=> array( 'https://publish.twitter.com/oembed', true ),
'#https?://(www\.)?twitter\.com/\w{1,15}/timelines/.*#i' => array( 'https://publish.twitter.com/oembed', true ),
'#https?://(www\.)?twitter\.com/i/moments/.*#i' => array( 'https://publish.twitter.com/oembed', true ),
'#https?://(www\.)?soundcloud\.com/.*#i' => array( 'https://soundcloud.com/oembed', true ),
'#https?://(.+?\.)?slideshare\.net/.*#i' => array( 'https://www.slideshare.net/api/oembed/2', true ),
'#https?://(www\.)?instagr(\.am|am\.com)/p/.*#i' => array( 'https://api.instagram.com/oembed', true ),
'#https?://(open|play)\.spotify\.com/.*#i' => array( 'https://embed.spotify.com/oembed/', true ),
'#https?://(.+\.)?imgur\.com/.*#i' => array( 'https://api.imgur.com/oembed', true ),
'#https?://(www\.)?meetu(\.ps|p\.com)/.*#i' => array( 'https://api.meetup.com/oembed', true ),
'#https?://(www\.)?issuu\.com/.+/docs/.+#i' => array( 'https://issuu.com/oembed_wp', true ),
'#https?://(www\.)?collegehumor\.com/video/.*#i' => array( 'https://www.collegehumor.com/oembed.{format}', true ),
'#https?://(www\.)?mixcloud\.com/.*#i' => array( 'https://www.mixcloud.com/oembed', true ),
'#https?://(www\.|embed\.)?ted\.com/talks/.*#i' => array( 'https://www.ted.com/services/v1/oembed.{format}', true ),
'#https?://(www\.)?(animoto|video214)\.com/play/.*#i' => array( 'https://animoto.com/oembeds/create', true ),
'#https?://(.+)\.tumblr\.com/post/.*#i' => array( 'https://www.tumblr.com/oembed/1.0', true ),
'#https?://(www\.)?kickstarter\.com/projects/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ),
'#https?://kck\.st/.*#i' => array( 'https://www.kickstarter.com/services/oembed', true ),
'#https?://cloudup\.com/.*#i' => array( 'https://cloudup.com/oembed', true ),
'#https?://(www\.)?reverbnation\.com/.*#i' => array( 'https://www.reverbnation.com/oembed', true ),
'#https?://videopress\.com/v/.*#' => array( 'https://public-api.wordpress.com/oembed/?for=' . $host, true ),
'#https?://(www\.)?reddit\.com/r/[^/]+/comments/.*#i' => array( 'https://www.reddit.com/oembed', true ),
'#https?://(www\.)?speakerdeck\.com/.*#i' => array( 'https://speakerdeck.com/oembed.{format}', true ),
'#https?://www\.facebook\.com/.*/posts/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/.*/activity/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/.*/photos/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/photo(s/|\.php).*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/permalink\.php.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/media/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/questions/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/notes/.*#i' => array( 'https://www.facebook.com/plugins/post/oembed.json/', true ),
'#https?://www\.facebook\.com/.*/videos/.*#i' => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ),
'#https?://www\.facebook\.com/video\.php.*#i' => array( 'https://www.facebook.com/plugins/video/oembed.json/', true ),
'#https?://(www\.)?screencast\.com/.*#i' => array( 'https://api.screencast.com/external/oembed', true ),
'#https?://([a-z0-9-]+\.)?amazon\.(com|com\.mx|com\.br|ca)/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ),
'#https?://([a-z0-9-]+\.)?amazon\.(co\.uk|de|fr|it|es|in|nl|ru)/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ),
'#https?://([a-z0-9-]+\.)?amazon\.(co\.jp|com\.au)/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ),
'#https?://([a-z0-9-]+\.)?amazon\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ),
'#https?://(www\.)?a\.co/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ),
'#https?://(www\.)?amzn\.to/.*#i' => array( 'https://read.amazon.com/kp/api/oembed', true ),
'#https?://(www\.)?amzn\.eu/.*#i' => array( 'https://read.amazon.co.uk/kp/api/oembed', true ),
'#https?://(www\.)?amzn\.in/.*#i' => array( 'https://read.amazon.in/kp/api/oembed', true ),
'#https?://(www\.)?amzn\.asia/.*#i' => array( 'https://read.amazon.com.au/kp/api/oembed', true ),
'#https?://(www\.)?z\.cn/.*#i' => array( 'https://read.amazon.cn/kp/api/oembed', true ),
'#https?://www\.someecards\.com/.+-cards/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ),
'#https?://www\.someecards\.com/usercards/viewcard/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ),
'#https?://some\.ly\/.+#i' => array( 'https://www.someecards.com/v2/oembed/', true ),
);
if ( ! empty( self::$early_providers['add'] ) ) {
foreach ( self::$early_providers['add'] as $format => $data ) {
$providers[ $format ] = $data;
}
}
if ( ! empty( self::$early_providers['remove'] ) ) {
foreach ( self::$early_providers['remove'] as $format ) {
unset( $providers[ $format ] );
}
}
self::$early_providers = array();
/**
* Filters the list of whitelisted oEmbed providers.
*
* Since WordPress 4.4, oEmbed discovery is enabled for all users and allows embedding of sanitized
* iframes. The providers in this list are whitelisted, meaning they are trusted and allowed to
* embed any content, such as iframes, videos, JavaScript, and arbitrary HTML.
