st',
__( 'Sorry, you are not allowed to create a comment on this post.' ),
array( 'status' => 403 )
);
}
if ( ! $this->check_read_post_permission( $post, $request ) ) {
return new WP_Error(
'rest_cannot_read_post',
__( 'Sorry, you are not allowed to read the post for this comment.' ),
array( 'status' => rest_authorization_required_code() )
);
}
if ( ! comments_open( $post->ID ) ) {
return new WP_Error(
'rest_comment_closed',
__( 'Sorry, comments are closed for this item.' ),
array( 'status' => 403 )
);
}
return true;
}
/**
* Creates a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or error object on failure.
*/
public function create_item( $request ) {
if ( ! empty( $request['id'] ) ) {
return new WP_Error(
'rest_comment_exists',
__( 'Cannot create existing comment.' ),
array( 'status' => 400 )
);
}
// Do not allow comments to be created with a non-default type.
if ( ! empty( $request['type'] ) && 'comment' !== $request['type'] ) {
return new WP_Error(
'rest_invalid_comment_type',
__( 'Cannot create a comment with that type.' ),
array( 'status' => 400 )
);
}
$prepared_comment = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_comment ) ) {
return $prepared_comment;
}
$prepared_comment['comment_type'] = 'comment';
if ( ! isset( $prepared_comment['comment_content'] ) ) {
$prepared_comment['comment_content'] = '';
}
if ( ! $this->check_is_comment_content_allowed( $prepared_comment ) ) {
return new WP_Error(
'rest_comment_content_invalid',
__( 'Invalid comment content.' ),
array( 'status' => 400 )
);
}
// Setting remaining values before wp_insert_comment so we can use wp_allow_comment().
if ( ! isset( $prepared_comment['comment_date_gmt'] ) ) {
$prepared_comment['comment_date_gmt'] = current_time( 'mysql', true );
}
// Set author data if the user's logged in.
$missing_author = empty( $prepared_comment['user_id'] )
&& empty( $prepared_comment['comment_author'] )
&& empty( $prepared_comment['comment_author_email'] )
&& empty( $prepared_comment['comment_author_url'] );
if ( is_user_logged_in() && $missing_author ) {
$user = wp_get_current_user();
$prepared_comment['user_id'] = $user->ID;
$prepared_comment['comment_author'] = $user->display_name;
$prepared_comment['comment_author_email'] = $user->user_email;
$prepared_comment['comment_author_url'] = $user->user_url;
}
// Honor the discussion setting that requires a name and email address of the comment author.
if ( get_option( 'require_name_email' ) ) {
if ( empty( $prepared_comment['comment_author'] ) || empty( $prepared_comment['comment_author_email'] ) ) {
return new WP_Error(
'rest_comment_author_data_required',
__( 'Creating a comment requires valid author name and email values.' ),
array( 'status' => 400 )
);
}
}
if ( ! isset( $prepared_comment['comment_author_email'] ) ) {
$prepared_comment['comment_author_email'] = '';
}
if ( ! isset( $prepared_comment['comment_author_url'] ) ) {
$prepared_comment['comment_author_url'] = '';
}
if ( ! isset( $prepared_comment['comment_agent'] ) ) {
$prepared_comment['comment_agent'] = '';
}
$check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_comment );
if ( is_wp_error( $check_comment_lengths ) ) {
$error_code = $check_comment_lengths->get_error_code();
return new WP_Error(
$error_code,
__( 'Comment field exceeds maximum length allowed.' ),
array( 'status' => 400 )
);
}
$prepared_comment['comment_approved'] = wp_allow_comment( $prepared_comment, true );
if ( is_wp_error( $prepared_comment['comment_approved'] ) ) {
$error_code = $prepared_comment['comment_approved']->get_error_code();
$error_message = $prepared_comment['comment_approved']->get_error_message();
if ( 'comment_duplicate' === $error_code ) {
return new WP_Error(
$error_code,
$error_message,
array( 'status' => 409 )
);
}
if ( 'comment_flood' === $error_code ) {
return new WP_Error(
$error_code,
$error_message,
array( 'status' => 400 )
);
}
return $prepared_comment['comment_approved'];
}
/**
* Filters a comment before it is inserted via the REST API.
*
* Allows modification of the comment right before it is inserted via wp_insert_comment().
* Returning a WP_Error value from the filter will short-circuit insertion and allow
* skipping further processing.
*
* @since 4.7.0
* @since 4.8.0 `$prepared_comment` can now be a WP_Error to short-circuit insertion.
*
* @param array|WP_Error $prepared_comment The prepared comment data for wp_insert_comment().
* @param WP_REST_Request $request Request used to insert the comment.
*/
$prepared_comment = apply_filters( 'rest_pre_insert_comment', $prepared_comment, $request );
if ( is_wp_error( $prepared_comment ) ) {
return $prepared_comment;
}
$comment_id = wp_insert_comment( wp_filter_comment( wp_slash( (array) $prepared_comment ) ) );
if ( ! $comment_id ) {
return new WP_Error(
'rest_comment_failed_create',
__( 'Creating comment failed.' ),
array( 'status' => 500 )
);
}
if ( isset( $request['status'] ) ) {
$this->handle_status_param( $request['status'], $comment_id );
}
$comment = get_comment( $comment_id );
/**
* Fires after a comment is created or updated via the REST API.
*
* @since 4.7.0
*
* @param WP_Comment $comment Inserted or updated comment object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a comment, false
* when updating.
*/
do_action( 'rest_insert_comment', $comment, $request, true );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $comment_id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object( $comment, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$context = current_user_can( 'moderate_comments' ) ? 'edit' : 'view';
$request->set_param( 'context', $context );
/**
* Fires completely after a comment is created or updated via the REST API.
*
* @since 5.0.0
*
* @param WP_Comment $comment Inserted or updated comment object.
* @param WP_REST_Request $request Request object.
* @param bool $creating True when creating a comment, false
* when updating.
*/
do_action( 'rest_after_insert_comment', $comment, $request, true );
$response = $this->prepare_item_for_response( $comment, $request );
$response = rest_ensure_response( $response );
$response->set_status( 201 );
$response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment_id ) ) );
return $response;
}
/**
* Checks if a given REST request has access to update a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, error object otherwise.
*/
public function update_item_permissions_check( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
if ( ! $this->check_edit_permission( $comment ) ) {
return new WP_Error(
'rest_cannot_edit',
__( 'Sorry, you are not allowed to edit this comment.' ),
array( 'status' => rest_authorization_required_code() )
);
}
return true;
}
/**
* Updates a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or error object on failure.
*/
public function update_item( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
$id = $comment->comment_ID;
if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) {
return new WP_Error(
'rest_comment_invalid_type',
__( 'Sorry, you are not allowed to change the comment type.' ),
array( 'status' => 404 )
);
}
$prepared_args = $this->prepare_item_for_database( $request );
if ( is_wp_error( $prepared_args ) ) {
return $prepared_args;
}
if ( ! empty( $prepared_args['comment_post_ID'] ) ) {
$post = get_post( $prepared_args['comment_post_ID'] );
if ( empty( $post ) ) {
return new WP_Error(
'rest_comment_invalid_post_id',
__( 'Invalid post ID.' ),
array( 'status' => 403 )
);
}
}
if ( empty( $prepared_args ) && isset( $request['status'] ) ) {
// Only the comment status is being changed.
$change = $this->handle_status_param( $request['status'], $id );
if ( ! $change ) {
return new WP_Error(
'rest_comment_failed_edit',
__( 'Updating comment status failed.' ),
array( 'status' => 500 )
);
}
} elseif ( ! empty( $prepared_args ) ) {
if ( is_wp_error( $prepared_args ) ) {
return $prepared_args;
}
if ( isset( $prepared_args['comment_content'] ) && empty( $prepared_args['comment_content'] ) ) {
return new WP_Error(
'rest_comment_content_invalid',
__( 'Invalid comment content.' ),
array( 'status' => 400 )
);
}
$prepared_args['comment_ID'] = $id;
$check_comment_lengths = wp_check_comment_data_max_lengths( $prepared_args );
if ( is_wp_error( $check_comment_lengths ) ) {
$error_code = $check_comment_lengths->get_error_code();
return new WP_Error(
$error_code,
__( 'Comment field exceeds maximum length allowed.' ),
array( 'status' => 400 )
);
}
$updated = wp_update_comment( wp_slash( (array) $prepared_args ), true );
if ( is_wp_error( $updated ) ) {
return new WP_Error(
'rest_comment_failed_edit',
__( 'Updating comment failed.' ),
array( 'status' => 500 )
);
}
if ( isset( $request['status'] ) ) {
$this->handle_status_param( $request['status'], $id );
}
}
$comment = get_comment( $id );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */
do_action( 'rest_insert_comment', $comment, $request, false );
$schema = $this->get_item_schema();
if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
$meta_update = $this->meta->update_value( $request['meta'], $id );
if ( is_wp_error( $meta_update ) ) {
return $meta_update;
}
}
$fields_update = $this->update_additional_fields_for_object( $comment, $request );
if ( is_wp_error( $fields_update ) ) {
return $fields_update;
}
$request->set_param( 'context', 'edit' );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php */
do_action( 'rest_after_insert_comment', $comment, $request, false );
$response = $this->prepare_item_for_response( $comment, $request );
return rest_ensure_response( $response );
}
/**
* Checks if a given request has access to delete a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to delete the item, error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
if ( ! $this->check_edit_permission( $comment ) ) {
return new WP_Error(
'rest_cannot_delete',
__( 'Sorry, you are not allowed to delete this comment.' ),
array( 'status' => rest_authorization_required_code() )
);
}
return true;
}
/**
* Deletes a comment.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error Response object on success, or error object on failure.
