Changeset 37924
- Timestamp:
- 06/30/2016 01:01:35 AM (8 years ago)
- Location:
- trunk/src/wp-includes
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/capabilities.php
r37518 r37924 244 244 } 245 245 246 $post_type = get_post_type( $post ); 247 246 248 $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); 247 249 248 250 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; 249 251 250 if ( $meta_key && has_filter( "auth_post_meta_{$meta_key}") ) {252 if ( $meta_key && ( has_filter( "auth_post_meta_{$meta_key}" ) || has_filter( "auth_post_{$post_type}_meta_{$meta_key}" ) ) ) { 251 253 /** 252 254 * Filters whether the user is allowed to add post meta to a post. … … 265 267 */ 266 268 $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps ); 269 270 /** 271 * Filters whether the user is allowed to add post meta to a post of a given type. 272 * 273 * The dynamic portions of the hook name, `$meta_key` and `$post_type`, 274 * refer to the meta key passed to map_meta_cap() and the post type, respectively. 275 * 276 * @since 4.6.0 277 * 278 * @param bool $allowed Whether the user can add the post meta. Default false. 279 * @param string $meta_key The meta key. 280 * @param int $post_id Post ID. 281 * @param int $user_id User ID. 282 * @param string $cap Capability name. 283 * @param array $caps User capabilities. 284 */ 285 $allowed = apply_filters( "auth_post_{$post_type}_meta_{$meta_key}", $allowed, $meta_key, $post->ID, $user_id, $cap, $caps ); 286 267 287 if ( ! $allowed ) 268 288 $caps[] = $cap; -
trunk/src/wp-includes/default-filters.php
r37920 r37924 85 85 add_filter( 'pre_post_mime_type', 'sanitize_mime_type' ); 86 86 add_filter( 'post_mime_type', 'sanitize_mime_type' ); 87 88 // Meta 89 add_filter( 'register_meta_args', '_wp_register_meta_args_whitelist', 10, 2 ); 87 90 88 91 // Places to balance tags on input -
trunk/src/wp-includes/meta.php
r37518 r37924 937 937 * 938 938 * @since 3.1.3 939 * 940 * @param string $meta_key Meta key 941 * @param mixed $meta_value Meta value to sanitize 942 * @param string $meta_type Type of meta 943 * @return mixed Sanitized $meta_value 944 */ 945 function sanitize_meta( $meta_key, $meta_value, $meta_type ) { 939 * @since 4.6.0 Added the `$object_subtype` parameter. 940 * 941 * @param string $meta_key Meta key. 942 * @param mixed $meta_value Meta value to sanitize. 943 * @param string $object_type Type of object the meta is registered to. 944 * @param string $object_subtype Optional. Subtype of object. Will inherit the object type by default. 945 * 946 * @return mixed Sanitized $meta_value. 947 */ 948 function sanitize_meta( $meta_key, $meta_value, $object_type, $object_subtype = '' ) { 949 if ( ! empty( $object_subtype ) ) { 950 /** 951 * Filters the sanitization of a specific meta key of a specific meta type and subtype. 952 * 953 * The dynamic portions of the hook name, `$meta_type`, `$meta_subtype`, 954 * and `$meta_key`, refer to the metadata object type (comment, post, or user) 955 * the object subtype, and the meta key value, respectively. 956 * 957 * @since 4.6.0 958 * 959 * @param mixed $meta_value Meta value to sanitize. 960 * @param string $meta_key Meta key. 961 * @param string $object_type Object type. 962 * @param string $object_subtype Object subtype. 963 */ 964 $meta_value = apply_filters( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $meta_value, $meta_key, $object_type, $object_subtype ); 965 } 946 966 947 967 /** … … 950 970 * The dynamic portions of the hook name, `$meta_type`, and `$meta_key`, 951 971 * refer to the metadata object type (comment, post, or user) and the meta 952 * key value, 953 * respectively. 972 * key value, respectively. 954 973 * 955 974 * @since 3.3.0 956 * 957 * @param mixed $meta_value Meta value to sanitize. 958 * @param string $meta_key Meta key. 959 * @param string $meta_type Meta type. 975 * @since 4.6.0 Added the `$object_subtype` parameter. 