*
* Supported providers:
*
* | Provider | Flavor | Supports HTTPS | Since |
* | ------------ | --------------------------------- | :------------: | ------- |
* | Dailymotion | dailymotion.com | Yes | 2.9.0 |
* | Flickr | flickr.com | Yes | 2.9.0 |
* | Hulu | hulu.com | Yes | 2.9.0 |
* | Photobucket | photobucket.com | No | 2.9.0 |
* | Scribd | scribd.com | Yes | 2.9.0 |
* | Vimeo | vimeo.com | Yes | 2.9.0 |
* | WordPress.tv | wordpress.tv | Yes | 2.9.0 |
* | YouTube | youtube.com/watch | Yes | 2.9.0 |
* | Funny or Die | funnyordie.com | Yes | 3.0.0 |
* | Polldaddy | polldaddy.com | Yes | 3.0.0 |
* | SmugMug | smugmug.com | Yes | 3.0.0 |
* | YouTube | youtu.be | Yes | 3.0.0 |
* | Twitter | twitter.com | Yes | 3.4.0 |
* | Instagram | instagram.com | Yes | 3.5.0 |
* | Instagram | instagr.am | Yes | 3.5.0 |
* | Slideshare | slideshare.net | Yes | 3.5.0 |
* | SoundCloud | soundcloud.com | Yes | 3.5.0 |
* | Dailymotion | dai.ly | Yes | 3.6.0 |
* | Flickr | flic.kr | Yes | 3.6.0 |
* | Spotify | spotify.com | Yes | 3.6.0 |
* | Imgur | imgur.com | Yes | 3.9.0 |
* | Meetup.com | meetup.com | Yes | 3.9.0 |
* | Meetup.com | meetu.ps | Yes | 3.9.0 |
* | Animoto | animoto.com | Yes | 4.0.0 |
* | Animoto | video214.com | Yes | 4.0.0 |
* | CollegeHumor | collegehumor.com | Yes | 4.0.0 |
* | Issuu | issuu.com | Yes | 4.0.0 |
* | Mixcloud | mixcloud.com | Yes | 4.0.0 |
* | Polldaddy | poll.fm | Yes | 4.0.0 |
* | TED | ted.com | Yes | 4.0.0 |
* | YouTube | youtube.com/playlist | Yes | 4.0.0 |
* | Tumblr | tumblr.com | Yes | 4.2.0 |
* | Kickstarter | kickstarter.com | Yes | 4.2.0 |
* | Kickstarter | kck.st | Yes | 4.2.0 |
* | Cloudup | cloudup.com | Yes | 4.3.0 |
* | ReverbNation | reverbnation.com | Yes | 4.4.0 |
* | VideoPress | videopress.com | Yes | 4.4.0 |
* | Reddit | reddit.com | Yes | 4.4.0 |
* | Speaker Deck | speakerdeck.com | Yes | 4.4.0 |
* | Twitter | twitter.com/timelines | Yes | 4.5.0 |
* | Twitter | twitter.com/moments | Yes | 4.5.0 |
* | Facebook | facebook.com | Yes | 4.7.0 |
* | Twitter | twitter.com/user | Yes | 4.7.0 |
* | Twitter | twitter.com/likes | Yes | 4.7.0 |
* | Twitter | twitter.com/lists | Yes | 4.7.0 |
* | Screencast | screencast.com | Yes | 4.8.0 |
* | Amazon | amazon.com|com.mx|com.br|ca | Yes | 4.9.0 |
* | Amazon | amazon.de|fr|it|es|in|nl|ru|co.uk | Yes | 4.9.0 |
* | Amazon | amazon.co.jp|com.au | Yes | 4.9.0 |
* | Amazon | amazon.cn | Yes | 4.9.0 |
* | Amazon | a.co | Yes | 4.9.0 |
* | Amazon | amzn.to|eu|in|asia | Yes | 4.9.0 |
* | Amazon | z.cn | Yes | 4.9.0 |
* | Someecards | someecards.com | Yes | 4.9.0 |
* | Someecards | some.ly | Yes | 4.9.0 |
*
* No longer supported providers:
*
* | Provider | Flavor | Supports HTTPS | Since | Removed |
* | ------------ | -------------------- | :------------: | --------- | --------- |
* | Qik | qik.com | Yes | 2.9.0 | 3.9.0 |
* | Viddler | viddler.com | Yes | 2.9.0 | 4.0.0 |
* | Revision3 | revision3.com | No | 2.9.0 | 4.2.0 |
* | Blip | blip.tv | No | 2.9.0 | 4.4.0 |
* | Rdio | rdio.com | Yes | 3.6.0 | 4.4.1 |
* | Rdio | rd.io | Yes | 3.6.0 | 4.4.1 |
* | Vine | vine.co | Yes | 4.1.0 | 4.9.0 |
*
* @see wp_oembed_add_provider()
*
* @since 2.9.0
*
* @param array $providers An array of popular oEmbed providers.
*/
$this->providers = apply_filters( 'oembed_providers', $providers );
// Fix any embeds that contain new lines in the middle of the HTML which breaks wpautop().
add_filter( 'oembed_dataparse', array($this, '_strip_newlines'), 10, 3 );
}
/**
* Exposes private/protected methods for backward compatibility.
*
* @since 4.0.0
*
* @param callable $name Method to call.
* @param array $arguments Arguments to pass when calling.
* @return mixed|bool Return value of the callback, false otherwise.
*/
public function __call( $name, $arguments ) {
if ( in_array( $name, $this->compat_methods ) ) {
return call_user_func_array( array( $this, $name ), $arguments );
}
return false;
}
/**
* Takes a URL and returns the corresponding oEmbed provider's URL, if there is one.
