WPCOM_JSON_API_Update_Post_Endpoint

The Jetpack by WordPress.com WPCOM JSON API Update Post Endpoint class.

Defined (1)

The class is defined in the following location(s).

/json-endpoints/class.wpcom-json-api-update-post-endpoint.php  
  1. class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint { 
  2. function __construct( $args ) { 
  3. parent::__construct( $args ); 
  4. if ( $this->api->ends_with( $this->path, '/delete' ) ) { 
  5. $this->post_object_format['status']['deleted'] = 'The post has been deleted permanently.'; 
  6.  
  7. // /sites/%s/posts/new -> $blog_id 
  8. // /sites/%s/posts/%d -> $blog_id, $post_id 
  9. // /sites/%s/posts/%d/delete -> $blog_id, $post_id 
  10. // /sites/%s/posts/%d/restore -> $blog_id, $post_id 
  11. function callback( $path = '', $blog_id = 0, $post_id = 0 ) { 
  12. $blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) ); 
  13. if ( is_wp_error( $blog_id ) ) { 
  14. return $blog_id; 
  15.  
  16. if ( $this->api->ends_with( $path, '/delete' ) ) { 
  17. return $this->delete_post( $path, $blog_id, $post_id ); 
  18. } elseif ( $this->api->ends_with( $path, '/restore' ) ) { 
  19. return $this->restore_post( $path, $blog_id, $post_id ); 
  20. } else { 
  21. return $this->write_post( $path, $blog_id, $post_id ); 
  22.  
  23. // /sites/%s/posts/new -> $blog_id 
  24. // /sites/%s/posts/%d -> $blog_id, $post_id 
  25. function write_post( $path, $blog_id, $post_id ) { 
  26. $new = $this->api->ends_with( $path, '/new' ); 
  27. $args = $this->query_args(); 
  28.  
  29. // unhook publicize, it's hooked again later -- without this, skipping services is impossible 
  30. if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { 
  31. remove_action( 'save_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ), 100, 2 ); 
  32. add_action( 'rest_api_inserted_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ) ); 
  33.  
  34. if ( $new ) { 
  35. $input = $this->input( true ); 
  36.  
  37. if ( 'revision' === $input['type'] ) { 
  38. if ( ! isset( $input['parent'] ) ) { 
  39. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  40. $input['status'] = 'inherit'; // force inherit for revision type 
  41. $input['slug'] = $input['parent'] . '-autosave-v1'; 
  42. elseif ( !isset( $input['title'] ) && !isset( $input['content'] ) && !isset( $input['excerpt'] ) ) { 
  43. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  44.  
  45. // default to post 
  46. if ( empty( $input['type'] ) ) 
  47. $input['type'] = 'post'; 
  48.  
  49. $post_type = get_post_type_object( $input['type'] ); 
  50.  
  51. if ( ! $this->is_post_type_allowed( $input['type'] ) ) { 
  52. return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 ); 
  53.  
  54. if ( ! empty( $input['author'] ) ) { 
  55. $author_id = $this->parse_and_set_author( $input['author'], $input['type'] ); 
  56. unset( $input['author'] ); 
  57. if ( is_wp_error( $author_id ) ) 
  58. return $author_id; 
  59.  
  60. if ( 'publish' === $input['status'] ) { 
  61. if ( ! current_user_can( $post_type->cap->publish_posts ) ) { 
  62. if ( current_user_can( $post_type->cap->edit_posts ) ) { 
  63. $input['status'] = 'pending'; 
  64. } else { 
  65. return new WP_Error( 'unauthorized', 'User cannot publish posts', 403 ); 
  66. } else { 
  67. if ( !current_user_can( $post_type->cap->edit_posts ) ) { 
  68. return new WP_Error( 'unauthorized', 'User cannot edit posts', 403 ); 
  69. } else { 
  70. $input = $this->input( false ); 
  71.  
  72. if ( !is_array( $input ) || !$input ) { 
  73. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  74.  
  75. $post = get_post( $post_id ); 
  76. $_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type; 
  77. $post_type = get_post_type_object( $_post_type ); 
  78. if ( !$post || is_wp_error( $post ) ) { 
  79. return new WP_Error( 'unknown_post', 'Unknown post', 404 ); 
  80.  
