945 | | function sanitize_meta( $meta_key, $meta_value, $meta_type ) { |
| 948 | function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) { |
| 949 | if ( ! empty( $object_subtype ) ) { |
| 950 | /** |
| 951 | * Filters the sanitization of a specific meta key of a specific meta type and subtype. |
| 952 | * |
| 953 | * The dynamic portions of the hook name, `$meta_type`, `$meta_subtype`, |
| 954 | * and `$meta_key`, refer to the metadata object type (comment, post, or user) |
| 955 | * the object subtype, and the meta key value, respectively. |
| 956 | * |
| 957 | * @since 4.6.0 |
| 958 | * |
| 959 | * @param mixed $meta_value Meta value to sanitize. |
| 960 | * @param string $meta_key Meta key. |
| 961 | * @param string $object_type Object type. |
| 962 | * @param string $object_subtype Object subtype. |
| 963 | */ |
| 964 | $meta_value = apply_filters( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $meta_value, $meta_key, $object_type, $object_subtype ); |
| 965 | } |
969 | | * @param string $meta_type Type of meta |
970 | | * @param string $meta_key Meta key |
971 | | * @param string|array $sanitize_callback A function or method to call when sanitizing the value of $meta_key. |
972 | | * @param string|array $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. |
| 994 | * @param string $object_type Type of object this meta is registered to. |
| 995 | * @param string $meta_key Meta key to register. |
| 996 | * @param array $args { |
| 997 | * Data used to describe the meta key when registered. |
| 998 | * |
| 999 | * @type string $object_subtype A subtype; e.g. if the object type is "post", the post type. |
| 1000 | * @type string $type The type of data associated with this meta key. |
| 1001 | * @type string $description A description of the data attached to this meta key. |
| 1002 | * @type string $sanitize_callback A function or method to call when sanitizing `$meta_key` data. |
| 1003 | * @type string $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. |
| 1004 | * @type bool $show_in_rest Whether data associated with this meta key can be considered public. |
| 1005 | * } |
| 1006 | * @param string|array $auth_callback Deprecated. Use `$args` instead. |
| 1007 | * |
| 1008 | * @return bool True if the meta key was successfully registered in the global array, false if not. |
| 1009 | * Registering a meta key with distinct sanitize and auth callbacks will fire those |
| 1010 | * callbacks, but will not add to the global registry as it requires a subtype. |
985 | | if ( is_callable( $auth_callback ) ) |
986 | | add_filter( "auth_{$meta_type}_meta_{$meta_key}", $auth_callback, 10, 6 ); |
| 1019 | /* translators: object type name */ |
| 1020 | if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { |
| 1021 | _doing_it_wrong( __FUNCTION__, sprintf( __( 'Invalid object type: %s.' ), $object_type ), '4.6.0' ); |
| 1022 | } |
| 1023 | |
| 1024 | $defaults = array( |
| 1025 | 'object_subtype' => '', |
| 1026 | 'type' => 'string', |
| 1027 | 'description' => '', |
| 1028 | 'sanitize_callback' => null, |
| 1029 | 'auth_callback' => null, |
| 1030 | 'show_in_rest' => false, |
| 1031 | ); |
| 1032 | |
| 1033 | $passed_args = array_slice( func_get_args(), 2 ); |
| 1034 | |
| 1035 | // There used to be individual args for sanitize and auth callbacks |
| 1036 | $has_old_sanitize_cb = $has_old_auth_cb = false; |
| 1037 | |
| 1038 | if ( is_callable( $passed_args[0] ) ) { |
| 1039 | $args['sanitize_callback'] = $passed_args[0]; |
| 1040 | $has_old_sanitize_cb = true; |
| 1041 | } else { |
| 1042 | $args = $passed_args[0]; |
| 1043 | } |
| 1044 | |
| 1045 | if ( isset( $passed_args[1] ) && is_callable( $passed_args[1] ) ) { |
| 1046 | $args['auth_callback'] = $passed_args[1]; |
| 1047 | $has_old_auth_cb = true; |
| 1048 | } |
| 1049 | |
| 1050 | $args = wp_parse_args( $args, $defaults ); |
| 1051 | |
| 1052 | /** |
| 1053 | * Filters the registration arguments when registering meta. |
| 1054 | * |
| 1055 | * @since 4.6.0 |
| 1056 | * |
| 1057 | * @param array $args Array of meta registration arguments. |
| 1058 | * @param array $defaults Array of default arguments. |
| 1059 | * @param string $object_type Object type. |
