WordPress.org

Make WordPress Core

Changeset 37924


Ignore:
Timestamp:
06/30/2016 01:01:35 AM (4 years ago)
Author:
helen
Message:

Introduce an expanded meta registration API.

register_meta() has been altered to accept an array of arguments as the third parameter in order to support its usage beyond XML-RPC, notably in the REST API and other projects that may build on top of meta, such as a potential Fields API. Arguments are whitelisted to reserve the right for core to add more later.

New functions added to complement this expansion are:

  • registered_meta_key_exists()
  • unregister_meta_key()
  • get_registered_meta_keys()
  • get_registered_metadata()
  • A "private" function for the aforementioned whitelisting.

There still need to be lots of tests written for previous and new behaviors, and many things are subject to change. Maybe things will explode. #yolo

props jeremyfelt, ericlewis, sc0ttkclark, helen, rmccue, ocean90, voldemortensen.
see #35658.

Location:
trunk/src/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/capabilities.php

    r37518 r37924  
    244244        }
    245245
     246        $post_type = get_post_type( $post );
     247
    246248        $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
    247249
    248250        $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false;
    249251
    250         if ( $meta_key && has_filter( "auth_post_meta_{$meta_key}" ) ) {
     252        if ( $meta_key && ( has_filter( "auth_post_meta_{$meta_key}" ) || has_filter( "auth_post_{$post_type}_meta_{$meta_key}" ) ) ) {
    251253            /**
    252254             * Filters whether the user is allowed to add post meta to a post.
     
    265267             */
    266268            $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps );
     269
     270            /**
     271             * Filters whether the user is allowed to add post meta to a post of a given type.
     272             *
     273             * The dynamic portions of the hook name, `$meta_key` and `$post_type`,
     274             * refer to the meta key passed to map_meta_cap() and the post type, respectively.
     275             *
     276             * @since 4.6.0
     277             *
     278             * @param bool   $allowed  Whether the user can add the post meta. Default false.
     279             * @param string $meta_key The meta key.
     280             * @param int    $post_id  Post ID.
     281             * @param int    $user_id  User ID.
     282             * @param string $cap      Capability name.
     283             * @param array  $caps     User capabilities.
     284             */
     285            $allowed = apply_filters( "auth_post_{$post_type}_meta_{$meta_key}", $allowed, $meta_key, $post->ID, $user_id, $cap, $caps );
     286
    267287            if ( ! $allowed )
    268288                $caps[] = $cap;
  • trunk/src/wp-includes/default-filters.php

    r37920 r37924  
    8585add_filter( 'pre_post_mime_type', 'sanitize_mime_type' );
    8686add_filter( 'post_mime_type', 'sanitize_mime_type' );
     87
     88// Meta
     89add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 );
    8790
    8891// Places to balance tags on input
  • trunk/src/wp-includes/meta.php

    r37518 r37924  
    937937 *
    938938 * @since 3.1.3
    939  *
    940  * @param string $meta_key   Meta key
    941  * @param mixed  $meta_value Meta value to sanitize
    942  * @param string $meta_type  Type of meta
    943  * @return mixed Sanitized $meta_value
    944  */
    945 function sanitize_meta( $meta_key, $meta_value, $meta_type ) {
     939 * @since 4.6.0 Added the `$object_subtype` parameter.
     940 *
     941 * @param string $meta_key       Meta key.
     942 * @param mixed  $meta_value     Meta value to sanitize.
     943 * @param string $object_type    Type of object the meta is registered to.
     944 * @param string $object_subtype Optional. Subtype of object. Will inherit the object type by default.
     945 *
     946 * @return mixed Sanitized $meta_value.
     947 */
     948function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) {
     949    if ( ! empty( $object_subtype ) ) {
     950        /**
     951         * Filters the sanitization of a specific meta key of a specific meta type and subtype.
     952         *
     953         * The dynamic portions of the hook name, `$meta_type`, `$meta_subtype`,
     954         * and `$meta_key`, refer to the metadata object type (comment, post, or user)
     955         * the object subtype, and the meta key value, respectively.
     956         *
     957         * @since 4.6.0
     958         *
     959         * @param mixed  $meta_value      Meta value to sanitize.
     960         * @param string $meta_key        Meta key.
     961         * @param string $object_type     Object type.
     962         * @param string $object_subtype  Object subtype.
     963         */
     964        $meta_value = apply_filters( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $meta_value, $meta_key, $object_type, $object_subtype );
     965    }
    946966
    947967    /**
     
