| 822 | | foreach ( $valid_vars as $var => $index ) { |
| 823 | | if ( isset( $prepared_args[ $var ] ) ) { |
| 824 | | /** |
| 825 | | * Filters the query_vars used in get_items() for the constructed query. |
| 826 | | * |
| 827 | | * The dynamic portion of the hook name, `$var`, refers to the query_var key. |
| 828 | | * |
| 829 | | * @since 4.7.0 |
| 830 | | * |
| 831 | | * @param string $var The query_var value. |
| 832 | | */ |
| 833 | | $query_args[ $var ] = apply_filters( "rest_query_var-{$var}", $prepared_args[ $var ] ); |
| 834 | | } |
| | 820 | foreach ( $prepared_args as $key => $value ) { |
| | 821 | /** |
| | 822 | * Filters the query_vars used in get_items() for the constructed query. |
| | 823 | * |
| | 824 | * The dynamic portion of the hook name, `$key`, refers to the query_var key. |
| | 825 | * |
| | 826 | * @since 4.7.0 |
| | 827 | * |
| | 828 | * @param string $value The query_var value. |
| | 829 | */ |
| | 830 | $query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); |
| 849 | | * Retrieves all of the WP Query vars that are allowed for the REST API request. |
| 850 | | * |
| 851 | | * @since 4.7.0 |
| 852 | | * @access protected |
| 853 | | * |
| 854 | | * @param WP_REST_Request $request Optional. Full details about the request. |
| 855 | | * @return array Allowed query variables. |
| 856 | | */ |
| 857 | | protected function get_allowed_query_vars( $request = null ) { |
| 858 | | global $wp; |
| 859 | | |
| 860 | | /** This filter is documented in wp-includes/class-wp.php */ |
| 861 | | $valid_vars = apply_filters( 'query_vars', $wp->public_query_vars ); |
| 862 | | |
| 863 | | $post_type_obj = get_post_type_object( $this->post_type ); |
| 864 | | if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { |
| 865 | | /** |
| 866 | | * Filters the allowed 'private' query vars for authorized users. |
| 867 | | * |
| 868 | | * If the user has the `edit_posts` capability, we also allow use of |
| 869 | | * private query parameters, which are only undesirable on the |
| 870 | | * frontend, but are safe for use in query strings. |
| 871 | | * |
| 872 | | * To disable anyway, use |
| 873 | | * `add_filter( 'rest_private_query_vars', '__return_empty_array' );` |
| 874 | | * |
| 875 | | * @since 4.7.0 |
| 876 | | * |
| 877 | | * @param array $private_query_vars Array of allowed query vars for authorized users. |
| 878 | | */ |
| 879 | | $private = apply_filters( 'rest_private_query_vars', $wp->private_query_vars ); |
| 880 | | |
| 881 | | $valid_vars = array_merge( $valid_vars, $private ); |
| 882 | | } |
| 883 | | |
| 884 | | // Define our own in addition to WP's normal vars. |
| 885 | | $rest_valid = array( |
| 886 | | 'author__in', |
| 887 | | 'author__not_in', |
| 888 | | 'ignore_sticky_posts', |
| 889 | | 'menu_order', |
| 890 | | 'offset', |
| 891 | | 'post__in', |
| 892 | | 'post__not_in', |
| 893 | | 'post_parent', |
| 894 | | 'post_parent__in', |
| 895 | | 'post_parent__not_in', |
| 896 | | 'posts_per_page', |
| 897 | | 'date_query', |
| 898 | | 'post_name__in', |
| 899 | | ); |
| 900 | | |
| 901 | | $valid_vars = array_merge( $valid_vars, $rest_valid ); |
| 902 | | |
| 903 | | /** |
| 904 | | * Filters allowed query vars for the REST API. |
| 905 | | * |
| 906 | | * This filter allows you to add or remove query vars from the final allowed |
| 907 | | * list for all requests, including unauthenticated ones. To alter the |
| 908 | | * vars for editors only, see {@see 'rest_private_query_vars'}. |
| 909 | | * |
| 910 | | * @since 4.7.0 |
| 911 | | * |
| 912 | | * @param array { |
| 913 | | * Array of allowed WP_Query query vars. |
| 914 | | * |
| 915 | | * @param string $allowed_query_var The query var to allow. |
| 916 | | * @param WP_REST_Request $request Request object. |
| 917 | | * } |
| 918 | | */ |
| 919 | | $valid_vars = apply_filters( 'rest_query_vars', $valid_vars, $request ); |
| 920 | | |
| 921 | | return $valid_vars; |
| 922 | | } |
| 923 | | |
| 924 | | /** |
| 2198 | | return $params; |
| | 2118 | /** |
| | 2119 | * Filter collection parameters for the posts controller. |
| | 2120 | * |
| | 2121 | * The dynamic part of the filter `$this->post_type` refers to the post |
| | 2122 | * type slug for the controller. |
| | 2123 | * |
| | 2124 | * This filter registers the collection parameter, but does not map the |
| | 2125 | * collection parameter to an internal WP_Query parameter. Use the |
| | 2126 | * `rest_{$this->post_type}_query` filter to set WP_Query parameters. |
| | 2127 | * |
| | 2128 | * @since 4.7.0 |
| | 2129 | * |
| | 2130 | * @param $params JSON Schema-formatted collection parameters. |
| | 2131 | * @param WP_Post_Type $post_type_obj Post type object. |
| | 2132 | */ |
| | 2133 | return apply_filters( "rest_{$this->post_type}_collection_params", $params, $post_type_obj ); |