945 | | function sanitize_meta( $meta_key, $meta_value, $meta_type ) { |
| 948 | function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) { |
| 949 | if ( ! empty( $object_subtype ) ) { |
| 950 | /** |
| 951 | * Filters the sanitization of a specific meta key of a specific meta type and subtype. |
| 952 | * |
| 953 | * The dynamic portions of the hook name, `$meta_type`, `$meta_subtype`, |
| 954 | * and `$meta_key`, refer to the metadata object type (comment, post, or user) |
| 955 | * the object subtype, and the meta key value, respectively. |
| 956 | * |
| 957 | * @since 4.6.0 |
| 958 | * |
| 959 | * @param mixed $meta_value Meta value to sanitize. |
| 960 | * @param string $meta_key Meta key. |
| 961 | * @param string $object_type Object type. |
| 962 | * @param string $object_subtype Object subtype. |
| 963 | */ |
| 964 | $meta_value = apply_filters( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $meta_value, $meta_key, $object_type, $object_subtype ); |
| 965 | } |
969 | | * @param string $meta_type Type of meta |
970 | | * @param string $meta_key Meta key |
971 | | * @param string|array $sanitize_callback A function or method to call when sanitizing the value of $meta_key. |
972 | | * @param string|array $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. |
| 994 | * @param string $object_type Type of object this meta is registered to. |
| 995 | * @param string $meta_key Meta key to register. |
| 996 | * @param array $args { |
| 997 | * Data used to describe the meta key when registered. |
| 998 | * |
| 999 | * @type string $sanitize_callback A function or method to call when sanitizing `$meta_key` data. |
| 1000 | * @type string $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. |
| 1001 | * @type string $object_subtype A subtype; e.g. if the object type is "post", the post type. |
| 1002 | * @type string $type The type of data associated with this meta key. |
| 1003 | * @type string $description A description of the data attached to this meta key. |
| 1004 | * @type bool $show_in_rest Whether data associated with this meta key can be considered public. |
| 1005 | * |
| 1006 | * @return bool True if the meta key was successfully registered in the global array, false if not. |
| 1007 | * Registering a meta key with distinct sanitize and auth callbacks will fire those |
| 1008 | * callbacks, but will not add to the global registry as it requires a subtype. |
| 1009 | * } |
985 | | if ( is_callable( $auth_callback ) ) |
986 | | add_filter( "auth_{$meta_type}_meta_{$meta_key}", $auth_callback, 10, 6 ); |
| 1018 | if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { |
| 1019 | _doing_it_wrong( __FUNCTION__, sprintf( __( 'Invalid object type: %s.' ), $object_type ), '4.6.0' ); |
| 1020 | } |
| 1021 | |
| 1022 | $defaults = array( |
| 1023 | 'sanitize_callback' => null, |
| 1024 | 'auth_callback' => null, |
| 1025 | 'object_subtype' => '', |
| 1026 | 'type' => 'string', |
| 1027 | 'description' => '', |
| 1028 | 'show_in_rest' => false, |
| 1029 | ); |
| 1030 | |
| 1031 | $passed_args = array_slice( func_get_args(), 2 ); |
| 1032 | |
| 1033 | // There used to be individual args for sanitize and auth callbacks |
| 1034 | $has_old_sanitize_cb = $has_old_auth_cb = false; |
| 1035 | |
| 1036 | if ( is_callable( $passed_args[0] ) ) { |
| 1037 | $args->sanitize_callback = $passed_args[0]; |
| 1038 | $has_old_sanitize_cb = true; |
| 1039 | } else { |
| 1040 | $args = $passed_args[0]; |
| 1041 | } |
| 1042 | |
| 1043 | if ( isset( $passed_args[1] ) && is_callable( $passed_args[1] ) ) { |
| 1044 | $args->auth_callback = $passed_args[1]; |
| 1045 | $has_old_auth_cb = true; |
| 1046 | } |
| 1047 | |
| 1048 | $args = wp_parse_args( $args, $defaults ); |
| 1049 | |
| 1050 | // PROOF OF CONCEPT ONLY |
| 1051 | // This should be a function like like _wp_register_meta_whitelist() or some such |