976 * 977 * @param mixed $meta_value Meta value to sanitize. 978 * @param string $meta_key Meta key. 979 * @param string $object_type Object type. 980 * @param string $object_subtype Object subtype. 960 981 */ 961 return apply_filters( "sanitize_{$meta_type}_meta_{$meta_key}", $meta_value, $meta_key, $meta_type ); 962 } 963 964 /** 965 * Register meta key 982 return apply_filters( "sanitize_{$object_type}_meta_{$meta_key}", $meta_value, $meta_key, $object_type, $object_subtype ); 983 984 985 } 986 987 /** 988 * Registers a meta key. 966 989 * 967 990 * @since 3.3.0 968 * 969 * @param string $meta_type Type of meta 970 * @param string $meta_key Meta key 971 * @param string|array $sanitize_callback A function or method to call when sanitizing the value of $meta_key. 972 * @param string|array $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. 973 */ 974 function register_meta( $meta_type, $meta_key, $sanitize_callback, $auth_callback = null ) { 975 if ( is_callable( $sanitize_callback ) ) 976 add_filter( "sanitize_{$meta_type}_meta_{$meta_key}", $sanitize_callback, 10, 3 ); 977 978 if ( empty( $auth_callback ) ) { 979 if ( is_protected_meta( $meta_key, $meta_type ) ) 980 $auth_callback = '__return_false'; 981 else 982 $auth_callback = '__return_true'; 983 } 984 985 if ( is_callable( $auth_callback ) ) 986 add_filter( "auth_{$meta_type}_meta_{$meta_key}", $auth_callback, 10, 6 ); 987 } 991 * @since 4.6.0 Modified to support an array of data to attach to registered meta keys. Previous arguments for 992 * `$sanitize_callback` and `$auth_callback` have been folded into this array. 993 * 994 * @param string $object_type Type of object this meta is registered to. 995 * @param string $meta_key Meta key to register. 996 * @param array $args { 997 * Data used to describe the meta key when registered. 998 * 999 * @type string $object_subtype A subtype; e.g. if the object type is "post", the post type. 1000 * @type string $type The type of data associated with this meta key. 1001 * @type string $description A description of the data attached to this meta key. 1002 * @type string $sanitize_callback A function or method to call when sanitizing `$meta_key` data. 1003 * @type string $auth_callback Optional. A function or method to call when performing edit_post_meta, add_post_meta, and delete_post_meta capability checks. 1004 * @type bool $show_in_rest Whether data associated with this meta key can be considered public. 1005 * } 1006 * @param string|array $auth_callback Deprecated. Use `$args` instead. 1007 * 1008 * @return bool True if the meta key was successfully registered in the global array, false if not. 1009 * Registering a meta key with distinct sanitize and auth callbacks will fire those 1010 * callbacks, but will not add to the global registry as it requires a subtype. 1011 */ 1012 function register_meta( $object_type, $meta_key, $args, $auth_callback = null ) { 1013 global $wp_meta_keys; 1014 1015 if ( ! is_array( $wp_meta_keys ) ) { 1016 $wp_meta_keys = array(); 1017 } 1018 1019 /* translators: object type name */ 1020 if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { 1021 _doing_it_wrong( __FUNCTION__, sprintf( __( 'Invalid object type: %s.' ), $object_type ), '4.6.0' ); 1022 } 1023 1024 $defaults = array( 1025 'object_subtype' => '', 1026 'type' => 'string', 1027 'description' => '', 1028 'sanitize_callback' => null, 1029 'auth_callback' => null, 1030 'show_in_rest' => false, 1031 ); 1032 1033 $passed_args = array_slice( func_get_args(), 2 ); 1034 1035 // There used to be individual args for sanitize and auth callbacks 1036 $has_old_sanitize_cb = $has_old_auth_cb = false; 1037 1038 if ( is_callable( $passed_args[0] ) ) { 1039 $args['sanitize_callback'] = $passed_args[0]; 1040 $has_old_sanitize_cb = true; 1041 } else { 1042 $args = $passed_args[0]; 1043 } 1044 1045 if ( isset( $passed_args[1] ) && is_callable( $passed_args[1] ) ) { 1046 $args['auth_callback'] = $passed_args[1]; 1047 $has_old_auth_cb = true; 1048 } 1049 1050 $args = wp_parse_args( $args, $defaults ); 1051 1052 /** 1053 * Filters the registration arguments when registering meta. 1054 * 1055 * @since 4.6.0 1056 * 1057 * @param array $args Array of meta registration arguments. 