*
* @since 4.0.0
*
* @see WP_oEmbed::discover()
*
* @param string $url The URL to the content.
* @param string|array $args Optional provider arguments.
* @return false|string False on failure, otherwise the oEmbed provider URL.
*/
public function get_provider( $url, $args = '' ) {
$args = wp_parse_args( $args );
$provider = false;
if ( !isset($args['discover']) )
$args['discover'] = true;
foreach ( $this->providers as $matchmask => $data ) {
list( $providerurl, $regex ) = $data;
// Turn the asterisk-type provider URLs into regex
if ( !$regex ) {
$matchmask = '#' . str_replace( '___wildcard___', '(.+)', preg_quote( str_replace( '*', '___wildcard___', $matchmask ), '#' ) ) . '#i';
$matchmask = preg_replace( '|^#http\\\://|', '#https?\://', $matchmask );
}
if ( preg_match( $matchmask, $url ) ) {
$provider = str_replace( '{format}', 'json', $providerurl ); // JSON is easier to deal with than XML
break;
}
}
if ( !$provider && $args['discover'] )
$provider = $this->discover( $url );
return $provider;
}
/**
* Adds an oEmbed provider.
*
* The provider is added just-in-time when wp_oembed_add_provider() is called before
* the {@see 'plugins_loaded'} hook.
*
* The just-in-time addition is for the benefit of the {@see 'oembed_providers'} filter.
*
* @static
* @since 4.0.0
*
* @see wp_oembed_add_provider()
*
* @param string $format Format of URL that this provider can handle. You can use
* asterisks as wildcards.
* @param string $provider The URL to the oEmbed provider..
* @param bool $regex Optional. Whether the $format parameter is in a regex format.
* Default false.
*/
public static function _add_provider_early( $format, $provider, $regex = false ) {
if ( empty( self::$early_providers['add'] ) ) {
self::$early_providers['add'] = array();
}
self::$early_providers['add'][ $format ] = array( $provider, $regex );
}
/**
* Removes an oEmbed provider.
*
* The provider is removed just-in-time when wp_oembed_remove_provider() is called before
* the {@see 'plugins_loaded'} hook.
*
* The just-in-time removal is for the benefit of the {@see 'oembed_providers'} filter.
*
* @since 4.0.0
* @static
*
* @see wp_oembed_remove_provider()
*
* @param string $format The format of URL that this provider can handle. You can use
* asterisks as wildcards.
*/
public static function _remove_provider_early( $format ) {
if ( empty( self::$early_providers['remove'] ) ) {
self::$early_providers['remove'] = array();
}
self::$early_providers['remove'][] = $format;
}
/**
* Takes a URL and attempts to return the oEmbed data.
*
* @see WP_oEmbed::fetch()
*
* @since 4.8.0
*
* @param string $url The URL to the content that should be attempted to be embedded.
* @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
* @return false|object False on failure, otherwise the result in the form of an object.
*/
public function get_data( $url, $args = '' ) {
$args = wp_parse_args( $args );
$provider = $this->get_provider( $url, $args );
if ( ! $provider ) {
return false;
}
$data = $this->fetch( $provider, $url, $args );
if ( false === $data ) {
return false;
}
return $data;
}
/**
* The do-it-all function that takes a URL and attempts to return the HTML.
*
* @see WP_oEmbed::fetch()
* @see WP_oEmbed::data2html()
*
* @since 2.9.0
*
* @param string $url The URL to the content that should be attempted to be embedded.
* @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
* @return false|string False on failure, otherwise the UNSANITIZED (and potentially unsafe) HTML that should be used to embed.
*/
public function get_html( $url, $args = '' ) {
/**
* Filters the oEmbed result before any HTTP requests are made.
*
* This allows one to short-circuit the default logic, perhaps by
* replacing it with a routine that is more optimal for your setup.
*
* Passing a non-null value to the filter will effectively short-circuit retrieval,
* returning the passed value instead.
*
* @since 4.5.3
*
* @param null|string $result The UNSANITIZED (and potentially unsafe) HTML that should be used to embed. Default null.
* @param string $url The URL to the content that should be attempted to be embedded.
* @param array $args Optional. Arguments, usually passed from a shortcode. Default empty.
*/
$pre = apply_filters( 'pre_oembed_result', null, $url, $args );
if ( null !== $pre ) {
return $pre;
}
$data = $this->get_data( $url, $args );
if ( false === $data ) {
return false;
}
/**
* Filters the HTML returned by the oEmbed provider.
*
* @since 2.9.0
*
* @param string $data The returned oEmbed HTML.
* @param string $url URL of the content to be embedded.
* @param array $args Optional arguments, usually passed from a shortcode.
*/
return apply_filters( 'oembed_result', $this->data2html( $data, $url ), $url, $args );
}
/**
* Attempts to discover link tags at the given URL for an oEmbed provider.
*
* @since 2.9.0
*
* @param string $url The URL that should be inspected for discovery `` tags.
* @return false|string False on failure, otherwise the oEmbed provider URL.
*/
public function discover( $url ) {
$providers = array();
$args = array(
'limit_response_size' => 153600, // 150 KB
);
/**
* Filters oEmbed remote get arguments.
*
* @since 4.0.0
*
* @see WP_Http::request()
*
* @param array $args oEmbed remote get arguments.
* @param string $url URL to be inspected.
*/
$args = apply_filters( 'oembed_remote_get_args', $args, $url );
// Fetch URL content
$request = wp_safe_remote_get( $url, $args );
if ( $html = wp_remote_retrieve_body( $request ) ) {
/**
* Filters the link types that contain oEmbed provider URLs.
