WPCOM_JSON_API_Update_Post_v1_2_Endpoint

The Jetpack by WordPress.com WPCOM JSON API Update Post v1 2 Endpoint class.

Defined (1)

The class is defined in the following location(s).

/json-endpoints/class.wpcom-json-api-update-post-v1-2-endpoint.php  
  1. class WPCOM_JSON_API_Update_Post_v1_2_Endpoint extends WPCOM_JSON_API_Update_Post_v1_1_Endpoint { 
  2.  
  3. // /sites/%s/posts/new -> $blog_id 
  4. // /sites/%s/posts/%d -> $blog_id, $post_id 
  5. function write_post( $path, $blog_id, $post_id ) { 
  6. $new = $this->api->ends_with( $path, '/new' ); 
  7. $args = $this->query_args(); 
  8.  
  9. // unhook publicize, it's hooked again later -- without this, skipping services is impossible 
  10. if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { 
  11. remove_action( 'save_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ), 100, 2 ); 
  12. add_action( 'rest_api_inserted_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ) ); 
  13.  
  14. // 'future' is an alias for 'publish' for now 
  15. if ( isset( $input['status'] ) && 'future' === $input['status'] ) { 
  16. $input['status'] = 'publish'; 
  17.  
  18. if ( $new ) { 
  19. $input = $this->input( true ); 
  20.  
  21. if ( 'revision' === $input['type'] ) { 
  22. if ( ! isset( $input['parent'] ) ) { 
  23. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  24. $input['status'] = 'inherit'; // force inherit for revision type 
  25. $input['slug'] = $input['parent'] . '-autosave-v1'; 
  26. elseif ( !isset( $input['title'] ) && !isset( $input['content'] ) && !isset( $input['excerpt'] ) ) { 
  27. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  28.  
  29. // default to post 
  30. if ( empty( $input['type'] ) ) 
  31. $input['type'] = 'post'; 
  32.  
  33. $post_type = get_post_type_object( $input['type'] ); 
  34.  
  35. if ( ! $this->is_post_type_allowed( $input['type'] ) ) { 
  36. return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 ); 
  37.  
  38. if ( ! empty( $input['author'] ) ) { 
  39. $author_id = parent::parse_and_set_author( $input['author'], $input['type'] ); 
  40. unset( $input['author'] ); 
  41. if ( is_wp_error( $author_id ) ) 
  42. return $author_id; 
  43.  
  44. if ( 'publish' === $input['status'] ) { 
  45. if ( ! current_user_can( $post_type->cap->publish_posts ) ) { 
  46. if ( current_user_can( $post_type->cap->edit_posts ) ) { 
  47. $input['status'] = 'pending'; 
  48. } else { 
  49. return new WP_Error( 'unauthorized', 'User cannot publish posts', 403 ); 
  50. } else { 
  51. if ( !current_user_can( $post_type->cap->edit_posts ) ) { 
  52. return new WP_Error( 'unauthorized', 'User cannot edit posts', 403 ); 
  53. } else { 
  54. $input = $this->input( false ); 
  55.  
  56. if ( !is_array( $input ) || !$input ) { 
  57. return new WP_Error( 'invalid_input', 'Invalid request input', 400 ); 
  58.  
  59. $post = get_post( $post_id ); 
  60. $_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type; 
  61. $post_type = get_post_type_object( $_post_type ); 
  62. if ( !$post || is_wp_error( $post ) ) { 
  63. return new WP_Error( 'unknown_post', 'Unknown post', 404 ); 
  64.  
  65. if ( !current_user_can( 'edit_post', $post->ID ) ) { 
  66. return new WP_Error( 'unauthorized', 'User cannot edit post', 403 ); 
  67.  
  68. if ( ! empty( $input['author'] ) ) { 
  69. $author_id = parent::parse_and_set_author( $input['author'], $_post_type ); 
  70. unset( $input['author'] ); 
  71. if ( is_wp_error( $author_id ) ) 
  72. return $author_id; 
  73.  
  74. if ( ( isset( $input['status'] ) && 'publish' === $input['status'] ) && 'publish' !== $post->post_status && !current_user_can( 'publish_post', $post->ID ) ) { 
  75. $input['status'] = 'pending'; 
  76. $last_status = $post->post_status; 
  77. $new_status = isset( $input['status'] ) ? $input['status'] : $last_status; 
  78.  
  79. // Make sure that drafts get the current date when transitioning to publish if not supplied in the post. 
