ), - 'context' => array( 'view', 'embed', 'edit' ), - 'readonly' => true, - ), - ), - ); - - $taxonomy = get_taxonomy( $this->taxonomy ); - - if ( $taxonomy->hierarchical ) { - $schema['properties']['parent'] = array( - 'description' => __( 'The parent term ID.' ), - 'type' => 'integer', - 'context' => array( 'view', 'edit' ), - ); - } - - $schema['properties']['meta'] = $this->meta->get_field_schema(); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $query_params = parent::get_collection_params(); - $taxonomy = get_taxonomy( $this->taxonomy ); - - $query_params['context']['default'] = 'view'; - - $query_params['exclude'] = array( - 'description' => __( 'Ensure result set excludes specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['include'] = array( - 'description' => __( 'Limit result set to specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - if ( ! $taxonomy->hierarchical ) { - $query_params['offset'] = array( - 'description' => __( 'Offset the result set by a specific number of items.' ), - 'type' => 'integer', - ); - } - - $query_params['order'] = array( - 'description' => __( 'Order sort attribute ascending or descending.' ), - 'type' => 'string', - 'default' => 'asc', - 'enum' => array( - 'asc', - 'desc', - ), - ); - - $query_params['orderby'] = array( - 'description' => __( 'Sort collection by term attribute.' ), - 'type' => 'string', - 'default' => 'name', - 'enum' => array( - 'id', - 'include', - 'name', - 'slug', - 'include_slugs', - 'term_group', - 'description', - 'count', - ), - ); - - $query_params['hide_empty'] = array( - 'description' => __( 'Whether to hide terms not assigned to any posts.' ), - 'type' => 'boolean', - 'default' => false, - ); - - if ( $taxonomy->hierarchical ) { - $query_params['parent'] = array( - 'description' => __( 'Limit result set to terms assigned to a specific parent.' ), - 'type' => 'integer', - ); - } - - $query_params['post'] = array( - 'description' => __( 'Limit result set to terms assigned to a specific post.' ), - 'type' => 'integer', - 'default' => null, - ); - - $query_params['slug'] = array( - 'description' => __( 'Limit result set to terms with one or more specific slugs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - ); - - /** - * Filter collection parameters for the terms controller. - * - * The dynamic part of the filter `$this->taxonomy` refers to the taxonomy - * slug for the controller. - * - * This filter registers the collection parameter, but does not map the - * collection parameter to an internal WP_Term_Query parameter. Use the - * `rest_{$this->taxonomy}_query` filter to set WP_Term_Query parameters. - * - * @since 4.7.0 - * - * @param array $query_params JSON Schema-formatted collection parameters. - * @param WP_Taxonomy $taxonomy Taxonomy object. - */ - return apply_filters( "rest_{$this->taxonomy}_collection_params", $query_params, $taxonomy ); - } - - /** - * Checks that the taxonomy is valid. - * - * @since 4.7.0 - * - * @param string $taxonomy Taxonomy to check. - * @return bool Whether the taxonomy is allowed for REST management. - */ - protected function check_is_taxonomy_allowed( $taxonomy ) { - $taxonomy_obj = get_taxonomy( $taxonomy ); - if ( $taxonomy_obj && ! empty( $taxonomy_obj->show_in_rest ) ) { - return true; - } - return false; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php deleted file mode 100644 index 47491e7..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php +++ /dev/null @@ -1,242 +0,0 @@ -<?php -/** - * REST API: WP_REST_Themes_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 5.0.0 - */ - -/** - * Core class used to manage themes via the REST API. - * - * @since 5.0.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Themes_Controller extends WP_REST_Controller { - - /** - * Constructor. - * - * @since 5.0.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'themes'; - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 5.0.0 - * - * @see register_rest_route() - */ - public function register_routes() { - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - 'schema' => array( $this, 'get_item_schema' ), - ) - ); - } - - /** - * Checks if a given request has access to read the theme. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. - */ - public function get_items_permissions_check( $request ) { - if ( ! is_user_logged_in() || ! current_user_can( 'edit_posts' ) ) { - return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to view themes.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Retrieves a collection of themes. - * - * @since 5.0.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - // Retrieve the list of registered collection query parameters. - $registered = $this->get_collection_params(); - $themes = array(); - - if ( isset( $registered['status'], $request['status'] ) && in_array( 'active', $request['status'], true ) ) { - $active_theme = wp_get_theme(); - $active_theme = $this->prepare_item_for_response( $active_theme, $request ); - $themes[] = $this->prepare_response_for_collection( $active_theme ); - } - - $response = rest_ensure_response( $themes ); - - $response->header( 'X-WP-Total', count( $themes ) ); - $response->header( 'X-WP-TotalPages', count( $themes ) ); - - return $response; - } - - /** - * Prepares a single theme output for response. - * - * @since 5.0.0 - * - * @param WP_Theme $theme Theme object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $theme, $request ) { - $data = array(); - $fields = $this->get_fields_for_response( $request ); - - if ( in_array( 'theme_supports', $fields, true ) ) { - $formats = get_theme_support( 'post-formats' ); - $formats = is_array( $formats ) ? array_values( $formats[0] ) : array(); - $formats = array_merge( array( 'standard' ), $formats ); - $data['theme_supports']['formats'] = $formats; - - $data['theme_supports']['post-thumbnails'] = false; - $data['theme_supports']['responsive-embeds'] = (bool) get_theme_support( 'responsive-embeds' ); - $post_thumbnails = get_theme_support( 'post-thumbnails' ); - - if ( $post_thumbnails ) { - // $post_thumbnails can contain a nested array of post types. - // e.g. array( array( 'post', 'page' ) ). - $data['theme_supports']['post-thumbnails'] = is_array( $post_thumbnails ) ? $post_thumbnails[0] : true; - } - } - - $data = $this->add_additional_fields_to_object( $data, $request ); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - /** - * Filters theme data returned from the REST API. - * - * @since 5.0.0 - * - * @param WP_REST_Response $response The response object. - * @param WP_Theme $theme Theme object used to create response. - * @param WP_REST_Request $request Request object. - */ - return apply_filters( 'rest_prepare_theme', $response, $theme, $request ); - } - - /** - * Retrieves the theme's schema, conforming to JSON Schema. - * - * @since 5.0.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'theme', - 'type' => 'object', - 'properties' => array( - 'theme_supports' => array( - 'description' => __( 'Features supported by this theme.' ), - 'type' => 'array', - 'readonly' => true, - 'properties' => array( - 'formats' => array( - 'description' => __( 'Post formats supported.' ), - 'type' => 'array', - 'readonly' => true, - ), - 'post-thumbnails' => array( - 'description' => __( 'Whether the theme supports post thumbnails.' ), - 'type' => array( 'array', 'bool' ), - 'readonly' => true, - ), - 'responsive-embeds' => array( - 'description' => __( 'Whether the theme supports responsive embedded content.' ), - 'type' => 'bool', - 'readonly' => true, - ), - ), - ), - ), - ); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the search params for the themes collection. - * - * @since 5.0.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $query_params = parent::get_collection_params(); - - $query_params['status'] = array( - 'description' => __( 'Limit result set to themes assigned one or more statuses.' ), - 'type' => 'array', - 'items' => array( - 'enum' => array( 'active' ), - 'type' => 'string', - ), - 'required' => true, - 'sanitize_callback' => array( $this, 'sanitize_theme_status' ), - ); - - /** - * Filter collection parameters for the themes controller. - * - * @since 5.0.0 - * - * @param array $query_params JSON Schema-formatted collection parameters. - */ - return apply_filters( 'rest_themes_collection_params', $query_params ); - } - - /** - * Sanitizes and validates the list of theme status. - * - * @since 5.0.0 - * - * @param string|array $statuses One or more theme statuses. - * @param WP_REST_Request $request Full details about the request. - * @param string $parameter Additional parameter to pass to validation. - * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. - */ - public function sanitize_theme_status( $statuses, $request, $parameter ) { - $statuses = wp_parse_slug_list( $statuses ); - - foreach ( $statuses as $status ) { - $result = rest_validate_request_arg( $status, $request, $parameter ); - - if ( is_wp_error( $result ) ) { - return $result; - } - } - - return $statuses; - } -} diff --git a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php deleted file mode 100644 index 26a1385..0000000 --- a/srcs/wordpress/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ /dev/null @@ -1,1440 +0,0 @@ -<?php -/** - * REST API: WP_REST_Users_Controller class - * - * @package WordPress - * @subpackage REST_API - * @since 4.7.0 - */ - -/** - * Core class used to manage users via the REST API. - * - * @since 4.7.0 - * - * @see WP_REST_Controller - */ -class WP_REST_Users_Controller extends WP_REST_Controller { - - /** - * Instance of a user meta fields object. - * - * @since 4.7.0 - * @var WP_REST_User_Meta_Fields - */ - protected $meta; - - /** - * Constructor. - * - * @since 4.7.0 - */ - public function __construct() { - $this->namespace = 'wp/v2'; - $this->rest_base = 'users'; - - $this->meta = new WP_REST_User_Meta_Fields(); - } - - /** - * Registers the routes for the objects of the controller. - * - * @since 4.7.0 - * - * @see register_rest_route() - */ - public function register_routes() { - - register_rest_route( - $this->namespace, - '/' . $this->rest_base, - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_items' ), - 'permission_callback' => array( $this, 'get_items_permissions_check' ), - 'args' => $this->get_collection_params(), - ), - array( - 'methods' => WP_REST_Server::CREATABLE, - 'callback' => array( $this, 'create_item' ), - 'permission_callback' => array( $this, 'create_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/(?P<id>[\d]+)', - array( - 'args' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the user.' ), - 'type' => 'integer', - ), - ), - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_item' ), - 'permission_callback' => array( $this, 'get_item_permissions_check' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - array( - 'methods' => WP_REST_Server::EDITABLE, - 'callback' => array( $this, 'update_item' ), - 'permission_callback' => array( $this, 'update_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - ), - array( - 'methods' => WP_REST_Server::DELETABLE, - 'callback' => array( $this, 'delete_item' ), - 'permission_callback' => array( $this, 'delete_item_permissions_check' ), - 'args' => array( - 'force' => array( - 'type' => 'boolean', - 'default' => false, - 'description' => __( 'Required