|
1
|
|
|
<?php |
|
2
|
|
|
class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint { |
|
3
|
|
|
function __construct( $args ) { |
|
4
|
|
|
parent::__construct( $args ); |
|
5
|
|
|
if ( $this->api->ends_with( $this->path, '/delete' ) ) { |
|
6
|
|
|
$this->post_object_format['status']['deleted'] = 'The post has been deleted permanently.'; |
|
7
|
|
|
} |
|
8
|
|
|
} |
|
9
|
|
|
|
|
10
|
|
|
// /sites/%s/posts/new -> $blog_id |
|
11
|
|
|
// /sites/%s/posts/%d -> $blog_id, $post_id |
|
12
|
|
|
// /sites/%s/posts/%d/delete -> $blog_id, $post_id |
|
13
|
|
|
// /sites/%s/posts/%d/restore -> $blog_id, $post_id |
|
14
|
|
View Code Duplication |
function callback( $path = '', $blog_id = 0, $post_id = 0 ) { |
|
15
|
|
|
$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) ); |
|
16
|
|
|
if ( is_wp_error( $blog_id ) ) { |
|
17
|
|
|
return $blog_id; |
|
18
|
|
|
} |
|
19
|
|
|
|
|
20
|
|
|
if ( $this->api->ends_with( $path, '/delete' ) ) { |
|
21
|
|
|
return $this->delete_post( $path, $blog_id, $post_id ); |
|
22
|
|
|
} elseif ( $this->api->ends_with( $path, '/restore' ) ) { |
|
23
|
|
|
return $this->restore_post( $path, $blog_id, $post_id ); |
|
24
|
|
|
} else { |
|
25
|
|
|
return $this->write_post( $path, $blog_id, $post_id ); |
|
26
|
|
|
} |
|
27
|
|
|
} |
|
28
|
|
|
|
|
29
|
|
|
// /sites/%s/posts/new -> $blog_id |
|
30
|
|
|
// /sites/%s/posts/%d -> $blog_id, $post_id |
|
31
|
|
|
function write_post( $path, $blog_id, $post_id ) { |
|
32
|
|
|
$new = $this->api->ends_with( $path, '/new' ); |
|
33
|
|
|
$args = $this->query_args(); |
|
34
|
|
|
|
|
35
|
|
|
// unhook publicize, it's hooked again later -- without this, skipping services is impossible |
|
36
|
|
|
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { |
|
37
|
|
|
remove_action( 'save_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ), 100, 2 ); |
|
38
|
|
|
add_action( 'rest_api_inserted_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ) ); |
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
if ( $new ) { |
|
42
|
|
|
$input = $this->input( true ); |
|
43
|
|
|
|
|
44
|
|
View Code Duplication |
if ( 'revision' === $input['type'] ) { |
|
45
|
|
|
if ( ! isset( $input['parent'] ) ) { |
|
46
|
|
|
return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); |
|
47
|
|
|
} |
|
48
|
|
|
$input['status'] = 'inherit'; // force inherit for revision type |
|
49
|
|
|
$input['slug'] = $input['parent'] . '-autosave-v1'; |
|
50
|
|
|
} |
|
51
|
|
|
elseif ( !isset( $input['title'] ) && !isset( $input['content'] ) && !isset( $input['excerpt'] ) ) { |
|
52
|
|
|
return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
// default to post |
|
56
|
|
|
if ( empty( $input['type'] ) ) |
|
57
|
|
|
$input['type'] = 'post'; |
|
58
|
|
|
|
|
59
|
|
|
$post_type = get_post_type_object( $input['type'] ); |
|
60
|
|
|
|
|
61
|
|
|
if ( ! $this->is_post_type_allowed( $input['type'] ) ) { |
|
62
|
|
|
return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 ); |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
if ( ! empty( $input['author'] ) ) { |
|
66
|
|
|
$author_id = $this->parse_and_set_author( $input['author'], $input['type'] ); |
|
67
|
|
|
unset( $input['author'] ); |
|
68
|
|
|
if ( is_wp_error( $author_id ) ) |
|
69
|
|
|
return $author_id; |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
View Code Duplication |
if ( 'publish' === $input['status'] ) { |
|
73
|
|
|
if ( ! current_user_can( $post_type->cap->publish_posts ) ) { |
|
74
|
|
|
if ( current_user_can( $post_type->cap->edit_posts ) ) { |
|
75
|
|
|
$input['status'] = 'pending'; |
|
76
|
|
|
} else { |
|
77
|
|
|
return new WP_Error( 'unauthorized', 'User cannot publish posts', 403 ); |
|
78
|
|
|
} |
|
79
|
|
|
} |
|
80
|
|
|
} else { |
|
81
|
|
|
if ( !current_user_can( $post_type->cap->edit_posts ) ) { |
|
82
|
|
|
return new WP_Error( 'unauthorized', 'User cannot edit posts', 403 ); |
|
83
|
|
|
} |
|
84
|
|
|
} |
|
85
|
|
|
} else { |
|
86
|
|
|
$input = $this->input( false ); |
|
87
|
|
|
|
|
88
|
|
|
if ( !is_array( $input ) || !$input ) { |
|
|
|
|
|
|
89
|
|
|
return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
if ( isset( $input['status'] ) && 'trash' === $input['status'] && ! current_user_can( 'delete_post', $post_id ) ) { |
|
93
|
|
|
return new WP_Error( 'unauthorized', 'User cannot delete post', 403 ); |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
