sts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )"; } if ( ! empty( $this->meta_query->queries ) ) { $clauses = $this->meta_query->get_sql( 'post', $wpdb->posts, 'ID', $this ); $join .= $clauses['join']; $where .= $clauses['where']; } $rand = ( isset( $q['orderby'] ) && 'rand' === $q['orderby'] ); if ( ! isset( $q['order'] ) ) { $q['order'] = $rand ? '' : 'DESC'; } else { $q['order'] = $rand ? '' : $this->parse_order( $q['order'] ); } // These values of orderby should ignore the 'order' parameter. $force_asc = array( 'post__in', 'post_name__in', 'post_parent__in' ); if ( isset( $q['orderby'] ) && in_array( $q['orderby'], $force_asc, true ) ) { $q['order'] = ''; } // Order by. if ( empty( $q['orderby'] ) ) { /* * Boolean false or empty array blanks out ORDER BY, * while leaving the value unset or otherwise empty sets the default. */ if ( isset( $q['orderby'] ) && ( is_array( $q['orderby'] ) || false === $q['orderby'] ) ) { $orderby = ''; } else { $orderby = "{$wpdb->posts}.post_date " . $q['order']; } } elseif ( 'none' === $q['orderby'] ) { $orderby = ''; } else { $orderby_array = array(); if ( is_array( $q['orderby'] ) ) { foreach ( $q['orderby'] as $_orderby => $order ) { $orderby = addslashes_gpc( urldecode( $_orderby ) ); $parsed = $this->parse_orderby( $orderby ); if ( ! $parsed ) { continue; } $orderby_array[] = $parsed . ' ' . $this->parse_order( $order ); } $orderby = implode( ', ', $orderby_array ); } else { $q['orderby'] = urldecode( $q['orderby'] ); $q['orderby'] = addslashes_gpc( $q['orderby'] ); foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { $parsed = $this->parse_orderby( $orderby ); // Only allow certain values for safety. if ( ! $parsed ) { continue; } $orderby_array[] = $parsed; } $orderby = implode( ' ' . $q['order'] . ', ', $orderby_array ); if ( empty( $orderby ) ) { $orderby = "{$wpdb->posts}.post_date " . $q['order']; } elseif ( ! empty( $q['order'] ) ) { $orderby .= " {$q['order']}"; } } } // Order search results by relevance only when another "orderby" is not specified in the query. if ( ! empty( $q['s'] ) ) { $search_orderby = ''; if ( ! empty( $q['search_orderby_title'] ) && ( empty( $q['orderby'] ) && ! $this->is_feed ) || ( isset( $q['orderby'] ) && 'relevance' === $q['orderby'] ) ) { $search_orderby = $this->parse_search_order( $q ); } if ( ! $q['suppress_filters'] ) { /** * Filters the ORDER BY used when ordering search results. * * @since 3.7.0 * * @param string $search_orderby The ORDER BY clause. * @param WP_Query $query The current WP_Query instance. */ $search_orderby = apply_filters( 'posts_search_orderby', $search_orderby, $this ); } if ( $search_orderby ) { $orderby = $orderby ? $search_orderby . ', ' . $orderby : $search_orderby; } } if ( is_array( $post_type ) && count( $post_type ) > 1 ) { $post_type_cap = 'multiple_post_type'; } else { if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $post_type_object = get_post_type_object( $post_type ); if ( empty( $post_type_object ) ) { $post_type_cap = $post_type; } } if ( isset( $q['post_password'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_password = %s", $q['post_password'] ); if ( empty( $q['perm'] ) ) { $q['perm'] = 'readable'; } } elseif ( isset( $q['has_password'] ) ) { $where .= sprintf( " AND {$wpdb->posts}.post_password %s ''", $q['has_password'] ? '!=' : '=' ); } if ( ! empty( $q['comment_status'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.comment_status = %s ", $q['comment_status'] ); } if ( ! empty( $q['ping_status'] ) ) { $where .= $wpdb->prepare( " AND {$wpdb->posts}.ping_status = %s ", $q['ping_status'] ); } $skip_post_status = false; if ( 'any' === $post_type ) { $in_search_post_types = get_post_types( array( 'exclude_from_search' => false ) ); if ( empty( $in_search_post_types ) ) { $post_type_where = ' AND 1=0 '; $skip_post_status = true; } else { $post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')"; } } elseif ( ! empty( $post_type ) && is_array( $post_type ) ) { // Sort post types to ensure same cache key generation. sort( $post_type ); $post_type_where = " AND {$wpdb->posts}.post_type IN ('" . implode( "', '", esc_sql( $post_type ) ) . "')"; } elseif ( ! empty( $post_type ) ) { $post_type_where = $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type ); $post_type_object = get_post_type_object( $post_type ); } elseif ( $this->is_attachment ) { $post_type_where = " AND {$wpdb->posts}.post_type = 'attachment'"; $post_type_object = get_post_type_object( 'attachment' ); } elseif ( $this->is_page ) { $post_type_where = " AND {$wpdb->posts}.post_type = 'page'"; $post_type_object = get_post_type_object( 'page' ); } else { $post_type_where = " AND {$wpdb->posts}.post_type = 'post'"; $post_type_object = get_post_type_object( 'post' ); } $edit_cap = 'edit_post'; $read_cap = 'read_post'; if ( ! empty( $post_type_object ) ) { $edit_others_cap = $post_type_object->cap->edit_others_posts; $read_private_cap = $post_type_object->cap->read_private_posts; } else { $edit_others_cap = 'edit_others_' . $post_type_cap . 's'; $read_private_cap = 'read_private_' . $post_type_cap . 's'; } $user_id = get_current_user_id(); $q_status = array(); if ( $skip_post_status ) { $where .= $post_type_where; } elseif ( ! empty( $q['post_status'] ) ) { $where .= $post_type_where; $statuswheres = array(); $q_status = $q['post_status']; if ( ! is_array( $q_status ) ) { $q_status = explode( ',', $q_status ); } sort( $q_status ); $r_status = array(); $p_status = array(); $e_status = array(); if ( in_array( 'any', $q_status, true ) ) { foreach ( get_post_stati( array( 'exclude_from_search' => true ) ) as $status ) { if ( ! in_array( $status, $q_status, true ) ) { $e_status[] = "{$wpdb->posts}.post_status <> '$status'"; } } } else { foreach ( get_post_stati() as $status ) { if ( in_array( $status, $q_status, true ) ) { if ( 'private' === $status ) { $p_status[] = "{$wpdb->posts}.post_status = '$status'"; } else { $r_status[] = "{$wpdb->posts}.post_status = '$status'"; } } } } if ( empty( $q['perm'] ) || 'readable' !== $q['perm'] ) { $r_status = array_merge( $r_status, $p_status ); unset( $p_status ); } if ( ! empty( $e_status ) ) { $statuswheres[] = '(' . implode( ' AND ', $e_status ) . ')'; } if ( ! empty( $r_status ) ) { if ( ! empty( $q['perm'] ) && 'editable' === $q['perm'] && ! current_user_can( $edit_others_cap ) ) { $statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $r_status ) . '))'; } else { $statuswheres[] = '(' . implode( ' OR ', $r_status ) . ')'; } } if ( ! empty( $p_status ) ) { if ( ! empty( $q['perm'] ) && 'readable' === $q['perm'] && ! current_user_can( $read_private_cap ) ) { $statuswheres[] = "({$wpdb->posts}.post_author = $user_id " . 'AND (' . implode( ' OR ', $p_status ) . '))'; } else { $statuswheres[] = '(' . implode( ' OR ', $p_status ) . ')'; } } if ( $post_status_join ) { $join .= " LEFT JOIN {$wpdb->posts} AS p2 ON ({$wpdb->posts}.post_parent = p2.ID) "; foreach ( $statuswheres as $index => $statuswhere ) { $statuswheres[ $index ] = "($statuswhere OR ({$wpdb->posts}.post_status = 'inherit' AND " . str_replace( $wpdb->posts, 'p2', $statuswhere ) . '))'; } } $where_status = implode( ' OR ', $statuswheres ); if ( ! empty( $where_status ) ) { $where .= " AND ($where_status)"; } } elseif ( ! $this->is_singular ) { if ( 'any' === $post_type ) { $queried_post_types = get_post_types( array( 'exclude_from_search' => false ) ); } elseif ( is_array( $post_type ) ) { $queried_post_types = $post_type; } elseif ( ! empty( $post_type ) ) { $queried_post_types = array( $post_type ); } else { $queried_post_types = array( 'post' ); } if ( ! empty( $queried_post_types ) ) { sort( $queried_post_types ); $status_type_clauses = array(); foreach ( $queried_post_types as $queried_post_type ) { $queried_post_type_object = get_post_type_object( $queried_post_type ); $type_where = '(' . $wpdb->prepare( "{$wpdb->posts}.post_type = %s AND (", $queried_post_type ); // Public statuses. $public_statuses = get_post_stati( array( 'public' => true ) ); $status_clauses = array(); foreach ( $public_statuses as $public_status ) { $status_clauses[] = "{$wpdb->posts}.post_status = '$public_status'"; } $type_where .= implode( ' OR ', $status_clauses ); // Add protected states that should show in the admin all list. if ( $this->is_admin ) { $admin_all_statuses = get_post_stati( array( 'protected' => true, 'show_in_admin_all_list' => true, ) ); foreach ( $admin_all_statuses as $admin_all_status ) { $type_where .= " OR {$wpdb->posts}.post_status = '$admin_all_status'"; } } // Add private states that are visible to current user. if ( is_user_logged_in() && $queried_post_type_object instanceof WP_Post_Type ) { $read_private_cap = $queried_post_type_object->cap->read_private_posts; $private_statuses = get_post_stati( array( 'private' => true ) ); foreach ( $private_statuses as $private_status ) { $type_where .= current_user_can( $read_private_cap ) ? " \nOR {$wpdb->posts}.post_status = '$private_status'" : " \nOR ({$wpdb->posts}.post_author = $user_id AND {$wpdb->posts}.post_status = '$private_status')"; } } $type_where .= '))'; $status_type_clauses[] = $type_where; } if ( ! empty( $status_type_clauses ) ) { $where .= ' AND (' . implode( ' OR ', $status_type_clauses ) . ')'; } } else { $where .= ' AND 1=0 '; } } else { $where .= $post_type_where; } /* * Apply filters on where and join prior to paging so that any * manipulations to them are reflected in the paging by day queries. */ if ( ! $q['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * @since 1.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where', array( $where, &$this ) ); /** * Filters the JOIN clause of the query. * * @since 1.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join', array( $join, &$this ) ); } // Paging. if ( empty( $q['nopaging'] ) && ! $this->is_singular ) { $page = absint( $q['paged'] ); if ( ! $page ) { $page = 1; } // If 'offset' is provided, it takes precedence over 'paged'. if ( isset( $q['offset'] ) && is_numeric( $q['offset'] ) ) { $q['offset'] = absint( $q['offset'] ); $pgstrt = $q['offset'] . ', '; } else { $pgstrt = absint( ( $page - 1 ) * $q['posts_per_page'] ) . ', '; } $limits = 'LIMIT ' . $pgstrt . $q['posts_per_page']; } // Comments feeds. if ( $this->is_comment_feed && ! $this->is_singular ) { if ( $this->is_archive || $this->is_search ) { $cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID ) $join "; $cwhere = "WHERE comment_approved = '1' $where"; $cgroupby = "{$wpdb->comments}.comment_id"; } else { // Other non-singular, e.g. front. $cjoin = "JOIN {$wpdb->posts} ON ( {$wpdb->comments}.comment_post_ID = {$wpdb->posts}.ID )"; $cwhere = "WHERE ( post_status = 'publish' OR ( post_status = 'inherit' AND post_type = 'attachment' ) ) AND comment_approved = '1'"; $cgroupby = ''; } if ( ! $q['suppress_filters'] ) { /** * Filters the JOIN clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cjoin The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $cjoin = apply_filters_ref_array( 'comment_feed_join', array( $cjoin, &$this ) ); /** * Filters the WHERE clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cwhere The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $cwhere = apply_filters_ref_array( 'comment_feed_where', array( $cwhere, &$this ) ); /** * Filters the GROUP BY clause of the comments feed query before sending. * * @since 2.2.0 * * @param string $cgroupby The GROUP BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( $cgroupby, &$this ) ); /** * Filters the ORDER BY clause of the comments feed query before sending. * * @since 2.8.0 * * @param string $corderby The ORDER BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) ); /** * Filters the LIMIT clause of the comments feed query before sending. * * @since 2.8.0 * * @param string $climits The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) ); } $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''; $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''; $climits = ( ! empty( $climits ) ) ? $climits : ''; $comments_request = "SELECT $distinct {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits"; $key = md5( $comments_request ); $last_changed = wp_cache_get_last_changed( 'comment' ) . ':' . wp_cache_get_last_changed( 'posts' ); $cache_key = "comment_feed:$key:$last_changed"; $comment_ids = wp_cache_get( $cache_key, 'comment-queries' ); if ( false === $comment_ids ) { $comment_ids = $wpdb->get_col( $comments_request ); wp_cache_add( $cache_key, $comment_ids, 'comment-queries' ); } _prime_comment_caches( $comment_ids ); // Convert to WP_Comment. /** @var WP_Comment[] */ $this->comments = array_map( 'get_comment', $comment_ids ); $this->comment_count = count( $this->comments ); $post_ids = array(); foreach ( $this->comments as $comment ) { $post_ids[] = (int) $comment->comment_post_ID; } $post_ids = implode( ',', $post_ids ); $join = ''; if ( $post_ids ) { $where = "AND {$wpdb->posts}.ID IN ($post_ids) "; } else { $where = 'AND 0'; } } $pieces = array( 'where', 'groupby', 'join', 'orderby', 'distinct', 'fields', 'limits' ); /* * Apply post-paging filters on where and join. Only plugins that * manipulate paging queries should use these hooks. */ if ( ! $q['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * Specifically for manipulating paging queries. * * @since 1.