Index: src/wp-includes/meta.php =================================================================== --- src/wp-includes/meta.php (revision 37961) +++ src/wp-includes/meta.php (working copy) @@ -1075,23 +1075,37 @@ } } + $object_subtype = ''; + + if ( ! empty( $args['object_subtype'] ) ) { + $object_subtype = $args['object_subtype']; + } + // Back-compat: old sanitize and auth callbacks applied to all of an object type if ( $has_old_sanitize_cb ) { - add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); - add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); + add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); + add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); } else { + // Back-compat: old sanitize and auth callbacks applied to all of an object type if ( is_callable( $args['sanitize_callback'] ) ) { - add_filter( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); + if ( empty( $object_subtype ) || $has_old_sanitize_cb ) { + add_filter( "sanitize_{$object_type}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); + } else { + add_filter( "sanitize_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['sanitize_callback'], 10, 4 ); + } } if ( is_callable( $args['auth_callback'] ) ) { - add_filter( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); + if ( empty( $object_subtype ) || $has_old_sanitize_cb ) { + add_filter( "auth_{$object_type}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); + } else { + add_filter( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", $args['auth_callback'], 10, 6 ); + } } } // Global registry only contains meta keys registered in the new way with a subtype. - if ( ! empty( $args['object_subtype'] ) ) { - $object_subtype = $args['object_subtype']; + if ( ! empty( $object_subtype ) ) { $wp_meta_keys[ $object_type ][ $object_subtype ][ $meta_key ] = $args; return true; @@ -1234,7 +1248,7 @@ return $data; } - $data = get_metadata( $object_type, $object_id, $meta_key ); + $data = get_metadata( $object_type, $object_id ); $meta_keys = get_registered_meta_keys( $object_type, $object_subtype ); $registered_data = array(); Index: tests/phpunit/tests/meta/registerMeta.php =================================================================== --- tests/phpunit/tests/meta/registerMeta.php (nonexistent) +++ tests/phpunit/tests/meta/registerMeta.php (working copy) @@ -0,0 +1,354 @@ +user->create( array( 'role' => 'editor' ) ); + self::$post_id = $factory->post->create(); + self::$comment_id = $factory->comment->create( array( 'comment_post_ID' => self::$post_id ) ); + } + + public static function wpTearDownAfterClass() { + self::delete_user( self::$editor_id ); + wp_delete_comment( self::$comment_id, true ); + wp_delete_post( self::$post_id, true ); + } + + function setUp() { + parent::setUp(); + wp_set_current_user( self::$editor_id ); + + } + + public function _old_sanitize_meta_cb( $meta_value, $meta_key, $meta_type ) { + return $meta_key . ' old sanitized'; + } + + public function _new_sanitize_meta_cb( $meta_value, $meta_key, $object_type, $object_subtype ) { + return $meta_key . ' new sanitized'; + } + + public function test_register_meta_with_valid_object_type_and_object_subtype_returns_true() { + $result = register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post' ) ); + unregister_meta_key( 'post', 'post', 'flight_number' ); + + $this->assertTrue( $result ); + } + + // @todo remove object_subtype from the meta key's array? + public function test_register_meta_with_post_object_type_and_subtype_populates_wp_meta_keys() { + global $wp_meta_keys; + + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post' ) ); + $actual = $wp_meta_keys; + unregister_meta_key( 'post', 'post', 'flight_number' ); + + $expected = array( + 'post' => array( + 'post' => array( + 'flight_number' => array( + 'object_subtype' => 'post', + 'type' => 'string', + 'description' => '', + 'single' => false, + 'sanitize_callback' => null, + 'auth_callback' => '__return_true', + 'show_in_rest' => false, + ), + ), + ), + ); + + $this->assertEquals( $actual, $expected ); + } + + public function test_register_meta_with_post_object_type_and_unregistered_subtype_populates_wp_meta_keys() { + global $wp_meta_keys; + + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'not_a_post_type' ) ); + $actual = $wp_meta_keys; + unregister_meta_key( 'post', 'not_a_post_type', 'flight_number' ); + + $expected = array( + 'post' => array( + 'not_a_post_type' => array( + 'flight_number' => array( + 'object_subtype' => 'not_a_post_type', + 'type' => 'string', + 'description' => '', + 