*/
public function delete_item( $request ) {
$comment = $this->get_comment( $request['id'] );
if ( is_wp_error( $comment ) ) {
return $comment;
}
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
/**
* Filters whether a comment can be trashed via the REST API.
*
* Return false to disable trash support for the comment.
*
* @since 4.7.0
*
* @param bool $supports_trash Whether the comment supports trashing.
* @param WP_Comment $comment The comment object being considered for trashing support.
*/
$supports_trash = apply_filters( 'rest_comment_trashable', ( EMPTY_TRASH_DAYS > 0 ), $comment );
$request->set_param( 'context', 'edit' );
if ( $force ) {
$previous = $this->prepare_item_for_response( $comment, $request );
$result = wp_delete_comment( $comment->comment_ID, true );
$response = new WP_REST_Response();
$response->set_data(
array(
'deleted' => true,
'previous' => $previous->get_data(),
)
);
} else {
// If this type doesn't support trashing, error out.
if ( ! $supports_trash ) {
return new WP_Error(
'rest_trash_not_supported',
/* translators: %s: force=true */
sprintf( __( "The comment does not support trashing. Set '%s' to delete." ), 'force=true' ),
array( 'status' => 501 )
);
}
if ( 'trash' === $comment->comment_approved ) {
return new WP_Error(
'rest_already_trashed',
__( 'The comment has already been trashed.' ),
array( 'status' => 410 )
);
}
$result = wp_trash_comment( $comment->comment_ID );
$comment = get_comment( $comment->comment_ID );
$response = $this->prepare_item_for_response( $comment, $request );
}
if ( ! $result ) {
return new WP_Error(
'rest_cannot_delete',
__( 'The comment cannot be deleted.' ),
array( 'status' => 500 )
);
}
/**
* Fires after a comment is deleted via the REST API.
*
* @since 4.7.0
*
* @param WP_Comment $comment The deleted comment data.
* @param WP_REST_Response $response The response returned from the API.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action( 'rest_delete_comment', $comment, $response, $request );
return $response;
}
/**
* Prepares a single comment output for response.
*
* @since 4.7.0
* @since 5.9.0 Renamed `$comment` to `$item` to match parent class for PHP 8 named parameter support.
*
* @param WP_Comment $item Comment object.
* @param WP_REST_Request $request Request object.
* @return WP_REST_Response Response object.
*/
public function prepare_item_for_response( $item, $request ) {
// Restores the more descriptive, specific name for use within this method.
$comment = $item;
$fields = $this->get_fields_for_response( $request );
$data = array();
if ( in_array( 'id', $fields, true ) ) {
$data['id'] = (int) $comment->comment_ID;
}
if ( in_array( 'post', $fields, true ) ) {
$data['post'] = (int) $comment->comment_post_ID;
}
if ( in_array( 'parent', $fields, true ) ) {
$data['parent'] = (int) $comment->comment_parent;
}
if ( in_array( 'author', $fields, true ) ) {
$data['author'] = (int) $comment->user_id;
}
if ( in_array( 'author_name', $fields, true ) ) {
$data['author_name'] = $comment->comment_author;
}
if ( in_array( 'author_email', $fields, true ) ) {
$data['author_email'] = $comment->comment_author_email;
}
if ( in_array( 'author_url', $fields, true ) ) {
$data['author_url'] = $comment->comment_author_url;
}
if ( in_array( 'author_ip', $fields, true ) ) {
$data['author_ip'] = $comment->comment_author_IP;
}
if ( in_array( 'author_user_agent', $fields, true ) ) {
$data['author_user_agent'] = $comment->comment_agent;
}
if ( in_array( 'date', $fields, true ) ) {
$data['date'] = mysql_to_rfc3339( $comment->comment_date );
}
if ( in_array( 'date_gmt', $fields, true ) ) {
$data['date_gmt'] = mysql_to_rfc3339( $comment->comment_date_gmt );
}
if ( in_array( 'content', $fields, true ) ) {
$data['content'] = array(
/** This filter is documented in wp-includes/comment-template.php */
'rendered' => apply_filters( 'comment_text', $comment->comment_content, $comment ),
'raw' => $comment->comment_content,
);
}
if ( in_array( 'link', $fields, true ) ) {
$data['link'] = get_comment_link( $comment );
}
if ( in_array( 'status', $fields, true ) ) {
$data['status'] = $this->prepare_status_response( $comment->comment_approved );
}
if ( in_array( 'type', $fields, true ) ) {
$data['type'] = get_comment_type( $comment->comment_ID );
}
if ( in_array( 'author_avatar_urls', $fields, true ) ) {
$data['author_avatar_urls'] = rest_get_avatar_urls( $comment );
}
if ( in_array( 'meta', $fields, true ) ) {
$data['meta'] = $this->meta->get_value( $comment->comment_ID, $request );
}
$context = ! empty( $request['context'] ) ? $request['context'] : 'view';
$data = $this->add_additional_fields_to_object( $data, $request );
$data = $this->filter_response_by_context( $data, $context );
// Wrap the data in a response object.
$response = rest_ensure_response( $data );
if ( rest_is_field_included( '_links', $fields ) || rest_is_field_included( '_embedded', $fields ) ) {
$response->add_links( $this->prepare_links( $comment ) );
}
/**
* Filters a comment returned from the REST API.
*
* Allows modification of the comment right before it is returned.
*
* @since 4.7.0
*
* @param WP_REST_Response $response The response object.
* @param WP_Comment $comment The original comment object.
* @param WP_REST_Request $request Request used to generate the response.
*/
return apply_filters( 'rest_prepare_comment', $response, $comment, $request );
}
/**
* Prepares links for the request.
*
* @since 4.7.0
*
* @param WP_Comment $comment Comment object.
* @return array Links for the given comment.
*/
protected function prepare_links( $comment ) {
$links = array(
'self' => array(
'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_ID ) ),
),
'collection' => array(
'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
),
);
if ( 0 !== (int) $comment->user_id ) {
$links['author'] = array(
'href' => rest_url( 'wp/v2/users/' . $comment->user_id ),
'embeddable' => true,
);
}
if ( 0 !== (int) $comment->comment_post_ID ) {
$post = get_post( $comment->comment_post_ID );
$post_route = rest_get_route_for_post( $post );
if ( ! empty( $post->ID ) && $post_route ) {
$links['up'] = array(
'href' => rest_url( $post_route ),
'embeddable' => true,
'post_type' => $post->post_type,
);
}
}
if ( 0 !== (int) $comment->comment_parent ) {
$links['in-reply-to'] = array(
'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $comment->comment_parent ) ),
'embeddable' => true,
);
}
// Only grab one comment to verify the comment has children.
$comment_children = $comment->get_children(
array(
'count' => true,
'orderby' => 'none',
)
);
if ( ! empty( $comment_children ) ) {
$args = array(
'parent' => $comment->comment_ID,
);
$rest_url = add_query_arg( $args, rest_url( $this->namespace . '/' . $this->rest_base ) );
$links['children'] = array(
'href' => $rest_url,
'embeddable' => true,
);
}
return $links;
}
/**
* Prepends internal property prefix to query parameters to match our response fields.
*
* @since 4.7.0
*
* @param string $query_param Query parameter.
* @return string The normalized query parameter.
*/
protected function normalize_query_param( $query_param ) {
$prefix = 'comment_';
switch ( $query_param ) {
case 'id':
$normalized = $prefix . 'ID';
break;
case 'post':
$normalized = $prefix . 'post_ID';
break;
case 'parent':
$normalized = $prefix . 'parent';
break;
case 'include':
$normalized = 'comment__in';
break;
default:
$normalized = $prefix . $query_param;
break;
}
return $normalized;
}
/**
* Checks comment_approved to set comment status for single comment output.
*
* @since 4.7.0
*
* @param string|int $comment_approved comment status.
* @return string Comment status.
*/
protected function prepare_status_response( $comment_approved ) {
switch ( $comment_approved ) {
case 'hold':
case '0':
$status = 'hold';
break;
case 'approve':
case '1':
$status = 'approved';
break;
case 'spam':
case 'trash':
default:
$status = $comment_approved;
break;
}
return $status;
}
/**
* Prepares a single comment to be inserted into the database.
*
* @since 4.7.0
*
* @param WP_REST_Request $request Request object.
* @return array|WP_Error Prepared comment, otherwise WP_Error object.
*/
protected function prepare_item_for_database( $request ) {
$prepared_comment = array();
/*
* Allow the comment_content to be set via the 'content' or
* the 'content.raw' properties of the Request object.