*
* @since 2.9.0
*
* @param array $format Array of oEmbed link types. Accepts 'application/json+oembed',
* 'text/xml+oembed', and 'application/xml+oembed' (incorrect,
* used by at least Vimeo).
*/
$linktypes = apply_filters( 'oembed_linktypes', array(
'application/json+oembed' => 'json',
'text/xml+oembed' => 'xml',
'application/xml+oembed' => 'xml',
) );
// Strip
if ( $html_head_end = stripos( $html, '' ) ) {
$html = substr( $html, 0, $html_head_end );
}
// Do a quick check
$tagfound = false;
foreach ( $linktypes as $linktype => $format ) {
if ( stripos($html, $linktype) ) {
$tagfound = true;
break;
}
}
if ( $tagfound && preg_match_all( '#]+)/?>#iU', $html, $links ) ) {
foreach ( $links[1] as $link ) {
$atts = shortcode_parse_atts( $link );
if ( !empty($atts['type']) && !empty($linktypes[$atts['type']]) && !empty($atts['href']) ) {
$providers[$linktypes[$atts['type']]] = htmlspecialchars_decode( $atts['href'] );
// Stop here if it's JSON (that's all we need)
if ( 'json' == $linktypes[$atts['type']] )
break;
}
}
}
}
// JSON is preferred to XML
if ( !empty($providers['json']) )
return $providers['json'];
elseif ( !empty($providers['xml']) )
return $providers['xml'];
else
return false;
}
/**
* Connects to a oEmbed provider and returns the result.
*
* @since 2.9.0
*
* @param string $provider The URL to the oEmbed provider.
* @param string $url The URL to the content that is desired to be embedded.
* @param array|string $args Optional. Arguments, usually passed from a shortcode. Default empty.
* @return false|object False on failure, otherwise the result in the form of an object.
*/
public function fetch( $provider, $url, $args = '' ) {
$args = wp_parse_args( $args, wp_embed_defaults( $url ) );
$provider = add_query_arg( 'maxwidth', (int) $args['width'], $provider );
$provider = add_query_arg( 'maxheight', (int) $args['height'], $provider );
$provider = add_query_arg( 'url', urlencode($url), $provider );
$provider = add_query_arg( 'dnt', 1, $provider );
/**
* Filters the oEmbed URL to be fetched.
*
* @since 2.9.0
* @since 4.9.0 The `dnt` (Do Not Track) query parameter was added to all oEmbed provider URLs.
*
* @param string $provider URL of the oEmbed provider.
* @param string $url URL of the content to be embedded.
* @param array $args Optional arguments, usually passed from a shortcode.
*/
$provider = apply_filters( 'oembed_fetch_url', $provider, $url, $args );
foreach ( array( 'json', 'xml' ) as $format ) {
$result = $this->_fetch_with_format( $provider, $format );
if ( is_wp_error( $result ) && 'not-implemented' == $result->get_error_code() )
continue;
return ( $result && ! is_wp_error( $result ) ) ? $result : false;
}
return false;
}
/**
* Fetches result from an oEmbed provider for a specific format and complete provider URL
*
* @since 3.0.0
*
* @param string $provider_url_with_args URL to the provider with full arguments list (url, maxheight, etc.)
* @param string $format Format to use
* @return false|object|WP_Error False on failure, otherwise the result in the form of an object.
*/
private function _fetch_with_format( $provider_url_with_args, $format ) {
$provider_url_with_args = add_query_arg( 'format', $format, $provider_url_with_args );
/** This filter is documented in wp-includes/class-oembed.php */
$args = apply_filters( 'oembed_remote_get_args', array(), $provider_url_with_args );
$response = wp_safe_remote_get( $provider_url_with_args, $args );
if ( 501 == wp_remote_retrieve_response_code( $response ) )
return new WP_Error( 'not-implemented' );
if ( ! $body = wp_remote_retrieve_body( $response ) )
return false;
$parse_method = "_parse_$format";
return $this->$parse_method( $body );
}
/**
* Parses a json response body.
*
* @since 3.0.0
*
* @param string $response_body
* @return object|false
*/
private function _parse_json( $response_body ) {
$data = json_decode( trim( $response_body ) );
return ( $data && is_object( $data ) ) ? $data : false;
}
/**
* Parses an XML response body.
*
* @since 3.0.0
*
* @param string $response_body
* @return object|false
*/
private function _parse_xml( $response_body ) {
if ( ! function_exists( 'libxml_disable_entity_loader' ) )
return false;
$loader = libxml_disable_entity_loader( true );
$errors = libxml_use_internal_errors( true );
$return = $this->_parse_xml_body( $response_body );
libxml_use_internal_errors( $errors );
libxml_disable_entity_loader( $loader );
return $return;
}
/**
* Serves as a helper function for parsing an XML response body.
*
* @since 3.6.0
*
* @param string $response_body
* @return stdClass|false
*/
private function _parse_xml_body( $response_body ) {
if ( ! function_exists( 'simplexml_import_dom' ) || ! class_exists( 'DOMDocument', false ) )
return false;
$dom = new DOMDocument;
$success = $dom->loadXML( $response_body );
if ( ! $success )
return false;
if ( isset( $dom->doctype ) )
return false;
foreach ( $dom->childNodes as $child ) {
if ( XML_DOCUMENT_TYPE_NODE === $child->nodeType )
return false;
}
$xml = simplexml_import_dom( $dom );
if ( ! $xml )
return false;
$return = new stdClass;
foreach ( $xml as $key => $value ) {
$return->$key = (string) $value;
}
return $return;
}
/**
* Converts a data object from WP_oEmbed::fetch() and returns the HTML.