    950970     * The dynamic portions of the hook name, `$meta_type`, and `$meta_key`,
    951971     * refer to the metadata object type (comment, post, or user) and the meta
    952      * key value,
    953      * respectively.
     972     * key value, respectively.
    954973     *
    955974     * @since 3.3.0
    956      *
    957      * @param mixed  $meta_value Meta value to sanitize.
    958      * @param string $meta_key   Meta key.
    959      * @param string $meta_type  Meta type.
     975     * @since 4.6.0 Added the `$object_subtype` parameter.
     976     *
     977     * @param mixed  $meta_value      Meta value to sanitize.
     978     * @param string $meta_key        Meta key.
     979     * @param string $object_type     Object type.
     980     * @param string $object_subtype  Object subtype.
    960981     */
    961     return apply_filters( "sanitize_{$meta_type}_meta_{$meta_key}", $meta_value, $meta_key, $meta_type );
    962 }
    963 
    964 /**
    965  * Register meta key
     982    return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}", $meta_value, $meta_key, $object_type, $object_subtype );
     983
     984   
     985}
     986
     987/**
     988 * Registers a meta key.
    966989 *
    967990 * @since 3.3.0
    968  *
    969  * @param string       $meta_type         Type of meta
    970  * @param string       $meta_key          Meta key
    971  * @param string|array $sanitize_callback A function or method to call when sanitizing the value of $meta_key.
    972  * @param string|array $auth_callback     Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks.
    973  */
    974 function register_meta( $meta_type, $meta_key, $sanitize_callback, $auth_callback = null ) {
    975     if ( is_callable( $sanitize_callback ) )
    976         add_filter( "sanitize_{$meta_type}_meta_{$meta_key}", $sanitize_callback, 10, 3 );
    977 
    978     if ( empty( $auth_callback ) ) {
    979         if ( is_protected_meta( $meta_key, $meta_type ) )
    980             $auth_callback = '__return_false';
    981         else
    982             $auth_callback = '__return_true';
    983     }
    984 
    985     if ( is_callable( $auth_callback ) )
    986         add_filter( "auth_{$meta_type}_meta_{$meta_key}", $auth_callback, 10, 6 );
    987 }
     991 * @since 4.6.0 Modified to support an array of data to attach to registered meta keys. Previous arguments for
     992 *              `$sanitize_callback` and `$auth_callback` have been folded into this array.
     993 *
     994 * @param string $object_type    Type of object this meta is registered to.
     995 * @param string $meta_key       Meta key to register.
     996 * @param array  $args {
     997 *     Data used to describe the meta key when registered.
     998 *
     999 *     @type string $object_subtype    A subtype; e.g. if the object type is "post", the post type.
     1000 *     @type string $type              The type of data associated with this meta key.
     1001 *     @type string $description       A description of the data attached to this meta key.
     1002 *     @type string $sanitize_callback A function or method to call when sanitizing `$meta_key` data.
     1003 *     @type string $auth_callback     Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks.
     1004 *     @type bool   $show_in_rest      Whether data associated with this meta key can be considered public.
     1005 * }
     1006 * @param string|array $auth_callback Deprecated. Use `$args` instead.
     1007 *
     1008 * @return bool True if the meta key was successfully registered in the global array, false if not.
     1009 *              Registering a meta key with distinct sanitize and auth callbacks will fire those
     1010 *              callbacks, but will not add to the global registry as it requires a subtype.
     1011 */
     1012function register_meta( $object_type, $meta_key, $args, $auth_callback = null ) {
     1013    global $wp_meta_keys;
     1014
     1015    if ( ! is_array( $wp_meta_keys ) ) {
     1016        $wp_meta_keys = array();
     1017    }
     1018
     1019    /* translators: object type name */
     1020    if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) {
     1021        _doing_it_wrong( __FUNCTION__, sprintf( __( 'Invalid object type: %s.' ), $object_type ), '4.6.0' );
     1022    }
     1023
     1024    $defaults = array(
     1025        'object_subtype'    => '',
     1026        'type'              => 'string',
     1027        'description'       => '',
     1028        'sanitize_callback' => null,
     1029        'auth_callback'     => null,
     1030        'show_in_rest'      => false,
     1031    );
     1032
     1033    $passed_args = array_slice( func_get_args(), 2 );
     1034
     1035    // There used to be individual args for sanitize and auth callbacks
     1036    $has_old_sanitize_cb = $has_old_auth_cb = false;