$post = get_post( $post_id ); |
|
97
|
|
|
$_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type; |
|
98
|
|
|
$post_type = get_post_type_object( $_post_type ); |
|
99
|
|
|
if ( !$post || is_wp_error( $post ) ) { |
|
100
|
|
|
return new WP_Error( 'unknown_post', 'Unknown post', 404 ); |
|
101
|
|
|
} |
|
102
|
|
|
|
|
103
|
|
|
if ( !current_user_can( 'edit_post', $post->ID ) ) { |
|
104
|
|
|
return new WP_Error( 'unauthorized', 'User cannot edit post', 403 ); |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
if ( ! empty( $input['author'] ) ) { |
|
108
|
|
|
$author_id = $this->parse_and_set_author( $input['author'], $_post_type ); |
|
109
|
|
|
unset( $input['author'] ); |
|
110
|
|
|
if ( is_wp_error( $author_id ) ) |
|
111
|
|
|
return $author_id; |
|
112
|
|
|
} |
|
113
|
|
|
|
|
114
|
|
|
if ( ( isset( $input['status'] ) && 'publish' === $input['status'] ) && 'publish' !== $post->post_status && !current_user_can( 'publish_post', $post->ID ) ) { |
|
115
|
|
|
$input['status'] = 'pending'; |
|
116
|
|
|
} |
|
117
|
|
|
$last_status = $post->post_status; |
|
118
|
|
|
$new_status = isset( $input['status'] ) ? $input['status'] : $last_status; |
|
119
|
|
|
|
|
120
|
|
|
// Make sure that drafts get the current date when transitioning to publish if not supplied in the post. |
|
121
|
|
|
$date_in_past = ( strtotime($post->post_date_gmt) < time() ); |
|
122
|
|
|
if ( 'publish' === $new_status && 'draft' === $last_status && ! isset( $input['date_gmt'] ) && $date_in_past ) { |
|
123
|
|
|
$input['date_gmt'] = gmdate( 'Y-m-d H:i:s' ); |
|
124
|
|
|
} |
|
125
|
|
|
} |
|
126
|
|
|
|
|
127
|
|
|
if ( function_exists( 'wpcom_switch_to_locale' ) ) { |
|
128
|
|
|
// fixes calypso-pre-oss #12476: respect blog locale when creating the post slug |
|
129
|
|
|
wpcom_switch_to_locale( get_blog_lang_code( $blog_id ) ); |
|
130
|
|
|
} |
|
131
|
|
|
|
|
132
|
|
|
// If date was set, $this->input will set date_gmt, date still needs to be adjusted for the blog's offset |
|
133
|
|
View Code Duplication |
if ( isset( $input['date_gmt'] ) ) { |
|
134
|
|
|
$gmt_offset = get_option( 'gmt_offset' ); |
|
135
|
|
|
$time_with_offset = strtotime( $input['date_gmt'] ) + $gmt_offset * HOUR_IN_SECONDS; |
|
136
|
|
|
$input['date'] = date( 'Y-m-d H:i:s', $time_with_offset ); |
|
137
|
|
|
} |
|
138
|
|
|
|
|
139
|
|
View Code Duplication |
if ( ! empty( $author_id ) && get_current_user_id() != $author_id ) { |
|
140
|
|
|
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { |
|
141
|
|
|
return new WP_Error( 'unauthorized', "User is not allowed to publish others' posts.", 403 ); |
|
142
|
|
|
} elseif ( ! user_can( $author_id, $post_type->cap->edit_posts ) ) { |
|
143
|
|
|
return new WP_Error( 'unauthorized', 'Assigned author cannot publish post.', 403 ); |
|
144
|
|
|
} |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
|
|
if ( !is_post_type_hierarchical( $post_type->name ) && 'revision' !== $post_type->name ) { |
|
148
|
|
|
unset( $input['parent'] ); |
|
149
|
|
|
} |
|
150
|
|
|
|
|
151
|
|
|
$tax_input = array(); |
|
152
|
|
|
|
|
153
|
|
|
foreach ( array( 'categories' => 'category', 'tags' => 'post_tag' ) as $key => $taxonomy ) { |
|
154
|
|
|
if ( ! isset( $input[ $key ] ) ) { |
|
155
|
|
|
continue; |
|
156
|
|
|
} |
|
157
|
|
|
|
|
158
|
|
|
$tax_input[ $taxonomy ] = array(); |
|
159
|
|
|
|
|
160
|
|
|
$is_hierarchical = is_taxonomy_hierarchical( $taxonomy ); |
|
161
|
|
|
|
|
162
|
|
|
if ( is_array( $input[$key] ) ) { |
|
163
|
|
|
$terms = $input[$key]; |
|
164
|
|
|
} else { |
|
165
|
|
|
$terms = explode( ',', $input[$key] ); |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
|
View Code Duplication |
foreach ( $terms as $term ) { |
|
169
|
|
|
/** |
|
170
|
|
|
* `curl --data 'category[]=123'` should be interpreted as a category ID, |
|
171
|
|
|
* not a category whose name is '123'. |
|
172
|
|
|
* |
|
173
|
|
|
* Consequence: To add a category/tag whose name is '123', the client must |
|
174
|
|
|
* first look up its ID. |
|
175
|
|
|
*/ |
|
176
|
|
|
$term = (string) $term; // ctype_digit compat |
|
177
|
|
|
if ( ctype_digit( $term ) ) { |
|
178
|
|
|
$term = (int) $term; |
|
179
|
|
|
} |
|
180
|
|
|
|
|
181
|
|
|
$term_info = term_exists( $term, $taxonomy ); |
|
182
|
|
|
|
|
183
|
|
|
if ( ! $term_info ) { |
|
184
|
|
|