*
* @since 2.9.0
*
* @param object $data A data object result from an oEmbed provider.
* @param string $url The URL to the content that is desired to be embedded.
* @return false|string False on error, otherwise the HTML needed to embed.
*/
public function data2html( $data, $url ) {
if ( ! is_object( $data ) || empty( $data->type ) )
return false;
$return = false;
switch ( $data->type ) {
case 'photo':
if ( empty( $data->url ) || empty( $data->width ) || empty( $data->height ) )
break;
if ( ! is_string( $data->url ) || ! is_numeric( $data->width ) || ! is_numeric( $data->height ) )
break;
$title = ! empty( $data->title ) && is_string( $data->title ) ? $data->title : '';
$return = ' . ')
';
break;
case 'video':
case 'rich':
if ( ! empty( $data->html ) && is_string( $data->html ) )
$return = $data->html;
break;
case 'link':
if ( ! empty( $data->title ) && is_string( $data->title ) )
$return = '' . esc_html( $data->title ) . '';
break;
default:
$return = false;
}
/**
* Filters the returned oEmbed HTML.
*
* Use this filter to add support for custom data types, or to filter the result.
*
* @since 2.9.0
*
* @param string $return The returned oEmbed HTML.
* @param object $data A data object result from an oEmbed provider.
* @param string $url The URL of the content to be embedded.
*/
return apply_filters( 'oembed_dataparse', $return, $data, $url );
}
/**
* Strips any new lines from the HTML.
*
* @since 2.9.0 as strip_scribd_newlines()
* @since 3.0.0
*
* @param string $html Existing HTML.
* @param object $data Data object from WP_oEmbed::data2html()
* @param string $url The original URL passed to oEmbed.
* @return string Possibly modified $html
*/
public function _strip_newlines( $html, $data, $url ) {
if ( false === strpos( $html, "\n" ) ) {
return $html;
}
$count = 1;
$found = array();
$token = '__PRE__';
$search = array( "\t", "\n", "\r", ' ' );
$replace = array( '__TAB__', '__NL__', '__CR__', '__SPACE__' );
$tokenized = str_replace( $search, $replace, $html );
preg_match_all( '#(]*>.+?)#i', $tokenized, $matches, PREG_SET_ORDER );
foreach ( $matches as $i => $match ) {
$tag_html = str_replace( $replace, $search, $match[0] );
$tag_token = $token . $i;
$found[ $tag_token ] = $tag_html;
$html = str_replace( $tag_html, $tag_token, $html, $count );
}
$replaced = str_replace( $replace, $search, $html );
$stripped = str_replace( array( "\r\n", "\n" ), '', $replaced );
$pre = array_values( $found );
$tokens = array_keys( $found );
return str_replace( $tokens, $pre, $stripped );
}
}
ilter = true;
}
if ( in_array( 'content', $fields, true ) ) {
$data['content'] = array(
'raw' => $post->post_content,
/** This filter is documented in wp-includes/post-template.php */
'rendered' => post_password_required( $post ) ? '' : apply_filters( 'the_content', $post->post_content ),
'protected' => (bool) $post->post_password,
);
}
if ( in_array( 'excerpt', $fields, true ) ) {
/** This filter is documented in wp-includes/post-template.php */
$excerpt = apply_filters( 'the_excerpt', apply_filters( 'get_the_excerpt', $post->post_excerpt, $post ) );
$data['excerpt'] = array(
'raw' => $post->post_excerpt,
'rendered' => post_password_required( $post ) ? '' : $excerpt,
'protected' => (bool) $post->post_password,
);
}
if ( $has_password_filter ) {
// Reset filter.
remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
}
if ( in_array( 'author', $fields, true ) ) {
$data['author'] = (int) $post->post_author;
}
if ( in_array( 'featured_media', $fields, true ) ) {
$data['featured_media'] = (int) get_post_thumbnail_id( $post->ID );
}
if ( in_array( 'parent', $fields, true ) ) {
$data['parent'] = (int) $post->post_parent;
}
if ( in_array( 'menu_order', $fields, true ) ) {
$data['menu_order'] = (int) $post->menu_order;
}
if ( in_array( 'comment_status', $fields, true ) ) {
$data['comment_status'] = $post->comment_status;
}
if ( in_array( 'ping_status', $fields, true ) ) {
$data['ping_status'] = $post->ping_status;
}
if ( in_array( 'sticky', $fields, true ) ) {
$data['sticky'] = is_sticky( $post->ID );
}
if ( in_array( 'template', $fields, true ) ) {
if ( $template = get_page_template_slug( $post->ID ) ) {
$data['template'] = $template;
} else {
$data['template'] = '';
}
}
if ( in_array( 'format', $fields, true ) ) {
$data['format'] = get_post_format( $post->ID );
// Fill in blank post format.
if ( empty( $data['format'] ) ) {
$data['format'] = 'standard';
}
}
if ( in_array( 'meta', $fields, true ) ) {
$data['meta'] = $this->meta->get_value( $post->ID, $request );
}
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
if ( in_array( $base, $fields, true ) ) {
$terms = get_the_terms( $post, $taxonomy->name );
$data[ $base ] = $terms ? array_values( wp_list_pluck( $terms, 'term_id' ) ) : array();
}
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
$links = $this->prepare_links( $post );
$response->add_links( $links );
if ( ! empty( $links['self']['href'] ) ) {
$actions = $this->get_available_actions( $post, $request );
$self = $links['self']['href'];
foreach ( $actions as $rel ) {
$response->add_link( $rel, $self );
}
}
/**
* Filters the post data for a response.