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where_paged', array( $where, &$this ) ); /** * Filters the GROUP BY clause of the query. * * @since 2.0.0 * * @param string $groupby The GROUP BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $groupby = apply_filters_ref_array( 'posts_groupby', array( $groupby, &$this ) ); /** * Filters the JOIN clause of the query. * * Specifically for manipulating paging queries. * * @since 1.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join_paged', array( $join, &$this ) ); /** * Filters the ORDER BY clause of the query. * * @since 1.5.1 * * @param string $orderby The ORDER BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $orderby = apply_filters_ref_array( 'posts_orderby', array( $orderby, &$this ) ); /** * Filters the DISTINCT clause of the query. * * @since 2.1.0 * * @param string $distinct The DISTINCT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $distinct = apply_filters_ref_array( 'posts_distinct', array( $distinct, &$this ) ); /** * Filters the LIMIT clause of the query. * * @since 2.1.0 * * @param string $limits The LIMIT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $limits = apply_filters_ref_array( 'post_limits', array( $limits, &$this ) ); /** * Filters the SELECT clause of the query. * * @since 2.1.0 * * @param string $fields The SELECT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $fields = apply_filters_ref_array( 'posts_fields', array( $fields, &$this ) ); /** * Filters all query clauses at once, for convenience. * * Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT, * fields (SELECT), and LIMIT clauses. * * @since 3.1.0 * * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $where The WHERE clause of the query. * @type string $groupby The GROUP BY clause of the query. * @type string $join The JOIN clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $fields The SELECT clause of the query. * @type string $limits The LIMIT clause of the query. * } * @param WP_Query $query The WP_Query instance (passed by reference). */ $clauses = (array) apply_filters_ref_array( 'posts_clauses', array( compact( $pieces ), &$this ) ); $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; } /** * Fires to announce the query's current selection parameters. * * For use by caching plugins. * * @since 2.3.0 * * @param string $selection The assembled selection query. */ do_action( 'posts_selection', $where . $groupby . $orderby . $limits . $join ); /* * Filters again for the benefit of caching plugins. * Regular plugins should use the hooks above. */ if ( ! $q['suppress_filters'] ) { /** * Filters the WHERE clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $where The WHERE clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $where = apply_filters_ref_array( 'posts_where_request', array( $where, &$this ) ); /** * Filters the GROUP BY clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $groupby The GROUP BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $groupby = apply_filters_ref_array( 'posts_groupby_request', array( $groupby, &$this ) ); /** * Filters the JOIN clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $join The JOIN clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $join = apply_filters_ref_array( 'posts_join_request', array( $join, &$this ) ); /** * Filters the ORDER BY clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $orderby The ORDER BY clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $orderby = apply_filters_ref_array( 'posts_orderby_request', array( $orderby, &$this ) ); /** * Filters the DISTINCT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $distinct The DISTINCT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $distinct = apply_filters_ref_array( 'posts_distinct_request', array( $distinct, &$this ) ); /** * Filters the SELECT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $fields The SELECT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $fields = apply_filters_ref_array( 'posts_fields_request', array( $fields, &$this ) ); /** * Filters the LIMIT clause of the query. * * For use by caching plugins. * * @since 2.5.0 * * @param string $limits The LIMIT clause of the query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $limits = apply_filters_ref_array( 'post_limits_request', array( $limits, &$this ) ); /** * Filters all query clauses at once, for convenience. * * For use by caching plugins. * * Covers the WHERE, GROUP BY, JOIN, ORDER BY, DISTINCT, * fields (SELECT), and LIMIT clauses. * * @since 3.1.0 * * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $where The WHERE clause of the query. * @type string $groupby The GROUP BY clause of the query. * @type string $join The JOIN clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $fields The SELECT clause of the query. * @type string $limits The LIMIT clause of the query. * } * @param WP_Query $query The WP_Query instance (passed by reference). */ $clauses = (array) apply_filters_ref_array( 'posts_clauses_request', array( compact( $pieces ), &$this ) ); $where = isset( $clauses['where'] ) ? $clauses['where'] : ''; $groupby = isset( $clauses['groupby'] ) ? $clauses['groupby'] : ''; $join = isset( $clauses['join'] ) ? $clauses['join'] : ''; $orderby = isset( $clauses['orderby'] ) ? $clauses['orderby'] : ''; $distinct = isset( $clauses['distinct'] ) ? $clauses['distinct'] : ''; $fields = isset( $clauses['fields'] ) ? $clauses['fields'] : ''; $limits = isset( $clauses['limits'] ) ? $clauses['limits'] : ''; } if ( ! empty( $groupby ) ) { $groupby = 'GROUP BY ' . $groupby; } if ( ! empty( $orderby ) ) { $orderby = 'ORDER BY ' . $orderby; } $found_rows = ''; if ( ! $q['no_found_rows'] && ! empty( $limits ) ) { $found_rows = 'SQL_CALC_FOUND_ROWS'; } /* * Beginning of the string is on a new line to prevent leading whitespace. * * The additional indentation of subsequent lines is to ensure the SQL * queries are identical to those generated when splitting queries. This * improves caching of the query by ensuring the same cache key is * generated for the same database queries functionally. * * See https://core.trac.wordpress.org/ticket/56841. * See https://github.com/WordPress/wordpress-develop/pull/6393#issuecomment-2088217429 */ $old_request = "SELECT $found_rows $distinct $fields FROM {$wpdb->posts} $join WHERE 1=1 $where $groupby $orderby $limits"; $this->request = $old_request; if ( ! $q['suppress_filters'] ) { /** * Filters the completed SQL query before sending. * * @since 2.0.0 * * @param string $request The complete SQL query. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->request = apply_filters_ref_array( 'posts_request', array( $this->request, &$this ) ); } /** * Filters the posts array before the query takes place. * * Return a non-null value to bypass WordPress' default post queries. * * Filtering functions that require pagination information are encouraged to set * the `found_posts` and `max_num_pages` properties of the WP_Query object, * passed to the filter by reference. If WP_Query does not perform a database * query, it will not have enough information to generate these values itself. * * @since 4.6.0 * * @param WP_Post[]|int[]|null $posts Return an array of post data to short-circuit WP's query, * or null to allow WP to run its normal queries. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'posts_pre_query', array( null, &$this ) ); /* * Ensure the ID database query is able to be cached. * * Random queries are expected to have unpredictable results and * cannot be cached. Note the space before `RAND` in the string * search, that to ensure against a collision with another * function. * * If `$fields` has been modified by the `posts_fields`, * `posts_fields_request`, `post_clauses` or `posts_clauses_request` * filters, then caching is disabled to prevent caching collisions. */ $id_query_is_cacheable = ! str_contains( strtoupper( $orderby ), ' RAND(' ); $cacheable_field_values = array( "{$wpdb->posts}.*", "{$wpdb->posts}.ID, {$wpdb->posts}.post_parent", "{$wpdb->posts}.ID", ); if ( ! in_array( $fields, $cacheable_field_values, true ) ) { $id_query_is_cacheable = false; } if ( $q['cache_results'] && $id_query_is_cacheable ) { $new_request = str_replace( $fields, "{$wpdb->posts}.*", $this->request ); $cache_key = $this->generate_cache_key( $q, $new_request ); $cache_found = false; if ( null === $this->posts ) { $cached_results = wp_cache_get( $cache_key, 'post-queries', false, $cache_found ); if ( $cached_results ) { /** @var int[] */ $post_ids = array_map( 'intval', $cached_results['posts'] ); $this->post_count = count( $post_ids ); $this->found_posts = $cached_results['found_posts']; $this->max_num_pages = $cached_results['max_num_pages']; if ( 'ids' === $q['fields'] ) { $this->posts = $post_ids; return $this->posts; } elseif ( 'id=>parent' === $q['fields'] ) { _prime_post_parent_id_caches( $post_ids ); $post_parent_cache_keys = array(); foreach ( $post_ids as $post_id ) { $post_parent_cache_keys[] = 'post_parent:' . (string) $post_id; } /** @var int[] */ $post_parents = wp_cache_get_multiple( $post_parent_cache_keys, 'posts' ); foreach ( $post_parents as $cache_key => $post_parent ) { $obj = new stdClass(); $obj->ID = (int) str_replace( 'post_parent:', '', $cache_key ); $obj->post_parent = (int) $post_parent; $this->posts[] = $obj; } return $post_parents; } else { _prime_post_caches( $post_ids, $q['update_post_term_cache'], $q['update_post_meta_cache'] ); /** @var WP_Post[] */ $this->posts = array_map( 'get_post', $post_ids ); } } } } if ( 'ids' === $q['fields'] ) { if ( null === $this->posts ) { $this->posts = $wpdb->get_col( $this->request ); } /** @var int[] */ $this->posts = array_map( 'intval', $this->posts ); $this->post_count = count( $this->posts ); $this->set_found_posts( $q, $limits ); if ( $q['cache_results'] && $id_query_is_cacheable ) { $cache_value = array( 'posts' => $this->posts, 'found_posts' => $this->found_posts, 'max_num_pages' => $this->max_num_pages, ); wp_cache_set( $cache_key, $cache_value, 'post-queries' ); } return $this->posts; } if ( 'id=>parent' === $q['fields'] ) { if ( null === $this->posts ) { $this->posts = $wpdb->get_results( $this->request ); } $this->post_count = count( $this->posts ); $this->set_found_posts( $q, $limits ); /** @var int[] */ $post_parents = array(); $post_ids = array(); $post_parents_cache = array(); foreach ( $this->posts as $key => $post ) { $this->posts[ $key ]->ID = (int) $post->ID; $this->posts[ $key ]->post_parent = (int) $post->post_parent; $post_parents[ (int) $post->ID ] = (int) $post->post_parent; $post_ids[] = (int) $post->ID; $post_parents_cache[ 'post_parent:' . (string) $post->ID ] = (int) $post->post_parent; } // Prime post parent caches, so that on second run, there is not another database query. wp_cache_add_multiple( $post_parents_cache, 'posts' ); if ( $q['cache_results'] && $id_query_is_cacheable ) { $cache_value = array( 'posts' => $post_ids, 'found_posts' => $this->found_posts, 'max_num_pages' => $this->max_num_pages, ); wp_cache_set( $cache_key, $cache_value, 'post-queries' ); } return $post_parents; } $is_unfiltered_query = $old_request === $this->request && "{$wpdb->posts}.