  80. $date_in_past = ( strtotime($post->post_date_gmt) < time() ); 
  81. if ( 'publish' === $new_status && 'draft' === $last_status && ! isset( $input['date_gmt'] ) && $date_in_past ) { 
  82. $input['date_gmt'] = gmdate( 'Y-m-d H:i:s' ); 
  83.  
  84. // If date is set, $this->input will set date_gmt, date still needs to be adjusted for the blog's offset 
  85. if ( isset( $input['date_gmt'] ) ) { 
  86. $gmt_offset = get_option( 'gmt_offset' ); 
  87. $time_with_offset = strtotime( $input['date_gmt'] ) + $gmt_offset * HOUR_IN_SECONDS; 
  88. $input['date'] = date( 'Y-m-d H:i:s', $time_with_offset ); 
  89.  
  90. if ( ! empty( $author_id ) && get_current_user_id() != $author_id ) { 
  91. if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) { 
  92. return new WP_Error( 'unauthorized', "User is not allowed to publish others' posts.", 403 ); 
  93. } elseif ( ! user_can( $author_id, $post_type->cap->edit_posts ) ) { 
  94. return new WP_Error( 'unauthorized', 'Assigned author cannot publish post.', 403 ); 
  95.  
  96. if ( !is_post_type_hierarchical( $post_type->name ) && 'revision' !== $post_type->name ) { 
  97. unset( $input['parent'] ); 
  98.  
  99. /** add taxonomies by name */ 
  100. $tax_input = array(); 
  101. foreach ( array( 'categories' => 'category', 'tags' => 'post_tag' ) as $key => $taxonomy ) { 
  102. if ( ! isset( $input[ $key ] ) ) { 
  103. continue; 
  104.  
  105. $tax_input[ $taxonomy ] = array(); 
  106.  
  107. $is_hierarchical = is_taxonomy_hierarchical( $taxonomy ); 
  108.  
  109. if ( is_array( $input[$key] ) ) { 
  110. $terms = $input[$key]; 
  111. } else { 
  112. $terms = explode( ', ', $input[$key] ); 
  113.  
  114. foreach ( $terms as $term ) { 
  115. /** 
  116. * We assume these are names, not IDs, even if they are numeric. 
  117. * Note: A category named "0" will not work right. 
  118. * https://core.trac.wordpress.org/ticket/9059 
  119. */ 
  120. $term_info = get_term_by( 'name', $term, $taxonomy, ARRAY_A ); 
  121.  
  122. if ( ! $term_info ) { 
  123. // only add a new tag/cat if the user has access to 
  124. $tax = get_taxonomy( $taxonomy ); 
  125. if ( ! current_user_can( $tax->cap->edit_terms ) ) { 
  126. continue; 
  127.  
  128. $term_info = wp_insert_term( $term, $taxonomy ); 
  129.  
  130. if ( ! is_wp_error( $term_info ) ) { 
  131. if ( $is_hierarchical ) { 
  132. // Categories must be added by ID 
  133. $tax_input[$taxonomy][] = (int) $term_info['term_id']; 
  134. } else { 
  135. // Tags must be added by name 
  136. $tax_input[$taxonomy][] = $term; 
  137.  
  138. /** add taxonomies by ID */ 
  139. foreach ( array( 'categories_by_id' => 'category', 'tags_by_id' => 'post_tag' ) as $key => $taxonomy ) { 
  140. if ( ! isset( $input[ $key ] ) ) { 
  141. continue; 
  142.  
  143. // combine with any previous selections 
  144. if ( ! isset( $tax_input[ $taxonomy ] ) || ! is_array( $tax_input[ $taxonomy ] ) ) { 
  145. $tax_input[ $taxonomy ] = array(); 
  146.  
  147. $is_hierarchical = is_taxonomy_hierarchical( $taxonomy ); 
  148.  
  149. if ( is_array( $input[$key] ) ) { 
  150. $terms = $input[$key]; 
  151. } else { 
  152. $terms = explode( ', ', $input[$key] ); 
  153.  
  154. foreach ( $terms as $term ) { 
  155. if ( ! ctype_digit( $term ) ) { 
  156. // skip anything that doesn't look like an ID 
  157. continue; 
  158. $term = (int) $term; 
  159. $term_info = get_term_by( 'id', $term, $taxonomy, ARRAY_A ); 
  160.  