  81. if ( !current_user_can( 'edit_post', $post->ID ) ) { 
  82. return new WP_Error( 'unauthorized', 'User cannot edit post', 403 ); 
  83.  
  84. if ( ! empty( $input['author'] ) ) { 
  85. $author_id = $this->parse_and_set_author( $input['author'], $_post_type ); 
  86. unset( $input['author'] ); 
  87. if ( is_wp_error( $author_id ) ) 
  88. return $author_id; 
  89.  
  90. if ( ( isset( $input['status'] ) && 'publish' === $input['status'] ) && 'publish' !== $post->post_status && !current_user_can( 'publish_post', $post->ID ) ) { 
  91. $input['status'] = 'pending'; 
  92. $last_status = $post->post_status; 
  93. $new_status = isset( $input['status'] ) ? $input['status'] : $last_status; 
  94.  
  95. // Make sure that drafts get the current date when transitioning to publish if not supplied in the post. 
  96. $date_in_past = ( strtotime($post->post_date_gmt) < time() ); 
  97. if ( 'publish' === $new_status && 'draft' === $last_status && ! isset( $input['date_gmt'] ) && $date_in_past ) { 
  98. $input['date_gmt'] = gmdate( 'Y-m-d H:i:s' ); 
  99.  
  100. // If date is set, $this->input will set date_gmt, date still needs to be adjusted for the blog's offset 
  101. if ( isset( $input['date_gmt'] ) ) { 
  102. $gmt_offset = get_option( 'gmt_offset' ); 
  103. $time_with_offset = strtotime( $input['date_gmt'] ) + $gmt_offset * HOUR_IN_SECONDS; 
  104. $input['date'] = date( 'Y-m-d H:i:s', $time_with_offset ); 
  105.  
  106. if ( ! empty( $author_id ) && get_current_user_id() != $author_id ) { 
  107. if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { 
  108. return new WP_Error( 'unauthorized', "User is not allowed to publish others' posts.", 403 ); 
  109. } elseif ( ! user_can( $author_id, $post_type->cap->edit_posts ) ) { 
  110. return new WP_Error( 'unauthorized', 'Assigned author cannot publish post.', 403 ); 
  111.  
  112. if ( !is_post_type_hierarchical( $post_type->name ) && 'revision' !== $post_type->name ) { 
  113. unset( $input['parent'] ); 
  114.  
  115. $tax_input = array(); 
  116.  
  117. foreach ( array( 'categories' => 'category', 'tags' => 'post_tag' ) as $key => $taxonomy ) { 
  118. if ( ! isset( $input[ $key ] ) ) { 
  119. continue; 
  120.  
  121. $tax_input[ $taxonomy ] = array(); 
  122.  
  123. $is_hierarchical = is_taxonomy_hierarchical( $taxonomy ); 
  124.  
  125. if ( is_array( $input[$key] ) ) { 
  126. $terms = $input[$key]; 
  127. } else { 
  128. $terms = explode( ', ', $input[$key] ); 
  129.  
  130. foreach ( $terms as $term ) { 
  131. /** 
  132. * `curl --data 'category[]=123'` should be interpreted as a category ID,  
  133. * not a category whose name is '123'. 
  134. * Consequence: To add a category/tag whose name is '123', the client must 
  135. * first look up its ID. 
  136. */ 
  137. if ( ctype_digit( $term ) ) { 
  138. $term = (int) $term; 
  139.  
  140. $term_info = term_exists( $term, $taxonomy ); 
  141.  
  142. if ( ! $term_info ) { 
  143. // A term ID that doesn't already exist. Ignore it: we don't know what name to give it. 
  144. if ( is_int( $term ) ) { 
  145. continue; 
  146. // only add a new tag/cat if the user has access to 
  147. $tax = get_taxonomy( $taxonomy ); 
  148. if ( !current_user_can( $tax->cap->edit_terms ) ) { 
  149. continue; 
  150.  
  151. $term_info = wp_insert_term( $term, $taxonomy ); 
  152.  