*" === $fields; if ( null === $this->posts ) { $split_the_query = ( $is_unfiltered_query && ( wp_using_ext_object_cache() || ( ! empty( $limits ) && $q['posts_per_page'] < 500 ) ) ); /** * Filters whether to split the query. * * Splitting the query will cause it to fetch just the IDs of the found posts * (and then individually fetch each post by ID), rather than fetching every * complete row at once. One massive result vs. many small results. * * @since 3.4.0 * @since 6.6.0 Added the `$old_request` and `$clauses` parameters. * * @param bool $split_the_query Whether or not to split the query. * @param WP_Query $query The WP_Query instance. * @param string $old_request The complete SQL query before filtering. * @param string[] $clauses { * Associative array of the clauses for the query. * * @type string $where The WHERE clause of the query. * @type string $groupby The GROUP BY clause of the query. * @type string $join The JOIN clause of the query. * @type string $orderby The ORDER BY clause of the query. * @type string $distinct The DISTINCT clause of the query. * @type string $fields The SELECT clause of the query. * @type string $limits The LIMIT clause of the query. * } */ $split_the_query = apply_filters( 'split_the_query', $split_the_query, $this, $old_request, compact( $pieces ) ); if ( $split_the_query ) { // First get the IDs and then fill in the objects. // Beginning of the string is on a new line to prevent leading whitespace. See https://core.trac.wordpress.org/ticket/56841. $this->request = "SELECT $found_rows $distinct {$wpdb->posts}.ID FROM {$wpdb->posts} $join WHERE 1=1 $where $groupby $orderby $limits"; /** * Filters the Post IDs SQL request before sending. * * @since 3.4.0 * * @param string $request The post ID request. * @param WP_Query $query The WP_Query instance. */ $this->request = apply_filters( 'posts_request_ids', $this->request, $this ); $post_ids = $wpdb->get_col( $this->request ); if ( $post_ids ) { $this->posts = $post_ids; $this->set_found_posts( $q, $limits ); _prime_post_caches( $post_ids, $q['update_post_term_cache'], $q['update_post_meta_cache'] ); } else { $this->posts = array(); } } else { $this->posts = $wpdb->get_results( $this->request ); $this->set_found_posts( $q, $limits ); } } // Convert to WP_Post objects. if ( $this->posts ) { /** @var WP_Post[] */ $this->posts = array_map( 'get_post', $this->posts ); } $unfiltered_posts = $this->posts; if ( $q['cache_results'] && $id_query_is_cacheable && ! $cache_found ) { $post_ids = wp_list_pluck( $this->posts, 'ID' ); $cache_value = array( 'posts' => $post_ids, 'found_posts' => $this->found_posts, 'max_num_pages' => $this->max_num_pages, ); wp_cache_set( $cache_key, $cache_value, 'post-queries' ); } if ( ! $q['suppress_filters'] ) { /** * Filters the raw post results array, prior to status checks. * * @since 2.3.0 * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'posts_results', array( $this->posts, &$this ) ); } if ( ! empty( $this->posts ) && $this->is_comment_feed && $this->is_singular ) { /** This filter is documented in wp-includes/query.php */ $cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) ); /** This filter is documented in wp-includes/query.php */ $cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) ); /** This filter is documented in wp-includes/query.php */ $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) ); $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''; /** This filter is documented in wp-includes/query.php */ $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) ); $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''; /** This filter is documented in wp-includes/query.php */ $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) ); $comments_request = "SELECT {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits"; $comment_key = md5( $comments_request ); $comment_last_changed = wp_cache_get_last_changed( 'comment' ); $comment_cache_key = "comment_feed:$comment_key:$comment_last_changed"; $comment_ids = wp_cache_get( $comment_cache_key, 'comment-queries' ); if ( false === $comment_ids ) { $comment_ids = $wpdb->get_col( $comments_request ); wp_cache_add( $comment_cache_key, $comment_ids, 'comment-queries' ); } _prime_comment_caches( $comment_ids ); // Convert to WP_Comment. /** @var WP_Comment[] */ $this->comments = array_map( 'get_comment', $comment_ids ); $this->comment_count = count( $this->comments ); } // Check post status to determine if post should be displayed. if ( ! empty( $this->posts ) && ( $this->is_single || $this->is_page ) ) { $status = get_post_status( $this->posts[0] ); if ( 'attachment' === $this->posts[0]->post_type && 0 === (int) $this->posts[0]->post_parent ) { $this->is_page = false; $this->is_single = true; $this->is_attachment = true; } // If the post_status was specifically requested, let it pass through. if ( ! in_array( $status, $q_status, true ) ) { $post_status_obj = get_post_status_object( $status ); if ( $post_status_obj && ! $post_status_obj->public ) { if ( ! is_user_logged_in() ) { // User must be logged in to view unpublished posts. $this->posts = array(); } else { if ( $post_status_obj->protected ) { // User must have edit permissions on the draft to preview. if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } else { $this->is_preview = true; if ( 'future' !== $status ) { $this->posts[0]->post_date = current_time( 'mysql' ); } } } elseif ( $post_status_obj->private ) { if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } } else { $this->posts = array(); } } } elseif ( ! $post_status_obj ) { // Post status is not registered, assume it's not public. if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) { $this->posts = array(); } } } if ( $this->is_preview && $this->posts && current_user_can( $edit_cap, $this->posts[0]->ID ) ) { /** * Filters the single post for preview mode. * * @since 2.7.0 * * @param WP_Post $post_preview The Post object. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts[0] = get_post( apply_filters_ref_array( 'the_preview', array( $this->posts[0], &$this ) ) ); } } // Put sticky posts at the top of the posts array. $sticky_posts = get_option( 'sticky_posts' ); if ( $this->is_home && $page <= 1 && is_array( $sticky_posts ) && ! empty( $sticky_posts ) && ! $q['ignore_sticky_posts'] ) { $num_posts = count( $this->posts ); $sticky_offset = 0; // Loop over posts and relocate stickies to the front. for ( $i = 0; $i < $num_posts; $i++ ) { if ( in_array( $this->posts[ $i ]->ID, $sticky_posts, true ) ) { $sticky_post = $this->posts[ $i ]; // Remove sticky from current position. array_splice( $this->posts, $i, 1 ); // Move to front, after other stickies. array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) ); // Increment the sticky offset. The next sticky will be placed at this offset. ++$sticky_offset; // Remove post from sticky posts array. $offset = array_search( $sticky_post->ID, $sticky_posts, true ); unset( $sticky_posts[ $offset ] ); } } // If any posts have been excluded specifically, Ignore those that are sticky. if ( ! empty( $sticky_posts ) && ! empty( $q['post__not_in'] ) ) { $sticky_posts = array_diff( $sticky_posts, $q['post__not_in'] ); } // Fetch sticky posts that weren't in the query results. if ( ! empty( $sticky_posts ) ) { $stickies = get_posts( array( 'post__in' => $sticky_posts, 'post_type' => $post_type, 'post_status' => 'publish', 'posts_per_page' => count( $sticky_posts ), 'suppress_filters' => $q['suppress_filters'], 'cache_results' => $q['cache_results'], 'update_post_meta_cache' => $q['update_post_meta_cache'], 'update_post_term_cache' => $q['update_post_term_cache'], 'lazy_load_term_meta' => $q['lazy_load_term_meta'], ) ); foreach ( $stickies as $sticky_post ) { array_splice( $this->posts, $sticky_offset, 0, array( $sticky_post ) ); ++$sticky_offset; } } } if ( ! $q['suppress_filters'] ) { /** * Filters the array of retrieved posts after they've been fetched and * internally processed. * * @since 1.5.0 * * @param WP_Post[] $posts Array of post objects. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->posts = apply_filters_ref_array( 'the_posts', array( $this->posts, &$this ) ); } /* * Ensure that any posts added/modified via one of the filters above are * of the type WP_Post and are filtered. */ if ( $this->posts ) { $this->post_count = count( $this->posts ); /** @var WP_Post[] */ $this->posts = array_map( 'get_post', $this->posts ); if ( $q['cache_results'] ) { if ( $is_unfiltered_query && $unfiltered_posts === $this->posts ) { update_post_caches( $this->posts, $post_type, $q['update_post_term_cache'], $q['update_post_meta_cache'] ); } else { $post_ids = wp_list_pluck( $this->posts, 'ID' ); _prime_post_caches( $post_ids, $q['update_post_term_cache'], $q['update_post_meta_cache'] ); } } /** @var WP_Post */ $this->post = reset( $this->posts ); } else { $this->post_count = 0; $this->posts = array(); } if ( ! empty( $this->posts ) && $q['update_menu_item_cache'] ) { update_menu_item_cache( $this->posts ); } if ( $q['lazy_load_term_meta'] ) { wp_queue_posts_for_term_meta_lazyload( $this->posts ); } return $this->posts; } /** * Sets up the amount of found posts and the number of pages (if limit clause was used) * for the current query. * * @since 3.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $q Query variables. * @param string $limits LIMIT clauses of the query. */ private function set_found_posts( $q, $limits ) { global $wpdb; /* * Bail if posts is an empty array. Continue if posts is an empty string, * null, or false to accommodate caching plugins that fill posts later. */ if ( $q['no_found_rows'] || ( is_array( $this->posts ) && ! $this->posts ) ) { return; } if ( ! empty( $limits ) ) { /** * Filters the query to run for retrieving the found posts. * * @since 2.1.0 * * @param string $found_posts_query The query to run to find the found posts. * @param WP_Query $query The WP_Query instance (passed by reference). */ $found_posts_query = apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) ); $this->found_posts = (int) $wpdb->get_var( $found_posts_query ); } else { if ( is_array( $this->posts ) ) { $this->found_posts = count( $this->posts ); } else { if ( null === $this->posts ) { $this->found_posts = 0; } else { $this->found_posts = 1; } } } /** * Filters the number of found posts for the query. * * @since 2.1.0 * * @param int $found_posts The number of posts found. * @param WP_Query $query The WP_Query instance (passed by reference). */ $this->found_posts = (int) apply_filters_ref_array( 'found_posts', array( $this->found_posts, &$this ) ); if ( ! empty( $limits ) ) { $this->max_num_pages = (int) ceil( $this->found_posts / $q['posts_per_page'] ); } } /** * Sets up the next post and iterate current post index. * * @since 1.5.0 * * @return WP_Post Next post. */ public function next_post() { ++$this->current_post; /** @var WP_Post */ $this->post = $this->posts[ $this->current_post ]; return $this->post; } /** * Sets up the current post. * * Retrieves the next post, sets up the post, sets the 'in the loop' * property to true. * * @since 1.5.0 * * @global WP_Post $post Global post object. */ public function the_post() { global $post; if ( ! $this->in_the_loop ) { if ( 'all' === $this->query_vars['fields'] ) { // Full post objects queried. $post_objects = $this->posts; } else { if ( 'ids' === $this->query_vars['fields'] ) { // Post IDs queried. $post_ids = $this->posts; } else { // Only partial objects queried, need to prime the cache for the loop. $post_ids = array_reduce( $this->posts, function ( $carry, $post ) { if ( isset( $post->ID ) ) { $carry[] = $post->ID; } return $carry; }, array() ); } _prime_post_caches( $post_ids, $this->query_vars['update_post_term_cache'], $this->query_vars['update_post_meta_cache'] ); $post_objects = array_map( 'get_post', $post_ids ); } update_post_author_caches( $post_objects ); } $this->in_the_loop = true; $this->before_loop = false; if ( -1 === $this->current_post ) { // Loop has just started. /** * Fires once the loop is started. * * @since 2.0.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'loop_start', array( &$this ) ); } $post = $this->next_post(); // Ensure a full post object is available. if ( 'all' !