class-wp-rest-attachments-controller.php 43 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447
  1. <?php
  2. /**
  3. * REST API: WP_REST_Attachments_Controller class
  4. *
  5. * @package WordPress
  6. * @subpackage REST_API
  7. * @since 4.7.0
  8. */
  9. /**
  10. * Core controller used to access attachments via the REST API.
  11. *
  12. * @since 4.7.0
  13. *
  14. * @see WP_REST_Posts_Controller
  15. */
  16. class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
  17. /**
  18. * Whether the controller supports batching.
  19. *
  20. * @since 5.9.0
  21. * @var false
  22. */
  23. protected $allow_batch = false;
  24. /**
  25. * Registers the routes for attachments.
  26. *
  27. * @since 5.3.0
  28. *
  29. * @see register_rest_route()
  30. */
  31. public function register_routes() {
  32. parent::register_routes();
  33. register_rest_route(
  34. $this->namespace,
  35. '/' . $this->rest_base . '/(?P<id>[\d]+)/post-process',
  36. array(
  37. 'methods' => WP_REST_Server::CREATABLE,
  38. 'callback' => array( $this, 'post_process_item' ),
  39. 'permission_callback' => array( $this, 'post_process_item_permissions_check' ),
  40. 'args' => array(
  41. 'id' => array(
  42. 'description' => __( 'Unique identifier for the attachment.' ),
  43. 'type' => 'integer',
  44. ),
  45. 'action' => array(
  46. 'type' => 'string',
  47. 'enum' => array( 'create-image-subsizes' ),
  48. 'required' => true,
  49. ),
  50. ),
  51. )
  52. );
  53. register_rest_route(
  54. $this->namespace,
  55. '/' . $this->rest_base . '/(?P<id>[\d]+)/edit',
  56. array(
  57. 'methods' => WP_REST_Server::CREATABLE,
  58. 'callback' => array( $this, 'edit_media_item' ),
  59. 'permission_callback' => array( $this, 'edit_media_item_permissions_check' ),
  60. 'args' => $this->get_edit_media_item_args(),
  61. )
  62. );
  63. }
  64. /**
  65. * Determines the allowed query_vars for a get_items() response and
  66. * prepares for WP_Query.
  67. *
  68. * @since 4.7.0
  69. *
  70. * @param array $prepared_args Optional. Array of prepared arguments. Default empty array.
  71. * @param WP_REST_Request $request Optional. Request to prepare items for.
  72. * @return array Array of query arguments.
  73. */
  74. protected function prepare_items_query( $prepared_args = array(), $request = null ) {
  75. $query_args = parent::prepare_items_query( $prepared_args, $request );
  76. if ( empty( $query_args['post_status'] ) ) {
  77. $query_args['post_status'] = 'inherit';
  78. }
  79. $media_types = $this->get_media_types();
  80. if ( ! empty( $request['media_type'] ) && isset( $media_types[ $request['media_type'] ] ) ) {
  81. $query_args['post_mime_type'] = $media_types[ $request['media_type'] ];
  82. }
  83. if ( ! empty( $request['mime_type'] ) ) {
  84. $parts = explode( '/', $request['mime_type'] );
  85. if ( isset( $media_types[ $parts[0] ] ) && in_array( $request['mime_type'], $media_types[ $parts[0] ], true ) ) {
  86. $query_args['post_mime_type'] = $request['mime_type'];
  87. }
  88. }
  89. // Filter query clauses to include filenames.
  90. if ( isset( $query_args['s'] ) ) {
  91. add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
  92. }
  93. return $query_args;
  94. }
  95. /**
  96. * Checks if a given request has access to create an attachment.
  97. *
  98. * @since 4.7.0
  99. *
  100. * @param WP_REST_Request $request Full details about the request.
  101. * @return true|WP_Error Boolean true if the attachment may be created, or a WP_Error if not.
  102. */
  103. public function create_item_permissions_check( $request ) {
  104. $ret = parent::create_item_permissions_check( $request );
  105. if ( ! $ret || is_wp_error( $ret ) ) {
  106. return $ret;
  107. }
  108. if ( ! current_user_can( 'upload_files' ) ) {
  109. return new WP_Error(
  110. 'rest_cannot_create',
  111. __( 'Sorry, you are not allowed to upload media on this site.' ),
  112. array( 'status' => 400 )
  113. );
  114. }
  115. // Attaching media to a post requires ability to edit said post.