to be true, as users do not support trashing.' ), - ), - 'reassign' => array( - 'type' => 'integer', - 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), - 'required' => true, - 'sanitize_callback' => array( $this, 'check_reassign' ), - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - - register_rest_route( - $this->namespace, - '/' . $this->rest_base . '/me', - array( - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_current_item' ), - 'args' => array( - 'context' => $this->get_context_param( array( 'default' => 'view' ) ), - ), - ), - array( - 'methods' => WP_REST_Server::EDITABLE, - 'callback' => array( $this, 'update_current_item' ), - 'permission_callback' => array( $this, 'update_current_item_permissions_check' ), - 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), - ), - array( - 'methods' => WP_REST_Server::DELETABLE, - 'callback' => array( $this, 'delete_current_item' ), - 'permission_callback' => array( $this, 'delete_current_item_permissions_check' ), - 'args' => array( - 'force' => array( - 'type' => 'boolean', - 'default' => false, - 'description' => __( 'Required to be true, as users do not support trashing.' ), - ), - 'reassign' => array( - 'type' => 'integer', - 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), - 'required' => true, - 'sanitize_callback' => array( $this, 'check_reassign' ), - ), - ), - ), - 'schema' => array( $this, 'get_public_item_schema' ), - ) - ); - } - - /** - * Checks for a valid value for the reassign parameter when deleting users. - * - * The value can be an integer, 'false', false, or ''. - * - * @since 4.7.0 - * - * @param int|bool $value The value passed to the reassign parameter. - * @param WP_REST_Request $request Full details about the request. - * @param string $param The parameter that is being sanitized. - * - * @return int|bool|WP_Error - */ - public function check_reassign( $value, $request, $param ) { - if ( is_numeric( $value ) ) { - return $value; - } - - if ( empty( $value ) || false === $value || 'false' === $value ) { - return false; - } - - return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) ); - } - - /** - * Permissions check for getting all users. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has read access, otherwise WP_Error object. - */ - public function get_items_permissions_check( $request ) { - // Check if roles is specified in GET request and if user can list users. - if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) { - return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter users by role.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { - return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) { - return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - if ( 'authors' === $request['who'] ) { - $can_view = false; - $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); - foreach ( $types as $type ) { - if ( post_type_supports( $type->name, 'author' ) - && current_user_can( $type->cap->edit_posts ) ) { - $can_view = true; - } - } - if ( ! $can_view ) { - return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); - } - } - - return true; - } - - /** - * Retrieves all users. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_items( $request ) { - - // Retrieve the list of registered collection query parameters. - $registered = $this->get_collection_params(); - - /* - * This array defines mappings between public API query parameters whose - * values are accepted as-passed, and their internal WP_Query parameter - * name equivalents (some are the same). Only values which are also - * present in $registered will be set. - */ - $parameter_mappings = array( - 'exclude' => 'exclude', - 'include' => 'include', - 'order' => 'order', - 'per_page' => 'number', - 'search' => 'search', - 'roles' => 'role__in', - 'slug' => 'nicename__in', - ); - - $prepared_args = array(); - - /* - * For each known parameter which is both registered and present in the request, - * set the parameter's value on the query $prepared_args. - */ - foreach ( $parameter_mappings as $api_param => $wp_param ) { - if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { - $prepared_args[ $wp_param ] = $request[ $api_param ]; - } - } - - if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) { - $prepared_args['offset'] = $request['offset']; - } else { - $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number']; - } - - if ( isset( $registered['orderby'] ) ) { - $orderby_possibles = array( - 'id' => 'ID', - 'include' => 'include', - 'name' => 'display_name', - 'registered_date' => 'registered', - 'slug' => 'user_nicename', - 'include_slugs' => 'nicename__in', - 'email' => 'user_email', - 'url' => 'user_url', - ); - $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ]; - } - - if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { - $prepared_args['who'] = 'authors'; - } elseif ( ! current_user_can( 'list_users' ) ) { - $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); - } - - if ( ! empty( $prepared_args['search'] ) ) { - $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; - } - /** - * Filters WP_User_Query arguments when querying users via the REST API. - * - * @link https://developer.wordpress.org/reference/classes/wp_user_query/ - * - * @since 4.7.0 - * - * @param array $prepared_args Array of arguments for WP_User_Query. - * @param WP_REST_Request $request The current request. - */ - $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); - - $query = new WP_User_Query( $prepared_args ); - - $users = array(); - - foreach ( $query->results as $user ) { - $data = $this->prepare_item_for_response( $user, $request ); - $users[] = $this->prepare_response_for_collection( $data ); - } - - $response = rest_ensure_response( $users ); - - // Store pagination values for headers then unset for count query. - $per_page = (int) $prepared_args['number']; - $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); - - $prepared_args['fields'] = 'ID'; - - $total_users = $query->get_total(); - - if ( $total_users < 1 ) { - // Out-of-bounds, run the query again without LIMIT for total count. - unset( $prepared_args['number'], $prepared_args['offset'] ); - $count_query = new WP_User_Query( $prepared_args ); - $total_users = $count_query->get_total(); - } - - $response->header( 'X-WP-Total', (int) $total_users ); - - $max_pages = ceil( $total_users / $per_page ); - - $response->header( 'X-WP-TotalPages', (int) $max_pages ); - - $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); - if ( $page > 1 ) { - $prev_page = $page - 1; - - if ( $prev_page > $max_pages ) { - $prev_page = $max_pages; - } - - $prev_link = add_query_arg( 'page', $prev_page, $base ); - $response->link_header( 'prev', $prev_link ); - } - if ( $max_pages > $page ) { - $next_page = $page + 1; - $next_link = add_query_arg( 'page', $next_page, $base ); - - $response->link_header( 'next', $next_link ); - } - - return $response; - } - - /** - * Get the user, if the ID is valid. - * - * @since 4.7.2 - * - * @param int $id Supplied ID. - * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. - */ - protected function get_user( $id ) { - $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); - if ( (int) $id <= 0 ) { - return $error; - } - - $user = get_userdata( (int) $id ); - if ( empty( $user ) || ! $user->exists() ) { - return $error; - } - - if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) { - return $error; - } - - return $user; - } - - /** - * Checks if a given request has access to read a user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. - */ - public function get_item_permissions_check( $request ) { - $user = $this->get_user( $request['id'] ); - if ( is_wp_error( $user ) ) { - return $user; - } - - $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); - - if ( get_current_user_id() === $user->ID ) { - return true; - } - - if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { - return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); - } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { - return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Retrieves a single user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_item( $request ) { - $user = $this->get_user( $request['id'] ); - if ( is_wp_error( $user ) ) { - return $user; - } - - $user = $this->prepare_item_for_response( $user, $request ); - $response = rest_ensure_response( $user ); - - return $response; - } - - /** - * Retrieves the current user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function get_current_item( $request ) { - $current_user_id = get_current_user_id(); - - if ( empty( $current_user_id ) ) { - return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) ); - } - - $user = wp_get_current_user(); - $response = $this->prepare_item_for_response( $user, $request ); - $response = rest_ensure_response( $response ); - - return $response; - } - - /** - * Checks if a given request has access create users. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. - */ - public function create_item_permissions_check( $request ) { - - if ( ! current_user_can( 'create_users' ) ) { - return new WP_Error( 'rest_cannot_create_user', __( 'Sorry, you are not allowed to create new users.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Creates a single user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function create_item( $request ) { - if ( ! empty( $request['id'] ) ) { - return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) ); - } - - $schema = $this->get_item_schema(); - - if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { - $check_permission = $this->check_role_update( $request['id'], $request['roles'] ); - - if ( is_wp_error( $check_permission ) ) { - return $check_permission; - } - } - - $user = $this->prepare_item_for_database( $request ); - - if ( is_multisite() ) { - $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email ); - - if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) { - $error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) ); - foreach ( $ret['errors']->errors as $code => $messages ) { - foreach ( $messages as $message ) { - $error->add( $code, $message ); - } - $error_data = $error->get_error_data( $code ); - if ( $error_data ) { - $error->add_data( $error_data, $code ); - } - } - return $error; - } - } - - if ( is_multisite() ) { - $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email ); - - if ( ! $user_id ) { - return new WP_Error( 'rest_user_create', __( 'Error creating new user.' ), array( 'status' => 500 ) ); - } - - $user->ID = $user_id; - $user_id = wp_update_user( wp_slash( (array) $user ) ); - - if ( is_wp_error( $user_id ) ) { - return $user_id; - } - - $result = add_user_to_blog( get_site()->id, $user_id, '' ); - if ( is_wp_error( $result ) ) { - return $result; - } - } else { - $user_id = wp_insert_user( wp_slash( (array) $user ) ); - - if ( is_wp_error( $user_id ) ) { - return $user_id; - } - } - - $user = get_user_by( 'id', $user_id ); - - /** - * Fires immediately after a user is created or updated via the REST API. - * - * @since 4.7.0 - * - * @param WP_User $user Inserted or updated user object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a user, false when updating. - */ - do_action( 'rest_insert_user', $user, $request, true ); - - if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { - array_map( array( $user, 'add_role' ), $request['roles'] ); - } - - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $user_id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $user = get_user_by( 'id', $user_id ); - $fields_update = $this->update_additional_fields_for_object( $user, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** - * Fires after a user is completely created or updated via the REST API. - * - * @since 5.0.0 - * - * @param WP_User $user Inserted or updated user object. - * @param WP_REST_Request $request Request object. - * @param bool $creating True when creating a user, false when updating. - */ - do_action( 'rest_after_insert_user', $user, $request, true ); - - $response = $this->prepare_item_for_response( $user, $request ); - $response = rest_ensure_response( $response ); - - $response->set_status( 201 ); - $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) ); - - return $response; - } - - /** - * Checks if a given request has access to update a user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. - */ - public function update_item_permissions_check( $request ) { - $user = $this->get_user( $request['id'] ); - if ( is_wp_error( $user ) ) { - return $user; - } - - if ( ! empty( $request['roles'] ) ) { - if ( ! current_user_can( 'promote_user', $user->ID ) ) { - return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - $request_params = array_keys( $request->get_params() ); - sort( $request_params ); - // If only 'id' and 'roles' are specified (we are only trying to - // edit roles), then only the 'promote_user' cap is required. - if ( $request_params === array( 'id', 'roles' ) ) { - return true; - } - } - - if ( ! current_user_can( 'edit_user', $user->ID ) ) { - return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Updates a single user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function update_item( $request ) { - $user = $this->get_user( $request['id'] ); - if ( is_wp_error( $user ) ) { - return $user; - } - - $id = $user->ID; - - if ( ! $user ) { - return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); - } - - $owner_id = email_exists( $request['email'] ); - - if ( $owner_id && $owner_id !== $id ) { - return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) ); - } - - if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { - return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) ); - } - - if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { - return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) ); - } - - if ( ! empty( $request['roles'] ) ) { - $check_permission = $this->check_role_update( $id, $request['roles'] ); - - if ( is_wp_error( $check_permission ) ) { - return $check_permission; - } - } - - $user = $this->prepare_item_for_database( $request ); - - // Ensure we're operating on the same user we already checked. - $user->ID = $id; - - $user_id = wp_update_user( wp_slash( (array) $user ) ); - - if ( is_wp_error( $user_id ) ) { - return $user_id; - } - - $user = get_user_by( 'id', $user_id ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ - do_action( 'rest_insert_user', $user, $request, false ); - - if ( ! empty( $request['roles'] ) ) { - array_map( array( $user, 'add_role' ), $request['roles'] ); - } - - $schema = $this->get_item_schema(); - - if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { - $meta_update = $this->meta->update_value( $request['meta'], $id ); - - if ( is_wp_error( $meta_update ) ) { - return $meta_update; - } - } - - $user = get_user_by( 'id', $user_id ); - $fields_update = $this->update_additional_fields_for_object( $user, $request ); - - if ( is_wp_error( $fields_update ) ) { - return $fields_update; - } - - $request->set_param( 'context', 'edit' ); - - /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ - do_action( 'rest_after_insert_user', $user, $request, false ); - - $response = $this->prepare_item_for_response( $user, $request ); - $response = rest_ensure_response( $response ); - - return $response; - } - - /** - * Checks if a given request has access to update the current user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. - */ - public function update_current_item_permissions_check( $request ) { - $request['id'] = get_current_user_id(); - - return $this->update_item_permissions_check( $request ); - } - - /** - * Updates the current user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function update_current_item( $request ) { - $request['id'] = get_current_user_id(); - - return $this->update_item( $request ); - } - - /** - * Checks if a given request has access delete a user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. - */ - public function delete_item_permissions_check( $request ) { - $user = $this->get_user( $request['id'] ); - if ( is_wp_error( $user ) ) { - return $user; - } - - if ( ! current_user_can( 'delete_user', $user->ID ) ) { - return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - return true; - } - - /** - * Deletes a single user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function delete_item( $request ) { - // We don't support delete requests in multisite. - if ( is_multisite() ) { - return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); - } - $user = $this->get_user( $request['id'] ); - if ( is_wp_error( $user ) ) { - return $user; - } - - $id = $user->ID; - $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); - $force = isset( $request['force'] ) ? (bool) $request['force'] : false; - - // We don't support trashing for users. - if ( ! $force ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); - } - - if ( ! empty( $reassign ) ) { - if ( $reassign === $id || ! get_userdata( $reassign ) ) { - return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) ); - } - } - - $request->set_param( 'context', 'edit' ); - - $previous = $this->prepare_item_for_response( $user, $request ); - - /** Include admin user functions to get access to wp_delete_user() */ - require_once ABSPATH . 