*
* The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Request object.
*/
return apply_filters( "rest_prepare_{$this->post_type}", $response, $post, $request );
}
/**
* Overwrites the default protected title format.
*
* By default, WordPress will show password protected posts with a title of
* "Protected: %s", as the REST API communicates the protected status of a post
* in a machine readable format, we remove the "Protected: " prefix.
*
* @since 4.7.0
*
* @return string Protected title format.
*/
public function protected_title_format() {
return '%s';
}
/**
* Prepares links for the request.
*
* @since 4.7.0
*
* @param WP_Post $post Post object.
* @return array Links for the given post.
*/
protected function prepare_links( $post ) {
$base = sprintf( '%s/%s', $this->namespace, $this->rest_base );
// Entity meta.
$links = array(
'self' => array(
'href' => rest_url( trailingslashit( $base ) . $post->ID ),
),
'collection' => array(
'href' => rest_url( $base ),
),
'about' => array(
'href' => rest_url( 'wp/v2/types/' . $this->post_type ),
),
);
if ( ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'author' ) )
&& ! empty( $post->post_author ) ) {
$links['author'] = array(
'href' => rest_url( 'wp/v2/users/' . $post->post_author ),
'embeddable' => true,
);
}
if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'comments' ) ) {
$replies_url = rest_url( 'wp/v2/comments' );
$replies_url = add_query_arg( 'post', $post->ID, $replies_url );
$links['replies'] = array(
'href' => $replies_url,
'embeddable' => true,
);
}
if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'revisions' ) ) {
$revisions = wp_get_post_revisions( $post->ID, array( 'fields' => 'ids' ) );
$revisions_count = count( $revisions );
$links['version-history'] = array(
'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions' ),
'count' => $revisions_count,
);
if ( $revisions_count > 0 ) {
$last_revision = array_shift( $revisions );
$links['predecessor-version'] = array(
'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions/' . $last_revision ),
'id' => $last_revision,
);
}
}
$post_type_obj = get_post_type_object( $post->post_type );
if ( $post_type_obj->hierarchical && ! empty( $post->post_parent ) ) {
$links['up'] = array(
'href' => rest_url( trailingslashit( $base ) . (int) $post->post_parent ),
'embeddable' => true,
);
}
// If we have a featured media, add that.
if ( $featured_media = get_post_thumbnail_id( $post->ID ) ) {
$image_url = rest_url( 'wp/v2/media/' . $featured_media );
$links['https://api.w.org/featuredmedia'] = array(
'href' => $image_url,
'embeddable' => true,
);
}
if ( ! in_array( $post->post_type, array( 'attachment', 'nav_menu_item', 'revision' ), true ) ) {
$attachments_url = rest_url( 'wp/v2/media' );
$attachments_url = add_query_arg( 'parent', $post->ID, $attachments_url );
$links['https://api.w.org/attachment'] = array(
'href' => $attachments_url,
);
}
$taxonomies = get_object_taxonomies( $post->post_type );
if ( ! empty( $taxonomies ) ) {
$links['https://api.w.org/term'] = array();
foreach ( $taxonomies as $tax ) {
$taxonomy_obj = get_taxonomy( $tax );
// Skip taxonomies that are not public.
if ( empty( $taxonomy_obj->show_in_rest ) ) {
continue;
}
$tax_base = ! empty( $taxonomy_obj->rest_base ) ? $taxonomy_obj->rest_base : $tax;
$terms_url = add_query_arg(
'post',
$post->ID,
rest_url( 'wp/v2/' . $tax_base )
);
$links['https://api.w.org/term'][] = array(
'href' => $terms_url,
'taxonomy' => $tax,
'embeddable' => true,
);
}
}
return $links;
}
/**
* Get the link relations available for the post and current user.
*
* @since 4.9.8
*
* @param WP_Post $post Post object.
* @param WP_REST_Request Request object.
*
* @return array List of link relations.
*/
protected function get_available_actions( $post, $request ) {
if ( 'edit' !== $request['context'] ) {
return array();
}
$rels = array();
$post_type = get_post_type_object( $post->post_type );
if ( 'attachment' !== $this->post_type && current_user_can( $post_type->cap->publish_posts ) ) {
$rels[] = 'https://api.w.org/action-publish';
}
if ( 'post' === $post_type->name ) {
if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) {
$rels[] = 'https://api.w.org/action-sticky';
}
}
if ( post_type_supports( $post_type->name, 'author' ) ) {
if ( current_user_can( $post_type->cap->edit_others_posts ) ) {
$rels[] = 'https://api.w.org/action-assign-author';
}
}
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $tax ) {
$tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name;
$create_cap = is_taxonomy_hierarchical( $tax->name ) ? $tax->cap->edit_terms : $tax->cap->assign_terms;
if ( current_user_can( $create_cap ) ) {
$rels[] = 'https://api.w.org/action-create-' . $tax_base;
}
if ( current_user_can( $tax->cap->assign_terms ) ) {
$rels[] = 'https://api.w.org/action-assign-' . $tax_base;
}
}
return $rels;
}
/**
* Retrieves the post's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array Item schema data.
*/
public function get_item_schema() {
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => $this->post_type,
'type' => 'object',
// Base properties for every Post.