*/
if ( isset( $request['content'] ) && is_string( $request['content'] ) ) {
$prepared_comment['comment_content'] = trim( $request['content'] );
} elseif ( isset( $request['content']['raw'] ) && is_string( $request['content']['raw'] ) ) {
$prepared_comment['comment_content'] = trim( $request['content']['raw'] );
}
if ( isset( $request['post'] ) ) {
$prepared_comment['comment_post_ID'] = (int) $request['post'];
}
if ( isset( $request['parent'] ) ) {
$prepared_comment['comment_parent'] = $request['parent'];
}
if ( isset( $request['author'] ) ) {
$user = new WP_User( $request['author'] );
if ( $user->exists() ) {
$prepared_comment['user_id'] = $user->ID;
$prepared_comment['comment_author'] = $user->display_name;
$prepared_comment['comment_author_email'] = $user->user_email;
$prepared_comment['comment_author_url'] = $user->user_url;
} else {
return new WP_Error(
'rest_comment_author_invalid',
__( 'Invalid comment author ID.' ),
array( 'status' => 400 )
);
}
}
if ( isset( $request['author_name'] ) ) {
$prepared_comment['comment_author'] = $request['author_name'];
}
if ( isset( $request['author_email'] ) ) {
$prepared_comment['comment_author_email'] = $request['author_email'];
}
if ( isset( $request['author_url'] ) ) {
$prepared_comment['comment_author_url'] = $request['author_url'];
}
if ( isset( $request['author_ip'] ) && current_user_can( 'moderate_comments' ) ) {
$prepared_comment['comment_author_IP'] = $request['author_ip'];
} elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) && rest_is_ip_address( $_SERVER['REMOTE_ADDR'] ) ) {
$prepared_comment['comment_author_IP'] = $_SERVER['REMOTE_ADDR'];
} else {
$prepared_comment['comment_author_IP'] = '127.0.0.1';
}
if ( ! empty( $request['author_user_agent'] ) ) {
$prepared_comment['comment_agent'] = $request['author_user_agent'];
} elseif ( $request->get_header( 'user_agent' ) ) {
$prepared_comment['comment_agent'] = $request->get_header( 'user_agent' );
}
if ( ! empty( $request['date'] ) ) {
$date_data = rest_get_date_with_gmt( $request['date'] );
if ( ! empty( $date_data ) ) {
list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data;
}
} elseif ( ! empty( $request['date_gmt'] ) ) {
$date_data = rest_get_date_with_gmt( $request['date_gmt'], true );
if ( ! empty( $date_data ) ) {
list( $prepared_comment['comment_date'], $prepared_comment['comment_date_gmt'] ) = $date_data;
}
}
/**
* Filters a comment added via the REST API after it is prepared for insertion into the database.
*
* Allows modification of the comment right after it is prepared for the database.
*
* @since 4.7.0
*
* @param array $prepared_comment The prepared comment data for `wp_insert_comment`.
* @param WP_REST_Request $request The current request.
*/
return apply_filters( 'rest_preprocess_comment', $prepared_comment, $request );
}
/**
* Retrieves the comment's schema, conforming to JSON Schema.
*
* @since 4.7.0
*
* @return array
*/
public function get_item_schema() {
if ( $this->schema ) {
return $this->add_additional_fields_schema( $this->schema );
}
$schema = array(
'$schema' => 'http://json-schema.org/draft-04/schema#',
'title' => 'comment',
'type' => 'object',
'properties' => array(
'id' => array(
'description' => __( 'Unique identifier for the comment.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'author' => array(
'description' => __( 'The ID of the user object, if author was a user.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
),
'author_email' => array(
'description' => __( 'Email address for the comment author.' ),
'type' => 'string',
'format' => 'email',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => array( $this, 'check_comment_author_email' ),
'validate_callback' => null, // Skip built-in validation of 'email'.
),
),
'author_ip' => array(
'description' => __( 'IP address for the comment author.' ),
'type' => 'string',
'format' => 'ip',
'context' => array( 'edit' ),
),
'author_name' => array(
'description' => __( 'Display name for the comment author.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'author_url' => array(
'description' => __( 'URL for the comment author.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
),
'author_user_agent' => array(
'description' => __( 'User agent for the comment author.' ),
'type' => 'string',
'context' => array( 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
),
'content' => array(
'description' => __( 'The content for the comment.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
),
'properties' => array(
'raw' => array(
'description' => __( 'Content for the comment, as it exists in the database.' ),
'type' => 'string',
'context' => array( 'edit' ),
),
'rendered' => array(
'description' => __( 'HTML content for the comment, transformed for display.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
),
'date' => array(
'description' => __( "The date the comment was published, in the site's timezone." ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit', 'embed' ),
),
'date_gmt' => array(
'description' => __( 'The date the comment was published, as GMT.' ),
'type' => 'string',
'format' => 'date-time',
'context' => array( 'view', 'edit' ),
),
'link' => array(
'description' => __( 'URL to the comment.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
'parent' => array(
'description' => __( 'The ID for the parent of the comment.' ),
'type' => 'integer',
'context' => array( 'view', 'edit', 'embed' ),
'default' => 0,
),
'post' => array(
'description' => __( 'The ID of the associated post object.' ),
'type' => 'integer',
'context' => array( 'view', 'edit' ),
'default' => 0,
),
'status' => array(
'description' => __( 'State of the comment.' ),
'type' => 'string',
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_key',
),
),
'type' => array(
'description' => __( 'Type of the comment.' ),
'type' => 'string',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
),
),
);
if ( get_option( 'show_avatars' ) ) {
$avatar_properties = array();
$avatar_sizes = rest_get_avatar_sizes();
foreach ( $avatar_sizes as $size ) {
$avatar_properties[ $size ] = array(
/* translators: %d: Avatar image size in pixels. */
'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'embed', 'view', 'edit' ),
);
}
$schema['properties']['author_avatar_urls'] = array(
'description' => __( 'Avatar URLs for the comment author.' ),
'type' => 'object',
'context' => array( 'view', 'edit', 'embed' ),
'readonly' => true,
'properties' => $avatar_properties,
);
}
$schema['properties']['meta'] = $this->meta->get_field_schema();
$this->schema = $schema;
return $this->add_additional_fields_schema( $this->schema );
}
/**
* Retrieves the query params for collections.
*
* @since 4.7.0
*
* @return array Comments collection parameters.
*/
public function get_collection_params() {
$query_params = parent::get_collection_params();
$query_params['context']['default'] = 'view';
$query_params['after'] = array(
'description' => __( 'Limit response to comments published after a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
$query_params['author'] = array(
'description' => __( 'Limit result set to comments assigned to specific user IDs. Requires authorization.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['author_exclude'] = array(
'description' => __( 'Ensure result set excludes comments assigned to specific user IDs. Requires authorization.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['author_email'] = array(
'default' => null,
'description' => __( 'Limit result set to that from a specific author email. Requires authorization.' ),
'format' => 'email',
'type' => 'string',
);
$query_params['before'] = array(
'description' => __( 'Limit response to comments published before a given ISO8601 compliant date.' ),
'type' => 'string',
'format' => 'date-time',
);
$query_params['exclude'] = array(
'description' => __( 'Ensure result set excludes specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['include'] = array(
'description' => __( 'Limit result set to specific IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
'default' => array(),
);
$query_params['offset'] = array(
'description' => __( 'Offset the result set by a specific number of items.' ),
'type' => 'integer',
);
$query_params['order'] = array(
'description' => __( 'Order sort attribute ascending or descending.' ),
'type' => 'string',
'default' => 'desc',
'enum' => array(
'asc',
'desc',
),
);
$query_params['orderby'] = array(
'description' => __( 'Sort collection by comment attribute.' ),
'type' => 'string',
'default' => 'date_gmt',
'enum' => array(
'date',
'date_gmt',
'id',
'include',
'post',
'parent',
'type',
),
);
$query_params['parent'] = array(
'default' => array(),
'description' => __( 'Limit result set to comments of specific parent IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['parent_exclude'] = array(
'default' => array(),
'description' => __( 'Ensure result set excludes specific parent IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['post'] = array(
'default' => array(),
'description' => __( 'Limit result set to comments assigned to specific post IDs.' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$query_params['status'] = array(
'default' => 'approve',
'description' => __( 'Limit result set to comments assigned a specific status. Requires authorization.' ),
'sanitize_callback' => 'sanitize_key',
'type' => 'string',
'validate_callback' => 'rest_validate_request_arg',
);
$query_params['type'] = array(
'default' => 'comment',
'description' => __( 'Limit result set to comments assigned a specific type. Requires authorization.' ),
'sanitize_callback' => 'sanitize_key',
'type' => 'string',
'validate_callback' => 'rest_validate_request_arg',
);
$query_params['password'] = array(
'description' => __( 'The password for the post if it is password protected.' ),
'type' => 'string',
);
/**
* Filters REST API collection parameters for the comments controller.
*
* This filter registers the collection parameter, but does not map the
* collection parameter to an internal WP_Comment_Query parameter. Use the
* `rest_comment_query` filter to set WP_Comment_Query parameters.
*
* @since 4.7.0
*
* @param array $query_params JSON Schema-formatted collection parameters.
*/
return apply_filters( 'rest_comment_collection_params', $query_params );
}
/**
* Sets the comment_status of a given comment object when creating or updating a comment.
*
* @since 4.7.0
*
* @param string|int $new_status New comment status.
* @param int $comment_id Comment ID.
* @return bool Whether the status was changed.
*/
protected function handle_status_param( $new_status, $comment_id ) {
$old_status = wp_get_comment_status( $comment_id );
if ( $new_status === $old_status ) {
return false;
}
switch ( $new_status ) {
case 'approved':
case 'approve':
case '1':
$changed = wp_set_comment_status( $comment_id, 'approve' );
break;
case 'hold':
case '0':
$changed = wp_set_comment_status( $comment_id, 'hold' );
break;
case 'spam':
$changed = wp_spam_comment( $comment_id );
break;
case 'unspam':
$changed = wp_unspam_comment( $comment_id );
break;
case 'trash':
$changed = wp_trash_comment( $comment_id );
break;
case 'untrash':
$changed = wp_untrash_comment( $comment_id );
break;
default:
$changed = false;
break;
}
return $changed;
}
/**
* Checks if the post can be read.
*
* Correctly handles posts with the inherit status.
*
* @since 4.7.0
*
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Request data to check.
* @return bool Whether post can be read.
