Changeset 39162
- Timestamp:
- 11/08/2016 02:07:10 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r39161 r39162 816 816 */ 817 817 protected function prepare_items_query( $prepared_args = array(), $request = null ) { 818 819 $valid_vars = array_flip( $this->get_allowed_query_vars( $request ) );820 818 $query_args = array(); 821 819 822 foreach ( $valid_vars as $var => $index ) { 823 if ( isset( $prepared_args[ $var ] ) ) { 824 /** 825 * Filters the query_vars used in get_items() for the constructed query. 826 * 827 * The dynamic portion of the hook name, `$var`, refers to the query_var key. 828 * 829 * @since 4.7.0 830 * 831 * @param string $var The query_var value. 832 */ 833 $query_args[ $var ] = apply_filters( "rest_query_var-{$var}", $prepared_args[ $var ] ); 834 } 835 } 836 837 if ( 'post' !== $this->post_type || ! isset( $query_args['ignore_sticky_posts'] ) ) { 838 $query_args['ignore_sticky_posts'] = true; 839 } 840 841 if ( 'include' === $query_args['orderby'] ) { 842 $query_args['orderby'] = 'post__in'; 843 } 844 845 return $query_args; 846 } 847 848 /** 849 * Retrieves all of the WP Query vars that are allowed for the REST API request. 850 * 851 * @since 4.7.0 852 * @access protected 853 * 854 * @param WP_REST_Request $request Optional. Full details about the request. 855 * @return array Allowed query variables. 856 */ 857 protected function get_allowed_query_vars( $request = null ) { 858 global $wp; 859 860 /** This filter is documented in wp-includes/class-wp.php */ 861 $valid_vars = apply_filters( 'query_vars', $wp->public_query_vars ); 862 863 $post_type_obj = get_post_type_object( $this->post_type ); 864 if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { 820 foreach ( $prepared_args as $key => $value ) { 865 821 /** 866 * Filters the allowed 'private' query vars for authorized users.822 * Filters the query_vars used in get_items() for the constructed query. 867 823 * 868 * If the user has the `edit_posts` capability, we also allow use of 869 * private query parameters, which are only undesirable on the 870 * frontend, but are safe for use in query strings. 871 * 872 * To disable anyway, use 873 * `add_filter( 'rest_private_query_vars', '__return_empty_array' );` 824 * The dynamic portion of the hook name, `$key`, refers to the query_var key. 874 825 * 875 826 * @since 4.7.0 876 827 * 877 * @param array $private_query_vars Array of allowed query vars for authorized users.828 * @param string $value The query_var value. 878 829 */ 879 $private = apply_filters( 'rest_private_query_vars', $wp->private_query_vars ); 880 881 $valid_vars = array_merge( $valid_vars, $private ); 882 } 883 884 // Define our own in addition to WP's normal vars. 885 $rest_valid = array( 886 'author__in', 887 'author__not_in', 888 'ignore_sticky_posts', 889 'menu_order', 890 'offset', 891 'post__in', 892 'post__not_in', 893 'post_parent', 894 'post_parent__in', 895 'post_parent__not_in', 896 'posts_per_page', 897 'date_query', 898 'post_name__in', 899 ); 900 901 $valid_vars = array_merge( $valid_vars, $rest_valid ); 902 903 /** 904 * Filters allowed query vars for the REST API. 905 * 906 * This filter allows you to add or remove query vars from the final allowed 907 * list for all requests, including unauthenticated ones. To alter the 908 * vars for editors only, see {@see 'rest_private_query_vars'}. 909 * 910 * @since 4.7.0 911 * 912 * @param array { 913 * Array of allowed WP_Query query vars. 914 * 915 * @param string $allowed_query_var The query var to allow. 916 * @param WP_REST_Request $request Request object. 917 * } 918 */ 919 $valid_vars = apply_filters( 'rest_query_vars', $valid_vars, $request ); 920 921 return $valid_vars; 830 $query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); 831 } 832 833 if ( 'post' !== $this->post_type || ! isset( $query_args['ignore_sticky_posts'] ) ) { 834 $query_args['ignore_sticky_posts'] = true; 835 } 836 837 if ( 'include' === $query_args['orderby'] ) { 838 $query_args['orderby'] = 'post__in'; 839 } 840 841 return $query_args; 922 842 } 923 843 … … 2196 2116 } 2197 2117 2198 return $params; 2118 /** 2119 * Filter collection parameters for the posts controller. 2120 * 2121 * The dynamic part of the filter `$this->post_type` refers to the post 2122 * type slug for the controller. 2123 * 2124 * This filter registers the collection parameter, but does not map the 2125 * collection parameter to an internal WP_Query parameter. Use the 2126 * `rest_{$this->post_type}_query` filter to set WP_Query parameters. 2127 * 2128 * @since 4.7.0 2129 * 2130 * @param $params JSON Schema-formatted collection parameters. 2131 * @param WP_Post_Type $post_type_obj Post type object. 2132 */ 2133 return apply_filters( "rest_{$this->post_type}_collection_params", $params, $post_type_obj ); 2199 2134 } 2200 2135
Note: See TracChangeset
for help on using the changeset viewer.