| 1060 | * @param string $meta_key Meta key. |
| 1061 | */ |
| 1062 | $args = apply_filters( 'register_meta_args', $args, $defaults, $object_type, $meta_key ); |
| 1063 | |
| 1064 | // Object subtype is required if using the args style of registration |
| 1065 | if ( ! $has_old_sanitize_cb && empty( $args['object_subtype'] ) ) { |
| 1066 | return false; |
| 1067 | } |
| 1068 | |
| 1069 | // Back-compat: old sanitize and auth callbacks applied to all of an object type |
| 1070 | if ( $has_old_sanitize_cb ) { |
| 1071 | add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); |
| 1072 | } elseif ( is_callable( $args['sanitize_callback'] ) && ! empty( $object_subtype ) ) { |
| 1073 | add_filter( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); |
| 1074 | } |
| 1075 | |
| 1076 | // If `auth_callback` is not provided, fall back to `is_protected_meta()`. |
| 1077 | if ( empty( $args['auth_callback'] ) ) { |
| 1078 | if ( is_protected_meta( $meta_key, $object_type ) ) { |
| 1079 | $args['auth_callback'] = '__return_false'; |
| 1080 | } else { |
| 1081 | $args['auth_callback'] = '__return_true'; |
| 1082 | } |
| 1083 | } |
| 1084 | |
| 1085 | if ( $has_old_auth_cb ) { |
| 1086 | add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); |
| 1087 | } elseif ( is_callable( $args['auth_callback'] ) && ! empty( $object_subtype ) ) { |
| 1088 | add_filter( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); |
| 1089 | } |
| 1090 | |
| 1091 | $object_subtype = $args['object_subtype']; |
| 1092 | |
| 1093 | // Global registry only contains meta keys registered in the new way with a subtype. |
| 1094 | if ( ! empty( $object_subtype ) ) { |
| 1095 | $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args; |
| 1096 | |
| 1097 | return true; |
| 1098 | } |
| 1099 | |
| 1100 | return false; |
| 1102 | |
| 1103 | /** |
| 1104 | * Checks if a meta key is registered. |
| 1105 | * |
| 1106 | * @since 4.6.0 |
| 1107 | * |
| 1108 | * @param string $object_type The type of object. |
| 1109 | * @param string $object_subtype The subtype of the object type. |
| 1110 | * @param string $meta_key The meta key. |
| 1111 | * |
| 1112 | * @return bool True if the meta key is registered to the object type and subtype. False if not. |
| 1113 | */ |
| 1114 | function registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) { |
| 1115 | global $wp_meta_keys; |
| 1116 | |
| 1117 | if ( ! is_array( $wp_meta_keys ) ) { |
| 1118 | return false; |
| 1119 | } |
| 1120 | |
| 1121 | // Only specific core object types are supported. |
| 1122 | if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { |
| 1123 | return false; |
| 1124 | } |
| 1125 | |
| 1126 | if ( ! isset( $wp_meta_keys[ $object_type ] ) ) { |
| 1127 | return false; |
| 1128 | } |
| 1129 | |
| 1130 | if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { |
| 1131 | return false; |
| 1132 | } |
| 1133 | |
| 1134 | if ( isset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ) ) { |
| 1135 | return true; |
| 1136 | } |
| 1137 | |
| 1138 | return false; |
| 1139 | } |
| 1140 | |
| 1141 | /** |
| 1142 | * Unregisters a meta key from the list of registered keys. |
| 1143 | * |
| 1144 | * @since 4.6.0 |
| 1145 | * |
| 1146 | * @param string $object_type The type of object. |
| 1147 | * @param string $object_subtype The subtype of the object type. |
| 1148 | * @param string $meta_key The meta key. |
| 1149 | * |
| 1150 | * @return bool|WP_Error True if successful. WP_Error if the meta key is invalid. |
| 1151 | */ |
| 1152 | function unregister_meta_key( $object_type, $object_subtype, $meta_key ) { |
| 1153 | global $wp_meta_keys; |
| 1154 | |
| 1155 | if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) { |
| 1156 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key' ) ); |
| 1157 | } |
| 1158 | |
| 1159 | unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ); |
| 1160 | |
| 1161 | // Do some clean up |
| 1162 | if ( empty( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { |
| 1163 | unset( $wp_meta_keys[ $object_type ][ $object_subtype ] ); |
| 1164 | } |
| 1165 | |
| 1166 | if ( empty( $wp_meta_keys[ $object_type ] ) ) { |
| 1167 | unset( $wp_meta_keys[ $object_type ] ); |
| 1168 | } |
| 1169 | |