*/
protected function check_read_post_permission( $post, $request ) {
$post_type = get_post_type_object( $post->post_type );
// Return false if custom post type doesn't exist
if ( ! $post_type ) {
return false;
}
$posts_controller = $post_type->get_rest_controller();
/*
* Ensure the posts controller is specifically a WP_REST_Posts_Controller instance
* before using methods specific to that controller.
*/
if ( ! $posts_controller instanceof WP_REST_Posts_Controller ) {
$posts_controller = new WP_REST_Posts_Controller( $post->post_type );
}
$has_password_filter = false;
// Only check password if a specific post was queried for or a single comment
$requested_post = ! empty( $request['post'] ) && ( ! is_array( $request['post'] ) || 1 === count( $request['post'] ) );
$requested_comment = ! empty( $request['id'] );
if ( ( $requested_post || $requested_comment ) && $posts_controller->can_access_password_content( $post, $request ) ) {
add_filter( 'post_password_required', '__return_false' );
$has_password_filter = true;
}
if ( post_password_required( $post ) ) {
$result = current_user_can( 'edit_post', $post->ID );
} else {
$result = $posts_controller->check_read_permission( $post );
}
if ( $has_password_filter ) {
remove_filter( 'post_password_required', '__return_false' );
}
return $result;
}
/**
* Checks if the comment can be read.
*
* @since 4.7.0
*
* @param WP_Comment $comment Comment object.
* @param WP_REST_Request $request Request data to check.
* @return bool Whether the comment can be read.
*/
protected function check_read_permission( $comment, $request ) {
if ( ! empty( $comment->comment_post_ID ) ) {
$post = get_post( $comment->comment_post_ID );
if ( $post ) {
if ( $this->check_read_post_permission( $post, $request ) && 1 === (int) $comment->comment_approved ) {
return true;
}
}
}
if ( 0 === get_current_user_id() ) {
return false;
}
if ( empty( $comment->comment_post_ID ) && ! current_user_can( 'moderate_comments' ) ) {
return false;
}
if ( ! empty( $comment->user_id ) && get_current_user_id() === (int) $comment->user_id ) {
return true;
}
return current_user_can( 'edit_comment', $comment->comment_ID );
}
/**
* Checks if a comment can be edited or deleted.
*
* @since 4.7.0
*
* @param WP_Comment $comment Comment object.
* @return bool Whether the comment can be edited or deleted.
*/
protected function check_edit_permission( $comment ) {
if ( 0 === (int) get_current_user_id() ) {
return false;
}
if ( current_user_can( 'moderate_comments' ) ) {
return true;
}
return current_user_can( 'edit_comment', $comment->comment_ID );
}
/**
* Checks a comment author email for validity.
*
* Accepts either a valid email address or empty string as a valid comment
* author email address. Setting the comment author email to an empty
* string is allowed when a comment is being updated.
*
* @since 4.7.0
*
* @param string $value Author email value submitted.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter name.
* @return string|WP_Error The sanitized email address, if valid,
* otherwise an error.
*/
public function check_comment_author_email( $value, $request, $param ) {
$email = (string) $value;
if ( empty( $email ) ) {
return $email;
}
$check_email = rest_validate_request_arg( $email, $request, $param );
if ( is_wp_error( $check_email ) ) {
return $check_email;
}
return $email;
}
/**
* If empty comments are not allowed, checks if the provided comment content is not empty.
*
* @since 5.6.0
*
* @param array $prepared_comment The prepared comment data.
* @return bool True if the content is allowed, false otherwise.
*/
protected function check_is_comment_content_allowed( $prepared_comment ) {
$check = wp_parse_args(
$prepared_comment,
array(
'comment_post_ID' => 0,
'comment_author' => null,
'comment_author_email' => null,
'comment_author_url' => null,
'comment_parent' => 0,
'user_id' => 0,
)
);
/** This filter is documented in wp-includes/comment.php */
$allow_empty = apply_filters( 'allow_empty_comment', false, $check );
if ( $allow_empty ) {
return true;
}
/*
* Do not allow a comment to be created with missing or empty
* comment_content. See wp_handle_comment_submission().
*/
return '' !== $check['comment_content'];
}
}
if ( ! $metadata ) {
$metadata = wp_json_file_decode( $metadata_file, array( 'associative' => true ) );
}
if ( ! is_array( $metadata ) || empty( $metadata['name'] ) ) {
return false;
}
$metadata['file'] = wp_normalize_path( realpath( $metadata_file ) );
/**
* Filters the metadata provided for registering a block type.
*
* @since 5.7.0
*
* @param array $metadata Metadata for registering a block type.
*/
$metadata = apply_filters( 'block_type_metadata', $metadata );
// Add `style` and `editor_style` for core blocks if missing.
if ( ! empty( $metadata['name'] ) && str_starts_with( $metadata['name'], 'core/' ) ) {
$block_name = str_replace( 'core/', '', $metadata['name'] );
if ( ! isset( $metadata['style'] ) ) {
$metadata['style'] = "wp-block-$block_name";
}
if ( current_theme_supports( 'wp-block-styles' ) && wp_should_load_separate_core_block_assets() ) {
$metadata['style'] = (array) $metadata['style'];
$metadata['style'][] = "wp-block-{$block_name}-theme";
}
if ( ! isset( $metadata['editorStyle'] ) ) {
$metadata['editorStyle'] = "wp-block-{$block_name}-editor";
}
}
$settings = array();
$property_mappings = array(
'apiVersion' => 'api_version',
'title' => 'title',
'category' => 'category',
'parent' => 'parent',
'ancestor' => 'ancestor',
'icon' => 'icon',
'description' => 'description',
'keywords' => 'keywords',
'attributes' => 'attributes',
'providesContext' => 'provides_context',
'usesContext' => 'uses_context',
'selectors' => 'selectors',
'supports' => 'supports',
'styles' => 'styles',
'variations' => 'variations',
'example' => 'example',
);
$textdomain = ! empty( $metadata['textdomain'] ) ? $metadata['textdomain'] : null;
$i18n_schema = get_block_metadata_i18n_schema();
foreach ( $property_mappings as $key => $mapped_key ) {
if ( isset( $metadata[ $key ] ) ) {
$settings[ $mapped_key ] = $metadata[ $key ];
if ( $textdomain && isset( $i18n_schema->$key ) ) {
$settings[ $mapped_key ] = translate_settings_using_i18n_schema( $i18n_schema->$key, $settings[ $key ], $textdomain );
}
}
}
$script_fields = array(
'editorScript' => 'editor_script_handles',
'script' => 'script_handles',
'viewScript' => 'view_script_handles',
);
foreach ( $script_fields as $metadata_field_name => $settings_field_name ) {
if ( ! empty( $metadata[ $metadata_field_name ] ) ) {
$scripts = $metadata[ $metadata_field_name ];
$processed_scripts = array();
if ( is_array( $scripts ) ) {
for ( $index = 0; $index < count( $scripts ); $index++ ) {
$result = register_block_script_handle(
$metadata,
$metadata_field_name,
$index
);
if ( $result ) {
$processed_scripts[] = $result;
}
}
} else {
$result = register_block_script_handle(
$metadata,
$metadata_field_name
);
if ( $result ) {
$processed_scripts[] = $result;
}
}
$settings[ $settings_field_name ] = $processed_scripts;
}
}
$style_fields = array(
'editorStyle' => 'editor_style_handles',
'style' => 'style_handles',
);
foreach ( $style_fields as $metadata_field_name => $settings_field_name ) {
if ( ! empty( $metadata[ $metadata_field_name ] ) ) {
$styles = $metadata[ $metadata_field_name ];
$processed_styles = array();
if ( is_array( $styles ) ) {
for ( $index = 0; $index < count( $styles ); $index++ ) {
$result = register_block_style_handle(
$metadata,
$metadata_field_name,
$index
);
if ( $result ) {
$processed_styles[] = $result;
}
}
} else {
$result = register_block_style_handle(
$metadata,
$metadata_field_name
);
if ( $result ) {
$processed_styles[] = $result;
}
}
$settings[ $settings_field_name ] = $processed_styles;
}
}
if ( ! empty( $metadata['blockHooks'] ) ) {
/**
* Map camelCased position string (from block.json) to snake_cased block type position.
*
* @var array
*/
$position_mappings = array(
'before' => 'before',
'after' => 'after',
'firstChild' => 'first_child',
'lastChild' => 'last_child',
);
$settings['block_hooks'] = array();
foreach ( $metadata['blockHooks'] as $anchor_block_name => $position ) {
// Avoid infinite recursion (hooking to itself).
if ( $metadata['name'] === $anchor_block_name ) {
_doing_it_wrong(
__METHOD__,
__( 'Cannot hook block to itself.' ),
'6.4.0'
);
continue;
}
if ( ! isset( $position_mappings[ $position ] ) ) {
continue;
}
$settings['block_hooks'][ $anchor_block_name ] = $position_mappings[ $position ];
}
}
if ( ! empty( $metadata['render'] ) ) {
$template_path = wp_normalize_path(
realpath(
dirname( $metadata['file'] ) . '/' .
remove_block_asset_path_prefix( $metadata['render'] )
)
);
if ( $template_path ) {
/**
* Renders the block on the server.
*
* @since 6.1.0
*
* @param array $attributes Block attributes.
* @param string $content Block default content.
* @param WP_Block $block Block instance.
*
* @return string Returns the block content.
*/
$settings['render_callback'] = static function ( $attributes, $content, $block ) use ( $template_path ) {
ob_start();
require $template_path;
return ob_get_clean();
};
}
}
/**
* Filters the settings determined from the block type metadata.