  161. if ( $term_info && ! is_wp_error( $term_info ) ) { 
  162. if ( $is_hierarchical ) { 
  163. // Categories must be added by ID 
  164. $tax_input[$taxonomy][] = $term; 
  165. } else { 
  166. // Tags must be added by name 
  167. $tax_input[$taxonomy][] = $term_info['name']; 
  168.  
  169. if ( ( isset( $input['categories'] ) || isset( $input['categories_by_id'] ) ) 
  170. && empty( $tax_input['category'] ) && 'revision' !== $post_type->name ) { 
  171. $tax_input['category'][] = get_option( 'default_category' ); 
  172.  
  173. unset( $input['tags'], $input['categories'], $input['tags_by_id'], $input['categories_by_id'] ); 
  174.  
  175. $insert = array(); 
  176.  
  177. if ( !empty( $input['slug'] ) ) { 
  178. $insert['post_name'] = $input['slug']; 
  179. unset( $input['slug'] ); 
  180.  
  181. if ( isset( $input['discussion'] ) ) { 
  182. $discussion = (array) $input['discussion']; 
  183. foreach ( array( 'comment', 'ping' ) as $discussion_type ) { 
  184. $discussion_open = sprintf( '%ss_open', $discussion_type ); 
  185. $discussion_status = sprintf( '%s_status', $discussion_type ); 
  186.  
  187. if ( isset( $discussion[ $discussion_open ] ) ) { 
  188. $is_open = WPCOM_JSON_API::is_truthy( $discussion[ $discussion_open ] ); 
  189. $discussion[ $discussion_status ] = $is_open ? 'open' : 'closed'; 
  190.  
  191. if ( in_array( $discussion[ $discussion_status ], array( 'open', 'closed' ) ) ) { 
  192. $insert[ $discussion_status ] = $discussion[ $discussion_status ]; 
  193.  
  194. unset( $input['discussion'] ); 
  195.  
  196. if ( isset( $input['menu_order'] ) ) { 
  197. $insert['menu_order'] = $input['menu_order']; 
  198. unset( $input['menu_order'] ); 
  199.  
  200. $publicize = isset( $input['publicize'] ) ? $input['publicize'] : null; 
  201. unset( $input['publicize'] ); 
  202.  
  203. $publicize_custom_message = isset( $input['publicize_message'] ) ? $input['publicize_message'] : null; 
  204. unset( $input['publicize_message'] ); 
  205.  
  206. if ( isset( $input['featured_image'] ) ) { 
  207. $featured_image = trim( $input['featured_image'] ); 
  208. $delete_featured_image = empty( $featured_image ); 
  209. unset( $input['featured_image'] ); 
  210.  
  211. $metadata = isset( $input['metadata'] ) ? $input['metadata'] : null; 
  212. unset( $input['metadata'] ); 
  213.  
  214. $likes = isset( $input['likes_enabled'] ) ? $input['likes_enabled'] : null; 
  215. unset( $input['likes_enabled'] ); 
  216.  
  217. $sharing = isset( $input['sharing_enabled'] ) ? $input['sharing_enabled'] : null; 
  218. unset( $input['sharing_enabled'] ); 
  219.  
  220. $sticky = isset( $input['sticky'] ) ? $input['sticky'] : null; 
  221. unset( $input['sticky'] ); 
  222.  
  223. foreach ( $input as $key => $value ) { 
  224. $insert["post_$key"] = $value; 
  225.  
  226. if ( ! empty( $author_id ) ) { 
  227. $insert['post_author'] = absint( $author_id ); 
  228.  
  229. if ( ! empty( $tax_input ) ) { 
  230. $insert['tax_input'] = $tax_input; 
  231.  
  232. $has_media = ! empty( $input['media'] ) ? count( $input['media'] ) : false; 
  233. $has_media_by_url = ! empty( $input['media_urls'] ) ? count( $input['media_urls'] ) : false; 
  234.  
  235. if ( $new ) { 
  236.  
  237. if ( isset( $input['content'] ) && ! has_shortcode( $input['content'], 'gallery' ) && ( $has_media || $has_media_by_url ) ) { 
  238. switch ( ( $has_media + $has_media_by_url ) ) { 
  239. case 0 : 
  240. // No images - do nothing. 
  241. break; 
  242. case 1 : 
  243. // 1 image - make it big 
  244. $insert['post_content'] = $input['content'] = "[gallery size=full columns=1]\n\n" . $input['content']; 
  245. break; 
  246. default : 
  247. // Several images - 3 column gallery 
  248. $insert['post_content'] = $input['content'] = "[gallery]\n\n" . $input['content']; 
  249. break; 
  250.  