== $this->query_vars['fields'] ) { if ( 'ids' === $this->query_vars['fields'] ) { // Post IDs queried. $post = get_post( $post ); } elseif ( isset( $post->ID ) ) { /* * Partial objecct queried. * * The post object was queried with a partial set of * fields, populate the entire object for the loop. */ $post = get_post( $post->ID ); } } // Set up the global post object for the loop. $this->setup_postdata( $post ); } /** * Determines whether there are more posts available in the loop. * * Calls the {@see 'loop_end'} action when the loop is complete. * * @since 1.5.0 * * @return bool True if posts are available, false if end of the loop. */ public function have_posts() { if ( $this->current_post + 1 < $this->post_count ) { return true; } elseif ( $this->current_post + 1 === $this->post_count && $this->post_count > 0 ) { /** * Fires once the loop has ended. * * @since 2.0.0 * * @param WP_Query $query The WP_Query instance (passed by reference). */ do_action_ref_array( 'loop_end', array( &$this ) ); // Do some cleaning up after the loop. $this->rewind_posts(); } elseif ( 0 === $this->post_count ) { $this->before_loop = false; /** * Fires if no results are found in a post query. * * @since 4.9.0 * * @param WP_Query $query The WP_Query instance. */ do_action( 'loop_no_results', $this ); } $this->in_the_loop = false; return false; } /** * Rewinds the posts and resets post index. * * @since 1.5.0 */ public function rewind_posts() { $this->current_post = -1; if ( $this->post_count > 0 ) { $this->post = $this->posts[0]; } } /** * Iterates current comment index and returns WP_Comment object. * * @since 2.2.0 * * @return WP_Comment Comment object. */ public function next_comment() { ++$this->current_comment; /** @var WP_Comment */ $this->comment = $this->comments[ $this->current_comment ]; return $this->comment; } /** * Sets up the current comment. * * @since 2.2.0 * * @global WP_Comment $comment Global comment object. */ public function the_comment() { global $comment; $comment = $this->next_comment(); if ( 0 === $this->current_comment ) { /** * Fires once the comment loop is started. * * @since 2.2.0 */ do_action( 'comment_loop_start' ); } } /** * Determines whether there are more comments available. * * Automatically rewinds comments when finished. * * @since 2.2.0 * * @return bool True if comments are available, false if no more comments. */ public function have_comments() { if ( $this->current_comment + 1 < $this->comment_count ) { return true; } elseif ( $this->current_comment + 1 === $this->comment_count ) { $this->rewind_comments(); } return false; } /** * Rewinds the comments, resets the comment index and comment to first. * * @since 2.2.0 */ public function rewind_comments() { $this->current_comment = -1; if ( $this->comment_count > 0 ) { $this->comment = $this->comments[0]; } } /** * Sets up the WordPress query by parsing query string. * * @since 1.5.0 * * @see WP_Query::parse_query() for all available arguments. * * @param string|array $query URL query string or array of query arguments. * @return WP_Post[]|int[] Array of post objects or post IDs. */ public function query( $query ) { $this->init(); $this->query = wp_parse_args( $query ); $this->query_vars = $this->query; return $this->get_posts(); } /** * Retrieves the currently queried object. * * If queried object is not set, then the queried object will be set from * the category, tag, taxonomy, posts page, single post, page, or author * query variable. After it is set up, it will be returned. * * @since 1.5.0 * * @return WP_Term|WP_Post_Type|WP_Post|WP_User|null The queried object. */ public function get_queried_object() { if ( isset( $this->queried_object ) ) { return $this->queried_object; } $this->queried_object = null; $this->queried_object_id = null; if ( $this->is_category || $this->is_tag || $this->is_tax ) { if ( $this->is_category ) { $cat = $this->get( 'cat' ); $category_name = $this->get( 'category_name' ); if ( $cat ) { $term = get_term( $cat, 'category' ); } elseif ( $category_name ) { $term = get_term_by( 'slug', $category_name, 'category' ); } } elseif ( $this->is_tag ) { $tag_id = $this->get( 'tag_id' ); $tag = $this->get( 'tag' ); if ( $tag_id ) { $term = get_term( $tag_id, 'post_tag' ); } elseif ( $tag ) { $term = get_term_by( 'slug', $tag, 'post_tag' ); } } else { // For other tax queries, grab the first term from the first clause. if ( ! empty( $this->tax_query->queried_terms ) ) { $queried_taxonomies = array_keys( $this->tax_query->queried_terms ); $matched_taxonomy = reset( $queried_taxonomies ); $query = $this->tax_query->queried_terms[ $matched_taxonomy ]; if ( ! empty( $query['terms'] ) ) { if ( 'term_id' === $query['field'] ) { $term = get_term( reset( $query['terms'] ), $matched_taxonomy ); } else { $term = get_term_by( $query['field'], reset( $query['terms'] ), $matched_taxonomy ); } } } } if ( ! empty( $term ) && ! is_wp_error( $term ) ) { $this->queried_object = $term; $this->queried_object_id = (int) $term->term_id; if ( $this->is_category && 'category' === $this->queried_object->taxonomy ) { _make_cat_compat( $this->queried_object ); } } } elseif ( $this->is_post_type_archive ) { $post_type = $this->get( 'post_type' ); if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $this->queried_object = get_post_type_object( $post_type ); } elseif ( $this->is_posts_page ) { $page_for_posts = get_option( 'page_for_posts' ); $this->queried_object = get_post( $page_for_posts ); $this->queried_object_id = (int) $this->queried_object->ID; } elseif ( $this->is_singular && ! empty( $this->post ) ) { $this->queried_object = $this->post; $this->queried_object_id = (int) $this->post->ID; } elseif ( $this->is_author ) { $author = (int) $this->get( 'author' ); $author_name = $this->get( 'author_name' ); if ( $author ) { $this->queried_object_id = $author; } elseif ( $author_name ) { $user = get_user_by( 'slug', $author_name ); if ( $user ) { $this->queried_object_id = $user->ID; } } $this->queried_object = get_userdata( $this->queried_object_id ); } return $this->queried_object; } /** * Retrieves the ID of the currently queried object. * * @since 1.5.0 * * @return int */ public function get_queried_object_id() { $this->get_queried_object(); if ( isset( $this->queried_object_id ) ) { return $this->queried_object_id; } return 0; } /** * Constructor. * * Sets up the WordPress query, if parameter is not empty. * * @since 1.5.0 * * @see WP_Query::parse_query() for all available arguments. * * @param string|array $query URL query string or array of vars. */ public function __construct( $query = '' ) { if ( ! empty( $query ) ) { $this->query( $query ); } } /** * Makes private properties readable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to get. * @return mixed Property. */ public function __get( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { return $this->$name; } } /** * Makes private properties checkable for backward compatibility. * * @since 4.0.0 * * @param string $name Property to check if set. * @return bool Whether the property is set. */ public function __isset( $name ) { if ( in_array( $name, $this->compat_fields, true ) ) { return isset( $this->$name ); } return false; } /** * Makes private/protected methods readable for backward compatibility. * * @since 4.0.0 * * @param string $name Method to call. * @param array $arguments Arguments to pass when calling. * @return mixed|false Return value of the callback, false otherwise. */ public function __call( $name, $arguments ) { if ( in_array( $name, $this->compat_methods, true ) ) { return $this->$name( ...$arguments ); } return false; } /** * Determines whether the query is for an existing archive page. * * Archive pages include category, tag, author, date, custom post type, * and custom taxonomy based archives. * * @since 3.1.0 * * @see WP_Query::is_category() * @see WP_Query::is_tag() * @see WP_Query::is_author() * @see WP_Query::is_date() * @see WP_Query::is_post_type_archive() * @see WP_Query::is_tax() * * @return bool Whether the query is for an existing archive page. */ public function is_archive() { return (bool) $this->is_archive; } /** * Determines whether the query is for an existing post type archive page. * * @since 3.1.0 * * @param string|string[] $post_types Optional. Post type or array of posts types * to check against. Default empty. * @return bool Whether the query is for an existing post type archive page. */ public function is_post_type_archive( $post_types = '' ) { if ( empty( $post_types ) || ! $this->is_post_type_archive ) { return (bool) $this->is_post_type_archive; } $post_type = $this->get( 'post_type' ); if ( is_array( $post_type ) ) { $post_type = reset( $post_type ); } $post_type_object = get_post_type_object( $post_type ); if ( ! $post_type_object ) { return false; } return in_array( $post_type_object->name, (array) $post_types, true ); } /** * Determines whether the query is for an existing attachment page. * * @since 3.1.0 * * @param int|string|int[]|string[] $attachment Optional. Attachment ID, title, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing attachment page. */ public function is_attachment( $attachment = '' ) { if ( ! $this->is_attachment ) { return false; } if ( empty( $attachment ) ) { return true; } $attachment = array_map( 'strval', (array) $attachment ); $post_obj = $this->get_queried_object(); if ( ! $post_obj ) { return false; } if ( in_array( (string) $post_obj->ID, $attachment, true ) ) { return true; } elseif ( in_array( $post_obj->post_title, $attachment, true ) ) { return true; } elseif ( in_array( $post_obj->post_name, $attachment, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing author archive page. * * If the $author parameter is specified, this function will additionally * check if the query is for one of the authors specified. * * @since 3.1.0 * * @param int|string|int[]|string[] $author Optional. User ID, nickname, nicename, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing author archive page. */ public function is_author( $author = '' ) { if ( ! $this->is_author ) { return false; } if ( empty( $author ) ) { return true; } $author_obj = $this->get_queried_object(); if ( ! $author_obj ) { return false; } $author = array_map( 'strval', (array) $author ); if ( in_array( (string) $author_obj->ID, $author, true ) ) { return true; } elseif ( in_array( $author_obj->nickname, $author, true ) ) { return true; } elseif ( in_array( $author_obj->user_nicename, $author, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing category archive page. * * If the $category parameter is specified, this function will additionally * check if the query is for one of the categories specified. * * @since 3.1.0 * * @param int|string|int[]|string[] $category Optional. Category ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing category archive page. */ public function is_category( $category = '' ) { if ( ! $this->is_category ) { return false; } if ( empty( $category ) ) { return true; } $cat_obj = $this->get_queried_object(); if ( ! $cat_obj ) { return false; } $category = array_map( 'strval', (array) $category ); if ( in_array( (string) $cat_obj->term_id, $category, true ) ) { return true; } elseif ( in_array( $cat_obj->name, $category, true ) ) { return true; } elseif ( in_array( $cat_obj->slug, $category, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing tag archive page. * * If the $tag parameter is specified, this function will additionally * check if the query is for one of the tags specified. * * @since 3.1.0 * * @param int|string|int[]|string[] $tag Optional. Tag ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing tag archive page. */ public function is_tag( $tag = '' ) { if ( ! $this->is_tag ) { return false; } if ( empty( $tag ) ) { return true; } $tag_obj = $this->get_queried_object(); if ( ! $tag_obj ) { return false; } $tag = array_map( 'strval', (array) $tag ); if ( in_array( (string) $tag_obj->term_id, $tag, true ) ) { return true; } elseif ( in_array( $tag_obj->name, $tag, true ) ) { return true; } elseif ( in_array( $tag_obj->slug, $tag, true ) ) { return true; } return false; } /** * Determines whether the query is for an existing custom taxonomy archive page. * * If the $taxonomy parameter is specified, this function will additionally * check if the query is for that specific $taxonomy. * * If the $term parameter is specified in addition to the $taxonomy parameter, * this function will additionally check if the query is for one of the terms * specified. * * @since 3.1.0 * * @global WP_Taxonomy[] $wp_taxonomies Registered taxonomies. * * @param string|string[] $taxonomy Optional. Taxonomy slug or slugs to check against. * Default empty. * @param int|string|int[]|string[] $term Optional. Term ID, name, slug, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing custom taxonomy archive page. * True for custom taxonomy archive pages, false for built-in taxonomies * (category and tag archives). */ public function is_tax( $taxonomy = '', $term = '' ) { global $wp_taxonomies; if ( ! $this->is_tax ) { return false; } if ( empty( $taxonomy ) ) { return true; } $queried_object = $this->get_queried_object(); $tax_array = array_intersect( array_keys( $wp_taxonomies ), (array) $taxonomy ); $term_array = (array) $term; // Check that the taxonomy matches. if ( ! ( isset( $queried_object->taxonomy ) && count( $tax_array ) && in_array( $queried_object->taxonomy, $tax_array, true ) ) ) { return false; } // Only a taxonomy provided. if ( empty( $term ) ) { return true; } return isset( $queried_object->term_id ) && count( array_intersect( array( $queried_object->term_id, $queried_object->name, $queried_object->slug ), $term_array ) ); } /** * Determines whether the current URL is within the comments popup window. * * @since 3.1.0 * @deprecated 4.5.0 * * @return false Always returns false. */ public function is_comments_popup() { _deprecated_function( __FUNCTION__, '4.5.0' ); return false; } /** * Determines whether the query is for an existing date archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing date archive. */ public function is_date() { return (bool) $this->is_date; } /** * Determines whether the query is for an existing day archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing day archive. */ public function is_day() { return (bool) $this->is_day; } /** * Determines whether the query is for a feed. * * @since 3.1.0 * * @param string|string[] $feeds Optional. Feed type or array of feed types * to check against. Default empty. * @return bool Whether the query is for a feed. */ public function is_feed( $feeds = '' ) { if ( empty( $feeds ) || ! $this->is_feed ) { return (bool) $this->is_feed; } $qv = $this->get( 'feed' ); if ( 'feed' === $qv ) { $qv = get_default_feed(); } return in_array( $qv, (array) $feeds, true ); } /** * Determines whether the query is for a comments feed. * * @since 3.1.0 * * @return bool Whether the query is for a comments feed. */ public function is_comment_feed() { return (bool) $this->is_comment_feed; } /** * Determines whether the query is for the front page of the site. * * This is for what is displayed at your site's main URL. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_on_front'. * * If you set a static page for the front page of your site, this function will return * true when viewing that page. * * Otherwise the same as {@see WP_Query::is_home()}. * * @since 3.1.0 * * @return bool Whether the query is for the front page of the site. */ public function is_front_page() { // Most likely case. if ( 'posts' === get_option( 'show_on_front' ) && $this->is_home() ) { return true; } elseif ( 'page' === get_option( 'show_on_front' ) && get_option( 'page_on_front' ) && $this->is_page( get_option( 'page_on_front' ) ) ) { return true; } else { return false; } } /** * Determines whether the query is for the blog homepage. * * This is the page which shows the time based blog content of your site. * * Depends on the site's "Front page displays" Reading Settings 'show_on_front' and 'page_for_posts'. * * If you set a static page for the front page of your site, this function will return * true only on the page you set as the "Posts page". * * @since 3.1.0 * * @see WP_Query::is_front_page() * * @return bool Whether the query is for the blog homepage. */ public function is_home() { return (bool) $this->is_home; } /** * Determines whether the query is for the Privacy Policy page. * * This is the page which shows the Privacy Policy content of your site. * * Depends on the site's "Change your Privacy Policy page" Privacy Settings 'wp_page_for_privacy_policy'. * * This function will return true only on the page you set as the "Privacy Policy page". * * @since 5.2.0 * * @return bool Whether the query is for the Privacy Policy page. */ public function is_privacy_policy() { if ( get_option( 'wp_page_for_privacy_policy' ) && $this->is_page( get_option( 'wp_page_for_privacy_policy' ) ) ) { return true; } else { return false; } } /** * Determines whether the query is for an existing month archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing month archive. */ public function is_month() { return (bool) $this->is_month; } /** * Determines whether the query is for an existing single page. * * If the $page parameter is specified, this function will additionally * check if the query is for one of the pages specified. * * @since 3.1.0 * * @see WP_Query::is_single() * @see WP_Query::is_singular() * * @param int|string|int[]|string[] $page Optional. Page ID, title, slug, path, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing single page. */ public function is_page( $page = '' ) { if ( ! $this->is_page ) { return false; } if ( empty( $page ) ) { return true; } $page_obj = $this->get_queried_object(); if ( ! $page_obj ) { return false; } $page = array_map( 'strval', (array) $page ); if ( in_array( (string) $page_obj->ID, $page, true ) ) { return true; } elseif ( in_array( $page_obj->post_title, $page, true ) ) { return true; } elseif ( in_array( $page_obj->post_name, $page, true ) ) { return true; } else { foreach ( $page as $pagepath ) { if ( ! strpos( $pagepath, '/' ) ) { continue; } $pagepath_obj = get_page_by_path( $pagepath ); if ( $pagepath_obj && ( $pagepath_obj->ID === $page_obj->ID ) ) { return true; } } } return false; } /** * Determines whether the query is for a paged result and not for the first page. * * @since 3.1.0 * * @return bool Whether the query is for a paged result. */ public function is_paged() { return (bool) $this->is_paged; } /** * Determines whether the query is for a post or page preview. * * @since 3.1.0 * * @return bool Whether the query is for a post or page preview. */ public function is_preview() { return (bool) $this->is_preview; } /** * Determines whether the query is for the robots.txt file. * * @since 3.1.0 * * @return bool Whether the query is for the robots.txt file. */ public function is_robots() { return (bool) $this->is_robots; } /** * Determines whether the query is for the favicon.ico file. * * @since 5.4.0 * * @return bool Whether the query is for the favicon.ico file. */ public function is_favicon() { return (bool) $this->is_favicon; } /** * Determines whether the query is for a search. * * @since 3.1.0 * * @return bool Whether the query is for a search. */ public function is_search() { return (bool) $this->is_search; } /** * Determines whether the query is for an existing single post. * * Works for any post type excluding pages. * * If the $post parameter is specified, this function will additionally * check if the query is for one of the Posts specified. * * @since 3.1.0 * * @see WP_Query::is_page() * @see WP_Query::is_singular() * * @param int|string|int[]|string[] $post Optional. Post ID, title, slug, path, or array of such * to check against. Default empty. * @return bool Whether the query is for an existing single post. */ public function is_single( $post = '' ) { if ( ! $this->is_single ) { return false; } if ( empty( $post ) ) { return true; } $post_obj = $this->get_queried_object(); if ( ! $post_obj ) { return false; } $post = array_map( 'strval', (array) $post ); if ( in_array( (string) $post_obj->ID, $post, true ) ) { return true; } elseif ( in_array( $post_obj->post_title, $post, true ) ) { return true; } elseif ( in_array( $post_obj->post_name, $post, true ) ) { return true; } else { foreach ( $post as $postpath ) { if ( ! strpos( $postpath, '/' ) ) { continue; } $postpath_obj = get_page_by_path( $postpath, OBJECT, $post_obj->post_type ); if ( $postpath_obj && ( $postpath_obj->ID === $post_obj->ID ) ) { return true; } } } return false; } /** * Determines whether the query is for an existing single post of any post type * (post, attachment, page, custom post types). * * If the $post_types parameter is specified, this function will additionally * check if the query is for one of the Posts Types specified. * * @since 3.1.0 * * @see WP_Query::is_page() * @see WP_Query::is_single() * * @param string|string[] $post_types Optional. Post type or array of post types * to check against. Default empty. * @return bool Whether the query is for an existing single post * or any of the given post types. */ public function is_singular( $post_types = '' ) { if ( empty( $post_types ) || ! $this->is_singular ) { return (bool) $this->is_singular; } $post_obj = $this->get_queried_object(); if ( ! $post_obj ) { return false; } return in_array( $post_obj->post_type, (array) $post_types, true ); } /** * Determines whether the query is for a specific time. * * @since 3.1.0 * * @return bool Whether the query is for a specific time. */ public function is_time() { return (bool) $this->is_time; } /** * Determines whether the query is for a trackback endpoint call. * * @since 3.1.0 * * @return bool Whether the query is for a trackback endpoint call. */ public function is_trackback() { return (bool) $this->is_trackback; } /** * Determines whether the query is for an existing year archive. * * @since 3.1.0 * * @return bool Whether the query is for an existing year archive. */ public function is_year() { return (bool) $this->is_year; } /** * Determines whether the query is a 404 (returns no results). * * @since 3.1.0 * * @return bool Whether the query is a 404 error. */ public function is_404() { return (bool) $this->is_404; } /** * Determines whether the query is for an embedded post. * * @since 4.4.0 * * @return bool Whether the query is for an embedded post. */ public function is_embed() { return (bool) $this->is_embed; } /** * Determines whether the query is the main query. * * @since 3.3.0 * * @global WP_Query $wp_the_query WordPress Query object. * * @return bool Whether the query is the main query. */ public function is_main_query() { global $wp_the_query; return $wp_the_query === $this; } /** * Sets up global post data. * * @since 4.1.0 * @since 4.4.0 Added the ability to pass a post ID to `$post`. * * @global int $id * @global WP_User $authordata * @global string $currentday * @global string $currentmonth * @global int $page * @global array $pages * @global int $multipage * @global int $more * @global int $numpages * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return true True when finished. */ public function setup_postdata( $post ) { global $id, $authordata, $currentday, $currentmonth, $page, $pages, $multipage, $more, $numpages; if ( ! ( $post instanceof WP_Post ) ) { $post = get_post( $post ); } if ( ! $post ) { return; } $elements = $this->generate_postdata( $post ); if ( false === $elements ) { return; } $id = $elements['id']; $authordata = $elements['authordata']; $currentday = $elements['currentday']; $currentmonth = $elements['currentmonth']; $page = $elements['page']; $pages = $elements['pages']; $multipage = $elements['multipage']; $more = $elements['more']; $numpages = $elements['numpages']; /** * Fires once the post data has been set up. * * @since 2.8.0 * @since 4.1.0 Introduced `$query` parameter. * * @param WP_Post $post The Post object (passed by reference). * @param WP_Query $query The current Query object (passed by reference). */ do_action_ref_array( 'the_post', array( &$post, &$this ) ); return true; } /** * Generates post data. * * @since 5.2.0 * * @param WP_Post|object|int $post WP_Post instance or Post ID/object. * @return array|false Elements of post or false on failure. */ public function generate_postdata( $post ) { if ( ! ( $post instanceof WP_Post ) ) { $post = get_post( $post ); } if ( ! $post ) { return false; } $id = (int) $post->ID; $authordata = get_userdata( $post->post_author ); $currentday = false; $currentmonth = false; $post_date = $post->post_date; if ( ! empty( $post_date ) && '0000-00-00 00:00:00' !== $post_date ) { // Avoid using mysql2date for performance reasons. $currentmonth = substr( $post_date, 5, 2 ); $day = substr( $post_date, 8, 2 ); $year = substr( $post_date, 2, 2 ); $currentday = sprintf( '%s.%s.%s', $day, $currentmonth, $year ); } $numpages = 1; $multipage = 0; $page = $this->get( 'page' ); if ( ! $page ) { $page = 1; } /* * Force full post content when viewing the permalink for the $post, * or when on an RSS feed. Otherwise respect the 'more' tag. */ if ( get_queried_object_id() === $post->ID && ( $this->is_page() || $this->is_single() ) ) { $more = 1; } elseif ( $this->is_feed() ) { $more = 1; } else { $more = 0; } $content = $post->post_content; if ( str_contains( $content, '' ) ) { $content = str_replace( "\n\n", '', $content ); $content = str_replace( "\n", '', $content ); $content = str_replace( "\n", '', $content ); // Remove the nextpage block delimiters, to avoid invalid block structures in the split content. $content = str_replace( '', '', $content ); $content = str_replace( '', '', $content ); // Ignore nextpage at the beginning of the content. if ( str_starts_with( $content, '' ) ) { $content = substr( $content, 15 ); } $pages = explode( '', $content ); } else { $pages = array( $post->post_content ); } /** * Filters the "pages" derived from splitting the post content. * * "Pages" are determined by splitting the post content based on the presence * of `` tags. * * @since 4.4.0 * * @param string[] $pages Array of "pages" from the post content split by `` tags. * @param WP_Post $post Current post object. */ $pages = apply_filters( 'content_pagination', $pages, $post ); $numpages = count( $pages ); if ( $numpages > 1 ) { if ( $page > 1 ) { $more = 1; } $multipage = 1; } else { $multipage = 0; } $elements = compact( 'id', 'authordata', 'currentday', 'currentmonth', 'page', 'pages', 'multipage', 'more', 'numpages' ); return $elements; } /** * Generates cache key. * * @since 6.1.