'single' => false, + 'sanitize_callback' => null, + 'auth_callback' => '__return_true', + 'show_in_rest' => false, + ), + ), + ), + ); + + $this->assertEquals( $actual, $expected ); + } + + // @todo remove object_subtype from the meta key's array? + public function test_register_meta_with_term_object_type_and_category_subtype_populates_wp_meta_keys() { + global $wp_meta_keys; + register_meta( 'term', 'category_icon', array( 'object_subtype' => 'category' ) ); + $actual = $wp_meta_keys; + unregister_meta_key( 'term', 'category', 'category_icon' ); + + $expected = array( + 'term' => array( + 'category' => array( + 'category_icon' => array( + 'object_subtype' => 'category', + 'type' => 'string', + 'description' => '', + 'single' => false, + 'sanitize_callback' => null, + 'auth_callback' => '__return_true', + 'show_in_rest' => false, + ), + ), + ), + ); + + $this->assertEquals( $actual, $expected ); + } + + public function test_register_meta_with_comment_object_type_and_subtype_populates_wp_meta_keys() { + global $wp_meta_keys; + register_meta( 'comment', 'comment_rating', array( 'object_subtype' => 'comment' ) ); + $actual = $wp_meta_keys; + unregister_meta_key( 'comment', 'comment', 'comment_rating' ); + + $expected = array( + 'comment' => array( + 'comment' => array( + 'comment_rating' => array( + 'object_subtype' => 'comment', + 'type' => 'string', + 'description' => '', + 'single' => false, + 'sanitize_callback' => null, + 'auth_callback' => '__return_true', + 'show_in_rest' => false, + ), + ), + ), + ); + + $this->assertEquals( $actual, $expected ); + } + + public function test_register_meta_with_deprecated_sanitize_callback_does_not_populate_wp_meta_keys() { + global $wp_meta_keys; + + register_meta( 'post', 'flight_number', array( $this, '_old_sanitize_meta_cb' ) ); + $actual = $wp_meta_keys; + remove_filter( 'sanitize_post_meta_flight_number', array( $this, '_old_sanitize_meta_cb') ); + remove_filter( 'auth_post_meta_flight_number', '__return_true'); + + $this->assertEquals( array(), $actual ); + } + + public function test_register_meta_with_deprecated_sanitize_callback_param_returns_false() { + $actual = register_meta( 'post', 'flight_number', array( $this, '_old_sanitize_meta_cb' ) ); + + remove_filter( 'sanitize_post_meta_flight_number', array( $this, '_old_sanitize_meta_cb') ); + remove_filter( 'auth_post_meta_flight_number', '__return_true'); + + $this->assertFalse( $actual ); + } + + public function test_register_meta_with_deprecated_sanitize_callback_parameter_passes_through_filter() { + register_meta( 'post', 'old_sanitized_key', array( $this, '_old_sanitize_meta_cb' ) ); + $meta = sanitize_meta( 'old_sanitized_key', 'unsanitized', 'post', 'post' ); + + remove_filter( 'sanitize_post_meta_flight_number', array( $this, '_old_sanitize_meta_cb') ); + remove_filter( 'auth_post_meta_flight_number', '__return_true'); + + $this->assertEquals( 'old_sanitized_key old sanitized', $meta ); + } + + public function test_register_meta_with_current_sanitize_callback_populates_wp_meta_keys() { + global $wp_meta_keys; + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post', 'sanitize_callback' => array( $this, '_new_sanitize_meta_cb' ) ) ); + $actual = $wp_meta_keys; + unregister_meta_key( 'post', 'post', 'flight_number' ); + + $expected = array( + 'post' => array( + 'post' => array( + 'flight_number' => array( + 'object_subtype' => 'post', + 'type' => 'string', + 'description' => '', + 'single' => false, + 'sanitize_callback' => array( $this, '_new_sanitize_meta_cb' ), + 'auth_callback' => '__return_true', + 'show_in_rest' => false, + ), + ), + ), + ); + $this->assertEquals( $actual, $expected ); + } + + public function test_register_meta_with_current_sanitize_callback_returns_true() { + $result = register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post', 'sanitize_callback' => array( $this, '_new_sanitize_meta_cb' ) ) ); + unregister_meta_key( 'post', 'post', 'flight_number' ); + + // @todo unregister_meta_key should do this for registered meta keys + remove_filter( 'sanitize_post_post_meta_flight_number', array( $this, '_new_sanitize_meta_cb') ); + remove_filter( 'auth_post_post_meta_flight_number', '__return_true'); + + $this->assertTrue( $result ); + } + + public function test_register_meta_with_new_sanitize_callback_parameter() { + register_meta( 'post', 'new_sanitized_key', array( 'object_subtype' => 'post', 'sanitize_callback' => array( $this, '_new_sanitize_meta_cb' ) ) ); + $meta = sanitize_meta( 'new_sanitized_key', 'unsanitized', 'post', 'post' ); + + unregister_meta_key( 