| 1052 | // And hooked in default filters |
| 1053 | add_filter( 'register_meta_args', function( $args, $defaults ) { |
| 1054 | $whitelist = array_keys( $defaults ); |
| 1055 | |
| 1056 | // In an anonymous function world, this would be way better as an array_filter |
| 1057 | foreach ( $args as $key => $value ) { |
| 1058 | if ( ! in_array( $key, $whitelist ) ) { |
| 1059 | unset( $args[ $key ] ); |
| 1060 | } |
| 1061 | } |
| 1062 | |
| 1063 | return $args; |
| 1064 | }, 10, 2 ) |
| 1065 | |
| 1066 | /** |
| 1067 | * Need a filter docblock here, also how late should this go? |
| 1068 | * And what orders should the context args be in? Most useful first, prob. |
| 1069 | */ |
| 1070 | apply_filters( 'register_meta_args', $args, $defaults, $meta_key, $object_type ); |
| 1071 | |
| 1072 | // Object subtype is required if using the args style of registration |
| 1073 | if ( ! $has_old_sanitize_cb && empty( $args['object_subtype'] ) ) { |
| 1074 | return false; |
| 1075 | } |
| 1076 | |
| 1077 | // Back-compat: old sanitize and auth callbacks applied to all of an object type |
| 1078 | if ( $has_old_sanitize_cb ) { |
| 1079 | add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args->sanitize_callback, 10, 3 ); |
| 1080 | } elseif ( is_callable( $args->sanitize_callback ) ) { |
| 1081 | add_filter( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args->sanitize_callback, 10, 3 ); |
| 1082 | } |
| 1083 | |
| 1084 | // If `auth_callback` is not provided, fall back to `is_protected_meta()`. |
| 1085 | if ( empty( $args->auth_callback ) ) { |
| 1086 | if ( is_protected_meta( $meta_key, $object_type ) ) { |
| 1087 | $args->auth_callback = '__return_false'; |
| 1088 | } else { |
| 1089 | $args->auth_callback = '__return_true'; |
| 1090 | } |
| 1091 | } |
| 1092 | |
| 1093 | if ( $has_old_auth_cb ) { |
| 1094 | add_filter( "auth_{$object_type}_meta_{$meta_key}", $args->auth_callback, 10, 3 ); |
| 1095 | } elseif ( is_callable( $args->auth_callback ) ) { |
| 1096 | add_filter( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args->auth_callback, 10, 3 ); |
| 1097 | } |
| 1098 | |
| 1099 | $object_subtype = $args['object_subtype']; |
| 1100 | |
| 1101 | // Global registry only contains meta keys registered in the new way with a subtype. |
| 1102 | if ( ! empty( $object_subtype ) ) { |
| 1103 | $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args; |
| 1104 | |
| 1105 | return true; |
| 1106 | } |
| 1107 | |
| 1108 | return false; |
| 1110 | |
| 1111 | /** |
| 1112 | * Checks if a meta key is registered. |
| 1113 | * |
| 1114 | * @since 4.6.0 |
| 1115 | * |
| 1116 | * @param string $object_type The type of object. |
| 1117 | * @param string $object_subtype The subtype of the object type. |
| 1118 | * @param string $meta_key The meta key. |
| 1119 | * |
| 1120 | * @return bool True if the meta key is registered to the object type and subtype. False if not. |
| 1121 | */ |
| 1122 | function registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) { |
| 1123 | global $wp_meta_keys; |
| 1124 | |
| 1125 | if ( ! is_array( $wp_meta_keys ) ) { |
| 1126 | return false; |
| 1127 | } |
| 1128 | |
| 1129 | // Only specific core object types are supported. |
| 1130 | if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { |
| 1131 | return false; |
| 1132 | } |
| 1133 | |
| 1134 | if ( ! isset( $wp_meta_keys[ $object_type] ) ) { |
| 1135 | return false; |
| 1136 | } |
| 1137 | |
| 1138 | if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { |
| 1139 | return false; |
| 1140 | } |
| 1141 | |
| 1142 | if ( isset( $wp_meta_keys[ $object_type][ $object_subtype][ $meta_key ] ) ) { |
| 1143 | return true; |
| 1144 | } |
| 1145 | |
| 1146 | return false; |
| 1147 | } |
| 1148 | |
| 1149 | /** |
| 1150 | * Unregisters a meta key from the list of registered keys. |
| 1151 | * |
| 1152 | * @since 4.6.0 |
| 1153 | * |