'wp-admin/includes/user.php'; - - $result = wp_delete_user( $id, $reassign ); - - if ( ! $result ) { - return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) ); - } - - $response = new WP_REST_Response(); - $response->set_data( - array( - 'deleted' => true, - 'previous' => $previous->get_data(), - ) - ); - - /** - * Fires immediately after a user is deleted via the REST API. - * - * @since 4.7.0 - * - * @param WP_User $user The user data. - * @param WP_REST_Response $response The response returned from the API. - * @param WP_REST_Request $request The request sent to the API. - */ - do_action( 'rest_delete_user', $user, $response, $request ); - - return $response; - } - - /** - * Checks if a given request has access to delete the current user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. - */ - public function delete_current_item_permissions_check( $request ) { - $request['id'] = get_current_user_id(); - - return $this->delete_item_permissions_check( $request ); - } - - /** - * Deletes the current user. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Full details about the request. - * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. - */ - public function delete_current_item( $request ) { - $request['id'] = get_current_user_id(); - - return $this->delete_item( $request ); - } - - /** - * Prepares a single user output for response. - * - * @since 4.7.0 - * - * @param WP_User $user User object. - * @param WP_REST_Request $request Request object. - * @return WP_REST_Response Response object. - */ - public function prepare_item_for_response( $user, $request ) { - - $data = array(); - $fields = $this->get_fields_for_response( $request ); - - if ( in_array( 'id', $fields, true ) ) { - $data['id'] = $user->ID; - } - - if ( in_array( 'username', $fields, true ) ) { - $data['username'] = $user->user_login; - } - - if ( in_array( 'name', $fields, true ) ) { - $data['name'] = $user->display_name; - } - - if ( in_array( 'first_name', $fields, true ) ) { - $data['first_name'] = $user->first_name; - } - - if ( in_array( 'last_name', $fields, true ) ) { - $data['last_name'] = $user->last_name; - } - - if ( in_array( 'email', $fields, true ) ) { - $data['email'] = $user->user_email; - } - - if ( in_array( 'url', $fields, true ) ) { - $data['url'] = $user->user_url; - } - - if ( in_array( 'description', $fields, true ) ) { - $data['description'] = $user->description; - } - - if ( in_array( 'link', $fields, true ) ) { - $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename ); - } - - if ( in_array( 'locale', $fields, true ) ) { - $data['locale'] = get_user_locale( $user ); - } - - if ( in_array( 'nickname', $fields, true ) ) { - $data['nickname'] = $user->nickname; - } - - if ( in_array( 'slug', $fields, true ) ) { - $data['slug'] = $user->user_nicename; - } - - if ( in_array( 'roles', $fields, true ) ) { - // Defensively call array_values() to ensure an array is returned. - $data['roles'] = array_values( $user->roles ); - } - - if ( in_array( 'registered_date', $fields, true ) ) { - $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) ); - } - - if ( in_array( 'capabilities', $fields, true ) ) { - $data['capabilities'] = (object) $user->allcaps; - } - - if ( in_array( 'extra_capabilities', $fields, true ) ) { - $data['extra_capabilities'] = (object) $user->caps; - } - - if ( in_array( 'avatar_urls', $fields, true ) ) { - $data['avatar_urls'] = rest_get_avatar_urls( $user ); - } - - if ( in_array( 'meta', $fields, true ) ) { - $data['meta'] = $this->meta->get_value( $user->ID, $request ); - } - - $context = ! empty( $request['context'] ) ? $request['context'] : 'embed'; - - $data = $this->add_additional_fields_to_object( $data, $request ); - $data = $this->filter_response_by_context( $data, $context ); - - // Wrap the data in a response object. - $response = rest_ensure_response( $data ); - - $response->add_links( $this->prepare_links( $user ) ); - - /** - * Filters user data returned from the REST API. - * - * @since 4.7.0 - * - * @param WP_REST_Response $response The response object. - * @param object $user User object used to create response. - * @param WP_REST_Request $request Request object. - */ - return apply_filters( 'rest_prepare_user', $response, $user, $request ); - } - - /** - * Prepares links for the user request. - * - * @since 4.7.0 - * - * @param WP_Post $user User object. - * @return array Links for the given user. - */ - protected function prepare_links( $user ) { - $links = array( - 'self' => array( - 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ), - ), - 'collection' => array( - 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), - ), - ); - - return $links; - } - - /** - * Prepares a single user for creation or update. - * - * @since 4.7.0 - * - * @param WP_REST_Request $request Request object. - * @return object $prepared_user User object. - */ - protected function prepare_item_for_database( $request ) { - $prepared_user = new stdClass; - - $schema = $this->get_item_schema(); - - // required arguments. - if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) { - $prepared_user->user_email = $request['email']; - } - - if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) { - $prepared_user->user_login = $request['username']; - } - - if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) { - $prepared_user->user_pass = $request['password']; - } - - // optional arguments. - if ( isset( $request['id'] ) ) { - $prepared_user->ID = absint( $request['id'] ); - } - - if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { - $prepared_user->display_name = $request['name']; - } - - if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) { - $prepared_user->first_name = $request['first_name']; - } - - if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) { - $prepared_user->last_name = $request['last_name']; - } - - if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) { - $prepared_user->nickname = $request['nickname']; - } - - if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) { - $prepared_user->user_nicename = $request['slug']; - } - - if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) { - $prepared_user->description = $request['description']; - } - - if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) { - $prepared_user->user_url = $request['url']; - } - - if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) { - $prepared_user->locale = $request['locale']; - } - - // setting roles will be handled outside of this function. - if ( isset( $request['roles'] ) ) { - $prepared_user->role = false; - } - - /** - * Filters user data before insertion via the REST API. - * - * @since 4.7.0 - * - * @param object $prepared_user User object. - * @param WP_REST_Request $request Request object. - */ - return apply_filters( 'rest_pre_insert_user', $prepared_user, $request ); - } - - /** - * Determines if the current user is allowed to make the desired roles change. - * - * @since 4.7.0 - * - * @param integer $user_id User ID. - * @param array $roles New user roles. - * @return true|WP_Error True if the current user is allowed to make the role change, - * otherwise a WP_Error object. - */ - protected function check_role_update( $user_id, $roles ) { - global $wp_roles; - - foreach ( $roles as $role ) { - - if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { - /* translators: %s: Role key. */ - return new WP_Error( 'rest_user_invalid_role', sprintf( __( 'The role %s does not exist.' ), $role ), array( 'status' => 400 ) ); - } - - $potential_role = $wp_roles->role_objects[ $role ]; - - /* - * Don't let anyone with 'edit_users' (admins) edit their own role to something without it. - * Multisite super admins can freely edit their blog roles -- they possess all caps. - */ - if ( ! ( is_multisite() - && current_user_can( 'manage_sites' ) ) - && get_current_user_id() === $user_id - && ! $potential_role->has_cap( 'edit_users' ) - ) { - return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => rest_authorization_required_code() ) ); - } - - /** Include admin functions to get access to get_editable_roles() */ - require_once ABSPATH . 'wp-admin/includes/admin.php'; - - // The new role must be editable by the logged-in user. - $editable_roles = get_editable_roles(); - - if ( empty( $editable_roles[ $role ] ) ) { - return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => 403 ) ); - } - } - - return true; - } - - /** - * Check a username for the REST API. - * - * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. - * - * @since 4.7.0 - * - * @param mixed $value The username submitted in the request. - * @param WP_REST_Request $request Full details about the request. - * @param string $param The parameter name. - * @return WP_Error|string The sanitized username, if valid, otherwise an error. - */ - public function check_username( $value, $request, $param ) { - $username = (string) $value; - - if ( ! validate_username( $username ) ) { - return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) ); - } - - /** This filter is documented in wp-includes/user.php */ - $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - - if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) { - return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) ); - } - - return $username; - } - - /** - * Check a user password for the REST API. - * - * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. - * - * @since 4.7.0 - * - * @param mixed $value The password submitted in the request. - * @param WP_REST_Request $request Full details about the request. - * @param string $param The parameter name. - * @return WP_Error|string The sanitized password, if valid, otherwise an error. - */ - public function check_user_password( $value, $request, $param ) { - $password = (string) $value; - - if ( empty( $password ) ) { - return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) ); - } - - if ( false !== strpos( $password, '\\' ) ) { - return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) ); - } - - return $password; - } - - /** - * Retrieves the user's schema, conforming to JSON Schema. - * - * @since 4.7.0 - * - * @return array Item schema data. - */ - public function get_item_schema() { - if ( $this->schema ) { - return $this->add_additional_fields_schema( $this->schema ); - } - - $schema = array( - '$schema' => 'http://json-schema.org/draft-04/schema#', - 'title' => 'user', - 'type' => 'object', - 'properties' => array( - 'id' => array( - 'description' => __( 'Unique identifier for the user.' ), - 'type' => 'integer', - 'context' => array( 'embed', 'view', 'edit' ), - 'readonly' => true, - ), - 'username' => array( - 'description' => __( 'Login name for the user.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'required' => true, - 'arg_options' => array( - 'sanitize_callback' => array( $this, 'check_username' ), - ), - ), - 'name' => array( - 'description' => __( 'Display name for the user.' ), - 'type' => 'string', - 'context' => array( 'embed', 'view', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ), - 'first_name' => array( - 'description' => __( 'First name for the user.