'post', 'post', 'new_sanitized_key' ); + + // @todo unregister_meta_key should do this for registered meta keys + remove_filter( 'sanitize_post_post_meta_new_sanitized_key', array( $this, '_new_sanitize_meta_cb') ); + remove_filter( 'auth_post_post_meta_new_sanitized_key', '__return_true'); + + $this->assertEquals( 'new_sanitized_key new sanitized', $meta ); + } + + public function test_unregister_meta_key_clears_key_from_wp_meta_keys() { + global $wp_meta_keys; + register_meta( 'post', 'registered_key', array( 'object_subtype' => 'post' ) ); + unregister_meta_key( 'post', 'post', 'registered_key' ); + + $this->assertEquals( array(), $wp_meta_keys ); + } + + public function test_unregister_meta_key_with_invalid_key_returns_wp_error() { + $this->assertWPError( unregister_meta_key( 'post', 'post', 'not_a_registered_key' ) ); + } + + public function test_get_registered_meta_keys() { + register_meta( 'post', 'registered_key1', array( 'object_subtype' => 'post' ) ); + register_meta( 'post', 'registered_key2', array( 'object_subtype' => 'post' ) ); + + $meta_keys = get_registered_meta_keys( 'post', 'post' ); + + unregister_meta_key( 'post', 'post', 'registered_key1' ); + unregister_meta_key( 'post', 'post', 'registered_key2' ); + + $this->assertArrayHasKey( 'registered_key1', $meta_keys ); + $this->assertArrayHasKey( 'registered_key2', $meta_keys ); + } + + public function test_get_registered_meta_keys_with_subtype_without_registered_keys_is_empty() { + register_meta( 'post', 'registered_key1', array( 'object_subtype' => 'post' ) ); + register_meta( 'post', 'registered_key2', array( 'object_subtype' => 'post' ) ); + + $meta_keys = get_registered_meta_keys( 'post', 'page' ); + + unregister_meta_key( 'post', 'post', 'registered_key1' ); + unregister_meta_key( 'post', 'post', 'registered_key2' ); + + $this->assertEmpty( $meta_keys ); + } + + public function test_get_registered_meta_keys_with_invalid_type_is_empty() { + register_meta( 'post', 'registered_key1', array( 'object_subtype' => 'post' ) ); + register_meta( 'post', 'registered_key2', array( 'object_subtype' => 'post' ) ); + + $meta_keys = get_registered_meta_keys( 'invalid-type' ); + + unregister_meta_key( 'post', 'post', 'registered_key1' ); + unregister_meta_key( 'post', 'post', 'registered_key2' ); + + $this->assertEmpty( $meta_keys ); + } + + public function test_get_registered_meta_keys_has_count() { + register_meta( 'post', 'registered_key1', array( 'object_subtype' => 'post' ) ); + register_meta( 'post', 'registered_key2', array( 'object_subtype' => 'page' ) ); + + $meta_keys = get_registered_meta_keys( 'post' ); + + $this->assertCount( 2, $meta_keys ); + } + + public function test_get_registered_meta_keys_description_arg() { + register_meta( 'post', 'registered_key1', array( 'object_subtype' => 'post', 'description' => 'I\'m just a field, take a good look at me' ) ); + + $meta_keys = get_registered_meta_keys( 'post', 'post' ); + + $this->assertEquals( 'I\'m just a field, take a good look at me', $meta_keys['registered_key1']['description'] ); + } + + public function test_get_registered_meta_keys_invalid_arg() { + register_meta( 'post', 'registered_key1', array( 'object_subtype' => 'post', 'invalid_arg' => 'invalid' ) ); + + $meta_keys = get_registered_meta_keys( 'post', 'post' ); + + $this->assertArrayNotHasKey( 'invalid_arg', $meta_keys['registered_key1'] ); + } + + public function test_get_registered_metadata() { + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post' ) ); + + add_post_meta( self::$post_id, 'flight_number', 'Oceanic 815' ); + + $meta = get_registered_metadata( 'post', 'post', self::$post_id ); + + $this->assertEquals( 'Oceanic 815', $meta['flight_number'][0] ); + } + + public function test_get_registered_metadata_by_key() { + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post' ) ); + + add_post_meta( self::$post_id, 'flight_number', 'Oceanic 815' ); + + $meta = get_registered_metadata( 'post', 'post', self::$post_id, 'flight_number' ); + + $this->assertEquals( 'Oceanic 815', $meta[0] ); + } + + public function test_get_registered_metadata_by_key_single() { + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post', 'single' => true ) ); + + add_post_meta( self::$post_id, 'flight_number', 'Oceanic 815' ); + + $meta = get_registered_metadata( 'post', 'post', self::$post_id, 'flight_number' ); + + $this->assertEquals( 'Oceanic 815', $meta ); + } + + public function test_get_registered_metadata_by_invalid_key() { + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post' ) ); + + add_post_meta( self::$post_id, 