// A term ID that doesn't already exist. Ignore it: we don't know what name to give it. |
|
185
|
|
|
if ( is_int( $term ) ){ |
|
186
|
|
|
continue; |
|
187
|
|
|
} |
|
188
|
|
|
// only add a new tag/cat if the user has access to |
|
189
|
|
|
$tax = get_taxonomy( $taxonomy ); |
|
190
|
|
|
|
|
191
|
|
|
// see https://core.trac.wordpress.org/ticket/26409 |
|
192
|
|
|
if ( 'category' === $taxonomy && ! current_user_can( $tax->cap->edit_terms ) ) { |
|
193
|
|
|
continue; |
|
194
|
|
|
} else if ( ! current_user_can( $tax->cap->assign_terms ) ) { |
|
195
|
|
|
continue; |
|
196
|
|
|
} |
|
197
|
|
|
|
|
198
|
|
|
$term_info = wp_insert_term( $term, $taxonomy ); |
|
199
|
|
|
} |
|
200
|
|
|
|
|
201
|
|
|
if ( ! is_wp_error( $term_info ) ) { |
|
202
|
|
|
if ( $is_hierarchical ) { |
|
203
|
|
|
// Categories must be added by ID |
|
204
|
|
|
$tax_input[$taxonomy][] = (int) $term_info['term_id']; |
|
205
|
|
|
} else { |
|
206
|
|
|
// Tags must be added by name |
|
207
|
|
|
if ( is_int( $term ) ) { |
|
208
|
|
|
$term = get_term( $term, $taxonomy ); |
|
209
|
|
|
$tax_input[$taxonomy][] = $term->name; |
|
210
|
|
|
} else { |
|
211
|
|
|
$tax_input[$taxonomy][] = $term; |
|
212
|
|
|
} |
|
213
|
|
|
} |
|
214
|
|
|
} |
|
215
|
|
|
} |
|
216
|
|
|
} |
|
217
|
|
|
|
|
218
|
|
View Code Duplication |
if ( isset( $input['categories'] ) && empty( $tax_input['category'] ) && 'revision' !== $post_type->name ) { |
|
219
|
|
|
$tax_input['category'][] = get_option( 'default_category' ); |
|
220
|
|
|
} |
|
221
|
|
|
|
|
222
|
|
|
unset( $input['tags'], $input['categories'] ); |
|
223
|
|
|
|
|
224
|
|
|
$insert = array(); |
|
225
|
|
|
|
|
226
|
|
View Code Duplication |
if ( !empty( $input['slug'] ) ) { |
|
227
|
|
|
$insert['post_name'] = $input['slug']; |
|
228
|
|
|
unset( $input['slug'] ); |
|
229
|
|
|
} |
|
230
|
|
|
|
|
231
|
|
|
if ( isset( $input['comments_open'] ) ) { |
|
232
|
|
|
$insert['comment_status'] = ( true === $input['comments_open'] ) ? 'open' : 'closed'; |
|
233
|
|
|
} |
|
234
|
|
|
|
|
235
|
|
|
if ( isset( $input['pings_open'] ) ) { |
|
236
|
|
|
$insert['ping_status'] = ( true === $input['pings_open'] ) ? 'open' : 'closed'; |
|
237
|
|
|
} |
|
238
|
|
|
|
|
239
|
|
|
unset( $input['comments_open'], $input['pings_open'] ); |
|
240
|
|
|
|
|
241
|
|
View Code Duplication |
if ( isset( $input['menu_order'] ) ) { |
|
242
|
|
|
$insert['menu_order'] = $input['menu_order']; |
|
243
|
|
|
unset( $input['menu_order'] ); |
|
244
|
|
|
} |
|
245
|
|
|
|
|
246
|
|
|
$publicize = isset( $input['publicize'] ) ? $input['publicize'] : null; |
|
247
|
|
|
unset( $input['publicize'] ); |
|
248
|
|
|
|
|
249
|
|
|
$publicize_custom_message = isset( $input['publicize_message'] ) ? $input['publicize_message'] : null; |
|
250
|
|
|
unset( $input['publicize_message'] ); |
|
251
|
|
|
|
|
252
|
|
View Code Duplication |
if ( isset( $input['featured_image'] ) ) { |
|
253
|
|
|
$featured_image = trim( $input['featured_image'] ); |
|
254
|
|
|
$delete_featured_image = empty( $featured_image ); |
|
255
|
|
|
unset( $input['featured_image'] ); |
|
256
|
|
|
} |
|
257
|
|
|
|
|
258
|
|
|
$metadata = isset( $input['metadata'] ) ? $input['metadata'] : null; |
|
259
|
|
|
unset( $input['metadata'] ); |
|
260
|
|
|
|
|
261
|
|
|
$likes = isset( $input['likes_enabled'] ) ? $input['likes_enabled'] : null; |
|
262
|
|
|
unset( $input['likes_enabled'] ); |
|
263
|
|
|
|
|
264
|
|
|
$sharing = isset( $input['sharing_enabled'] ) ? $input['sharing_enabled'] : null; |
|
265
|
|
|
unset( $input['sharing_enabled'] ); |
|
266
|
|
|
|
|
267
|
|
|
$sticky = isset( $input['sticky'] ) ? $input['sticky'] : null; |
|
268
|
|
|
unset( $input['sticky'] ); |
|
269
|
|
|
|
|
270
|
|
|
foreach ( $input as $key => $value ) { |
|
271
|
|
|
$insert["post_$key"] = $value; |
|
272
|
|
|
} |
|
273
|
|
|
|
|
274
|
|
|
if ( ! empty( $author_id ) ) { |
|
275
|
|
|
$insert['post_author'] = absint( $author_id ); |
|
276
|
|
|
} |
|
277
|
|
|
|
|
278
|
|
|
if ( ! empty( $tax_input ) ) { |
|
279
|
|
|
$insert['tax_input'] = $tax_input; |
|
280
|
|
|
} |
|
281
|
|
|
|
|
282
|
|
|
$has_media = isset( $input['media'] ) && $input['media'] ? count( $input['media'] ) : false; |
|
283
|
|
|
$has_media_by_url = isset( $input['media_urls'] ) && $input['media_urls'] ? count( $input['media_urls'] ) : false; |
|
284
|
|
|
|
|
285
|
|
|
if ( $new ) { |
|
286
|