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $args Query arguments. * @param string $sql SQL statement. * @return string Cache key. */ protected function generate_cache_key( array $args, $sql ) { global $wpdb; unset( $args['cache_results'], $args['fields'], $args['lazy_load_term_meta'], $args['update_post_meta_cache'], $args['update_post_term_cache'], $args['update_menu_item_cache'], $args['suppress_filters'] ); if ( empty( $args['post_type'] ) ) { if ( $this->is_attachment ) { $args['post_type'] = 'attachment'; } elseif ( $this->is_page ) { $args['post_type'] = 'page'; } else { $args['post_type'] = 'post'; } } elseif ( 'any' === $args['post_type'] ) { $args['post_type'] = array_values( get_post_types( array( 'exclude_from_search' => false ) ) ); } $args['post_type'] = (array) $args['post_type']; // Sort post types to ensure same cache key generation. sort( $args['post_type'] ); /* * Sort arrays that can be used for ordering prior to cache key generation. * * These arrays are sorted in the query generator for the purposes of the * WHERE clause but the arguments are not modified as they can be used for * the orderby clase. * * Their use in the orderby clause will generate a different SQL query so * they can be sorted for the cache key generation. */ $sortable_arrays_with_int_values = array( 'post__in', 'post_parent__in', ); foreach ( $sortable_arrays_with_int_values as $key ) { if ( isset( $args[ $key ] ) && is_array( $args[ $key ] ) ) { $args[ $key ] = array_unique( array_map( 'absint', $args[ $key ] ) ); sort( $args[ $key ] ); } } // Sort and unique the 'post_name__in' for cache key generation. if ( isset( $args['post_name__in'] ) && is_array( $args['post_name__in'] ) ) { $args['post_name__in'] = array_unique( $args['post_name__in'] ); sort( $args['post_name__in'] ); } if ( isset( $args['post_status'] ) ) { $args['post_status'] = (array) $args['post_status']; // Sort post status to ensure same cache key generation. sort( $args['post_status'] ); } // Add a default orderby value of date to ensure same cache key generation. if ( ! isset( $q['orderby'] ) ) { $args['orderby'] = 'date'; } $placeholder = $wpdb->placeholder_escape(); array_walk_recursive( $args, /* * Replace wpdb placeholders with the string used in the database * query to avoid unreachable cache keys. This is necessary because * the placeholder is randomly generated in each request. * * $value is passed by reference to allow it to be modified. * array_walk_recursive() does not return an array. */ static function ( &$value ) use ( $wpdb, $placeholder ) { if ( is_string( $value ) && str_contains( $value, $placeholder ) ) { $value = $wpdb->remove_placeholder_escape( $value ); } } ); ksort( $args ); // Replace wpdb placeholder in the SQL statement used by the cache key. $sql = $wpdb->remove_placeholder_escape( $sql ); $key = md5( serialize( $args ) . $sql ); $last_changed = wp_cache_get_last_changed( 'posts' ); if ( ! empty( $this->tax_query->queries ) ) { $last_changed .= wp_cache_get_last_changed( 'terms' ); } $this->query_cache_key = "wp_query:$key:$last_changed"; return $this->query_cache_key; } /** * After looping through a nested query, this function * restores the $post global to the current post in this query. * * @since 3.7.0 * * @global WP_Post $post Global post object. */ public function reset_postdata() { if ( ! empty( $this->post ) ) { $GLOBALS['post'] = $this->post; $this->setup_postdata( $this->post ); } } /** * Lazyloads term meta for posts in the loop. * * @since 4.4.0 * @deprecated 4.5.0 See wp_queue_posts_for_term_meta_lazyload(). * * @param mixed $check * @param int $term_id * @return mixed */ public function lazyload_term_meta( $check, $term_id ) { _deprecated_function( __METHOD__, '4.5.0' ); return $check; } /** * Lazyloads comment meta for comments in the loop. * * @since 4.4.0 * @deprecated 4.5.0 See wp_lazyload_comment_meta(). * * @param mixed $check * @param int $comment_id * @return mixed */ public function lazyload_comment_meta( $check, $comment_id ) { _deprecated_function( __METHOD__, '4.5.0' ); return $check; } } or( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => 403 ) ); } if ( 'draft' === $post->post_status ) { return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); } if ( 'trash' === $post->post_status ) { return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) ); } if ( ! $this->check_read_post_permission( $post, $request ) ) { return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! comments_open( $post->ID ) ) { return new WP_Error( 'rest_comment_closed', __( 'Sorry, comments are closed for this item.' ), array( 'status' => 403 ) ); } return true; } /** * Creates a comment. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function create_item( $request ) { if ( ! empty( $request['id'] ) ) { return new WP_Error( 'rest_comment_exists', __( 'Cannot create existing comment.' ), array( 'status' => 400 ) ); } // Do not allow comments to be created with a non-default type. if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) { return new WP_Error( 'rest_invalid_comment_type', __( 'Cannot create a comment with that type.' ), array( 'status' => 400 ) ); } $prepared_comment = $this->prepare_item_for_database( $request ); if ( is_wp_error( $prepared_comment ) ) { return $prepared_comment; } $prepared_comment['comment_type'] = 'comment'; if ( ! isset( $prepared_comment['comment_content'] ) ) { $prepared_comment['comment_content'] = ''; } if ( ! $this->check_is_comment_content_allowed( $prepared_comment ) ) { return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) ); } // Setting remaining values before wp_insert_comment so we can use wp_allow_comment(). if ( ! isset( $prepared_comment['comment_date_gmt'] ) ) { $prepared_comment['comment_date_gmt'] = current_time( 'mysql', true ); } // Set author data if the user's logged in. $missing_author = empty( $prepared_comment['user_id'] ) && empty( $prepared_comment['comment_author'] ) && empty( $prepared_comment['comment_author_email'] ) && empty( $prepared_comment['comment_author_url'] ); if ( is_user_logged_in() && $missing_author ) { $user = wp_get_current_user(); $prepared_comment['user_id'] = $user->ID; $prepared_comment['comment_author'] = $user->display_name; $prepared_comment['comment_author_email'] = $user->user_email; $prepared_comment['comment_author_url'] = $user->user_url; } // Honor the discussion setting that requires a name and email address of the comment author. if ( get_option( 'require_name_email' ) ) { if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) { return new WP_Error( 'rest_comment_author_data_required', __( 'Creating a comment requires valid author name and email values.' ), array( 'status' => 400 ) ); } } if ( ! isset( $prepared_comment['comment_author_email'] ) ) { $prepared_comment['comment_author_email'] = ''; } if ( ! isset( $prepared_comment['comment_author_url'] ) ) { $prepared_comment['comment_author_url'] = ''; } if ( ! isset( $prepared_comment['comment_agent'] ) ) { $prepared_comment['comment_agent'] = ''; } $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment ); if ( is_wp_error( $check_comment_lengths ) ) { $error_code = $check_comment_lengths->get_error_code(); return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); } $prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true ); if ( is_wp_error( $prepared_comment['comment_approved'] ) ) { $error_code = $prepared_comment['comment_approved']->get_error_code(); $error_message = $prepared_comment['comment_approved']->get_error_message(); if ( 'comment_duplicate' === $error_code ) { return new WP_Error( $error_code, $error_message, array( 'status' => 409 ) ); } if ( 'comment_flood' === $error_code ) { return new WP_Error( $error_code, $error_message, array( 'status' => 400 ) ); } return $prepared_comment['comment_approved']; } /** * Filters a comment before it is inserted via the REST API. * * Allows modification of the comment right before it is inserted via wp_insert_comment(). * Returning a WP_Error value from the filter will short-circuit insertion and allow * skipping further processing. * * @since 4.7.0 * @since 4.8.0 `$prepared_comment` can now be a WP_Error to short-circuit insertion. * * @param array|WP_Error $prepared_comment The prepared comment data for wp_insert_comment(). * @param WP_REST_Request $request Request used to insert the comment. */ $prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request ); if ( is_wp_error( $prepared_comment ) ) { return $prepared_comment; } $comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) ); if ( ! $comment_id ) { return new WP_Error( 'rest_comment_failed_create', __( 'Creating comment failed.' ), array( 'status' => 500 ) ); } if ( isset( $request['status'] ) ) { $this->handle_status_param( $request['status'], $comment_id ); } $comment = get_comment( $comment_id ); /** * Fires after a comment is created or updated via the REST API. * * @since 4.7.0 * * @param WP_Comment $comment Inserted or updated comment object. * @param WP_REST_Request $request Request object. * @param bool $creating True when creating a comment, false * when updating. */ do_action( 'rest_insert_comment', $comment, $request, true ); $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], $comment_id ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $fields_update = $this->update_additional_fields_for_object( $comment, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $context = current_user_can( 'moderate_comments' ) ? 'edit' : 'view'; $request->set_param( 'context', $context ); /** * Fires completely after a comment is created or updated via the REST API. * * @since 5.0.0 * * @param WP_Comment $comment Inserted or updated comment object. * @param WP_REST_Request $request Request object. * @param bool $creating True when creating a comment, false * when updating. */ do_action( 'rest_after_insert_comment', $comment, $request, true ); $response = $this->prepare_item_for_response( $comment, $request ); $response = rest_ensure_response( $response ); $response->set_status( 201 ); $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment_id ) ) ); return $response; } /** * Checks if a given REST request has access to update a comment. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has access to update the item, error object otherwise. */ public function update_item_permissions_check( $request ) { $comment = $this->get_comment( $request['id'] ); if ( is_wp_error( $comment ) ) { return $comment; } if ( ! $this->check_edit_permission( $comment ) ) { return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Updates a comment. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function update_item( $request ) { $comment = $this->get_comment( $request['id'] ); if ( is_wp_error( $comment ) ) { return $comment; } $id = $comment->comment_ID; if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) { return new WP_Error( 'rest_comment_invalid_type', __( 'Sorry, you are not allowed to change the comment type.' ), array( 'status' => 404 ) ); } $prepared_args = $this->prepare_item_for_database( $request ); if ( is_wp_error( $prepared_args ) ) { return $prepared_args; } if ( ! empty( $prepared_args['comment_post_ID'] ) ) { $post = get_post( $prepared_args['comment_post_ID'] ); if ( empty( $post ) ) { return new WP_Error( 'rest_comment_invalid_post_id', __( 'Invalid post ID.' ), array( 'status' => 403 ) ); } } if ( empty( $prepared_args ) && isset( $request['status'] ) ) { // Only the comment status is being changed. $change = $this->handle_status_param( $request['status'], $id ); if ( ! $change ) { return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment status failed.' ), array( 'status' => 500 ) ); } } elseif ( ! empty( $prepared_args ) ) { if ( is_wp_error( $prepared_args ) ) { return $prepared_args; } if ( isset( $prepared_args['comment_content'] ) && empty( $prepared_args['comment_content'] ) ) { return new WP_Error( 'rest_comment_content_invalid', __( 'Invalid comment content.' ), array( 'status' => 400 ) ); } $prepared_args['comment_ID'] = $id; $check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args ); if ( is_wp_error( $check_comment_lengths ) ) { $error_code = $check_comment_lengths->get_error_code(); return new WP_Error( $error_code, __( 'Comment field exceeds maximum length allowed.' ), array( 'status' => 400 ) ); } $updated = wp_update_comment( wp_slash( (array) $prepared_args ), true ); if ( is_wp_error( $updated ) ) { return new WP_Error( 'rest_comment_failed_edit', __( 'Updating comment failed.' ), array( 'status' => 500 ) ); } if ( isset( $request['status'] ) ) { $this->handle_status_param( $request['status'], $id ); } } $comment = get_comment( $id ); /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */ do_action( 'rest_insert_comment', $comment, $request, false ); $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], $id ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $fields_update = $this->update_additional_fields_for_object( $comment, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $request->set_param( 'context', 'edit' ); /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */ do_action( 'rest_after_insert_comment', $comment, $request, false ); $response = $this->prepare_item_for_response( $comment, $request ); return rest_ensure_response( $response ); } /** * Checks if a given request has access to delete a comment. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has access to delete the item, error object otherwise. */ public function delete_item_permissions_check( $request ) { $comment = $this->get_comment( $request['id'] ); if ( is_wp_error( $comment ) ) { return $comment; } if ( ! $this->check_edit_permission( $comment ) ) { return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Deletes a comment. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or error object on failure. */ public function delete_item( $request ) { $comment = $this->get_comment( $request['id'] ); if ( is_wp_error( $comment ) ) { return $comment; } $force = isset( $request['force'] ) ? (bool) $request['force'] : false; /** * Filters whether a comment can be trashed via the REST API. * * Return false to disable trash support for the comment. * * @since 4.7.0 * * @param bool $supports_trash Whether the comment supports trashing. * @param WP_Comment $comment The comment object being considered for trashing support. */ $supports_trash = apply_filters( 'rest_comment_trashable', ( EMPTY_TRASH_DAYS > 0 ), $comment ); $request->set_param( 'context', 'edit' ); if ( $force ) { $previous = $this->prepare_item_for_response( $comment, $request ); $result = wp_delete_comment( $comment->comment_ID, true ); $response = new WP_REST_Response(); $response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data(), ) ); } else { // If this type doesn't support trashing, error out. if ( ! $supports_trash ) { return new WP_Error( 'rest_trash_not_supported', /* translators: %s: force=true */ sprintf( __( "The comment does not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); } if ( 'trash' === $comment->comment_approved ) { return new WP_Error( 'rest_already_trashed', __( 'The comment has already been trashed.' ), array( 'status' => 410 ) ); } $result = wp_trash_comment( $comment->comment_ID ); $comment = get_comment( $comment->comment_ID ); $response = $this->prepare_item_for_response( $comment, $request ); } if ( ! $result ) { return new WP_Error( 'rest_cannot_delete', __( 'The comment cannot be deleted.' ), array( 'status' => 500 ) ); } /** * Fires after a comment is deleted via the REST API. * * @since 4.7.0 * * @param WP_Comment $comment The deleted comment data. * @param WP_REST_Response $response The response returned from the API. * @param WP_REST_Request $request The request sent to the API. */ do_action( 'rest_delete_comment', $comment, $response, $request ); return $response; } /** * Prepares a single comment output for response. * * @since 4.7.0 * @since 5.9.0 Renamed `$comment` to `$item` to match parent class for PHP 8 named parameter support. * * @param WP_Comment $item Comment object. * @param WP_REST_Request $request Request object. * @return WP_REST_Response Response object. */ public function prepare_item_for_response( $item, $request ) { // Restores the more descriptive, specific name for use within this method. $comment = $item; // Don't prepare the response body for HEAD requests. if ( $request->is_method( 'HEAD' ) ) { /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */ return apply_filters( 'rest_prepare_comment', new WP_REST_Response( array() ), $comment, $request ); } $fields = $this->get_fields_for_response( $request ); $data = array(); if ( in_array( 'id', $fields, true ) ) { $data['id'] = (int) $comment->comment_ID; } if ( in_array( 'post', $fields, true ) ) { $data['post'] = (int) $comment->comment_post_ID; } if ( in_array( 'parent', $fields, true ) ) { $data['parent'] = (int) $comment->comment_parent; } if ( in_array( 'author', $fields, true ) ) { $data['author'] = (int) $comment->user_id; } if ( in_array( 'author_name', $fields, true ) ) { $data['author_name'] = $comment->comment_author; } if ( in_array( 'author_email', $fields, true ) ) { $data['author_email'] = $comment->comment_author_email; } if ( in_array( 'author_url', $fields, true ) ) { $data['author_url'] = $comment->comment_author_url; } if ( in_array( 'author_ip', $fields, true ) ) { $data['author_ip'] = $comment->comment_author_IP; } if ( in_array( 'author_user_agent', $fields, true ) ) { $data['author_user_agent'] = $comment->comment_agent; } if ( in_array( 'date', $fields, true ) ) { $data['date'] = mysql_to_rfc3339( $comment->comment_date ); } if ( in_array( 'date_gmt', $fields, true ) ) { $data['date_gmt'] = mysql_to_rfc3339( $comment->comment_date_gmt ); } if ( in_array( 'content', $fields, true ) ) { $data['content'] = array( /** This filter is documented in wp-includes/comment-template.php */ 'rendered' => apply_filters( 'comment_text', $comment->comment_content, $comment, array() ), 'raw' => $comment->comment_content, ); } if ( in_array( 'link', $fields, true ) ) { $data['link'] = get_comment_link( $comment ); } if ( in_array( 'status', $fields, true ) ) { $data['status'] = $this->prepare_status_response( $comment->comment_approved ); } if ( in_array( 'type', $fields, true ) ) { $data['type'] = get_comment_type( $comment->comment_ID ); } if ( in_array( 'author_avatar_urls', $fields, true ) ) { $data['author_avatar_urls'] = rest_get_avatar_urls( $comment ); } if ( in_array( 'meta', $fields, true ) ) { $data['meta'] = $this->meta->get_value( $comment->comment_ID, $request ); } $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; $data = $this->add_additional_fields_to_object( $data, $request ); $data = $this->filter_response_by_context( $data, $context ); // Wrap the data in a response object. $response = rest_ensure_response( $data ); if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) { $response->add_links( $this->prepare_links( $comment ) ); } /** * Filters a comment returned from the REST API. * * Allows modification of the comment right before it is returned. * * @since 4.7.0 * * @param WP_REST_Response $response The response object. * @param WP_Comment $comment The original comment object. * @param WP_REST_Request $request Request used to generate the response. */ return apply_filters( 'rest_prepare_comment', $response, $comment, $request ); } /** * Prepares links for the request. * * @since 4.7.0 * * @param WP_Comment $comment Comment object. * @return array Links for the given comment. */ protected function prepare_links( $comment ) { $links = array( 'self' => array( 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_ID ) ), ), 'collection' => array( 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), ), ); if ( 0 !== (int) $comment->user_id ) { $links['author'] = array( 'href' => rest_url( 'wp/v2/users/' . $comment->user_id ), 'embeddable' => true, ); } if ( 0 !== (int) $comment->comment_post_ID ) { $post = get_post( $comment->comment_post_ID ); $post_route = rest_get_route_for_post( $post ); if ( ! empty( $post->ID ) && $post_route ) { $links['up'] = array( 'href' => rest_url( $post_route ), 'embeddable' => true, 'post_type' => $post->post_type, ); } } if ( 0 !== (int) $comment->comment_parent ) { $links['in-reply-to'] = array( 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_parent ) ), 'embeddable' => true, ); } // Only grab one comment to verify the comment has children. $comment_children = $comment->get_children( array( 'count' => true, 'orderby' => 'none', ) ); if ( ! empty( $comment_children ) ) { $args = array( 'parent' => $comment->comment_ID, ); $rest_url = add_query_arg( $args, rest_url( $this->namespace . '/' . $this->rest_base ) ); $links['children'] = array( 'href' => $rest_url, 'embeddable' => true, ); } return $links; } /** * Prepends internal property prefix to query parameters to match our response fields. * * @since 4.7.0 * * @param string $query_param Query parameter. * @return string The normalized query parameter. */ protected function normalize_query_param( $query_param ) { $prefix = 'comment_'; switch ( $query_param ) { case 'id': $normalized = $prefix . 'ID'; break; case 'post': $normalized = $prefix . 'post_ID'; break; case 'parent': $normalized = $prefix . 'parent'; break; case 'include': $normalized = 'comment__in'; break; default: $normalized = $prefix . $query_param; break; } return $normalized; } /** * Checks comment_approved to set comment status for single comment output. * * @since 4.7.0 * * @param string $comment_approved Comment status. * @return string Comment status. */ protected function prepare_status_response( $comment_approved ) { switch ( $comment_approved ) { case 'hold': case '0': $status = 'hold'; break; case 'approve': case '1': $status = 'approved'; break; case 'spam': case 'trash': default: $status = $comment_approved; break; } return $status; } /** * Prepares a single comment to be inserted into the database. * * @since 4.7.0 * * @param WP_REST_Request $request Request object. * @return array|WP_Error Prepared comment, otherwise WP_Error object. */ protected function prepare_item_for_database( $request ) { $prepared_comment = array(); /* * Allow the comment_content to be set via the 'content' or * the 'content.raw' properties of the Request object. */ if ( isset( $request['content'] ) && is_string( $request['content'] ) ) { $prepared_comment['comment_content'] = trim( $request['content'] ); } elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) { $prepared_comment['comment_content'] = trim( $request['content']['raw'] ); } if ( isset( $request['post'] ) ) { $prepared_comment['comment_post_ID'] = (int) $request['post']; } if ( isset( $request['parent'] ) ) { $prepared_comment['comment_parent'] = $request['parent']; } if ( isset( $request['author'] ) ) { $user = new WP_User( $request['author'] ); if ( $user->exists() ) { $prepared_comment['user_id'] = $user->ID; $prepared_comment['comment_author'] = $user->display_name; $prepared_comment['comment_author_email'] = $user->user_email; $prepared_comment['comment_author_url'] = $user->user_url; } else { return new WP_Error( 'rest_comment_author_invalid', __( 'Invalid comment author ID.' ), array( 'status' => 400 ) ); } } if ( isset( $request['author_name'] ) ) { $prepared_comment['comment_author'] = $request['author_name']; } if ( isset( $request['author_email'] ) ) { $prepared_comment['comment_author_email'] = $request['author_email']; } if ( isset( $request['author_url'] ) ) { $prepared_comment['comment_author_url'] = $request['author_url']; } if ( isset( $request['author_ip'] ) && current_user_can( 'moderate_comments' ) ) { $prepared_comment['comment_author_IP'] = $request['author_ip']; } elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) && rest_is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) { $prepared_comment['comment_author_IP'] = $_SERVER['REMOTE_ADDR']; } else { $prepared_comment['comment_author_IP'] = '127.0.0.1'; } if ( ! empty( $request['author_user_agent'] ) ) { $prepared_comment['comment_agent'] = $request['author_user_agent']; } elseif ( $request->get_header( 'user_agent' ) ) { $prepared_comment['comment_agent'] = $request->get_header( 'user_agent' ); } if ( ! empty( $request['date'] ) ) { $date_data = rest_get_date_with_gmt( $request['date'] ); if ( ! empty( $date_data ) ) { list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data; } } elseif ( ! empty( $request['date_gmt'] ) ) { $date_data = rest_get_date_with_gmt( $request['date_gmt'], true ); if ( ! empty( $date_data ) ) { list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data; } } /** * Filters a comment added via the REST API after it is prepared for insertion into the database. * * Allows modification of the comment right after it is prepared for the database. * * @since 4.7.0 * * @param array $prepared_comment The prepared comment data for `wp_insert_comment`. * @param WP_REST_Request $request The current request. */ return apply_filters( 'rest_preprocess_comment', $prepared_comment, $request ); } /** * Retrieves the comment's schema, conforming to JSON Schema. * * @since 4.7.0 * * @return array */ public function get_item_schema() { if ( $this->schema ) { return $this->add_additional_fields_schema( $this->schema ); } $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'comment', 'type' => 'object', 'properties' => array( 'id' => array( 'description' => __( 'Unique identifier for the comment.' ), 'type' => 'integer', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'author' => array( 'description' => __( 'The ID of the user object, if author was a user.' ), 'type' => 'integer', 'context' => array( 'view', 'edit', 'embed' ), ), 'author_email' => array( 'description' => __( 'Email address for the comment author.' ), 'type' => 'string', 'format' => 'email', 'context' => array( 'edit' ), 'arg_options' => array( 'sanitize_callback' => array( $this, 'check_comment_author_email' ), 'validate_callback' => null, // Skip built-in validation of 'email'. ), ), 'author_ip' => array( 'description' => __( 'IP address for the comment author.' ), 'type' => 'string', 'format' => 'ip', 'context' => array( 'edit' ), ), 'author_name' => array( 'description' => __( 'Display name for the comment author.