     1037
     1038    if ( is_callable( $passed_args[0] ) ) {
     1039        $args['sanitize_callback'] = $passed_args[0];
     1040        $has_old_sanitize_cb = true;
     1041    } else {
     1042        $args = $passed_args[0];
     1043    }
     1044
     1045    if ( isset( $passed_args[1] ) && is_callable( $passed_args[1] ) ) {
     1046        $args['auth_callback'] = $passed_args[1];
     1047        $has_old_auth_cb = true;
     1048    }
     1049
     1050    $args = wp_parse_args( $args, $defaults );
     1051
     1052    /**
     1053     * Filters the registration arguments when registering meta.
     1054     *
     1055     * @since 4.6.0
     1056     *
     1057     * @param array  $args        Array of meta registration arguments.
     1058     * @param array  $defaults    Array of default arguments.
     1059     * @param string $object_type Object type.
     1060     * @param string $meta_key    Meta key.
     1061     */
     1062    $args = apply_filters( 'register_meta_args', $args, $defaults, $object_type, $meta_key );
     1063
     1064    // Object subtype is required if using the args style of registration
     1065    if ( ! $has_old_sanitize_cb && empty( $args['object_subtype'] ) ) {
     1066        return false;
     1067    }
     1068
     1069    // Back-compat: old sanitize and auth callbacks applied to all of an object type
     1070    if ( $has_old_sanitize_cb ) {
     1071        add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 );
     1072    } elseif ( is_callable( $args['sanitize_callback'] ) && ! empty( $object_subtype ) ) {
     1073        add_filter( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 );
     1074    }
     1075
     1076    // If `auth_callback` is not provided, fall back to `is_protected_meta()`.
     1077    if ( empty( $args['auth_callback'] ) ) {
     1078        if ( is_protected_meta( $meta_key, $object_type ) ) {
     1079            $args['auth_callback'] = '__return_false';
     1080        } else {
     1081            $args['auth_callback'] = '__return_true';
     1082        }
     1083    }
     1084
     1085    if ( $has_old_auth_cb ) {
     1086        add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 );
     1087    } elseif ( is_callable( $args['auth_callback'] ) && ! empty( $object_subtype ) ) {
     1088        add_filter( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['auth_callback'], 10, 6 );
     1089    }
     1090
     1091    $object_subtype = $args['object_subtype'];
     1092
     1093    // Global registry only contains meta keys registered in the new way with a subtype.
     1094    if ( ! empty( $object_subtype ) ) {
     1095        $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args;
     1096
     1097        return true;
     1098    }
     1099
     1100    return false;
     1101}
     1102
     1103/**
     1104 * Checks if a meta key is registered.
     1105 *
     1106 * @since 4.6.0
     1107 *
     1108 * @param string $object_type    The type of object.
     1109 * @param string $object_subtype The subtype of the object type.
     1110 * @param string $meta_key       The meta key.
     1111 *
     1112 * @return bool True if the meta key is registered to the object type and subtype. False if not.
     1113 */
     1114function registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) {
     1115    global $wp_meta_keys;
     1116
     1117    if ( ! is_array( $wp_meta_keys ) ) {
     1118        return false;
     1119    }
     1120
     1121    // Only specific core object types are supported.
     1122    if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) {
     1123        return false;
     1124    }
     1125
     1126    if ( ! isset( $wp_meta_keys[ $object_type ] ) ) {
     1127        return false;
     1128    }
     1129
     1130    if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
     1131        return false;
     1132    }
     1133
     1134    if ( isset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ) ) {
     1135        return true;
     1136    }
     1137
     1138    return false;
     1139}
     1140
     1141/**
     1142 * Unregisters a meta key from the list of registered keys.
     1143 *
     1144 * @since 4.6.0
     1145 *
     1146 * @param string $object_type    The type of object.
     1147 * @param string $object_subtype The subtype of the object type.
     1148 * @param string $meta_key       The meta key.
     1149 *
     1150 * @return bool|WP_Error True if successful. WP_Error if the meta key is invalid.
     1151 */
     1152function unregister_meta_key( $object_type, $object_subtype, $meta_key ) {
     1153    global $wp_meta_keys;
     1154
     1155    if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) {
     1156        return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key' ) );
     1157    }