*
* @since 5.7.0
*
* @param array $settings Array of determined settings for registering a block type.
* @param array $metadata Metadata provided for registering a block type.
*/
$settings = apply_filters(
'block_type_metadata_settings',
array_merge(
$settings,
$args
),
$metadata
);
return WP_Block_Type_Registry::get_instance()->register(
$metadata['name'],
$settings
);
}
/**
* Registers a block type. The recommended way is to register a block type using
* the metadata stored in the `block.json` file.
*
* @since 5.0.0
* @since 5.8.0 First parameter now accepts a path to the `block.json` file.
*
* @param string|WP_Block_Type $block_type Block type name including namespace, or alternatively
* a path to the JSON file with metadata definition for the block,
* or a path to the folder where the `block.json` file is located,
* or a complete WP_Block_Type instance.
* In case a WP_Block_Type is provided, the $args parameter will be ignored.
* @param array $args Optional. Array of block type arguments. Accepts any public property
* of `WP_Block_Type`. See WP_Block_Type::__construct() for information
* on accepted arguments. Default empty array.
*
* @return WP_Block_Type|false The registered block type on success, or false on failure.
*/
function register_block_type( $block_type, $args = array() ) {
if ( is_string( $block_type ) && file_exists( $block_type ) ) {
return register_block_type_from_metadata( $block_type, $args );
}
return WP_Block_Type_Registry::get_instance()->register( $block_type, $args );
}
/**
* Unregisters a block type.
*
* @since 5.0.0
*
* @param string|WP_Block_Type $name Block type name including namespace, or alternatively
* a complete WP_Block_Type instance.
* @return WP_Block_Type|false The unregistered block type on success, or false on failure.
*/
function unregister_block_type( $name ) {
return WP_Block_Type_Registry::get_instance()->unregister( $name );
}
/**
* Determines whether a post or content string has blocks.
*
* This test optimizes for performance rather than strict accuracy, detecting
* the pattern of a block but not validating its structure. For strict accuracy,
* you should use the block parser on post content.
*
* @since 5.0.0
*
* @see parse_blocks()
*
* @param int|string|WP_Post|null $post Optional. Post content, post ID, or post object.
* Defaults to global $post.
* @return bool Whether the post has blocks.
*/
function has_blocks( $post = null ) {
if ( ! is_string( $post ) ) {
$wp_post = get_post( $post );
if ( ! $wp_post instanceof WP_Post ) {
return false;
}
$post = $wp_post->post_content;
}
return str_contains( (string) $post, '', $serialized_block_name, $serialized_attributes );
}
return sprintf(
'%s',
$serialized_block_name,
$serialized_attributes,
$block_content,
$serialized_block_name
);
}
/**
* Returns the content of a block, including comment delimiters, serializing all
* attributes from the given parsed block.
*
* This should be used when preparing a block to be saved to post content.
* Prefer `render_block` when preparing a block for display. Unlike
* `render_block`, this does not evaluate a block's `render_callback`, and will
* instead preserve the markup as parsed.
*
* @since 5.3.1
*
* @param array $block A representative array of a single parsed block object. See WP_Block_Parser_Block.
* @return string String of rendered HTML.
*/
function serialize_block( $block ) {
$block_content = '';
$index = 0;
foreach ( $block['innerContent'] as $chunk ) {
$block_content .= is_string( $chunk ) ? $chunk : serialize_block( $block['innerBlocks'][ $index++ ] );
}
if ( ! is_array( $block['attrs'] ) ) {
$block['attrs'] = array();
}
return get_comment_delimited_block_content(
$block['blockName'],
$block['attrs'],
$block_content
);
}
/**
* Returns a joined string of the aggregate serialization of the given
* parsed blocks.
*
* @since 5.3.1
*
* @param array[] $blocks An array of representative arrays of parsed block objects. See serialize_block().
* @return string String of rendered HTML.
*/
function serialize_blocks( $blocks ) {
return implode( '', array_map( 'serialize_block', $blocks ) );
}
/**
* Traverses a parsed block tree and applies callbacks before and after serializing it.
*
* Recursively traverses the block and its inner blocks and applies the two callbacks provided as
* arguments, the first one before serializing the block, and the second one after serializing it.
* If either callback returns a string value, it will be prepended and appended to the serialized
* block markup, respectively.
*
* The callbacks will receive a reference to the current block as their first argument, so that they
* can also modify it, and the current block's parent block as second argument. Finally, the
* `$pre_callback` receives the previous block, whereas the `$post_callback` receives
* the next block as third argument.
*
* Serialized blocks are returned including comment delimiters, and with all attributes serialized.
*
* This function should be used when there is a need to modify the saved block, or to inject markup
* into the return value. Prefer `serialize_block` when preparing a block to be saved to post content.
*
* This function is meant for internal use only.
*
* @since 6.4.0
* @access private
*
* @see serialize_block()
*
* @param array $block A representative array of a single parsed block object. See WP_Block_Parser_Block.
* @param callable $pre_callback Callback to run on each block in the tree before it is traversed and serialized.
* It is called with the following arguments: &$block, $parent_block, $previous_block.
* Its string return value will be prepended to the serialized block markup.
* @param callable $post_callback Callback to run on each block in the tree after it is traversed and serialized.
* It is called with the following arguments: &$block, $parent_block, $next_block.
* Its string return value will be appended to the serialized block markup.
* @return string Serialized block markup.
*/
function traverse_and_serialize_block( $block, $pre_callback = null, $post_callback = null ) {
$block_content = '';
$block_index = 0;
foreach ( $block['innerContent'] as $chunk ) {
if ( is_string( $chunk ) ) {
$block_content .= $chunk;
} else {
$inner_block = $block['innerBlocks'][ $block_index ];
if ( is_callable( $pre_callback ) ) {
$prev = 0 === $block_index
? null
: $block['innerBlocks'][ $block_index - 1 ];
$block_content .= call_user_func_array(
$pre_callback,
array( &$inner_block, &$block, $prev )
);
}
if ( is_callable( $post_callback ) ) {
$next = count( $block['innerBlocks'] ) - 1 === $block_index
? null
: $block['innerBlocks'][ $block_index + 1 ];
$post_markup = call_user_func_array(
$post_callback,
array( &$inner_block, &$block, $next )
);
}
$block_content .= traverse_and_serialize_block( $inner_block, $pre_callback, $post_callback );
$block_content .= isset( $post_markup ) ? $post_markup : '';
++$block_index;
}
}
if ( ! is_array( $block['attrs'] ) ) {
$block['attrs'] = array();
}
return get_comment_delimited_block_content(
$block['blockName'],
$block['attrs'],
$block_content
);
}
/**
* Given an array of parsed block trees, applies callbacks before and after serializing them and
* returns their concatenated output.
*
* Recursively traverses the blocks and their inner blocks and applies the two callbacks provided as
* arguments, the first one before serializing a block, and the second one after serializing.
* If either callback returns a string value, it will be prepended and appended to the serialized
* block markup, respectively.
*
* The callbacks will receive a reference to the current block as their first argument, so that they
* can also modify it, and the current block's parent block as second argument. Finally, the
* `$pre_callback` receives the previous block, whereas the `$post_callback` receives
* the next block as third argument.
*
* Serialized blocks are returned including comment delimiters, and with all attributes serialized.
*
* This function should be used when there is a need to modify the saved blocks, or to inject markup
* into the return value. Prefer `serialize_blocks` when preparing blocks to be saved to post content.
*
* This function is meant for internal use only.
*
* @since 6.4.0
* @access private
*
* @see serialize_blocks()
*
* @param array[] $blocks An array of parsed blocks. See WP_Block_Parser_Block.
* @param callable $pre_callback Callback to run on each block in the tree before it is traversed and serialized.
* It is called with the following arguments: &$block, $parent_block, $previous_block.
* Its string return value will be prepended to the serialized block markup.
* @param callable $post_callback Callback to run on each block in the tree after it is traversed and serialized.
* It is called with the following arguments: &$block, $parent_block, $next_block.
* Its string return value will be appended to the serialized block markup.
* @return string Serialized block markup.
*/
function traverse_and_serialize_blocks( $blocks, $pre_callback = null, $post_callback = null ) {
$result = '';
$parent_block = null; // At the top level, there is no parent block to pass to the callbacks; yet the callbacks expect a reference.
foreach ( $blocks as $index => $block ) {
if ( is_callable( $pre_callback ) ) {
$prev = 0 === $index
? null
: $blocks[ $index - 1 ];
$result .= call_user_func_array(
$pre_callback,
array( &$block, &$parent_block, $prev )
);
}
if ( is_callable( $post_callback ) ) {
$next = count( $blocks ) - 1 === $index
? null
: $blocks[ $index + 1 ];
$post_markup = call_user_func_array(
$post_callback,
array( &$block, &$parent_block, $next )
);
}
$result .= traverse_and_serialize_block( $block, $pre_callback, $post_callback );
$result .= isset( $post_markup ) ? $post_markup : '';
}
return $result;
}
/**
* Filters and sanitizes block content to remove non-allowable HTML
* from parsed block attribute values.
*
* @since 5.3.1
*
* @param string $text Text that may contain block content.
* @param array[]|string $allowed_html Optional. An array of allowed HTML elements and attributes,
* or a context name such as 'post'. See wp_kses_allowed_html()
* for the list of accepted context names. Default 'post'.
* @param string[] $allowed_protocols Optional. Array of allowed URL protocols.
* Defaults to the result of wp_allowed_protocols().
* @return string The filtered and sanitized content result.