1058 * @param array $defaults Array of default arguments. 1059 * @param string $object_type Object type. 1060 * @param string $meta_key Meta key. 1061 */ 1062 $args = apply_filters( 'register_meta_args', $args, $defaults, $object_type, $meta_key ); 1063 1064 // Object subtype is required if using the args style of registration 1065 if ( ! $has_old_sanitize_cb && empty( $args['object_subtype'] ) ) { 1066 return false; 1067 } 1068 1069 // Back-compat: old sanitize and auth callbacks applied to all of an object type 1070 if ( $has_old_sanitize_cb ) { 1071 add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); 1072 } elseif ( is_callable( $args['sanitize_callback'] ) && ! empty( $object_subtype ) ) { 1073 add_filter( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); 1074 } 1075 1076 // If `auth_callback` is not provided, fall back to `is_protected_meta()`. 1077 if ( empty( $args['auth_callback'] ) ) { 1078 if ( is_protected_meta( $meta_key, $object_type ) ) { 1079 $args['auth_callback'] = '__return_false'; 1080 } else { 1081 $args['auth_callback'] = '__return_true'; 1082 } 1083 } 1084 1085 if ( $has_old_auth_cb ) { 1086 add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); 1087 } elseif ( is_callable( $args['auth_callback'] ) && ! empty( $object_subtype ) ) { 1088 add_filter( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); 1089 } 1090 1091 $object_subtype = $args['object_subtype']; 1092 1093 // Global registry only contains meta keys registered in the new way with a subtype. 1094 if ( ! empty( $object_subtype ) ) { 1095 $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args; 1096 1097 return true; 1098 } 1099 1100 return false; 1101 } 1102 1103 /** 1104 * Checks if a meta key is registered. 1105 * 1106 * @since 4.6.0 1107 * 1108 * @param string $object_type The type of object. 1109 * @param string $object_subtype The subtype of the object type. 1110 * @param string $meta_key The meta key. 1111 * 1112 * @return bool True if the meta key is registered to the object type and subtype. False if not. 1113 */ 1114 function registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) { 1115 global $wp_meta_keys; 1116 1117 if ( ! is_array( $wp_meta_keys ) ) { 1118 return false; 1119 } 1120 1121 // Only specific core object types are supported. 1122 if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { 1123 return false; 1124 } 1125 1126 if ( ! isset( $wp_meta_keys[ $object_type ] ) ) { 1127 return false; 1128 } 1129 1130 if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { 1131 return false; 1132 } 1133 1134 if ( isset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ) ) { 1135 return true; 1136 } 1137 1138 return false; 1139 } 1140 1141 /** 1142 * Unregisters a meta key from the list of registered keys. 1143 * 1144 * @since 4.6.0 1145 * 1146 * @param string $object_type The type of object. 1147 * @param string $object_subtype The subtype of the object type. 1148 * @param string $meta_key The meta key. 1149 * 1150 * @return bool|WP_Error True if successful. WP_Error if the meta key is invalid. 1151 */ 1152 function unregister_meta_key( $object_type, $object_subtype, $meta_key ) { 1153 global $wp_meta_keys; 1154 1155 if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) { 1156 return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key' ) ); 1157 } 1158 1159 unset( $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] ); 1160 1161 // Do some clean up 1162 if ( empty( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { 1163 unset( $wp_meta_keys[ $object_type ][ $object_subtype ] ); 1164 } 1165 1166 if ( empty( $wp_meta_keys[ $object_type ] ) ) { 1167 unset( $wp_meta_keys[ $object_type ] ); 1168 } 1169 1170 return true; 1171 } 1172 1173 /** 1174 * Retrieves a list of registered meta keys for an object type and optionally subtype. 