  153. if ( ! is_wp_error( $term_info ) ) { 
  154. if ( $is_hierarchical ) { 
  155. // Categories must be added by ID 
  156. $tax_input[$taxonomy][] = (int) $term_info['term_id']; 
  157. } else { 
  158. // Tags must be added by name 
  159. if ( is_int( $term ) ) { 
  160. $term = get_term( $term, $taxonomy ); 
  161. $tax_input[$taxonomy][] = $term->name; 
  162. } else { 
  163. $tax_input[$taxonomy][] = $term; 
  164.  
  165. if ( isset( $input['categories'] ) && empty( $tax_input['category'] ) && 'revision' !== $post_type->name ) { 
  166. $tax_input['category'][] = get_option( 'default_category' ); 
  167.  
  168. unset( $input['tags'], $input['categories'] ); 
  169.  
  170. $insert = array(); 
  171.  
  172. if ( !empty( $input['slug'] ) ) { 
  173. $insert['post_name'] = $input['slug']; 
  174. unset( $input['slug'] ); 
  175.  
  176. if ( isset( $input['comments_open'] ) ) { 
  177. $insert['comment_status'] = ( true === $input['comments_open'] ) ? 'open' : 'closed'; 
  178.  
  179. if ( isset( $input['pings_open'] ) ) { 
  180. $insert['ping_status'] = ( true === $input['pings_open'] ) ? 'open' : 'closed'; 
  181.  
  182. unset( $input['comments_open'], $input['pings_open'] ); 
  183.  
  184. if ( isset( $input['menu_order'] ) ) { 
  185. $insert['menu_order'] = $input['menu_order']; 
  186. unset( $input['menu_order'] ); 
  187.  
  188. $publicize = isset( $input['publicize'] ) ? $input['publicize'] : null; 
  189. unset( $input['publicize'] ); 
  190.  
  191. $publicize_custom_message = isset( $input['publicize_message'] ) ? $input['publicize_message'] : null; 
  192. unset( $input['publicize_message'] ); 
  193.  
  194. if ( isset( $input['featured_image'] ) ) { 
  195. $featured_image = trim( $input['featured_image'] ); 
  196. $delete_featured_image = empty( $featured_image ); 
  197. unset( $input['featured_image'] ); 
  198.  
  199. $metadata = isset( $input['metadata'] ) ? $input['metadata'] : null; 
  200. unset( $input['metadata'] ); 
  201.  
  202. $likes = isset( $input['likes_enabled'] ) ? $input['likes_enabled'] : null; 
  203. unset( $input['likes_enabled'] ); 
  204.  
  205. $sharing = isset( $input['sharing_enabled'] ) ? $input['sharing_enabled'] : null; 
  206. unset( $input['sharing_enabled'] ); 
  207.  
  208. $sticky = isset( $input['sticky'] ) ? $input['sticky'] : null; 
  209. unset( $input['sticky'] ); 
  210.  
  211. foreach ( $input as $key => $value ) { 
  212. $insert["post_$key"] = $value; 
  213.  
  214. if ( ! empty( $author_id ) ) { 
  215. $insert['post_author'] = absint( $author_id ); 
  216.  
  217. if ( ! empty( $tax_input ) ) { 
  218. $insert['tax_input'] = $tax_input; 
  219.  
  220. $has_media = isset( $input['media'] ) && $input['media'] ? count( $input['media'] ) : false; 
  221. $has_media_by_url = isset( $input['media_urls'] ) && $input['media_urls'] ? count( $input['media_urls'] ) : false; 
  222.  
  223. if ( $new ) { 
  224.  
  225. if ( isset( $input['content'] ) && ! has_shortcode( $input['content'], 'gallery' ) && ( $has_media || $has_media_by_url ) ) { 
  226. switch ( ( $has_media + $has_media_by_url ) ) { 
  227. case 0 : 
  228. // No images - do nothing. 
  229. break; 
  230. case 1 : 
  231. // 1 image - make it big 
  232. $insert['post_content'] = $input['content'] = "[gallery size=full columns=1]\n\n" . $input['content']; 
  233. break; 
  234. default : 
  235. // Several images - 3 column gallery 
  236. $insert['post_content'] = $input['content'] = "[gallery]\n\n" . $input['content']; 
  237. break; 
  238.  