*/
function filter_block_content( $text, $allowed_html = 'post', $allowed_protocols = array() ) {
$result = '';
if ( str_contains( $text, '' ) ) {
$text = preg_replace_callback( '%%', '_filter_block_content_callback', $text );
}
$blocks = parse_blocks( $text );
foreach ( $blocks as $block ) {
$block = filter_block_kses( $block, $allowed_html, $allowed_protocols );
$result .= serialize_block( $block );
}
return $result;
}
/**
* Callback used for regular expression replacement in filter_block_content().
*
* @private
* @since 6.2.1
*
* @param array $matches Array of preg_replace_callback matches.
* @return string Replacement string.
*/
function _filter_block_content_callback( $matches ) {
return '';
}
/**
* Filters and sanitizes a parsed block to remove non-allowable HTML
* from block attribute values.
*
* @since 5.3.1
*
* @param WP_Block_Parser_Block $block The parsed block object.
* @param array[]|string $allowed_html An array of allowed HTML elements and attributes,
* or a context name such as 'post'. See wp_kses_allowed_html()
* for the list of accepted context names.
* @param string[] $allowed_protocols Optional. Array of allowed URL protocols.
* Defaults to the result of wp_allowed_protocols().
* @return array The filtered and sanitized block object result.
*/
function filter_block_kses( $block, $allowed_html, $allowed_protocols = array() ) {
$block['attrs'] = filter_block_kses_value( $block['attrs'], $allowed_html, $allowed_protocols, $block );
if ( is_array( $block['innerBlocks'] ) ) {
foreach ( $block['innerBlocks'] as $i => $inner_block ) {
$block['innerBlocks'][ $i ] = filter_block_kses( $inner_block, $allowed_html, $allowed_protocols );
}
}
return $block;
}
/**
* Filters and sanitizes a parsed block attribute value to remove
* non-allowable HTML.
*
* @since 5.3.1
* @since 6.5.5 Added the `$block_context` parameter.
*
* @param string[]|string $value The attribute value to filter.
* @param array[]|string $allowed_html An array of allowed HTML elements and attributes,
* or a context name such as 'post'. See wp_kses_allowed_html()
* for the list of accepted context names.
* @param string[] $allowed_protocols Optional. Array of allowed URL protocols.
* Defaults to the result of wp_allowed_protocols().
* @param array $block_context Optional. The block the attribute belongs to, in parsed block array format.
* @return string[]|string The filtered and sanitized result.
*/
function filter_block_kses_value( $value, $allowed_html, $allowed_protocols = array(), $block_context = null ) {
if ( is_array( $value ) ) {
foreach ( $value as $key => $inner_value ) {
$filtered_key = filter_block_kses_value( $key, $allowed_html, $allowed_protocols, $block_context );
$filtered_value = filter_block_kses_value( $inner_value, $allowed_html, $allowed_protocols, $block_context );
if ( isset( $block_context['blockName'] ) && 'core/template-part' === $block_context['blockName'] ) {
$filtered_value = filter_block_core_template_part_attributes( $filtered_value, $filtered_key, $allowed_html );
}
if ( $filtered_key !== $key ) {
unset( $value[ $key ] );
}
$value[ $filtered_key ] = $filtered_value;
}
} elseif ( is_string( $value ) ) {
return wp_kses( $value, $allowed_html, $allowed_protocols );
}
return $value;
}
/**
* Sanitizes the value of the Template Part block's `tagName` attribute.
*
* @since 6.5.5
*
* @param string $attribute_value The attribute value to filter.
* @param string $attribute_name The attribute name.
* @param array[]|string $allowed_html An array of allowed HTML elements and attributes,
* or a context name such as 'post'. See wp_kses_allowed_html()
* for the list of accepted context names.
* @return string The sanitized attribute value.
*/
function filter_block_core_template_part_attributes( $attribute_value, $attribute_name, $allowed_html ) {
if ( empty( $attribute_value ) || 'tagName' !== $attribute_name ) {
return $attribute_value;
}
if ( ! is_array( $allowed_html ) ) {
$allowed_html = wp_kses_allowed_html( $allowed_html );
}
return isset( $allowed_html[ $attribute_value ] ) ? $attribute_value : '';
}
/**
* Parses blocks out of a content string, and renders those appropriate for the excerpt.
*
* As the excerpt should be a small string of text relevant to the full post content,
* this function renders the blocks that are most likely to contain such text.
*
* @since 5.0.0
*
* @param string $content The content to parse.
* @return string The parsed and filtered content.
*/
function excerpt_remove_blocks( $content ) {
if ( ! has_blocks( $content ) ) {
return $content;
}
$allowed_inner_blocks = array(
// Classic blocks have their blockName set to null.
null,
'core/freeform',
'core/heading',
'core/html',
'core/list',
'core/media-text',
'core/paragraph',
'core/preformatted',
'core/pullquote',
'core/quote',
'core/table',
'core/verse',
);
$allowed_wrapper_blocks = array(
'core/columns',
'core/column',
'core/group',
);
/**
* Filters the list of blocks that can be used as wrapper blocks, allowing
* excerpts to be generated from the `innerBlocks` of these wrappers.
*
* @since 5.8.0
*
* @param string[] $allowed_wrapper_blocks The list of names of allowed wrapper blocks.
*/
$allowed_wrapper_blocks = apply_filters( 'excerpt_allowed_wrapper_blocks', $allowed_wrapper_blocks );
$allowed_blocks = array_merge( $allowed_inner_blocks, $allowed_wrapper_blocks );
/**
* Filters the list of blocks that can contribute to the excerpt.
*
* If a dynamic block is added to this list, it must not generate another
* excerpt, as this will cause an infinite loop to occur.
*
* @since 5.0.0
*
* @param string[] $allowed_blocks The list of names of allowed blocks.
*/
$allowed_blocks = apply_filters( 'excerpt_allowed_blocks', $allowed_blocks );
$blocks = parse_blocks( $content );
$output = '';
foreach ( $blocks as $block ) {
if ( in_array( $block['blockName'], $allowed_blocks, true ) ) {
if ( ! empty( $block['innerBlocks'] ) ) {
if ( in_array( $block['blockName'], $allowed_wrapper_blocks, true ) ) {
$output .= _excerpt_render_inner_blocks( $block, $allowed_blocks );
continue;
}
// Skip the block if it has disallowed or nested inner blocks.
foreach ( $block['innerBlocks'] as $inner_block ) {
if (
! in_array( $inner_block['blockName'], $allowed_inner_blocks, true ) ||
! empty( $inner_block['innerBlocks'] )
) {
continue 2;
}
}
}
$output .= render_block( $block );
}
}
return $output;
}
/**
* Parses footnotes markup out of a content string,
* and renders those appropriate for the excerpt.
*
* @since 6.3.0
*
* @param string $content The content to parse.
* @return string The parsed and filtered content.
*/
function excerpt_remove_footnotes( $content ) {
if ( ! str_contains( $content, 'data-fn=' ) ) {
return $content;
}
return preg_replace(
'_\s*\d+\s*_',
'',
$content
);
}
/**
* Renders inner blocks from the allowed wrapper blocks
* for generating an excerpt.
*
* @since 5.8.0
* @access private
*
* @param array $parsed_block The parsed block.
* @param array $allowed_blocks The list of allowed inner blocks.
* @return string The rendered inner blocks.
*/
function _excerpt_render_inner_blocks( $parsed_block, $allowed_blocks ) {
$output = '';
foreach ( $parsed_block['innerBlocks'] as $inner_block ) {
if ( ! in_array( $inner_block['blockName'], $allowed_blocks, true ) ) {
continue;
}
if ( empty( $inner_block['innerBlocks'] ) ) {
$output .= render_block( $inner_block );
} else {
$output .= _excerpt_render_inner_blocks( $inner_block, $allowed_blocks );
}
}
return $output;
}
/**
* Renders a single block into a HTML string.
*
* @since 5.0.0
*
* @global WP_Post $post The post to edit.
*
* @param array $parsed_block A single parsed block object.
* @return string String of rendered HTML.
*/
function render_block( $parsed_block ) {
global $post;
$parent_block = null;
/**
* Allows render_block() to be short-circuited, by returning a non-null value.
*
* @since 5.1.0
* @since 5.9.0 The `$parent_block` parameter was added.
*
* @param string|null $pre_render The pre-rendered content. Default null.
* @param array $parsed_block The block being rendered.
* @param WP_Block|null $parent_block If this is a nested block, a reference to the parent block.
*/
$pre_render = apply_filters( 'pre_render_block', null, $parsed_block, $parent_block );
if ( ! is_null( $pre_render ) ) {
return $pre_render;
}
$source_block = $parsed_block;
/**
* Filters the block being rendered in render_block(), before it's processed.
*
* @since 5.1.0
* @since 5.9.0 The `$parent_block` parameter was added.
*
* @param array $parsed_block The block being rendered.
* @param array $source_block An un-modified copy of $parsed_block, as it appeared in the source content.
* @param WP_Block|null $parent_block If this is a nested block, a reference to the parent block.
*/
$parsed_block = apply_filters( 'render_block_data', $parsed_block, $source_block, $parent_block );
$context = array();
if ( $post instanceof WP_Post ) {
$context['postId'] = $post->ID;
/*
* The `postType` context is largely unnecessary server-side, since the ID
* is usually sufficient on its own. That being said, since a block's
* manifest is expected to be shared between the server and the client,
* it should be included to consistently fulfill the expectation.
*/
$context['postType'] = $post->post_type;
}
/**
* Filters the default context provided to a rendered block.
*
* @since 5.5.0
* @since 5.9.0 The `$parent_block` parameter was added.