1175 * 1176 * @since 4.6.0 1177 * 1178 * @param string $object_type The type of object. Post, comment, user, term. 1179 * @param string $object_subtype Optional. A subtype of the object (e.g. custom post type). 1180 * 1181 * @return array List of registered meta keys. 1182 */ 1183 function get_registered_meta_keys( $object_type, $object_subtype = '' ) { 1184 global $wp_meta_keys; 1185 1186 if ( ! isset( $wp_meta_keys[ $object_type ] ) ) { 1187 return array(); 1188 } 1189 1190 if ( empty( $object_subtype ) && isset( $wp_meta_keys[ $object_type ] ) ) { 1191 return $wp_meta_keys[ $object_type ]; 1192 } 1193 1194 if ( ! isset( $wp_meta_keys[ $object_type ][ $object_subtype ] ) ) { 1195 return array(); 1196 } 1197 1198 return $wp_meta_keys[ $object_type ][ $object_subtype ]; 1199 } 1200 1201 /** 1202 * Retrieves registered metadata for a specified object. 1203 * 1204 * @since 4.6.0 1205 * 1206 * @param string $object_type Type of object to request metadata for. (e.g. comment, post, term, user) 1207 * @param string $object_subtype The subtype of the object's type to request metadata for. (e.g. custom post type) 1208 * @param int $object_id ID of the object the metadata is for. 1209 * @param string $meta_key Optional. Registered metadata key. If not specified, retrieve all registered 1210 * metadata for the specified object. 1211 * 1212 * @return mixed|WP_Error 1213 */ 1214 function get_registered_metadata( $object_type, $object_subtype, $object_id, $meta_key = '' ) { 1215 global $wp_meta_keys; 1216 1217 if ( ! is_array( $wp_meta_keys ) ) { 1218 return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) ); 1219 } 1220 1221 if ( ! in_array( $object_type, array( 'post', 'comment', 'user', 'term' ) ) ) { 1222 return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not a core object type.' ) ); 1223 } 1224 1225 if ( ! empty( $meta_key ) ) { 1226 if ( ! registered_meta_key_exists( $object_type, $object_subtype, $meta_key ) ) { 1227 return new WP_Error( 'invalid_meta_key', __( 'Invalid meta key. Not registered.' ) ); 1228 } 1229 $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); 1230 $meta_key_data = $meta_keys[ $object_type ][ $object_subtype ][ $meta_key ]; 1231 1232 $data = get_metadata( $object_type, $object_id, $meta_key, $meta_key_data->single ); 1233 1234 return $data; 1235 } 1236 1237 $data = get_metadata( $object_type, $object_id, $meta_key ); 1238 1239 $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); 1240 $registered_data = array(); 1241 1242 // Someday, array_filter() 1243 foreach ( $meta_keys as $k => $v ) { 1244 if ( isset( $data[ $k ] ) ) { 1245 $registered_data[ $k ] = $data[ $k ]; 1246 } 1247 } 1248 1249 return $registered_data; 1250 } 1251 1252 /** 1253 * Filter out `register_meta()` args based on a whitelist. 1254 * `register_meta()` args may change over time, so requiring the whitelist 1255 * to be explicitly turned off is a warranty seal of sorts. 1256 * 1257 * @access private 1258 * @since 4.6.0 1259 * 1260 * @param array $args Arguments from `register_meta()`. 1261 * @param array $default_args Default arguments for `register_meta()`. 1262 * 1263 * @return array Filtered arguments. 1264 */ 1265 function _wp_register_meta_args_whitelist( $args, $default_args ) { 1266 $whitelist = array_keys( $default_args ); 1267 1268 // In an anonymous function world, this would be better as an array_filter() 1269 foreach ( $args as $key => $value ) { 1270 if ( ! in_array( $key, $whitelist ) ) { 1271 unset( $args[ $key ] ); 1272 } 1273 } 1274 1275 return $args; 1276 }
Note: See TracChangeset
for help on using the changeset viewer.