'properties' => array(
'date' => array(
'description' => __( "The date the object was published, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit', 'embed' ),
),
'date_gmt' => array(
'description' => __( 'The date the object was published, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'guid' => array(
'description' => __( 'The globally unique identifier for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit' ),
'readonly' => true,
'properties' => array(
'raw' => array(
'description' => __( 'GUID for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
'readonly' => true,
),
'rendered' => array(
'description' => __( 'GUID for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
),
),
'id' => array(
'description' => __( 'Unique identifier for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'link' => array(
'description' => __( 'URL to the object.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'modified' => array(
'description' => __( "The date the object was last modified, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'modified_gmt' => array(
'description' => __( 'The date the object was last modified, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'slug' => array(
'description' => __( 'An alphanumeric identifier for the object unique to its type.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => array( $this, 'sanitize_slug' ),
),
),
'status' => array(
'description' => __( 'A named status for the object.' ),
'type' => 'string',
'enum' => array_keys( get_post_stati( array( 'internal' => false ) ) ),
'context' => array( 'view', 'edit' ),
),
'type' => array(
'description' => __( 'Type of Post for the object.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'password' => array(
'description' => __( 'A password to protect access to the content and excerpt.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
),
);
$post_type_obj = get_post_type_object( $this->post_type );
if ( $post_type_obj->hierarchical ) {
$schema['properties']['parent'] = array(
'description' => __( 'The ID for the parent of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
);
}
$post_type_attributes = array(
'title',
'editor',
'author',
'excerpt',
'thumbnail',
'comments',
'revisions',
'page-attributes',
'post-formats',
'custom-fields',
);
$fixed_schemas = array(
'post' => array(
'title',
'editor',
'author',
'excerpt',
'thumbnail',
'comments',
'revisions',
'post-formats',
'custom-fields',
),
'page' => array(
'title',
'editor',
'author',
'excerpt',
'thumbnail',
'comments',
'revisions',
'page-attributes',
'custom-fields',
),
'attachment' => array(
'title',
'author',
'comments',
'revisions',
'custom-fields',
),
);
foreach ( $post_type_attributes as $attribute ) {
if ( isset( $fixed_schemas[ $this->post_type ] ) && ! in_array( $attribute, $fixed_schemas[ $this->post_type ], true ) ) {
continue;
} elseif ( ! isset( $fixed_schemas[ $this->post_type ] ) && ! post_type_supports( $this->post_type, $attribute ) ) {
continue;
}
switch ( $attribute ) {
case 'title':
$schema['properties']['title'] = array(
'description' => __( 'The title for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Title for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML title for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
break;
case 'editor':
$schema['properties']['content'] = array(
'description' => __( 'The content for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Content for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML content for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'readonly' => true,
),
'protected' => array(
'description' => __( 'Whether the content is protected with a password.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
break;
case 'author':
$schema['properties']['author'] = array(
'description' => __( 'The ID for the author of the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
);
break;
case 'excerpt':
$schema['properties']['excerpt'] = array(
'description' => __( 'The excerpt for the object.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database()
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database()
),
'properties' => array(
'raw' => array(
'description' => __( 'Excerpt for the object, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML excerpt for the object, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'protected' => array(
'description' => __( 'Whether the excerpt is protected with a password.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
break;
case 'thumbnail':
$schema['properties']['featured_media'] = array(
'description' => __( 'The ID of the featured media for the object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
);
break;
case 'comments':
$schema['properties']['comment_status'] = array(
'description' => __( 'Whether or not comments are open on the object.' ),
'type' => 'string',
'enum' => array( 'open', 'closed' ),
'context' => array( 'view', 'edit' ),
);
$schema['properties']['ping_status'] = array(
'description' => __( 'Whether or not the object can be pinged.' ),
'type' => 'string',
'enum' => array( 'open', 'closed' ),
'context' => array( 'view', 'edit' ),
);
break;
case 'page-attributes':
$schema['properties']['menu_order'] = array(
'description' => __( 'The order of the object in relation to other object of its type.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
);
break;
case 'post-formats':
// Get the native post formats and remove the array keys.
$formats = array_values( get_post_format_slugs() );
$schema['properties']['format'] = array(
'description' => __( 'The format for the object.' ),
'type' => 'string',
'enum' => $formats,
'context' => array( 'view', 'edit' ),
);
break;
case 'custom-fields':
$schema['properties']['meta'] = $this->meta->get_field_schema();
break;
}
}
if ( 'post' === $this->post_type ) {
$schema['properties']['sticky'] = array(
'description' => __( 'Whether or not the object should be treated as sticky.' ),
'type' => 'boolean',
'context' => array( 'view', 'edit' ),
);
}
$schema['properties']['template'] = array(
'description' => __( 'The theme file to use to display the object.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'validate_callback' => array( $this, 'check_template' ),
),
);
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
$schema['properties'][ $base ] = array(
/* translators: %s: taxonomy name */
'description' => sprintf( __( 'The terms assigned to the object in the %s taxonomy.' ), $taxonomy->name ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'context' => array( 'view', 'edit' ),
);
}
$schema_links = $this->get_schema_links();
if ( $schema_links ) {
$schema['links'] = $schema_links;
}
return $this->add_additional_fields_schema( $schema );
}
/**
* Retrieve Link Description Objects that should be added to the Schema for the posts collection.