*
* @param array $context Default context.
* @param array $parsed_block Block being rendered, filtered by `render_block_data`.
* @param WP_Block|null $parent_block If this is a nested block, a reference to the parent block.
*/
$context = apply_filters( 'render_block_context', $context, $parsed_block, $parent_block );
$block = new WP_Block( $parsed_block, $context );
return $block->render();
}
/**
* Parses blocks out of a content string.
*
* @since 5.0.0
*
* @param string $content Post content.
* @return array[] Array of parsed block objects.
*/
function parse_blocks( $content ) {
/**
* Filter to allow plugins to replace the server-side block parser.
*
* @since 5.0.0
*
* @param string $parser_class Name of block parser class.
*/
$parser_class = apply_filters( 'block_parser_class', 'WP_Block_Parser' );
$parser = new $parser_class();
return $parser->parse( $content );
}
/**
* Parses dynamic blocks out of `post_content` and re-renders them.
*
* @since 5.0.0
*
* @param string $content Post content.
* @return string Updated post content.
*/
function do_blocks( $content ) {
$blocks = parse_blocks( $content );
$output = '';
foreach ( $blocks as $block ) {
$output .= render_block( $block );
}
// If there are blocks in this content, we shouldn't run wpautop() on it later.
$priority = has_filter( 'the_content', 'wpautop' );
if ( false !== $priority && doing_filter( 'the_content' ) && has_blocks( $content ) ) {
remove_filter( 'the_content', 'wpautop', $priority );
add_filter( 'the_content', '_restore_wpautop_hook', $priority + 1 );
}
return $output;
}
/**
* If do_blocks() needs to remove wpautop() from the `the_content` filter, this re-adds it afterwards,
* for subsequent `the_content` usage.
*
* @since 5.0.0
* @access private
*
* @param string $content The post content running through this filter.
* @return string The unmodified content.
*/
function _restore_wpautop_hook( $content ) {
$current_priority = has_filter( 'the_content', '_restore_wpautop_hook' );
add_filter( 'the_content', 'wpautop', $current_priority - 1 );
remove_filter( 'the_content', '_restore_wpautop_hook', $current_priority );
return $content;
}
/**
* Returns the current version of the block format that the content string is using.
*
* If the string doesn't contain blocks, it returns 0.
*
* @since 5.0.0
*
* @param string $content Content to test.
* @return int The block format version is 1 if the content contains one or more blocks, 0 otherwise.
*/
function block_version( $content ) {
return has_blocks( $content ) ? 1 : 0;
}
/**
* Registers a new block style.
*
* @since 5.3.0
*
* @link https://developer.wordpress.org/block-editor/reference-guides/block-api/block-styles/
*
* @param string $block_name Block type name including namespace.
* @param array $style_properties Array containing the properties of the style name, label,
* style_handle (name of the stylesheet to be enqueued),
* inline_style (string containing the CSS to be added).
* @return bool True if the block style was registered with success and false otherwise.
*/
function register_block_style( $block_name, $style_properties ) {
return WP_Block_Styles_Registry::get_instance()->register( $block_name, $style_properties );
}
/**
* Unregisters a block style.
*
* @since 5.3.0
*
* @param string $block_name Block type name including namespace.
* @param string $block_style_name Block style name.
* @return bool True if the block style was unregistered with success and false otherwise.
*/
function unregister_block_style( $block_name, $block_style_name ) {
return WP_Block_Styles_Registry::get_instance()->unregister( $block_name, $block_style_name );
}
/**
* Checks whether the current block type supports the feature requested.
*
* @since 5.8.0
* @since 6.4.0 The `$feature` parameter now supports a string.
*
* @param WP_Block_Type $block_type Block type to check for support.
* @param string|array $feature Feature slug, or path to a specific feature to check support for.
* @param mixed $default_value Optional. Fallback value for feature support. Default false.
* @return bool Whether the feature is supported.
*/
function block_has_support( $block_type, $feature, $default_value = false ) {
$block_support = $default_value;
if ( $block_type instanceof WP_Block_Type ) {
if ( is_array( $feature ) && count( $feature ) === 1 ) {
$feature = $feature[0];
}
if ( is_array( $feature ) ) {
$block_support = _wp_array_get( $block_type->supports, $feature, $default_value );
} elseif ( isset( $block_type->supports[ $feature ] ) ) {
$block_support = $block_type->supports[ $feature ];
}
}
return true === $block_support || is_array( $block_support );
}
/**
* Converts typography keys declared under `supports.*` to `supports.typography.*`.
*
* Displays a `_doing_it_wrong()` notice when a block using the older format is detected.
*
* @since 5.8.0
*
* @param array $metadata Metadata for registering a block type.
* @return array Filtered metadata for registering a block type.
*/
function wp_migrate_old_typography_shape( $metadata ) {
if ( ! isset( $metadata['supports'] ) ) {
return $metadata;
}
$typography_keys = array(
'__experimentalFontFamily',
'__experimentalFontStyle',
'__experimentalFontWeight',
'__experimentalLetterSpacing',
'__experimentalTextDecoration',
'__experimentalTextTransform',
'fontSize',
'lineHeight',
);
foreach ( $typography_keys as $typography_key ) {
$support_for_key = isset( $metadata['supports'][ $typography_key ] ) ? $metadata['supports'][ $typography_key ] : null;
if ( null !== $support_for_key ) {
_doing_it_wrong(
'register_block_type_from_metadata()',
sprintf(
/* translators: 1: Block type, 2: Typography supports key, e.g: fontSize, lineHeight, etc. 3: block.json, 4: Old metadata key, 5: New metadata key. */
__( 'Block "%1$s" is declaring %2$s support in %3$s file under %4$s. %2$s support is now declared under %5$s.' ),
$metadata['name'],
"$typography_key",
'block.json',
"supports.$typography_key",
"supports.typography.$typography_key"
),
'5.8.0'
);
_wp_array_set( $metadata['supports'], array( 'typography', $typography_key ), $support_for_key );
unset( $metadata['supports'][ $typography_key ] );
}
}
return $metadata;
}
/**
* Helper function that constructs a WP_Query args array from
* a `Query` block properties.
*
* It's used in Query Loop, Query Pagination Numbers and Query Pagination Next blocks.
*
* @since 5.8.0
* @since 6.1.0 Added `query_loop_block_query_vars` filter and `parents` support in query.
*
* @param WP_Block $block Block instance.
* @param int $page Current query's page.
*
* @return array Returns the constructed WP_Query arguments.
*/
function build_query_vars_from_query_block( $block, $page ) {
$query = array(
'post_type' => 'post',
'order' => 'DESC',
'orderby' => 'date',
'post__not_in' => array(),
);
if ( isset( $block->context['query'] ) ) {
if ( ! empty( $block->context['query']['postType'] ) ) {
$post_type_param = $block->context['query']['postType'];
if ( is_post_type_viewable( $post_type_param ) ) {
$query['post_type'] = $post_type_param;
}
}
if ( isset( $block->context['query']['sticky'] ) && ! empty( $block->context['query']['sticky'] ) ) {
$sticky = get_option( 'sticky_posts' );
if ( 'only' === $block->context['query']['sticky'] ) {
/*
* Passing an empty array to post__in will return have_posts() as true (and all posts will be returned).
* Logic should be used before hand to determine if WP_Query should be used in the event that the array
* being passed to post__in is empty.
*
* @see https://core.trac.wordpress.org/ticket/28099
*/
$query['post__in'] = ! empty( $sticky ) ? $sticky : array( 0 );
$query['ignore_sticky_posts'] = 1;
} else {
$query['post__not_in'] = array_merge( $query['post__not_in'], $sticky );
}
}
if ( ! empty( $block->context['query']['exclude'] ) ) {
$excluded_post_ids = array_map( 'intval', $block->context['query']['exclude'] );
$excluded_post_ids = array_filter( $excluded_post_ids );
$query['post__not_in'] = array_merge( $query['post__not_in'], $excluded_post_ids );
}
if (
isset( $block->context['query']['perPage'] ) &&
is_numeric( $block->context['query']['perPage'] )
) {
$per_page = absint( $block->context['query']['perPage'] );
$offset = 0;
if (
isset( $block->context['query']['offset'] ) &&
is_numeric( $block->context['query']['offset'] )
) {
$offset = absint( $block->context['query']['offset'] );
}
$query['offset'] = ( $per_page * ( $page - 1 ) ) + $offset;
$query['posts_per_page'] = $per_page;
}
// Migrate `categoryIds` and `tagIds` to `tax_query` for backwards compatibility.