  251. $post_id = wp_insert_post( add_magic_quotes( $insert ), true ); 
  252. } else { 
  253. $insert['ID'] = $post->ID; 
  254.  
  255. // wp_update_post ignores date unless edit_date is set 
  256. // See: http://codex.wordpress.org/Function_Reference/wp_update_post#Scheduling_posts 
  257. // See: https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/post.php#L3302 
  258. if ( isset( $input['date_gmt'] ) || isset( $input['date'] ) ) { 
  259. $insert['edit_date'] = true; 
  260.  
  261. $post_id = wp_update_post( (object) $insert ); 
  262.  
  263.  
  264. if ( !$post_id || is_wp_error( $post_id ) ) { 
  265. return $post_id; 
  266.  
  267. // make sure this post actually exists and is not an error of some kind (ie, trying to load media in the posts endpoint) 
  268. $post_check = $this->get_post_by( 'ID', $post_id, $args['context'] ); 
  269. if ( is_wp_error( $post_check ) ) { 
  270. return $post_check; 
  271.  
  272. if ( $has_media || $has_media_by_url ) { 
  273. $media_files = ! empty( $input['media'] ) ? $input['media'] : array(); 
  274. $media_urls = ! empty( $input['media_urls'] ) ? $input['media_urls'] : array(); 
  275. $media_attrs = ! empty( $input['media_attrs'] ) ? $input['media_attrs'] : array(); 
  276. $force_parent_id = $post_id; 
  277. $media_results = $this->handle_media_creation_v1_1( $media_files, $media_urls, $media_attrs, $force_parent_id ); 
  278.  
  279. // set page template for this post.. 
  280. if ( isset( $input['page_template'] ) && 'page' == $post_type->name ) { 
  281. $page_template = $input['page_template']; 
  282. $page_templates = wp_get_theme()->get_page_templates( get_post( $post_id ) ); 
  283. if ( empty( $page_template ) || 'default' == $page_template || isset( $page_templates[ $page_template ] ) ) { 
  284. update_post_meta( $post_id, '_wp_page_template', $page_template ); 
  285.  
  286. // Set like status for the post 
  287. /** This filter is documented in modules/likes.php */ 
  288. $sitewide_likes_enabled = (bool) apply_filters( 'wpl_is_enabled_sitewide', ! get_option( 'disabled_likes' ) ); 
  289. if ( $new ) { 
  290. if ( $sitewide_likes_enabled ) { 
  291. if ( false === $likes ) { 
  292. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  293. } else { 
  294. delete_post_meta( $post_id, 'switch_like_status' ); 
  295. } else { 
  296. if ( $likes ) { 
  297. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  298. } else { 
  299. delete_post_meta( $post_id, 'switch_like_status' ); 
  300. } else { 
  301. if ( isset( $likes ) ) { 
  302. if ( $sitewide_likes_enabled ) { 
  303. if ( false === $likes ) { 
  304. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  305. } else { 
  306. delete_post_meta( $post_id, 'switch_like_status' ); 
  307. } else { 
  308. if ( true === $likes ) { 
  309. update_post_meta( $post_id, 'switch_like_status', 1 ); 
  310. } else { 
  311. delete_post_meta( $post_id, 'switch_like_status' ); 
  312.  
  313. // Set sharing status of the post 
  314. if ( $new ) { 
  315. $sharing_enabled = isset( $sharing ) ? (bool) $sharing : true; 
  316. if ( false === $sharing_enabled ) { 
  317. update_post_meta( $post_id, 'sharing_disabled', 1 ); 
  318. else { 
  319. if ( isset( $sharing ) && true === $sharing ) { 
  320. delete_post_meta( $post_id, 'sharing_disabled' ); 
  321. } else if ( isset( $sharing ) && false == $sharing ) { 
  322. update_post_meta( $post_id, 'sharing_disabled', 1 ); 
  323.  
  324. if ( isset( $sticky ) ) { 
  325. if ( true === $sticky ) { 
  326. stick_post( $post_id ); 
  327. } else { 
  328. unstick_post( $post_id ); 
  329.  