|
|
|
|
287
|
|
|
if ( isset( $input['content'] ) && ! has_shortcode( $input['content'], 'gallery' ) && ( $has_media || $has_media_by_url ) ) { |
|
|
|
|
|
|
288
|
|
|
switch ( ( $has_media + $has_media_by_url ) ) { |
|
289
|
|
|
case 0 : |
|
290
|
|
|
// No images - do nothing. |
|
291
|
|
|
break; |
|
292
|
|
|
case 1 : |
|
293
|
|
|
// 1 image - make it big |
|
294
|
|
|
$insert['post_content'] = $input['content'] = "[gallery size=full columns=1]\n\n" . $input['content']; |
|
295
|
|
|
break; |
|
296
|
|
|
default : |
|
|
|
|
|
|
297
|
|
|
// Several images - 3 column gallery |
|
298
|
|
|
$insert['post_content'] = $input['content'] = "[gallery]\n\n" . $input['content']; |
|
299
|
|
|
break; |
|
300
|
|
|
} |
|
301
|
|
|
} |
|
302
|
|
|
|
|
303
|
|
|
$post_id = wp_insert_post( add_magic_quotes( $insert ), true ); |
|
304
|
|
|
} else { |
|
305
|
|
|
$insert['ID'] = $post->ID; |
|
|
|
|
|
|
306
|
|
|
|
|
307
|
|
|
// wp_update_post ignores date unless edit_date is set |
|
308
|
|
|
// See: http://codex.wordpress.org/Function_Reference/wp_update_post#Scheduling_posts |
|
309
|
|
|
// See: https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/post.php#L3302 |
|
310
|
|
|
if ( isset( $input['date_gmt'] ) || isset( $input['date'] ) ) { |
|
311
|
|
|
$insert['edit_date'] = true; |
|
312
|
|
|
} |
|
313
|
|
|
|
|
314
|
|
|
// this two-step process ensures any changes submitted along with status=trash get saved before trashing |
|
315
|
|
|
if ( isset( $input['status'] ) && 'trash' === $input['status'] ) { |
|
316
|
|
|
// if we insert it with status='trash', it will get double-trashed, so insert it as a draft first |
|
317
|
|
|
unset( $insert['status'] ); |
|
318
|
|
|
$post_id = wp_update_post( (object) $insert ); |
|
319
|
|
|
// now call wp_trash_post so post_meta gets set and any filters get called |
|
320
|
|
|
wp_trash_post( $post_id ); |
|
321
|
|
|
} else { |
|
322
|
|
|
$post_id = wp_update_post( (object) $insert ); |
|
323
|
|
|
} |
|
324
|
|
|
|
|
325
|
|
|
} |
|
326
|
|
|
|
|
327
|
|
|
if ( !$post_id || is_wp_error( $post_id ) ) { |
|
328
|
|
|
return $post_id; |
|
329
|
|
|
} |
|
330
|
|
|
|
|
331
|
|
|
// make sure this post actually exists and is not an error of some kind (ie, trying to load media in the posts endpoint) |
|
332
|
|
|
$post_check = $this->get_post_by( 'ID', $post_id, $args['context'] ); |
|
333
|
|
|
if ( is_wp_error( $post_check ) ) { |
|
334
|
|
|
return $post_check; |
|
335
|
|
|
} |
|
336
|
|
|
|
|
337
|
|
|
if ( $has_media ) { |
|
338
|
|
|
$this->api->trap_wp_die( 'upload_error' ); |
|
339
|
|
|
foreach ( $input['media'] as $media_item ) { |
|
340
|
|
|
$_FILES['.api.media.item.'] = $media_item; |
|
341
|
|
|
// check for WP_Error if we ever actually need $media_id |
|
342
|
|
|
$media_id = media_handle_upload( '.api.media.item.', $post_id ); |
|
|
|
|
|
|
343
|
|
|
} |
|
344
|
|
|
$this->api->trap_wp_die( null ); |
|
345
|
|
|
|
|
346
|
|
|
unset( $_FILES['.api.media.item.'] ); |
|
347
|
|
|
} |
|
348
|
|
|
|
|
349
|
|
|
if ( $has_media_by_url ) { |
|
|
|
|
|
|
350
|
|
|
foreach ( $input['media_urls'] as $url ) { |
|
351
|
|
|
$this->handle_media_sideload( $url, $post_id ); |
|
352
|
|
|
} |
|
353
|
|
|
} |
|
354
|
|
|
|
|
355
|
|
|
// Set like status for the post |
|
356
|
|
|
/** This filter is documented in modules/likes.php */ |
|
357
|
|
|
$sitewide_likes_enabled = (bool) apply_filters( 'wpl_is_enabled_sitewide', ! get_option( 'disabled_likes' ) ); |
|
358
|
|
View Code Duplication |
if ( $new ) { |
|
359
|
|
|
if ( $sitewide_likes_enabled ) { |
|
360
|
|
|
if ( false === $likes ) { |
|
361
|
|
|
update_post_meta( $post_id, 'switch_like_status', 1 ); |
|
362
|
|
|
} else { |
|
363
|
|
|
delete_post_meta( $post_id, 'switch_like_status' ); |
|
364
|
|
|
} |
|
365
|
|
|
} else { |
|
366
|
|
|
if ( $likes ) { |
|
367
|
|
|
update_post_meta( $post_id, 'switch_like_status', 1 ); |
|
368
|
|
|
} else { |
|
369
|
|
|
delete_post_meta( $post_id, 'switch_like_status' ); |
|
370
|
|
|
} |
|
371
|
|
|
} |
|
372
|
|
|
} else { |
|
373
|
|
|
if ( isset( $likes ) ) { |
|
374
|
|
|
if ( $sitewide_likes_enabled ) { |
|
375
|
|
|
if ( false === $likes ) { |
|
376
|
|
|
update_post_meta( $post_id, 'switch_like_status', 1 ); |
|
377
|
|
|
} else { |
|
378
|
|
|
delete_post_meta( $post_id, 'switch_like_status' ); |
|
379
|
|
|
} |
|
380
|
|
|
} else { |
|
381
|
|
|