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ), - 'last_name' => array( - 'description' => __( 'Last name for the user.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ), - 'email' => array( - 'description' => __( 'The email address for the user.' ), - 'type' => 'string', - 'format' => 'email', - 'context' => array( 'edit' ), - 'required' => true, - ), - 'url' => array( - 'description' => __( 'URL of the user.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'embed', 'view', 'edit' ), - ), - 'description' => array( - 'description' => __( 'Description of the user.' ), - 'type' => 'string', - 'context' => array( 'embed', 'view', 'edit' ), - ), - 'link' => array( - 'description' => __( 'Author URL of the user.' ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'embed', 'view', 'edit' ), - 'readonly' => true, - ), - 'locale' => array( - 'description' => __( 'Locale for the user.' ), - 'type' => 'string', - 'enum' => array_merge( array( '', 'en_US' ), get_available_languages() ), - 'context' => array( 'edit' ), - ), - 'nickname' => array( - 'description' => __( 'The nickname for the user.' ), - 'type' => 'string', - 'context' => array( 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => 'sanitize_text_field', - ), - ), - 'slug' => array( - 'description' => __( 'An alphanumeric identifier for the user.' ), - 'type' => 'string', - 'context' => array( 'embed', 'view', 'edit' ), - 'arg_options' => array( - 'sanitize_callback' => array( $this, 'sanitize_slug' ), - ), - ), - 'registered_date' => array( - 'description' => __( 'Registration date for the user.' ), - 'type' => 'string', - 'format' => 'date-time', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'roles' => array( - 'description' => __( 'Roles assigned to the user.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - 'context' => array( 'edit' ), - ), - 'password' => array( - 'description' => __( 'Password for the user (never included).' ), - 'type' => 'string', - 'context' => array(), // Password is never displayed. - 'required' => true, - 'arg_options' => array( - 'sanitize_callback' => array( $this, 'check_user_password' ), - ), - ), - 'capabilities' => array( - 'description' => __( 'All capabilities assigned to the user.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - 'extra_capabilities' => array( - 'description' => __( 'Any extra capabilities assigned to the user.' ), - 'type' => 'object', - 'context' => array( 'edit' ), - 'readonly' => true, - ), - ), - ); - - if ( get_option( 'show_avatars' ) ) { - $avatar_properties = array(); - - $avatar_sizes = rest_get_avatar_sizes(); - - foreach ( $avatar_sizes as $size ) { - $avatar_properties[ $size ] = array( - /* translators: %d: Avatar image size in pixels. */ - 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), - 'type' => 'string', - 'format' => 'uri', - 'context' => array( 'embed', 'view', 'edit' ), - ); - } - - $schema['properties']['avatar_urls'] = array( - 'description' => __( 'Avatar URLs for the user.' ), - 'type' => 'object', - 'context' => array( 'embed', 'view', 'edit' ), - 'readonly' => true, - 'properties' => $avatar_properties, - ); - } - - $schema['properties']['meta'] = $this->meta->get_field_schema(); - - $this->schema = $schema; - return $this->add_additional_fields_schema( $this->schema ); - } - - /** - * Retrieves the query params for collections. - * - * @since 4.7.0 - * - * @return array Collection parameters. - */ - public function get_collection_params() { - $query_params = parent::get_collection_params(); - - $query_params['context']['default'] = 'view'; - - $query_params['exclude'] = array( - 'description' => __( 'Ensure result set excludes specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['include'] = array( - 'description' => __( 'Limit result set to specific IDs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'integer', - ), - 'default' => array(), - ); - - $query_params['offset'] = array( - 'description' => __( 'Offset the result set by a specific number of items.' ), - 'type' => 'integer', - ); - - $query_params['order'] = array( - 'default' => 'asc', - 'description' => __( 'Order sort attribute ascending or descending.' ), - 'enum' => array( 'asc', 'desc' ), - 'type' => 'string', - ); - - $query_params['orderby'] = array( - 'default' => 'name', - 'description' => __( 'Sort collection by object attribute.' ), - 'enum' => array( - 'id', - 'include', - 'name', - 'registered_date', - 'slug', - 'include_slugs', - 'email', - 'url', - ), - 'type' => 'string', - ); - - $query_params['slug'] = array( - 'description' => __( 'Limit result set to users with one or more specific slugs.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - ); - - $query_params['roles'] = array( - 'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ), - 'type' => 'array', - 'items' => array( - 'type' => 'string', - ), - ); - - $query_params['who'] = array( - 'description' => __( 'Limit result set to users who are considered authors.' ), - 'type' => 'string', - 'enum' => array( - 'authors', - ), - ); - - /** - * Filter collection parameters for the users controller. - * - * This filter registers the collection parameter, but does not map the - * collection parameter to an internal WP_User_Query parameter. Use the - * `rest_user_query` filter to set WP_User_Query arguments. - * - * @since 4.7.0 - * - * @param array $query_params JSON Schema-formatted collection parameters. - */ - return apply_filters( 'rest_user_collection_params', $query_params ); - } -} |