  330. // WPCOM Specific (Jetpack's will get bumped elsewhere 
  331. // Tracks how many posts are published and sets meta 
  332. // so we can track some other cool stats (like likes & comments on posts published) 
  333. if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { 
  334. if ( 
  335. ( $new && 'publish' == $input['status'] ) 
  336. || ( 
  337. !$new && isset( $last_status ) 
  338. && 'publish' != $last_status 
  339. && isset( $new_status ) 
  340. && 'publish' == $new_status 
  341. ) { 
  342. /** This action is documented in modules/widgets/social-media-icons.php */ 
  343. do_action( 'jetpack_bump_stats_extras', 'api-insights-posts', $this->api->token_details['client_id'] ); 
  344. update_post_meta( $post_id, '_rest_api_published', 1 ); 
  345. update_post_meta( $post_id, '_rest_api_client_id', $this->api->token_details['client_id'] ); 
  346.  
  347.  
  348. // We ask the user/dev to pass Publicize services he/she wants activated for the post, but Publicize expects us 
  349. // to instead flag the ones we don't want to be skipped. proceed with said logic. 
  350. // any posts coming from Path (client ID 25952) should also not publicize 
  351. if ( $publicize === false || ( isset( $this->api->token_details['client_id'] ) && 25952 == $this->api->token_details['client_id'] ) ) { 
  352. // No publicize at all, skip all by ID 
  353. foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) { 
  354. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name ); 
  355. $service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name ); 
  356. if ( ! $service_connections ) { 
  357. continue; 
  358. foreach ( $service_connections as $service_connection ) { 
  359. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); 
  360. } else if ( is_array( $publicize ) && ( count ( $publicize ) > 0 ) ) { 
  361. foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) { 
  362. /** 
  363. * We support both indexed and associative arrays: 
  364. * * indexed are to pass entire services 
  365. * * associative are to pass specific connections per service 
  366. * We do support mixed arrays: mixed integer and string keys (see 3rd example below). 
  367. * EG: array( 'twitter', 'facebook') will only publicize to those, ignoring the other available services 
  368. * Form data: publicize[]=twitter&publicize[]=facebook 
  369. * EG: array( 'twitter' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3', 'facebook' => (int) $pub_conn_id_7 ) will publicize to two Twitter accounts, and one Facebook connection, of potentially many. 
  370. * Form data: publicize[twitter]=$pub_conn_id_0, $pub_conn_id_3&publicize[facebook]=$pub_conn_id_7 
  371. * EG: array( 'twitter', 'facebook' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3' ) will publicize to all available Twitter accounts, but only 2 of potentially many Facebook connections 
  372. * Form data: publicize[]=twitter&publicize[facebook]=$pub_conn_id_0, $pub_conn_id_3 
  373. */ 
  374.  
  375. // Delete any stale SKIP value for the service by name. We'll add it back by ID. 
  376. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name ); 
  377.  
  378. // Get the user's connections 
  379. $service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name ); 
  380.  
  381. // if the user doesn't have any connections for this service, move on 
  382. if ( ! $service_connections ) { 
  383. continue; 
  384.  
  385. if ( !in_array( $name, $publicize ) && !array_key_exists( $name, $publicize ) ) { 
  386. // Skip the whole service by adding each connection ID 
  387. foreach ( $service_connections as $service_connection ) { 
  388. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); 
  389. } else if ( !empty( $publicize[ $name ] ) ) { 
  390. // Seems we're being asked to only push to [a] specific connection[s]. 
  391. // Explode the list on commas, which will also support a single passed ID 
  392. $requested_connections = explode( ', ', ( preg_replace( '/[\s]*/', '', $publicize[ $name ] ) ) ); 
  393.  
  394. // Flag the connections we can't match with the requested list to be skipped. 
  395. foreach ( $service_connections as $service_connection ) { 
  396. if ( !in_array( $service_connection->meta['connection_data']->id, $requested_connections ) ) { 
  397. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 ); 
  398. } else { 
  399. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id ); 
  400. } else { 
  401. // delete all SKIP values; it's okay to publish to all connected IDs for this service 
  402. foreach ( $service_connections as $service_connection ) { 
  403. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id ); 
  404.  
  405. if ( ! is_null( $publicize_custom_message ) ) { 
  406. if ( empty( $publicize_custom_message ) ) { 
  407. delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS ); 
  408. } else { 
  409. update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS, trim( $publicize_custom_message ) ); 
  410.  
  411. if ( ! empty( $insert['post_format'] ) ) { 
  412. if ( 'default' !== strtolower( $insert['post_format'] ) ) { 
  413. set_post_format( $post_id, $insert['post_format'] ); 
  414. else { 
  415. set_post_format( $post_id, get_option( 'default_post_format' ) ); 
  416.  
  417. if ( isset( $featured_image ) ) { 
  418. parent::parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image ); 
  419.  