  239. $post_id = wp_insert_post( add_magic_quotes( $insert ), true ); 
  240. } else { 
  241. $insert['ID'] = $post->ID; 
  242.  
  243. // wp_update_post ignores date unless edit_date is set 
  244. // See: http://codex.wordpress.org/Function_Reference/wp_update_post#Scheduling_posts 
  245. // See: https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/post.php#L3302 
  246. if ( isset( $input['date_gmt'] ) || isset( $input['date'] ) ) { 
  247. $insert['edit_date'] = true; 
  248.  
  249. $post_id = wp_update_post( (object) $insert ); 
  250.  
  251.  
  252. if ( !$post_id || is_wp_error( $post_id ) ) { 
  253. return $post_id; 
  254.  
  255. // make sure this post actually exists and is not an error of some kind (ie, trying to load media in the posts endpoint) 
  256. $post_check = $this->get_post_by( 'ID', $post_id, $args['context'] ); 
  257. if ( is_wp_error( $post_check ) ) { 
  258. return $post_check; 
  259.  
  260. if ( $has_media ) { 
  261. $this->api->trap_wp_die( 'upload_error' ); 
  262. foreach ( $input['media'] as $media_item ) { 
  263. $_FILES['.api.media.item.'] = $media_item; 
  264. // check for WP_Error if we ever actually need $media_id 
  265. $media_id = media_handle_upload( '.api.media.item.', $post_id ); 
  266. $this->api->trap_wp_die( null ); 
  267.  
  268. unset( $_FILES['.api.media.item.'] ); 
  269.  
  270. if ( $has_media_by_url ) { 
  271. foreach ( $input['media_urls'] as $url ) { 
  272. $this->handle_media_sideload( $url, $post_id ); 
  273.  
  274. // Set like status for the post 
  275. /** This filter is documented in modules/likes.php */ 
  276. $sitewide_likes_enabled = (bool) apply_filters( 'wpl_is_enabled_sitewide', ! get_option( 'disabled_likes' ) ); 
  277. if ( $new ) { 
  278. if ( $sitewide_likes_enabled ) { 
  279. if ( false === $likes ) { 
  280. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  281. } else { 
  282. delete_post_meta( $post_id, 'switch_like_status' ); 
  283. } else { 
  284. if ( $likes ) { 
  285. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  286. } else { 
  287. delete_post_meta( $post_id, 'switch_like_status' ); 
  288. } else { 
  289. if ( isset( $likes ) ) { 
  290. if ( $sitewide_likes_enabled ) { 
  291. if ( false === $likes ) { 
  292. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  293. } else { 
  294. delete_post_meta( $post_id, 'switch_like_status' ); 
  295. } else { 
  296. if ( true === $likes ) { 
  297. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  298. } else { 
  299. delete_post_meta( $post_id, 'switch_like_status' ); 
  300.  
  301. // Set sharing status of the post 
  302. if ( $new ) { 
  303. $sharing_enabled = isset( $sharing ) ? (bool) $sharing : true; 
  304. if ( false === $sharing_enabled ) { 
  305. update_post_meta( $post_id, 'sharing_disabled', 1 ); 
  306. else { 
  307. if ( isset( $sharing ) && true === $sharing ) { 
  308. delete_post_meta( $post_id, 'sharing_disabled' ); 
  309. } else if ( isset( $sharing ) && false == $sharing ) { 
  310. update_post_meta( $post_id, 'sharing_disabled', 1 ); 
  311.  
  312. if ( isset( $sticky ) ) { 
  313. if ( true === $sticky ) { 
  314. stick_post( $post_id ); 
  315. } else { 
  316. unstick_post( $post_id ); 
  317.  
  318. // WPCOM Specific (Jetpack's will get bumped elsewhere 
  319. // Tracks how many posts are published and sets meta 
  320. // so we can track some other cool stats (like likes & comments on posts published) 
  321. if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { 
  322. if ( 
  323. ( $new && 'publish' == $input['status'] ) 
  324. || ( 
  325. ! $new && isset( $last_status ) 
  326. && 'publish' != $last_status 
  327. && isset( $new_status ) 
  328. && 'publish' == $new_status 
  329. ) { 
  330. /** This action is documented in modules/widgets/social-media-icons.php */ 
  331. do_action( 'jetpack_bump_stats_extras', 'api-insights-posts', $this->api->token_details['client_id'] ); 
  332. update_post_meta( $post_id, '_rest_api_published', 1 ); 
  333. update_post_meta( $post_id, '_rest_api_client_id', $this->api->token_details['client_id'] ); 
  334.  