| 1154 | * @param string $object_type The type of object. |
| 1155 | * @param string $object_subtype The subtype of the object type. |
| 1156 | * @param string $meta_key The meta key. |
| 1157 | * |
| 1158 | * @return bool|WP_Error True if successful. WP_Error if the meta key is invalid. |
| 1159 | */ |
| 1160 | function unregister_meta_key( $object_type, $object_subtype, $meta_key ) { |
| 1161 | global $wp_meta_keys; |
| 1162 | |
| 1163 | if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) { |
| 1164 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key' ) ); |
| 1165 | } |
| 1166 | |
| 1167 | unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ); |
| 1168 | |
| 1169 | return true; |
| 1170 | } |
| 1171 | |
| 1172 | /** |
| 1173 | * Retrieves a list of registered meta keys for an object type and optionally subtype. |
| 1174 | * |
| 1175 | * @since 4.6.0 |
| 1176 | * |
| 1177 | * @param string $object_type The type of object. Post, comment, user, term. |
| 1178 | * @param string $object_subtype Optional. A subtype of the object (e.g. custom post type). |
| 1179 | * |
| 1180 | * @return array List of registered meta keys. |
| 1181 | */ |
| 1182 | function get_registered_meta_keys( $object_type, $object_subtype = '' ) { |
| 1183 | global $wp_meta_keys; |
| 1184 | |
| 1185 | if ( ! isset( $wp_meta_keys[ $object_type ] ) ) { |
| 1186 | return array(); |
| 1187 | } |
| 1188 | |
| 1189 | if ( empty( $object_subtype ) && isset( $wp_meta_keys[ $object_type ] ) ) { |
| 1190 | return $wp_meta_keys[ $object_type ]; |
| 1191 | } |
| 1192 | |
| 1193 | if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { |
| 1194 | return array(); |
| 1195 | } |
| 1196 | |
| 1197 | return $wp_meta_keys[ $object_type ][ $object_subtype ]; |
| 1198 | } |
| 1199 | |
| 1200 | /** |
| 1201 | * Retrieves registered metadata for a specified object. |
| 1202 | * |
| 1203 | * @since 4.6.0 |
| 1204 | * |
| 1205 | * @param string $object_type Type of object to request metadata for. (e.g. comment, post, term, user) |
| 1206 | * @param string $object_subtype The subtype of the object's type to request metadata for. (e.g. custom post type) |
| 1207 | * @param int $object_id ID of the object the metadata is for. |
| 1208 | * @param string $meta_key Optional. Registered metadata key. If not specified, retrieve all registered |
| 1209 | * metadata for the specified object. |
| 1210 | * |
| 1211 | * @return mixed|WP_Error |
| 1212 | */ |
| 1213 | function get_registered_metadata( $object_type, $object_subtype, $object_id, $meta_key = '' ) { |
| 1214 | global $wp_meta_keys; |
| 1215 | |
| 1216 | if ( ! is_array( $wp_meta_keys ) ) { |
| 1217 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) ); |
| 1218 | } |
| 1219 | |
| 1220 | if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { |
| 1221 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not a core object type.' ) ); |
| 1222 | } |
| 1223 | |
| 1224 | if( ! empty( $meta_key ) ) { |
| 1225 | if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) { |
| 1226 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) ); |
| 1227 | } |
| 1228 | $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); |
| 1229 | $meta_key_data = $meta_keys[ $object_type ][ $object_subtype ][ $meta_key ]; |
| 1230 | |
| 1231 | $data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data->single ); |
| 1232 | |
| 1233 | return $data; |
| 1234 | } |
| 1235 | |
| 1236 | $data = get_metadata( $object_type, $object_id, $meta_key ); |
| 1237 | |
| 1238 | $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); |
| 1239 | $registered_data = array(); |
| 1240 | |
| 1241 | // Someday, array_filter() |
| 1242 | foreach( $meta_keys as $k => $v ) { |
| 1243 | if ( isset( $data[ $k ] ) ) { |
| 1244 | $registered_data[ $k ] = $data[ $k ]; |
| 1245 | } |
| 1246 | } |
| 1247 | |
| 1248 | return $registered_data; |
| 1249 | } |