  420. if ( ! empty( $metadata ) ) { 
  421. foreach ( (array) $metadata as $meta ) { 
  422.  
  423. $meta = (object) $meta; 
  424.  
  425. $existing_meta_item = new stdClass; 
  426.  
  427. if ( empty( $meta->operation ) ) 
  428. $meta->operation = 'update'; 
  429.  
  430. if ( ! empty( $meta->value ) ) { 
  431. if ( 'true' == $meta->value ) 
  432. $meta->value = true; 
  433. if ( 'false' == $meta->value ) 
  434. $meta->value = false; 
  435.  
  436. if ( ! empty( $meta->id ) ) { 
  437. $meta->id = absint( $meta->id ); 
  438. $existing_meta_item = get_metadata_by_mid( 'post', $meta->id ); 
  439.  
  440. $unslashed_meta_key = wp_unslash( $meta->key ); // should match what the final key will be 
  441. $meta->key = wp_slash( $meta->key ); 
  442. $unslashed_existing_meta_key = wp_unslash( $existing_meta_item->meta_key ); 
  443. $existing_meta_item->meta_key = wp_slash( $existing_meta_item->meta_key ); 
  444.  
  445. // make sure that the meta id passed matches the existing meta key 
  446. if ( ! empty( $meta->id ) && ! empty( $meta->key ) ) { 
  447. $meta_by_id = get_metadata_by_mid( 'post', $meta->id ); 
  448. if ( $meta_by_id->meta_key !== $meta->key ) { 
  449. continue; // skip this meta 
  450.  
  451. switch ( $meta->operation ) { 
  452. case 'delete': 
  453.  
  454. if ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_existing_meta_key ) ) { 
  455. delete_metadata_by_mid( 'post', $meta->id ); 
  456. } elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) { 
  457. delete_post_meta( $post_id, $meta->key, $meta->previous_value ); 
  458. } elseif ( ! empty( $meta->key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) { 
  459. delete_post_meta( $post_id, $meta->key ); 
  460.  
  461. break; 
  462. case 'add': 
  463.  
  464. if ( ! empty( $meta->id ) || ! empty( $meta->previous_value ) ) { 
  465. continue; 
  466. } elseif ( ! empty( $meta->key ) && ! empty( $meta->value ) && ( current_user_can( 'add_post_meta', $post_id, $unslashed_meta_key ) ) || $this->is_metadata_public( $meta->key ) ) { 
  467. add_post_meta( $post_id, $meta->key, $meta->value ); 
  468.  
  469. break; 
  470. case 'update': 
  471.  
  472. if ( ! isset( $meta->value ) ) { 
  473. continue; 
  474. } elseif ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_existing_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) { 
  475. update_metadata_by_mid( 'post', $meta->id, $meta->value ); 
  476. } elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) { 
  477. update_post_meta( $post_id, $meta->key, $meta->value, $meta->previous_value ); 
  478. } elseif ( ! empty( $meta->key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || $this->is_metadata_public( $meta->key ) ) ) { 
  479. update_post_meta( $post_id, $meta->key, $meta->value ); 
  480.  
  481. break; 
  482.  
  483.  
  484. /** This action is documented in json-endpoints/class.wpcom-json-api-update-post-endpoint.php */ 
  485. do_action( 'rest_api_inserted_post', $post_id, $insert, $new ); 
  486.  
  487. $return = $this->get_post_by( 'ID', $post_id, $args['context'] ); 
  488. if ( !$return || is_wp_error( $return ) ) { 
  489. return $return; 
  490.  
  491. if ( isset( $input['type'] ) && 'revision' === $input['type'] ) { 
  492. $return['preview_nonce'] = wp_create_nonce( 'post_preview_' . $input['parent'] ); 
  493.  
  494. if ( isset( $sticky ) ) { 
  495. // workaround for sticky test occasionally failing, maybe a race condition with stick_post() above 
  496. $return['sticky'] = ( true === $sticky ); 
  497.  
  498. if ( ! empty( $media_results['errors'] ) ) 
  499. $return['media_errors'] = $media_results['errors']; 
  500.  
  501. if ( 'publish' !== $post->post_status && isset( $input['title'] )) { 
  502. $return['other_URLs'] = (object) $this->get_post_permalink_suggestions( $post_id, $input['title'] ); 
  503.  
  504. /** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */ 
  505. do_action( 'wpcom_json_api_objects', 'posts' ); 
  506.  
  507. return $return;