  116. if ( ! empty( $request['post'] ) && ! current_user_can( 'edit_post', (int) $request['post'] ) ) {
  117. return new WP_Error(
  118. 'rest_cannot_edit',
  119. __( 'Sorry, you are not allowed to upload media to this post.' ),
  120. array( 'status' => rest_authorization_required_code() )
  121. );
  122. }
  123. return true;
  124. }
  125. /**
  126. * Creates a single attachment.
  127. *
  128. * @since 4.7.0
  129. *
  130. * @param WP_REST_Request $request Full details about the request.
  131. * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
  132. */
  133. public function create_item( $request ) {
  134. if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) {
  135. return new WP_Error(
  136. 'rest_invalid_param',
  137. __( 'Invalid parent type.' ),
  138. array( 'status' => 400 )
  139. );
  140. }
  141. $insert = $this->insert_attachment( $request );
  142. if ( is_wp_error( $insert ) ) {
  143. return $insert;
  144. }
  145. $schema = $this->get_item_schema();
  146. // Extract by name.
  147. $attachment_id = $insert['attachment_id'];
  148. $file = $insert['file'];
  149. if ( isset( $request['alt_text'] ) ) {
  150. update_post_meta( $attachment_id, '_wp_attachment_image_alt', sanitize_text_field( $request['alt_text'] ) );
  151. }
  152. if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
  153. $meta_update = $this->meta->update_value( $request['meta'], $attachment_id );
  154. if ( is_wp_error( $meta_update ) ) {
  155. return $meta_update;
  156. }
  157. }
  158. $attachment = get_post( $attachment_id );
  159. $fields_update = $this->update_additional_fields_for_object( $attachment, $request );
  160. if ( is_wp_error( $fields_update ) ) {
  161. return $fields_update;
  162. }
  163. $request->set_param( 'context', 'edit' );
  164. /**
  165. * Fires after a single attachment is completely created or updated via the REST API.
  166. *
  167. * @since 5.0.0
  168. *
  169. * @param WP_Post $attachment Inserted or updated attachment object.
  170. * @param WP_REST_Request $request Request object.
  171. * @param bool $creating True when creating an attachment, false when updating.
  172. */
  173. do_action( 'rest_after_insert_attachment', $attachment, $request, true );
  174. wp_after_insert_post( $attachment, false, null );
  175. if ( defined( 'REST_REQUEST' ) && REST_REQUEST ) {
  176. // Set a custom header with the attachment_id.
  177. // Used by the browser/client to resume creating image sub-sizes after a PHP fatal error.
  178. header( 'X-WP-Upload-Attachment-ID: ' . $attachment_id );
  179. }
  180. // Include media and image functions to get access to wp_generate_attachment_metadata().
  181. require_once ABSPATH . 'wp-admin/includes/media.php';
  182. require_once ABSPATH . 'wp-admin/includes/image.php';
  183. // Post-process the upload (create image sub-sizes, make PDF thumbnails, etc.) and insert attachment meta.
  184. // At this point the server may run out of resources and post-processing of uploaded images may fail.
  185. wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $file ) );
  186. $response = $this->prepare_item_for_response( $attachment, $request );
  187. $response = rest_ensure_response( $response );
  188. $response->set_status( 201 );
  189. $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $attachment_id ) ) );
  190. return $response;
  191. }
  192. /**
  193. * Inserts the attachment post in the database. Does not update the attachment meta.
  194. *
  195. * @since 5.3.0
  196. *
  197. * @param WP_REST_Request $request
  198. * @return array|WP_Error
  199. */
  200. protected function insert_attachment( $request ) {
  201. // Get the file via $_FILES or raw data.
  202. $files = $request->get_file_params();
  203. $headers = $request->get_headers();
  204. if ( ! empty( $files ) ) {
  205. $file = $this->upload_from_file( $files, $headers );
  206. } else {
  207. $file = $this->upload_from_data( $request->get_body(), $headers );
  208. }
  209. if ( is_wp_error( $file ) ) {
  210. return $file;
  211. }
  212. $name = wp_basename( $file['file'] );
  213. $name_parts = pathinfo( $name );
  214. $name = trim( substr( $name, 0, -( 1 + strlen( $name_parts['extension'] ) ) ) );
  215. $url = $file['url'];
  216. $type = $file['type'];
  217. $file = $file['file'];
  218. // Include image functions to get access to wp_read_image_metadata().