if ( ! empty( $block->context['query']['categoryIds'] ) || ! empty( $block->context['query']['tagIds'] ) ) {
$tax_query = array();
if ( ! empty( $block->context['query']['categoryIds'] ) ) {
$tax_query[] = array(
'taxonomy' => 'category',
'terms' => array_filter( array_map( 'intval', $block->context['query']['categoryIds'] ) ),
'include_children' => false,
);
}
if ( ! empty( $block->context['query']['tagIds'] ) ) {
$tax_query[] = array(
'taxonomy' => 'post_tag',
'terms' => array_filter( array_map( 'intval', $block->context['query']['tagIds'] ) ),
'include_children' => false,
);
}
$query['tax_query'] = $tax_query;
}
if ( ! empty( $block->context['query']['taxQuery'] ) ) {
$query['tax_query'] = array();
foreach ( $block->context['query']['taxQuery'] as $taxonomy => $terms ) {
if ( is_taxonomy_viewable( $taxonomy ) && ! empty( $terms ) ) {
$query['tax_query'][] = array(
'taxonomy' => $taxonomy,
'terms' => array_filter( array_map( 'intval', $terms ) ),
'include_children' => false,
);
}
}
}
if (
isset( $block->context['query']['order'] ) &&
in_array( strtoupper( $block->context['query']['order'] ), array( 'ASC', 'DESC' ), true )
) {
$query['order'] = strtoupper( $block->context['query']['order'] );
}
if ( isset( $block->context['query']['orderBy'] ) ) {
$query['orderby'] = $block->context['query']['orderBy'];
}
if (
isset( $block->context['query']['author'] )
) {
if ( is_array( $block->context['query']['author'] ) ) {
$query['author__in'] = array_filter( array_map( 'intval', $block->context['query']['author'] ) );
} elseif ( is_string( $block->context['query']['author'] ) ) {
$query['author__in'] = array_filter( array_map( 'intval', explode( ',', $block->context['query']['author'] ) ) );
} elseif ( is_int( $block->context['query']['author'] ) && $block->context['query']['author'] > 0 ) {
$query['author'] = $block->context['query']['author'];
}
}
if ( ! empty( $block->context['query']['search'] ) ) {
$query['s'] = $block->context['query']['search'];
}
if ( ! empty( $block->context['query']['parents'] ) && is_post_type_hierarchical( $query['post_type'] ) ) {
$query['post_parent__in'] = array_filter( array_map( 'intval', $block->context['query']['parents'] ) );
}
}
/**
* Filters the arguments which will be passed to `WP_Query` for the Query Loop Block.
*
* Anything to this filter should be compatible with the `WP_Query` API to form
* the query context which will be passed down to the Query Loop Block's children.
* This can help, for example, to include additional settings or meta queries not
* directly supported by the core Query Loop Block, and extend its capabilities.
*
* Please note that this will only influence the query that will be rendered on the
* front-end. The editor preview is not affected by this filter. Also, worth noting
* that the editor preview uses the REST API, so, ideally, one should aim to provide
* attributes which are also compatible with the REST API, in order to be able to
* implement identical queries on both sides.
*
* @since 6.1.0
*
* @param array $query Array containing parameters for `WP_Query` as parsed by the block context.
* @param WP_Block $block Block instance.
* @param int $page Current query's page.
*/
return apply_filters( 'query_loop_block_query_vars', $query, $block, $page );
}
/**
* Helper function that returns the proper pagination arrow HTML for
* `QueryPaginationNext` and `QueryPaginationPrevious` blocks based
* on the provided `paginationArrow` from `QueryPagination` context.
*
* It's used in QueryPaginationNext and QueryPaginationPrevious blocks.
*
* @since 5.9.0
*
* @param WP_Block $block Block instance.
* @param bool $is_next Flag for handling `next/previous` blocks.
* @return string|null The pagination arrow HTML or null if there is none.
*/
function get_query_pagination_arrow( $block, $is_next ) {
$arrow_map = array(
'none' => '',
'arrow' => array(
'next' => '→',
'previous' => '←',
),
'chevron' => array(
'next' => '»',
'previous' => '«',
),
);
if ( ! empty( $block->context['paginationArrow'] ) && array_key_exists( $block->context['paginationArrow'], $arrow_map ) && ! empty( $arrow_map[ $block->context['paginationArrow'] ] ) ) {
$pagination_type = $is_next ? 'next' : 'previous';
$arrow_attribute = $block->context['paginationArrow'];
$arrow = $arrow_map[ $block->context['paginationArrow'] ][ $pagination_type ];
$arrow_classes = "wp-block-query-pagination-$pagination_type-arrow is-arrow-$arrow_attribute";
return "$arrow";
}
return null;
}
/**
* Helper function that constructs a comment query vars array from the passed
* block properties.
*
* It's used with the Comment Query Loop inner blocks.
*
* @since 6.0.0
*
* @param WP_Block $block Block instance.
* @return array Returns the comment query parameters to use with the
* WP_Comment_Query constructor.
*/
function build_comment_query_vars_from_block( $block ) {
$comment_args = array(
'orderby' => 'comment_date_gmt',
'order' => 'ASC',
'status' => 'approve',
'no_found_rows' => false,
);
if ( is_user_logged_in() ) {
$comment_args['include_unapproved'] = array( get_current_user_id() );
} else {
$unapproved_email = wp_get_unapproved_comment_author_email();
if ( $unapproved_email ) {
$comment_args['include_unapproved'] = array( $unapproved_email );
}
}
if ( ! empty( $block->context['postId'] ) ) {
$comment_args['post_id'] = (int) $block->context['postId'];
}
if ( get_option( 'thread_comments' ) ) {
$comment_args['hierarchical'] = 'threaded';
} else {
$comment_args['hierarchical'] = false;
}
if ( get_option( 'page_comments' ) === '1' || get_option( 'page_comments' ) === true ) {
$per_page = get_option( 'comments_per_page' );
$default_page = get_option( 'default_comments_page' );
if ( $per_page > 0 ) {
$comment_args['number'] = $per_page;
$page = (int) get_query_var( 'cpage' );
if ( $page ) {
$comment_args['paged'] = $page;
} elseif ( 'oldest' === $default_page ) {
$comment_args['paged'] = 1;
} elseif ( 'newest' === $default_page ) {
$max_num_pages = (int) ( new WP_Comment_Query( $comment_args ) )->max_num_pages;
if ( 0 !== $max_num_pages ) {
$comment_args['paged'] = $max_num_pages;
}
}
// Set the `cpage` query var to ensure the previous and next pagination links are correct
// when inheriting the Discussion Settings.
if ( 0 === $page && isset( $comment_args['paged'] ) && $comment_args['paged'] > 0 ) {
set_query_var( 'cpage', $comment_args['paged'] );
}
}
}
return $comment_args;
}
/**
* Helper function that returns the proper pagination arrow HTML for
* `CommentsPaginationNext` and `CommentsPaginationPrevious` blocks based on the
* provided `paginationArrow` from `CommentsPagination` context.
*
* It's used in CommentsPaginationNext and CommentsPaginationPrevious blocks.
*
* @since 6.0.0
*
* @param WP_Block $block Block instance.
* @param string $pagination_type Optional. Type of the arrow we will be rendering.
* Accepts 'next' or 'previous'. Default 'next'.
* @return string|null The pagination arrow HTML or null if there is none.
*/
function get_comments_pagination_arrow( $block, $pagination_type = 'next' ) {
$arrow_map = array(
'none' => '',
'arrow' => array(
'next' => '→',
'previous' => '←',
),
'chevron' => array(
'next' => '»',
'previous' => '«',
),
);
if ( ! empty( $block->context['comments/paginationArrow'] ) && ! empty( $arrow_map[ $block->context['comments/paginationArrow'] ][ $pagination_type ] ) ) {
$arrow_attribute = $block->context['comments/paginationArrow'];
$arrow = $arrow_map[ $block->context['comments/paginationArrow'] ][ $pagination_type ];
$arrow_classes = "wp-block-comments-pagination-$pagination_type-arrow is-arrow-$arrow_attribute";
return "$arrow";
}
return null;
}
/**
* Strips all HTML from the content of footnotes, and sanitizes the ID.
* This function expects slashed data on the footnotes content.
*
* @access private
* @since 6.3.2
*
* @param string $footnotes JSON encoded string of an array containing the content and ID of each footnote.
* @return string Filtered content without any HTML on the footnote content and with the sanitized id.
*/
function _wp_filter_post_meta_footnotes( $footnotes ) {
$footnotes_decoded = json_decode( $footnotes, true );
if ( ! is_array( $footnotes_decoded ) ) {
return '';
}
$footnotes_sanitized = array();
foreach ( $footnotes_decoded as $footnote ) {
if ( ! empty( $footnote['content'] ) && ! empty( $footnote['id'] ) ) {
$footnotes_sanitized[] = array(
'id' => sanitize_key( $footnote['id'] ),
'content' => wp_unslash( wp_filter_post_kses( wp_slash( $footnote['content'] ) ) ),
);
}
}
return wp_json_encode( $footnotes_sanitized );
}
/**
* Adds the filters to filter footnotes meta field.
*
* @access private
* @since 6.3.2
*/
function _wp_footnotes_kses_init_filters() {
add_filter( 'sanitize_post_meta_footnotes', '_wp_filter_post_meta_footnotes' );
}
/**
* Removes the filters that filter footnotes meta field.
*
* @access private
* @since 6.3.2
*/
function _wp_footnotes_remove_filters() {
remove_filter( 'sanitize_post_meta_footnotes', '_wp_filter_post_meta_footnotes' );
}
/**
* Registers the filter of footnotes meta field if the user does not have unfiltered_html capability.
*
* @access private
* @since 6.3.2
*/
function _wp_footnotes_kses_init() {
_wp_footnotes_remove_filters();
if ( ! current_user_can( 'unfiltered_html' ) ) {
_wp_footnotes_kses_init_filters();
}
}
/**
* Initializes footnotes meta field filters when imported data should be filtered.
*
* This filter is the last being executed on force_filtered_html_on_import.
* If the input of the filter is true it means we are in an import situation and should
* enable kses, independently of the user capabilities.
* So in that case we call _wp_footnotes_kses_init_filters;
*
* @access private
* @since 6.3.2
*
* @param string $arg Input argument of the filter.
* @return string Input argument of the filter.
*/
function _wp_footnotes_force_filtered_html_on_import_filter( $arg ) {
// force_filtered_html_on_import is true we need to init the global styles kses filters.
if ( $arg ) {
_wp_footnotes_kses_init_filters();
}
return $arg;
}