'flight_number', 'Oceanic 815' ); + + $meta = get_registered_metadata( 'post', 'post', self::$post_id, 'flight_pilot' ); + + $this->assertWPError( $meta ); + } + + public function test_get_registered_metadata_invalid_object_type() { + register_meta( 'post', 'flight_number', array( 'object_subtype' => 'post' ) ); + + add_post_meta( self::$post_id, 'flight_number', 'Oceanic 815' ); + + $meta = get_registered_metadata( 'invalid-type', 'invalid-subtype', self::$post_id ); + + $this->assertWPError( $meta ); + } + + public function test_get_registered_metadata_invalid() { + $meta = get_registered_metadata( 'invalid-type', 'invalid-subtype', self::$post_id ); + + $this->assertWPError( $meta ); + } +} Index: tests/phpunit/tests/user/capabilities.php =================================================================== --- tests/phpunit/tests/user/capabilities.php (revision 37961) +++ tests/phpunit/tests/user/capabilities.php (working copy) @@ -772,23 +772,59 @@ $this->assertTrue( $admin->has_cap('add_post_meta', $post) ); $this->assertTrue( $admin->has_cap('delete_post_meta', $post) ); + // Test protected key access is false $this->assertFalse( $admin->has_cap('edit_post_meta', $post, '_protected') ); $this->assertFalse( $admin->has_cap('add_post_meta', $post, '_protected') ); $this->assertFalse( $admin->has_cap('delete_post_meta', $post, '_protected') ); - register_meta( 'post', '_protected', array( $this, '_meta_filter' ), array( $this, '_meta_yes_you_can' ) ); + // Register protected key and allow access + register_meta( 'post', '_protected', array( 'sanitize_callback' => array( $this, '_meta_filter' ), 'auth_callback' => array( $this, '_meta_yes_you_can' ) ) ); + + // Test protected key access is now true $this->assertTrue( $admin->has_cap('edit_post_meta', $post, '_protected') ); $this->assertTrue( $admin->has_cap('add_post_meta', $post, '_protected') ); $this->assertTrue( $admin->has_cap('delete_post_meta', $post, '_protected') ); + // Test non protected key access is true $this->assertTrue( $admin->has_cap('edit_post_meta', $post, 'not_protected') ); $this->assertTrue( $admin->has_cap('add_post_meta', $post, 'not_protected') ); $this->assertTrue( $admin->has_cap('delete_post_meta', $post, 'not_protected') ); - register_meta( 'post', 'not_protected', array( $this, '_meta_filter' ), array( $this, '_meta_no_you_cant' ) ); + // Register non protected key and disallow access + register_meta( 'post', 'not_protected', array( 'sanitize_callback' => array( $this, '_meta_filter' ), 'auth_callback' => array( $this, '_meta_no_you_cant' ) ) ); + + // Test non protected key access is now false $this->assertFalse( $admin->has_cap('edit_post_meta', $post, 'not_protected') ); $this->assertFalse( $admin->has_cap('add_post_meta', $post, 'not_protected') ); $this->assertFalse( $admin->has_cap('delete_post_meta', $post, 'not_protected') ); + + // Backwards compatibility tests for register_meta() + + // Test protected key access is false + $this->assertFalse( $admin->has_cap('edit_post_meta', $post, '_protected_backcompat') ); + $this->assertFalse( $admin->has_cap('add_post_meta', $post, '_protected_backcompat') ); + $this->assertFalse( $admin->has_cap('delete_post_meta', $post, '_protected_backcompat') ); + + // Register protected key and allow access + register_meta( 'post', '_protected_backcompat', array( $this, '_meta_filter' ), array( $this, '_meta_yes_you_can' ) ); + + // Test protected key access is now true + $this->assertTrue( $admin->has_cap('edit_post_meta', $post, '_protected_backcompat') ); + $this->assertTrue( $admin->has_cap('add_post_meta', $post, '_protected_backcompat') ); + $this->assertTrue( $admin->has_cap('delete_post_meta', $post, '_protected_backcompat') ); + + // Test non protected key access is true + $this->assertTrue( $admin->has_cap('edit_post_meta', $post, 'not_protected_backcompat') ); + $this->assertTrue( $admin->has_cap('add_post_meta', $post, 'not_protected_backcompat') ); + $this->assertTrue( $admin->has_cap('delete_post_meta', $post, 'not_protected_backcompat') ); + + // Register non protected key and disallow access + register_meta( 'post', 'not_protected_backcompat', array( $this, '_meta_filter' ), array( $this, '_meta_no_you_cant' ) ); + + // Test non protected key access is now false + $this->assertFalse( $admin->has_cap('edit_post_meta', $post, 'not_protected_backcompat') ); + $this->assertFalse( $admin->has_cap('add_post_meta', $post, 'not_protected_backcompat') ); + $this->assertFalse( $admin->has_cap('delete_post_meta', $post, 'not_protected_backcompat') ); } }