if ( true === $likes ) { |
|
382
|
|
|
update_post_meta( $post_id, 'switch_like_status', 1 ); |
|
383
|
|
|
} else { |
|
384
|
|
|
delete_post_meta( $post_id, 'switch_like_status' ); |
|
385
|
|
|
} |
|
386
|
|
|
} |
|
387
|
|
|
} |
|
388
|
|
|
} |
|
389
|
|
|
|
|
390
|
|
|
// Set sharing status of the post |
|
391
|
|
View Code Duplication |
if ( $new ) { |
|
392
|
|
|
$sharing_enabled = isset( $sharing ) ? (bool) $sharing : true; |
|
393
|
|
|
if ( false === $sharing_enabled ) { |
|
394
|
|
|
update_post_meta( $post_id, 'sharing_disabled', 1 ); |
|
395
|
|
|
} |
|
396
|
|
|
} |
|
397
|
|
|
else { |
|
398
|
|
|
if ( isset( $sharing ) && true === $sharing ) { |
|
399
|
|
|
delete_post_meta( $post_id, 'sharing_disabled' ); |
|
400
|
|
|
} else if ( isset( $sharing ) && false == $sharing ) { |
|
401
|
|
|
update_post_meta( $post_id, 'sharing_disabled', 1 ); |
|
402
|
|
|
} |
|
403
|
|
|
} |
|
404
|
|
|
|
|
405
|
|
|
if ( isset( $sticky ) ) { |
|
406
|
|
|
if ( true === $sticky ) { |
|
407
|
|
|
stick_post( $post_id ); |
|
408
|
|
|
} else { |
|
409
|
|
|
unstick_post( $post_id ); |
|
410
|
|
|
} |
|
411
|
|
|
} |
|
412
|
|
|
|
|
413
|
|
|
// WPCOM Specific (Jetpack's will get bumped elsewhere |
|
414
|
|
|
// Tracks how many posts are published and sets meta |
|
415
|
|
|
// so we can track some other cool stats (like likes & comments on posts published) |
|
416
|
|
View Code Duplication |
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { |
|
417
|
|
|
if ( |
|
418
|
|
|
( $new && 'publish' == $input['status'] ) |
|
419
|
|
|
|| ( |
|
420
|
|
|
! $new && isset( $last_status ) |
|
421
|
|
|
&& 'publish' != $last_status |
|
|
|
|
|
|
422
|
|
|
&& isset( $new_status ) |
|
423
|
|
|
&& 'publish' == $new_status |
|
|
|
|
|
|
424
|
|
|
) |
|
425
|
|
|
) { |
|
426
|
|
|
/** This action is documented in modules/widgets/social-media-icons.php */ |
|
427
|
|
|
do_action( 'jetpack_bump_stats_extras', 'api-insights-posts', $this->api->token_details['client_id'] ); |
|
428
|
|
|
update_post_meta( $post_id, '_rest_api_published', 1 ); |
|
429
|
|
|
update_post_meta( $post_id, '_rest_api_client_id', $this->api->token_details['client_id'] ); |
|
430
|
|
|
} |
|
431
|
|
|
} |
|
432
|
|
|
|
|
433
|
|
|
|
|
434
|
|
|
// We ask the user/dev to pass Publicize services he/she wants activated for the post, but Publicize expects us |
|
435
|
|
|
// to instead flag the ones we don't want to be skipped. proceed with said logic. |
|
436
|
|
|
// any posts coming from Path (client ID 25952) should also not publicize |
|
437
|
|
View Code Duplication |
if ( $publicize === false || ( isset( $this->api->token_details['client_id'] ) && 25952 == $this->api->token_details['client_id'] ) ) { |
|
438
|
|
|
// No publicize at all, skip all by ID |
|
439
|
|
|
foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) { |
|
440
|
|
|
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name ); |
|
441
|
|
|
$service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name ); |
|
|
|
|
|
|
442
|
|
|
if ( ! $service_connections ) { |
|
443
|
|
|
continue; |
|
444
|
|
|
} |
|
445
|
|
|
foreach ( $service_connections as $service_connection ) { |
|
446
|
|
|
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); |
|
447
|
|
|
} |
|
448
|
|
|
} |
|
449
|
|
|
} else if ( is_array( $publicize ) && ( count ( $publicize ) > 0 ) ) { |
|
450
|
|
|
foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) { |
|
451
|
|
|
/* |
|
452
|
|
|
* We support both indexed and associative arrays: |
|
453
|
|
|
* * indexed are to pass entire services |
|
454
|
|
|
* * associative are to pass specific connections per service |
|
455
|
|
|
* |
|
456
|
|
|
* We do support mixed arrays: mixed integer and string keys (see 3rd example below). |
|
457
|
|
|
* |
|
458
|
|
|
* EG: array( 'twitter', 'facebook') will only publicize to those, ignoring the other available services |
|
459
|
|
|
* Form data: publicize[]=twitter&publicize[]=facebook |
|
460
|
|
|
* EG: array( 'twitter' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3', 'facebook' => (int) $pub_conn_id_7 ) will publicize to two Twitter accounts, and one Facebook connection, of potentially many. |
|
461
|
|
|
* Form data: publicize[twitter]=$pub_conn_id_0,$pub_conn_id_3&publicize[facebook]=$pub_conn_id_7 |
|
462
|
|
|