  335.  
  336. // We ask the user/dev to pass Publicize services he/she wants activated for the post, but Publicize expects us 
  337. // to instead flag the ones we don't want to be skipped. proceed with said logic. 
  338. // any posts coming from Path (client ID 25952) should also not publicize 
  339. if ( $publicize === false || ( isset( $this->api->token_details['client_id'] ) && 25952 == $this->api->token_details['client_id'] ) ) { 
  340. // No publicize at all, skip all by ID 
  341. foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) { 
  342. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name ); 
  343. $service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name ); 
  344. if ( ! $service_connections ) { 
  345. continue; 
  346. foreach ( $service_connections as $service_connection ) { 
  347. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); 
  348. } else if ( is_array( $publicize ) && ( count ( $publicize ) > 0 ) ) { 
  349. foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) { 
  350. /** 
  351. * We support both indexed and associative arrays: 
  352. * * indexed are to pass entire services 
  353. * * associative are to pass specific connections per service 
  354. * We do support mixed arrays: mixed integer and string keys (see 3rd example below). 
  355. * EG: array( 'twitter', 'facebook') will only publicize to those, ignoring the other available services 
  356. * Form data: publicize[]=twitter&publicize[]=facebook 
  357. * EG: array( 'twitter' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3', 'facebook' => (int) $pub_conn_id_7 ) will publicize to two Twitter accounts, and one Facebook connection, of potentially many. 
  358. * Form data: publicize[twitter]=$pub_conn_id_0, $pub_conn_id_3&publicize[facebook]=$pub_conn_id_7 
  359. * EG: array( 'twitter', 'facebook' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3' ) will publicize to all available Twitter accounts, but only 2 of potentially many Facebook connections 
  360. * Form data: publicize[]=twitter&publicize[facebook]=$pub_conn_id_0, $pub_conn_id_3 
  361. */ 
  362.  
  363. // Delete any stale SKIP value for the service by name. We'll add it back by ID. 
  364. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name ); 
  365.  
  366. // Get the user's connections 
  367. $service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name ); 
  368.  
  369. // if the user doesn't have any connections for this service, move on 
  370. if ( ! $service_connections ) { 
  371. continue; 
  372.  
  373. if ( !in_array( $name, $publicize ) && !array_key_exists( $name, $publicize ) ) { 
  374. // Skip the whole service by adding each connection ID 
  375. foreach ( $service_connections as $service_connection ) { 
  376. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); 
  377. } else if ( !empty( $publicize[ $name ] ) ) { 
  378. // Seems we're being asked to only push to [a] specific connection[s]. 
  379. // Explode the list on commas, which will also support a single passed ID 
  380. $requested_connections = explode( ', ', ( preg_replace( '/[\s]*/', '', $publicize[ $name ] ) ) ); 
  381. // Flag the connections we can't match with the requested list to be skipped. 
  382. foreach ( $service_connections as $service_connection ) { 
  383. if ( !in_array( $service_connection->meta['connection_data']->id, $requested_connections ) ) { 
  384. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); 
  385. } else { 
  386. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id ); 
  387. } else { 
  388. // delete all SKIP values; it's okay to publish to all connected IDs for this service 
  389. foreach ( $service_connections as $service_connection ) { 
  390. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id ); 
  391.  
  392. if ( ! is_null( $publicize_custom_message ) ) { 
  393. if ( empty( $publicize_custom_message ) ) { 
  394. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS ); 
  395. } else { 
  396. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS, trim( $publicize_custom_message ) ); 
  397.  
  398. if ( ! empty( $insert['post_format'] ) ) { 
  399. if ( 'default' !== strtolower( $insert['post_format'] ) ) { 
  400. set_post_format( $post_id, $insert['post_format'] ); 
  401. else { 
  402. set_post_format( $post_id, get_option( 'default_post_format' ) ); 
  403.  