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => 'sanitize_text_field', ), ), 'author_url' => array( 'description' => __( 'URL for the comment author.' ), 'type' => 'string', 'format' => 'uri', 'context' => array( 'view', 'edit', 'embed' ), ), 'author_user_agent' => array( 'description' => __( 'User agent for the comment author.' ), 'type' => 'string', 'context' => array( 'edit' ), 'arg_options' => array( 'sanitize_callback' => 'sanitize_text_field', ), ), 'content' => array( 'description' => __( 'The content for the comment.' ), 'type' => 'object', 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). ), 'properties' => array( 'raw' => array( 'description' => __( 'Content for the comment, as it exists in the database.' ), 'type' => 'string', 'context' => array( 'edit' ), ), 'rendered' => array( 'description' => __( 'HTML content for the comment, transformed for display.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), ), ), 'date' => array( 'description' => __( "The date the comment was published, in the site's timezone." ), 'type' => 'string', 'format' => 'date-time', 'context' => array( 'view', 'edit', 'embed' ), ), 'date_gmt' => array( 'description' => __( 'The date the comment was published, as GMT.' ), 'type' => 'string', 'format' => 'date-time', 'context' => array( 'view', 'edit' ), ), 'link' => array( 'description' => __( 'URL to the comment.' ), 'type' => 'string', 'format' => 'uri', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), 'parent' => array( 'description' => __( 'The ID for the parent of the comment.' ), 'type' => 'integer', 'context' => array( 'view', 'edit', 'embed' ), 'default' => 0, ), 'post' => array( 'description' => __( 'The ID of the associated post object.' ), 'type' => 'integer', 'context' => array( 'view', 'edit' ), 'default' => 0, ), 'status' => array( 'description' => __( 'State of the comment.' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), 'arg_options' => array( 'sanitize_callback' => 'sanitize_key', ), ), 'type' => array( 'description' => __( 'Type of the comment.' ), 'type' => 'string', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, ), ), ); if ( get_option( 'show_avatars' ) ) { $avatar_properties = array(); $avatar_sizes = rest_get_avatar_sizes(); foreach ( $avatar_sizes as $size ) { $avatar_properties[ $size ] = array( /* translators: %d: Avatar image size in pixels. */ 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), 'type' => 'string', 'format' => 'uri', 'context' => array( 'embed', 'view', 'edit' ), ); } $schema['properties']['author_avatar_urls'] = array( 'description' => __( 'Avatar URLs for the comment author.' ), 'type' => 'object', 'context' => array( 'view', 'edit', 'embed' ), 'readonly' => true, 'properties' => $avatar_properties, ); } $schema['properties']['meta'] = $this->meta->get_field_schema(); $this->schema = $schema; return $this->add_additional_fields_schema( $this->schema ); } /** * Retrieves the query params for collections. * * @since 4.7.0 * * @return array Comments collection parameters. */ public function get_collection_params() { $query_params = parent::get_collection_params(); $query_params['context']['default'] = 'view'; $query_params['after'] = array( 'description' => __( 'Limit response to comments published after a given ISO8601 compliant date.' ), 'type' => 'string', 'format' => 'date-time', ); $query_params['author'] = array( 'description' => __( 'Limit result set to comments assigned to specific user IDs. Requires authorization.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), ); $query_params['author_exclude'] = array( 'description' => __( 'Ensure result set excludes comments assigned to specific user IDs. Requires authorization.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), ); $query_params['author_email'] = array( 'default' => null, 'description' => __( 'Limit result set to that from a specific author email. Requires authorization.' ), 'format' => 'email', 'type' => 'string', ); $query_params['before'] = array( 'description' => __( 'Limit response to comments published before a given ISO8601 compliant date.' ), 'type' => 'string', 'format' => 'date-time', ); $query_params['exclude'] = array( 'description' => __( 'Ensure result set excludes specific IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); $query_params['include'] = array( 'description' => __( 'Limit result set to specific IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), 'default' => array(), ); $query_params['offset'] = array( 'description' => __( 'Offset the result set by a specific number of items.' ), 'type' => 'integer', ); $query_params['order'] = array( 'description' => __( 'Order sort attribute ascending or descending.' ), 'type' => 'string', 'default' => 'desc', 'enum' => array( 'asc', 'desc', ), ); $query_params['orderby'] = array( 'description' => __( 'Sort collection by comment attribute.' ), 'type' => 'string', 'default' => 'date_gmt', 'enum' => array( 'date', 'date_gmt', 'id', 'include', 'post', 'parent', 'type', ), ); $query_params['parent'] = array( 'default' => array(), 'description' => __( 'Limit result set to comments of specific parent IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), ); $query_params['parent_exclude'] = array( 'default' => array(), 'description' => __( 'Ensure result set excludes specific parent IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), ); $query_params['post'] = array( 'default' => array(), 'description' => __( 'Limit result set to comments assigned to specific post IDs.' ), 'type' => 'array', 'items' => array( 'type' => 'integer', ), ); $query_params['status'] = array( 'default' => 'approve', 'description' => __( 'Limit result set to comments assigned a specific status. Requires authorization.' ), 'sanitize_callback' => 'sanitize_key', 'type' => 'string', 'validate_callback' => 'rest_validate_request_arg', ); $query_params['type'] = array( 'default' => 'comment', 'description' => __( 'Limit result set to comments assigned a specific type. Requires authorization.' ), 'sanitize_callback' => 'sanitize_key', 'type' => 'string', 'validate_callback' => 'rest_validate_request_arg', ); $query_params['password'] = array( 'description' => __( 'The password for the post if it is password protected.' ), 'type' => 'string', ); /** * Filters REST API collection parameters for the comments controller. * * This filter registers the collection parameter, but does not map the * collection parameter to an internal WP_Comment_Query parameter. Use the * `rest_comment_query` filter to set WP_Comment_Query parameters. * * @since 4.7.0 * * @param array $query_params JSON Schema-formatted collection parameters. */ return apply_filters( 'rest_comment_collection_params', $query_params ); } /** * Sets the comment_status of a given comment object when creating or updating a comment. * * @since 4.7.0 * * @param string|int $new_status New comment status. * @param int $comment_id Comment ID. * @return bool Whether the status was changed. */ protected function handle_status_param( $new_status, $comment_id ) { $old_status = wp_get_comment_status( $comment_id ); if ( $new_status === $old_status ) { return false; } switch ( $new_status ) { case 'approved': case 'approve': case '1': $changed = wp_set_comment_status( $comment_id, 'approve' ); break; case 'hold': case '0': $changed = wp_set_comment_status( $comment_id, 'hold' ); break; case 'spam': $changed = wp_spam_comment( $comment_id ); break; case 'unspam': $changed = wp_unspam_comment( $comment_id ); break; case 'trash': $changed = wp_trash_comment( $comment_id ); break; case 'untrash': $changed = wp_untrash_comment( $comment_id ); break; default: $changed = false; break; } return $changed; } /** * Checks if the post can be read. * * Correctly handles posts with the inherit status. * * @since 4.7.0 * * @param WP_Post $post Post object. * @param WP_REST_Request $request Request data to check. * @return bool Whether post can be read. */ protected function check_read_post_permission( $post, $request ) { $post_type = get_post_type_object( $post->post_type ); // Return false if custom post type doesn't exist if ( ! $post_type ) { return false; } $posts_controller = $post_type->get_rest_controller(); /* * Ensure the posts controller is specifically a WP_REST_Posts_Controller instance * before using methods specific to that controller. */ if ( ! $posts_controller instanceof WP_REST_Posts_Controller ) { $posts_controller = new WP_REST_Posts_Controller( $post->post_type ); } $has_password_filter = false; // Only check password if a specific post was queried for or a single comment $requested_post = ! empty( $request['post'] ) && ( ! is_array( $request['post'] ) || 1 === count( $request['post'] ) ); $requested_comment = ! empty( $request['id'] ); if ( ( $requested_post || $requested_comment ) && $posts_controller->can_access_password_content( $post, $request ) ) { add_filter( 'post_password_required', '__return_false' ); $has_password_filter = true; } if ( post_password_required( $post ) ) { $result = current_user_can( 'edit_post', $post->ID ); } else { $result = $posts_controller->check_read_permission( $post ); } if ( $has_password_filter ) { remove_filter( 'post_password_required', '__return_false' ); } return $result; } /** * Checks if the comment can be read. * * @since 4.7.0 * * @param WP_Comment $comment Comment object. * @param WP_REST_Request $request Request data to check. * @return bool Whether the comment can be read. */ protected function check_read_permission( $comment, $request ) { if ( ! empty( $comment->comment_post_ID ) ) { $post = get_post( $comment->comment_post_ID ); if ( $post ) { if ( $this->check_read_post_permission( $post, $request ) && 1 === (int) $comment->comment_approved ) { return true; } } } if ( 0 === get_current_user_id() ) { return false; } if ( empty( $comment->comment_post_ID ) && ! current_user_can( 'moderate_comments' ) ) { return false; } if ( ! empty( $comment->user_id ) && get_current_user_id() === (int) $comment->user_id ) { return true; } return current_user_can( 'edit_comment', $comment->comment_ID ); } /** * Checks if a comment can be edited or deleted. * * @since 4.7.0 * * @param WP_Comment $comment Comment object. * @return bool Whether the comment can be edited or deleted. */ protected function check_edit_permission( $comment ) { if ( 0 === (int) get_current_user_id() ) { return false; } if ( current_user_can( 'moderate_comments' ) ) { return true; } return current_user_can( 'edit_comment', $comment->comment_ID ); } /** * Checks a comment author email for validity. * * Accepts either a valid email address or empty string as a valid comment * author email address. Setting the comment author email to an empty * string is allowed when a comment is being updated. * * @since 4.7.0 * * @param string $value Author email value submitted. * @param WP_REST_Request $request Full details about the request. * @param string $param The parameter name. * @return string|WP_Error The sanitized email address, if valid, * otherwise an error. */ public function check_comment_author_email( $value, $request, $param ) { $email = (string) $value; if ( empty( $email ) ) { return $email; } $check_email = rest_validate_request_arg( $email, $request, $param ); if ( is_wp_error( $check_email ) ) { return $check_email; } return $email; } /** * If empty comments are not allowed, checks if the provided comment content is not empty. * * @since 5.6.0 * * @param array $prepared_comment The prepared comment data. * @return bool True if the content is allowed, false otherwise. */ protected function check_is_comment_content_allowed( $prepared_comment ) { $check = wp_parse_args( $prepared_comment, array( 'comment_post_ID' => 0, 'comment_author' => null, 'comment_author_email' => null, 'comment_author_url' => null, 'comment_parent' => 0, 'user_id' => 0, ) ); /** This filter is documented in wp-includes/comment.php */ $allow_empty = apply_filters( 'allow_empty_comment', false, $check ); if ( $allow_empty ) { return true; } /* * Do not allow a comment to be created with missing or empty * comment_content. See wp_handle_comment_submission(). */ return '' !== $check['comment_content']; } }