* EG: array( 'twitter', 'facebook' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3' ) will publicize to all available Twitter accounts, but only 2 of potentially many Facebook connections |
|
463
|
|
|
* Form data: publicize[]=twitter&publicize[facebook]=$pub_conn_id_0,$pub_conn_id_3 |
|
464
|
|
|
*/ |
|
465
|
|
|
|
|
466
|
|
|
// Delete any stale SKIP value for the service by name. We'll add it back by ID. |
|
467
|
|
|
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name ); |
|
468
|
|
|
|
|
469
|
|
|
// Get the user's connections |
|
470
|
|
|
$service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name ); |
|
471
|
|
|
|
|
472
|
|
|
// if the user doesn't have any connections for this service, move on |
|
473
|
|
|
if ( ! $service_connections ) { |
|
474
|
|
|
continue; |
|
475
|
|
|
} |
|
476
|
|
|
|
|
477
|
|
|
if ( !in_array( $name, $publicize ) && !array_key_exists( $name, $publicize ) ) { |
|
478
|
|
|
// Skip the whole service by adding each connection ID |
|
479
|
|
|
foreach ( $service_connections as $service_connection ) { |
|
480
|
|
|
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); |
|
481
|
|
|
} |
|
482
|
|
|
} else if ( !empty( $publicize[ $name ] ) ) { |
|
483
|
|
|
// Seems we're being asked to only push to [a] specific connection[s]. |
|
484
|
|
|
// Explode the list on commas, which will also support a single passed ID |
|
485
|
|
|
$requested_connections = explode( ',', ( preg_replace( '/[\s]*/', '', $publicize[ $name ] ) ) ); |
|
486
|
|
|
// Flag the connections we can't match with the requested list to be skipped. |
|
487
|
|
|
foreach ( $service_connections as $service_connection ) { |
|
488
|
|
|
if ( !in_array( $service_connection->meta['connection_data']->id, $requested_connections ) ) { |
|
489
|
|
|
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); |
|
490
|
|
|
} else { |
|
491
|
|
|
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id ); |
|
492
|
|
|
} |
|
493
|
|
|
} |
|
494
|
|
|
} else { |
|
495
|
|
|
// delete all SKIP values; it's okay to publish to all connected IDs for this service |
|
496
|
|
|
foreach ( $service_connections as $service_connection ) { |
|
497
|
|
|
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id ); |
|
498
|
|
|
} |
|
499
|
|
|
} |
|
500
|
|
|
} |
|
501
|
|
|
} |
|
502
|
|
|
|
|
503
|
|
View Code Duplication |
if ( ! is_null( $publicize_custom_message ) ) { |
|
504
|
|
|
if ( empty( $publicize_custom_message ) ) { |
|
505
|
|
|
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS ); |
|
506
|
|
|
} else { |
|
507
|
|
|
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS, trim( $publicize_custom_message ) ); |
|
508
|
|
|
} |
|
509
|
|
|
} |
|
510
|
|
|
|
|
511
|
|
View Code Duplication |
if ( ! empty( $insert['post_format'] ) ) { |
|
512
|
|
|
if ( 'default' !== strtolower( $insert['post_format'] ) ) { |
|
513
|
|
|
set_post_format( $post_id, $insert['post_format'] ); |
|
514
|
|
|
} |
|
515
|
|
|
else { |
|
516
|
|
|
set_post_format( $post_id, get_option( 'default_post_format' ) ); |
|
517
|
|
|
} |
|
518
|
|
|
} |
|
519
|
|
|
|
|
520
|
|
|
if ( isset( $featured_image ) ) { |
|
521
|
|
|
$this->parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image ); |
|
|
|
|
|
|
522
|
|
|
} |
|
523
|
|
|
|
|
524
|
|
View Code Duplication |
if ( ! empty( $metadata ) ) { |
|
525
|
|
|
foreach ( (array) $metadata as $meta ) { |
|
526
|
|
|
|
|
527
|
|
|
$meta = (object) $meta; |
|
528
|
|
|
|
|
529
|
|
|
// Custom meta description can only be set on sites that have a business subscription. |
|
530
|
|
|
if ( Jetpack_SEO_Posts::DESCRIPTION_META_KEY == $meta->key && ! Jetpack_SEO_Utils::is_enabled_jetpack_seo() ) { |
|
531
|
|
|
return new WP_Error( 'unauthorized', __( 'SEO tools are not enabled for this site.', 'jetpack' ), 403 ); |
|
532
|
|
|
} |
|
533
|
|
|
|
|
534
|
|
|
$existing_meta_item = new stdClass; |
|
535
|
|
|
|
|
536
|
|
|
if ( empty( $meta->operation ) ) |
|
537
|
|
|
$meta->operation = 'update'; |
|
538
|
|
|
|
|
539
|
|
|
if ( ! empty( $meta->value ) ) { |
|
540
|
|
|
if ( 'true' == $meta->value ) |
|
541
|
|
|
$meta->value = true; |
|
542
|
|
|
if ( 'false' == $meta->value ) |
|
543
|
|
|
$meta->value = false; |
|
544
|
|
|
} |
|
545
|
|
|
|
|
546
|
|
|
if ( ! empty( $meta->id ) ) { |
|
547
|
|
|
$meta->id = absint( $meta->id ); |
|
548
|
|
|
$existing_meta_item = get_metadata_by_mid( 'post', $meta->id ); |
|
549
|
|
|
if ( $post_id !== (int) $existing_meta_item->post_id ) { |