     1158
     1159    unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] );
     1160
     1161    // Do some clean up
     1162    if ( empty( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
     1163        unset( $wp_meta_keys[ $object_type ][ $object_subtype ] );
     1164    }
     1165
     1166    if ( empty( $wp_meta_keys[ $object_type ] ) ) {
     1167        unset( $wp_meta_keys[ $object_type ] );
     1168    }
     1169
     1170    return true;
     1171}
     1172
     1173/**
     1174 * Retrieves a list of registered meta keys for an object type and optionally subtype.
     1175 *
     1176 * @since 4.6.0
     1177 *
     1178 * @param string $object_type    The type of object. Post, comment, user, term.
     1179 * @param string $object_subtype Optional. A subtype of the object (e.g. custom post type).
     1180 *
     1181 * @return array List of registered meta keys.
     1182 */
     1183function get_registered_meta_keys( $object_type, $object_subtype = '' ) {
     1184    global $wp_meta_keys;
     1185
     1186    if ( ! isset( $wp_meta_keys[ $object_type ] ) ) {
     1187        return array();
     1188    }
     1189
     1190    if ( empty( $object_subtype ) && isset( $wp_meta_keys[ $object_type ] ) ) {
     1191        return $wp_meta_keys[ $object_type ];
     1192    }
     1193
     1194    if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) {
     1195        return array();
     1196    }
     1197
     1198    return $wp_meta_keys[ $object_type ][ $object_subtype ];
     1199}
     1200
     1201/**
     1202 * Retrieves registered metadata for a specified object.
     1203 *
     1204 * @since 4.6.0
     1205 *
     1206 * @param string $object_type    Type of object to request metadata for. (e.g. comment, post, term, user)
     1207 * @param string $object_subtype The subtype of the object's type to request metadata for. (e.g. custom post type)
     1208 * @param int    $object_id      ID of the object the metadata is for.
     1209 * @param string $meta_key       Optional. Registered metadata key. If not specified, retrieve all registered
     1210 *                               metadata for the specified object.
     1211 *
     1212 * @return mixed|WP_Error
     1213 */
     1214function get_registered_metadata( $object_type, $object_subtype, $object_id, $meta_key = '' ) {
     1215    global $wp_meta_keys;
     1216
     1217    if ( ! is_array( $wp_meta_keys ) ) {
     1218        return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) );
     1219    }
     1220
     1221    if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) {
     1222        return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not a core object type.' ) );
     1223    }
     1224
     1225    if ( ! empty( $meta_key ) ) {
     1226        if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) {
     1227            return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) );
     1228        }
     1229        $meta_keys = get_registered_meta_keys( $object_type, $object_subtype );
     1230        $meta_key_data = $meta_keys[ $object_type ][ $object_subtype ][ $meta_key ];
     1231
     1232        $data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data->single );
     1233
     1234        return $data;
     1235    }
     1236
     1237    $data = get_metadata( $object_type, $object_id, $meta_key );
     1238
     1239    $meta_keys = get_registered_meta_keys( $object_type, $object_subtype );
     1240    $registered_data = array();
     1241
     1242    // Someday, array_filter()
     1243    foreach ( $meta_keys as $k => $v ) {
     1244        if ( isset( $data[ $k ] ) ) {
     1245            $registered_data[ $k ] = $data[ $k ];
     1246        }
     1247    }
     1248
     1249    return $registered_data;
     1250}
     1251
     1252/**
     1253 * Filter out `register_meta()` args based on a whitelist.
     1254 * `register_meta()` args may change over time, so requiring the whitelist
     1255 * to be explicitly turned off is a warranty seal of sorts.
     1256 *
     1257 * @access private
     1258 * @since  4.6.0
     1259 *
     1260 * @param  array $args         Arguments from `register_meta()`.
     1261 * @param  array $default_args Default arguments for `register_meta()`.
     1262 *
     1263 * @return array Filtered arguments.
     1264 */
     1265function _wp_register_meta_args_whitelist( $args, $default_args ) {
     1266    $whitelist = array_keys( $default_args );
     1267
     1268    // In an anonymous function world, this would be better as an array_filter()
     1269    foreach ( $args as $key => $value ) {
     1270        if ( ! in_array( $key, $whitelist ) ) {
     1271            unset( $args[ $key ] );
     1272        }
     1273    }
     1274
     1275    return $args;
     1276}
Note: See TracChangeset for help on using the changeset viewer.