  404. if ( isset( $featured_image ) ) { 
  405. $this->parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image ); 
  406.  
  407. if ( ! empty( $metadata ) ) { 
  408. foreach ( (array) $metadata as $meta ) { 
  409.  
  410. $meta = (object) $meta; 
  411.  
  412. $existing_meta_item = new stdClass; 
  413.  
  414. if ( empty( $meta->operation ) ) 
  415. $meta->operation = 'update'; 
  416.  
  417. if ( ! empty( $meta->value ) ) { 
  418. if ( 'true' == $meta->value ) 
  419. $meta->value = true; 
  420. if ( 'false' == $meta->value ) 
  421. $meta->value = false; 
  422.  
  423. if ( ! empty( $meta->id ) ) { 
  424. $meta->id = absint( $meta->id ); 
  425. $existing_meta_item = get_metadata_by_mid( 'post', $meta->id ); 
  426.  
  427. $unslashed_meta_key = wp_unslash( $meta->key ); // should match what the final key will be 
  428. $meta->key = wp_slash( $meta->key ); 
  429. $unslashed_existing_meta_key = wp_unslash( $existing_meta_item->meta_key ); 
  430. $existing_meta_item->meta_key = wp_slash( $existing_meta_item->meta_key ); 
  431.  
  432. // make sure that the meta id passed matches the existing meta key 
  433. if ( ! empty( $meta->id ) && ! empty( $meta->key ) ) { 
  434. $meta_by_id = get_metadata_by_mid( 'post', $meta->id ); 
  435. if ( $meta_by_id->meta_key !== $meta->key ) { 
  436. continue; // skip this meta 
  437.  
  438. switch ( $meta->operation ) { 
  439. case 'delete': 
  440.  
  441. if ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_existing_meta_key ) ) { 
  442. delete_metadata_by_mid( 'post', $meta->id ); 
  443. } elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) { 
  444. delete_post_meta( $post_id, $meta->key, $meta->previous_value ); 
  445. } elseif ( ! empty( $meta->key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) { 
  446. delete_post_meta( $post_id, $meta->key ); 
  447.  
  448. break; 
  449. case 'add': 
  450.  
  451. if ( ! empty( $meta->id ) || ! empty( $meta->previous_value ) ) { 
  452. continue; 
  453. } elseif ( ! empty( $meta->key ) && ! empty( $meta->value ) && ( current_user_can( 'add_post_meta', $post_id, $unslashed_meta_key ) ) || $this->is_metadata_public( $meta->key ) ) { 
  454. add_post_meta( $post_id, $meta->key, $meta->value ); 
  455.  
  456. break; 
  457. case 'update': 
  458.  
  459. if ( ! isset( $meta->value ) ) { 
  460. continue; 
  461. } elseif ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_existing_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) { 
  462. update_metadata_by_mid( 'post', $meta->id, $meta->value ); 
  463. } elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) { 
  464. update_post_meta( $post_id, $meta->key, $meta->value, $meta->previous_value ); 
  465. } elseif ( ! empty( $meta->key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) { 
  466. update_post_meta( $post_id, $meta->key, $meta->value ); 
  467.  
  468. break; 
  469.  
  470.  
  471. /** 
  472. * Fires when a post is created via the REST API. 
  473. * @module json-api 
  474. * @since 2.3.0 
  475. * @param int $post_id Post ID. 
  476. * @param array $insert Data used to build the post. 
  477. * @param string $new New post URL suffix. 
  478. */ 
  479. do_action( 'rest_api_inserted_post', $post_id, $insert, $new ); 
  480.  
  481. $return = $this->get_post_by( 'ID', $post_id, $args['context'] ); 
  482. if ( !$return || is_wp_error( $return ) ) { 
  483. return $return; 
  484.  
  485. if ( isset( $input['type'] ) && 'revision' === $input['type'] ) { 
  486. $return['preview_nonce'] = wp_create_nonce( 'post_preview_' . $input['parent'] ); 
  487.  