*
* @since 4.9.8
*
* @return array
*/
protected function get_schema_links() {
$href = rest_url( "{$this->namespace}/{$this->rest_base}/{id}" );
$links = array();
if ( 'attachment' !== $this->post_type ) {
$links[] = array(
'rel' => 'https://api.w.org/action-publish',
'title' => __( 'The current user can publish this post.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'status' => array(
'type' => 'string',
'enum' => array( 'publish', 'future' ),
),
),
),
);
}
if ( 'post' === $this->post_type ) {
$links[] = array(
'rel' => 'https://api.w.org/action-sticky',
'title' => __( 'The current user can sticky this post.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'sticky' => array(
'type' => 'boolean',
),
),
),
);
}
if ( post_type_supports( $this->post_type, 'author' ) ) {
$links[] = array(
'rel' => 'https://api.w.org/action-assign-author',
'title' => __( 'The current user can change the author on this post.' ),
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
'author' => array(
'type' => 'integer',
),
),
),
);
}
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $tax ) {
$tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name;
/* translators: %s: taxonomy name */
$assign_title = sprintf( __( 'The current user can assign terms in the %s taxonomy.' ), $tax->name );
/* translators: %s: taxonomy name */
$create_title = sprintf( __( 'The current user can create terms in the %s taxonomy.' ), $tax->name );
$links[] = array(
'rel' => 'https://api.w.org/action-assign-' . $tax_base,
'title' => $assign_title,
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
$tax_base => array(
'type' => 'array',
'items' => array(
'type' => 'integer',
),
),
),
),
);
$links[] = array(
'rel' => 'https://api.w.org/action-create-' . $tax_base,
'title' => $create_title,
'href' => $href,
'targetSchema' => array(
'type' => 'object',
'properties' => array(
$tax_base => array(
'type' => 'array',
'items' => array(
'type' => 'integer',
),
),
),
),
);
}
return $links;
}
/**
* Retrieves the query params for the posts collection.
*
* @since 4.7.0
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
$query_params['after'] = array(
'description' => __( 'Limit response to posts published after a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
if ( post_type_supports( $this->post_type, 'author' ) ) {
$query_params['author'] = array(
'description' => __( 'Limit result set to posts assigned to specific authors.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['author_exclude'] = array(
'description' => __( 'Ensure result set excludes posts assigned to specific authors.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
}
$query_params['before'] = array(
'description' => __( 'Limit response to posts published before a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) {
$query_params['menu_order'] = array(
'description' => __( 'Limit result set to posts with a specific menu_order value.' ),
'type' => 'integer',
);
}
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
$query_params['order'] = array(
'description' => __( 'Order sort attribute ascending or descending.' ),
'type' => 'string',
'default' => 'desc',
'enum' => array( 'asc', 'desc' ),
);
$query_params['orderby'] = array(
'description' => __( 'Sort collection by object attribute.' ),
'type' => 'string',
'default' => 'date',
'enum' => array(
'author',
'date',
'id',
'include',
'modified',
'parent',
'relevance',
'slug',
'include_slugs',
'title',
),
);
if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) {
$query_params['orderby']['enum'][] = 'menu_order';
}
$post_type = get_post_type_object( $this->post_type );
if ( $post_type->hierarchical || 'attachment' === $this->post_type ) {
$query_params['parent'] = array(
'description' => __( 'Limit result set to items with particular parent IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['parent_exclude'] = array(
'description' => __( 'Limit result set to all items except those of a particular parent ID.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
}
$query_params['slug'] = array(
'description' => __( 'Limit result set to posts with one or more specific slugs.' ),
'type' => 'array',
'items' => array(
'type' => 'string',
),
'sanitize_callback' => 'wp_parse_slug_list',
);
$query_params['status'] = array(
'default' => 'publish',
'description' => __( 'Limit result set to posts assigned one or more statuses.' ),
'type' => 'array',
'items' => array(
'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ),
'type' => 'string',
),
'sanitize_callback' => array( $this, 'sanitize_post_statuses' ),
);
$taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
foreach ( $taxonomies as $taxonomy ) {
$base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
$query_params[ $base ] = array(
/* translators: %s: taxonomy name */
'description' => sprintf( __( 'Limit result set to all items that have the specified term assigned in the %s taxonomy.' ), $base ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params[ $base . '_exclude' ] = array(
/* translators: %s: taxonomy name */
'description' => sprintf( __( 'Limit result set to all items except those that have the specified term assigned in the %s taxonomy.' ), $base ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
}
if ( 'post' === $this->post_type ) {
$query_params['sticky'] = array(
'description' => __( 'Limit result set to items that are sticky.' ),
'type' => 'boolean',
);
}
/**
* Filter collection parameters for the posts controller.
*
* The dynamic part of the filter `$this->post_type` refers to the post
* type slug for the controller.
*
* This filter registers the collection parameter, but does not map the
* collection parameter to an internal WP_Query parameter. Use the
* `rest_{$this->post_type}_query` filter to set WP_Query parameters.
*
* @since 4.7.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
* @param WP_Post_Type $post_type Post type object.
*/
return apply_filters( "rest_{$this->post_type}_collection_params", $query_params, $post_type );
}
/**
* Sanitizes and validates the list of post statuses, including whether the
* user can query private statuses.
*
* @since 4.7.0
*
* @param string|array $statuses One or more post statuses.
* @param WP_REST_Request $request Full details about the request.
* @param string $parameter Additional parameter to pass to validation.
* @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
*/
public function sanitize_post_statuses( $statuses, $request, $parameter ) {
$statuses = wp_parse_slug_list( $statuses );
// The default status is different in WP_REST_Attachments_Controller
$attributes = $request->get_attributes();
$default_status = $attributes['args']['status']['default'];
foreach ( $statuses as $status ) {
if ( $status === $default_status ) {
continue;
}
$post_type_obj = get_post_type_object( $this->post_type );
if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
$result = rest_validate_request_arg( $status, $request, $parameter );
if ( is_wp_error( $result ) ) {
return $result;
}
} else {
return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
return $statuses;
}
}