|
550
|
|
|
// Only allow updates for metadata on this post |
|
551
|
|
|
continue; |
|
552
|
|
|
} |
|
553
|
|
|
} |
|
554
|
|
|
|
|
555
|
|
|
$unslashed_meta_key = wp_unslash( $meta->key ); // should match what the final key will be |
|
556
|
|
|
$meta->key = wp_slash( $meta->key ); |
|
557
|
|
|
$unslashed_existing_meta_key = wp_unslash( $existing_meta_item->meta_key ); |
|
558
|
|
|
$existing_meta_item->meta_key = wp_slash( $existing_meta_item->meta_key ); |
|
559
|
|
|
|
|
560
|
|
|
// make sure that the meta id passed matches the existing meta key |
|
561
|
|
|
if ( ! empty( $meta->id ) && ! empty( $meta->key ) ) { |
|
562
|
|
|
$meta_by_id = get_metadata_by_mid( 'post', $meta->id ); |
|
563
|
|
|
if ( $meta_by_id->meta_key !== $meta->key ) { |
|
564
|
|
|
continue; // skip this meta |
|
565
|
|
|
} |
|
566
|
|
|
} |
|
567
|
|
|
|
|
568
|
|
|
switch ( $meta->operation ) { |
|
569
|
|
|
case 'delete': |
|
|
|
|
|
|
570
|
|
|
|
|
571
|
|
|
if ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_existing_meta_key ) ) { |
|
572
|
|
|
delete_metadata_by_mid( 'post', $meta->id ); |
|
573
|
|
|
} elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) { |
|
574
|
|
|
delete_post_meta( $post_id, $meta->key, $meta->previous_value ); |
|
575
|
|
|
} elseif ( ! empty( $meta->key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) { |
|
576
|
|
|
delete_post_meta( $post_id, $meta->key ); |
|
577
|
|
|
} |
|
578
|
|
|
|
|
579
|
|
|
break; |
|
580
|
|
|
case 'add': |
|
|
|
|
|
|
581
|
|
|
|
|
582
|
|
|
if ( ! empty( $meta->id ) || ! empty( $meta->previous_value ) ) { |
|
583
|
|
|
continue; |
|
584
|
|
|
} elseif ( ! empty( $meta->key ) && ! empty( $meta->value ) && ( current_user_can( 'add_post_meta', $post_id, $unslashed_meta_key ) ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) { |
|
585
|
|
|
add_post_meta( $post_id, $meta->key, $meta->value ); |
|
586
|
|
|
} |
|
587
|
|
|
|
|
588
|
|
|
break; |
|
589
|
|
|
case 'update': |
|
|
|
|
|
|
590
|
|
|
|
|
591
|
|
|
if ( ! isset( $meta->value ) ) { |
|
592
|
|
|
continue; |
|
593
|
|
|
} elseif ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_existing_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) { |
|
594
|
|
|
update_metadata_by_mid( 'post', $meta->id, $meta->value ); |
|
595
|
|
|
} elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) { |
|
596
|
|
|
update_post_meta( $post_id, $meta->key,$meta->value, $meta->previous_value ); |
|
597
|
|
|
} elseif ( ! empty( $meta->key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) { |
|
598
|
|
|
update_post_meta( $post_id, $meta->key, $meta->value ); |
|
599
|
|
|
} |
|
600
|
|
|
|
|
601
|
|
|
break; |
|
602
|
|
|
} |
|
603
|
|
|
|
|
604
|
|
|
} |
|
605
|
|
|
} |
|
606
|
|
|
|
|
607
|
|
|
/** |
|
608
|
|
|
* Fires when a post is created via the REST API. |
|
609
|
|
|
* |
|
610
|
|
|
* @module json-api |
|
611
|
|
|
* |
|
612
|
|
|
* @since 2.3.0 |
|
613
|
|
|
* |
|
614
|
|
|
* @param int $post_id Post ID. |
|
615
|
|
|
* @param array $insert Data used to build the post. |
|
616
|
|
|
* @param string $new New post URL suffix. |
|
617
|
|
|
*/ |
|
618
|
|
|
do_action( 'rest_api_inserted_post', $post_id, $insert, $new ); |
|
619
|
|
|
|
|
620
|
|
|
$return = $this->get_post_by( 'ID', $post_id, $args['context'] ); |
|
621
|
|
|
if ( !$return || is_wp_error( $return ) ) { |
|
622
|
|
|
return $return; |
|
623
|
|
|
} |
|
624
|
|
|
|
|
625
|
|
View Code Duplication |
if ( isset( $input['type'] ) && 'revision' === $input['type'] ) { |
|
626
|
|
|
$return['preview_nonce'] = wp_create_nonce( 'post_preview_' . $input['parent'] ); |
|
627
|
|
|
} |
|
628
|
|
|
|
|
629
|
|
|
if ( isset( $sticky ) ) { |
|
630
|
|
|
// workaround for sticky test occasionally failing, maybe a race condition with stick_post() above |
|
631
|
|
|
$return['sticky'] = ( true === $sticky ); |
|
632
|
|
|
} |
|
633
|
|
|
|
|
634
|
|
|
/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ |
|
635
|
|
|
do_action( 'wpcom_json_api_objects', 'posts' ); |
|
636
|
|
|
|
|
637
|
|
|
return $return; |
|
638
|
|
|
} |
|
639
|
|
|
|
|
640
|
|
|
// /sites/%s/posts/%d/delete -> $blog_id, $post_id |
|
641
|
|
View Code Duplication |
function delete_post( $path, $blog_id, $post_id ) { |
|
642
|
|
|
$post = get_post( $post_id ); |
|
643
|
|
|
if ( !$post || is_wp_error( $post ) ) { |
|
644
|
|
|