  488. if ( isset( $sticky ) ) { 
  489. // workaround for sticky test occasionally failing, maybe a race condition with stick_post() above 
  490. $return['sticky'] = ( true === $sticky ); 
  491.  
  492. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  493. do_action( 'wpcom_json_api_objects', 'posts' ); 
  494.  
  495. return $return; 
  496.  
  497. // /sites/%s/posts/%d/delete -> $blog_id, $post_id 
  498. function delete_post( $path, $blog_id, $post_id ) { 
  499. $post = get_post( $post_id ); 
  500. if ( !$post || is_wp_error( $post ) ) { 
  501. return new WP_Error( 'unknown_post', 'Unknown post', 404 ); 
  502.  
  503. if ( ! $this->is_post_type_allowed( $post->post_type ) ) { 
  504. return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 ); 
  505.  
  506. if ( !current_user_can( 'delete_post', $post->ID ) ) { 
  507. return new WP_Error( 'unauthorized', 'User cannot delete posts', 403 ); 
  508.  
  509. $args = $this->query_args(); 
  510. $return = $this->get_post_by( 'ID', $post->ID, $args['context'] ); 
  511. if ( !$return || is_wp_error( $return ) ) { 
  512. return $return; 
  513.  
  514. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  515. do_action( 'wpcom_json_api_objects', 'posts' ); 
  516.  
  517. wp_delete_post( $post->ID ); 
  518.  
  519. $status = get_post_status( $post->ID ); 
  520. if ( false === $status ) { 
  521. $return['status'] = 'deleted'; 
  522. return $return; 
  523.  
  524. return $this->get_post_by( 'ID', $post->ID, $args['context'] ); 
  525.  
  526. // /sites/%s/posts/%d/restore -> $blog_id, $post_id 
  527. function restore_post( $path, $blog_id, $post_id ) { 
  528. $args = $this->query_args(); 
  529. $post = get_post( $post_id ); 
  530.  
  531. if ( !$post || is_wp_error( $post ) ) { 
  532. return new WP_Error( 'unknown_post', 'Unknown post', 404 ); 
  533.  
  534. if ( !current_user_can( 'delete_post', $post->ID ) ) { 
  535. return new WP_Error( 'unauthorized', 'User cannot restore trashed posts', 403 ); 
  536.  
  537. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  538. do_action( 'wpcom_json_api_objects', 'posts' ); 
  539.  
  540. wp_untrash_post( $post->ID ); 
  541.  
  542. return $this->get_post_by( 'ID', $post->ID, $args['context'] ); 
  543.  
  544. private function parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image ) { 
  545. if ( $delete_featured_image ) { 
  546. delete_post_thumbnail( $post_id ); 
  547. return; 
  548.  
  549. $featured_image = (string) $featured_image; 
  550.  
  551. // if we got a post ID, we can just set it as the thumbnail 
  552. if ( ctype_digit( $featured_image ) && 'attachment' == get_post_type( $featured_image ) ) { 
  553. set_post_thumbnail( $post_id, $featured_image ); 
  554. return $featured_image; 
  555.  
  556. $featured_image_id = $this->handle_media_sideload( $featured_image, $post_id ); 
  557.  
  558. if ( empty( $featured_image_id ) || ! is_int( $featured_image_id ) ) 
  559. return false; 
  560.  
  561. set_post_thumbnail( $post_id, $featured_image_id ); 
  562. return $featured_image_id; 
  563.  
  564. private function parse_and_set_author( $author = null, $post_type = 'post' ) { 
  565. if ( empty( $author ) || ! post_type_supports( $post_type, 'author' ) ) 
  566. return get_current_user_id(); 
  567.  
  568. if ( ctype_digit( $author ) ) { 
  569. $_user = get_user_by( 'id', $author ); 
  570. if ( ! $_user || is_wp_error( $_user ) ) 
  571. return new WP_Error( 'invalid_author', 'Invalid author provided' ); 
  572.  
  573. return $_user->ID; 
  574.  
  575. $_user = get_user_by( 'login', $author ); 
  576. if ( ! $_user || is_wp_error( $_user ) ) 
  577. return new WP_Error( 'invalid_author', 'Invalid author provided' ); 
  578.  
  579. return $_user->ID;