| 1170 | return true; |
| 1171 | } |
| 1172 | |
| 1173 | /** |
| 1174 | * Retrieves a list of registered meta keys for an object type and optionally subtype. |
| 1175 | * |
| 1176 | * @since 4.6.0 |
| 1177 | * |
| 1178 | * @param string $object_type The type of object. Post, comment, user, term. |
| 1179 | * @param string $object_subtype Optional. A subtype of the object (e.g. custom post type). |
| 1180 | * |
| 1181 | * @return array List of registered meta keys. |
| 1182 | */ |
| 1183 | function get_registered_meta_keys( $object_type, $object_subtype = '' ) { |
| 1184 | global $wp_meta_keys; |
| 1185 | |
| 1186 | if ( ! isset( $wp_meta_keys[ $object_type ] ) ) { |
| 1187 | return array(); |
| 1188 | } |
| 1189 | |
| 1190 | if ( empty( $object_subtype ) && isset( $wp_meta_keys[ $object_type ] ) ) { |
| 1191 | return $wp_meta_keys[ $object_type ]; |
| 1192 | } |
| 1193 | |
| 1194 | if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { |
| 1195 | return array(); |
| 1196 | } |
| 1197 | |
| 1198 | return $wp_meta_keys[ $object_type ][ $object_subtype ]; |
| 1199 | } |
| 1200 | |
| 1201 | /** |
| 1202 | * Retrieves registered metadata for a specified object. |
| 1203 | * |
| 1204 | * @since 4.6.0 |
| 1205 | * |
| 1206 | * @param string $object_type Type of object to request metadata for. (e.g. comment, post, term, user) |
| 1207 | * @param string $object_subtype The subtype of the object's type to request metadata for. (e.g. custom post type) |
| 1208 | * @param int $object_id ID of the object the metadata is for. |
| 1209 | * @param string $meta_key Optional. Registered metadata key. If not specified, retrieve all registered |
| 1210 | * metadata for the specified object. |
| 1211 | * |
| 1212 | * @return mixed|WP_Error |
| 1213 | */ |
| 1214 | function get_registered_metadata( $object_type, $object_subtype, $object_id, $meta_key = '' ) { |
| 1215 | global $wp_meta_keys; |
| 1216 | |
| 1217 | if ( ! is_array( $wp_meta_keys ) ) { |
| 1218 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) ); |
| 1219 | } |
| 1220 | |
| 1221 | if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { |
| 1222 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not a core object type.' ) ); |
| 1223 | } |
| 1224 | |
| 1225 | if ( ! empty( $meta_key ) ) { |
| 1226 | if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) { |
| 1227 | return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) ); |
| 1228 | } |
| 1229 | $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); |
| 1230 | $meta_key_data = $meta_keys[ $object_type ][ $object_subtype ][ $meta_key ]; |
| 1231 | |
| 1232 | $data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data->single ); |
| 1233 | |
| 1234 | return $data; |
| 1235 | } |
| 1236 | |
| 1237 | $data = get_metadata( $object_type, $object_id, $meta_key ); |
| 1238 | |
| 1239 | $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); |
| 1240 | $registered_data = array(); |
| 1241 | |
| 1242 | // Someday, array_filter() |
| 1243 | foreach ( $meta_keys as $k => $v ) { |
| 1244 | if ( isset( $data[ $k ] ) ) { |
| 1245 | $registered_data[ $k ] = $data[ $k ]; |
| 1246 | } |
| 1247 | } |
| 1248 | |
| 1249 | return $registered_data; |
| 1250 | } |
| 1251 | |
| 1252 | /** |
| 1253 | * Filter out `register_meta()` args based on a whitelist. |
| 1254 | * `register_meta()` args may change over time, so requiring the whitelist |
| 1255 | * to be explicitly turned off is a warranty seal of sorts. |
| 1256 | * |
| 1257 | * @access private |
| 1258 | * @since 4.6.0 |
| 1259 | * |
| 1260 | * @param array $args Arguments from `register_meta()`. |
| 1261 | * @param array $default_args Default arguments for `register_meta()`. |
| 1262 | * |
| 1263 | * @return array Filtered arguments. |
| 1264 | */ |
| 1265 | function _wp_register_meta_args_whitelist( $args, $default_args ) { |
| 1266 | $whitelist = array_keys( $default_args ); |
| 1267 | |
| 1268 | // In an anonymous function world, this would be better as an array_filter() |
| 1269 | foreach ( $args as $key => $value ) { |
| 1270 | if ( ! in_array( $key, $whitelist ) ) { |
| 1271 | unset( $args[ $key ] ); |
| 1272 | } |
| 1273 | } |
| 1274 | |
| 1275 | return $args; |
| 1276 | } |