return new WP_Error( 'unknown_post', 'Unknown post', 404 ); |
|
645
|
|
|
} |
|
646
|
|
|
|
|
647
|
|
|
if ( ! $this->is_post_type_allowed( $post->post_type ) ) { |
|
648
|
|
|
return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 ); |
|
649
|
|
|
} |
|
650
|
|
|
|
|
651
|
|
|
if ( !current_user_can( 'delete_post', $post->ID ) ) { |
|
652
|
|
|
return new WP_Error( 'unauthorized', 'User cannot delete posts', 403 ); |
|
653
|
|
|
} |
|
654
|
|
|
|
|
655
|
|
|
$args = $this->query_args(); |
|
656
|
|
|
$return = $this->get_post_by( 'ID', $post->ID, $args['context'] ); |
|
657
|
|
|
if ( !$return || is_wp_error( $return ) ) { |
|
658
|
|
|
return $return; |
|
659
|
|
|
} |
|
660
|
|
|
|
|
661
|
|
|
/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ |
|
662
|
|
|
do_action( 'wpcom_json_api_objects', 'posts' ); |
|
663
|
|
|
|
|
664
|
|
|
// we need to call wp_trash_post so that untrash will work correctly for all post types |
|
665
|
|
|
if ( 'trash' === $post->post_status ) |
|
666
|
|
|
wp_delete_post( $post->ID ); |
|
667
|
|
|
else |
|
668
|
|
|
wp_trash_post( $post->ID ); |
|
669
|
|
|
|
|
670
|
|
|
$status = get_post_status( $post->ID ); |
|
671
|
|
|
if ( false === $status ) { |
|
672
|
|
|
$return['status'] = 'deleted'; |
|
673
|
|
|
return $return; |
|
674
|
|
|
} |
|
675
|
|
|
|
|
676
|
|
|
return $this->get_post_by( 'ID', $post->ID, $args['context'] ); |
|
677
|
|
|
} |
|
678
|
|
|
|
|
679
|
|
|
// /sites/%s/posts/%d/restore -> $blog_id, $post_id |
|
680
|
|
View Code Duplication |
function restore_post( $path, $blog_id, $post_id ) { |
|
681
|
|
|
$args = $this->query_args(); |
|
682
|
|
|
$post = get_post( $post_id ); |
|
683
|
|
|
|
|
684
|
|
|
if ( !$post || is_wp_error( $post ) ) { |
|
685
|
|
|
return new WP_Error( 'unknown_post', 'Unknown post', 404 ); |
|
686
|
|
|
} |
|
687
|
|
|
|
|
688
|
|
|
if ( !current_user_can( 'delete_post', $post->ID ) ) { |
|
689
|
|
|
return new WP_Error( 'unauthorized', 'User cannot restore trashed posts', 403 ); |
|
690
|
|
|
} |
|
691
|
|
|
|
|
692
|
|
|
/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ |
|
693
|
|
|
do_action( 'wpcom_json_api_objects', 'posts' ); |
|
694
|
|
|
|
|
695
|
|
|
wp_untrash_post( $post->ID ); |
|
696
|
|
|
|
|
697
|
|
|
return $this->get_post_by( 'ID', $post->ID, $args['context'] ); |
|
698
|
|
|
} |
|
699
|
|
|
|
|
700
|
|
View Code Duplication |
private function parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image ) { |
|
701
|
|
|
if ( $delete_featured_image ) { |
|
702
|
|
|
delete_post_thumbnail( $post_id ); |
|
703
|
|
|
return; |
|
704
|
|
|
} |
|
705
|
|
|
|
|
706
|
|
|
$featured_image = (string) $featured_image; |
|
707
|
|
|
|
|
708
|
|
|
// if we got a post ID, we can just set it as the thumbnail |
|
709
|
|
|
if ( ctype_digit( $featured_image ) && 'attachment' == get_post_type( $featured_image ) ) { |
|
710
|
|
|
set_post_thumbnail( $post_id, $featured_image ); |
|
711
|
|
|
return $featured_image; |
|
712
|
|
|
} |
|
713
|
|
|
|
|
714
|
|
|
$featured_image_id = $this->handle_media_sideload( $featured_image, $post_id, 'image' ); |
|
715
|
|
|
|
|
716
|
|
|
if ( empty( $featured_image_id ) || ! is_int( $featured_image_id ) ) |
|
717
|
|
|
return false; |
|
718
|
|
|
|
|
719
|
|
|
set_post_thumbnail( $post_id, $featured_image_id ); |
|
720
|
|
|
return $featured_image_id; |
|
721
|
|
|
} |
|
722
|
|
|
|
|
723
|
|
View Code Duplication |
private function parse_and_set_author( $author = null, $post_type = 'post' ) { |
|
724
|
|
|
if ( empty( $author ) || ! post_type_supports( $post_type, 'author' ) ) |
|
725
|
|
|
return get_current_user_id(); |
|
726
|
|
|
|
|
727
|
|
|
$author = (string) $author; |
|
728
|
|
|
if ( ctype_digit( $author ) ) { |
|
729
|
|
|
$_user = get_user_by( 'id', $author ); |
|
730
|
|
|
if ( ! $_user || is_wp_error( $_user ) ) |
|
731
|
|
|
return new WP_Error( 'invalid_author', 'Invalid author provided' ); |
|
732
|
|
|
|
|
733
|
|
|
return $_user->ID; |
|
734
|
|
|
} |
|
735
|
|
|
|
|
736
|
|
|
$_user = get_user_by( 'login', $author ); |
|
737
|
|
|
if ( ! $_user || is_wp_error( $_user ) ) |
|
738
|
|
|
return new WP_Error( 'invalid_author', 'Invalid author provided' ); |
|
739
|
|
|
|
|
740
|
|
|
return $_user->ID; |
|
741
|
|
|
} |
|
742
|
|
|
} |
|
743
|
|
|
|
Automattic /
jetpack
Loading history...
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)or! empty(...)instead.