  219. require_once ABSPATH . 'wp-admin/includes/image.php';
  220. // Use image exif/iptc data for title and caption defaults if possible.
  221. $image_meta = wp_read_image_metadata( $file );
  222. if ( ! empty( $image_meta ) ) {
  223. if ( empty( $request['title'] ) && trim( $image_meta['title'] ) && ! is_numeric( sanitize_title( $image_meta['title'] ) ) ) {
  224. $request['title'] = $image_meta['title'];
  225. }
  226. if ( empty( $request['caption'] ) && trim( $image_meta['caption'] ) ) {
  227. $request['caption'] = $image_meta['caption'];
  228. }
  229. }
  230. $attachment = $this->prepare_item_for_database( $request );
  231. $attachment->post_mime_type = $type;
  232. $attachment->guid = $url;
  233. if ( empty( $attachment->post_title ) ) {
  234. $attachment->post_title = preg_replace( '/\.[^.]+$/', '', wp_basename( $file ) );
  235. }
  236. // $post_parent is inherited from $attachment['post_parent'].
  237. $id = wp_insert_attachment( wp_slash( (array) $attachment ), $file, 0, true, false );
  238. if ( is_wp_error( $id ) ) {
  239. if ( 'db_update_error' === $id->get_error_code() ) {
  240. $id->add_data( array( 'status' => 500 ) );
  241. } else {
  242. $id->add_data( array( 'status' => 400 ) );
  243. }
  244. return $id;
  245. }
  246. $attachment = get_post( $id );
  247. /**
  248. * Fires after a single attachment is created or updated via the REST API.
  249. *
  250. * @since 4.7.0
  251. *
  252. * @param WP_Post $attachment Inserted or updated attachment
  253. * object.
  254. * @param WP_REST_Request $request The request sent to the API.
  255. * @param bool $creating True when creating an attachment, false when updating.
  256. */
  257. do_action( 'rest_insert_attachment', $attachment, $request, true );
  258. return array(
  259. 'attachment_id' => $id,
  260. 'file' => $file,
  261. );
  262. }
  263. /**
  264. * Updates a single attachment.
  265. *
  266. * @since 4.7.0
  267. *
  268. * @param WP_REST_Request $request Full details about the request.
  269. * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
  270. */
  271. public function update_item( $request ) {
  272. if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) {
  273. return new WP_Error(
  274. 'rest_invalid_param',
  275. __( 'Invalid parent type.' ),
  276. array( 'status' => 400 )
  277. );
  278. }
  279. $attachment_before = get_post( $request['id'] );
  280. $response = parent::update_item( $request );
  281. if ( is_wp_error( $response ) ) {
  282. return $response;
  283. }
  284. $response = rest_ensure_response( $response );
  285. $data = $response->get_data();
  286. if ( isset( $request['alt_text'] ) ) {
  287. update_post_meta( $data['id'], '_wp_attachment_image_alt', $request['alt_text'] );
  288. }
  289. $attachment = get_post( $request['id'] );
  290. $fields_update = $this->update_additional_fields_for_object( $attachment, $request );
  291. if ( is_wp_error( $fields_update ) ) {
  292. return $fields_update;
  293. }
  294. $request->set_param( 'context', 'edit' );
  295. /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php */
  296. do_action( 'rest_after_insert_attachment', $attachment, $request, false );
  297. wp_after_insert_post( $attachment, true, $attachment_before );
  298. $response = $this->prepare_item_for_response( $attachment, $request );
  299. $response = rest_ensure_response( $response );
  300. return $response;
  301. }
  302. /**
  303. * Performs post processing on an attachment.
  304. *
  305. * @since 5.3.0
  306. *
  307. * @param WP_REST_Request $request Full details about the request.
  308. * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
  309. */
  310. public function post_process_item( $request ) {
  311. switch ( $request['action'] ) {
  312. case 'create-image-subsizes':
  313. require_once ABSPATH . 'wp-admin/includes/image.php';
  314. wp_update_image_subsizes( $request['id'] );
  315. break;
  316. }
  317. $request['context'] = 'edit';
  318. return $this->prepare_item_for_response( get_post( $request['id'] ), $request );
  319. }
  320. /**
  321. * Checks if a given request can perform post processing on an attachment.
  322. *
  323. * @since 5.3.0
  324. *
  325. * @param WP_REST_Request $request Full details about the request.
  326. * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
  327. */
  328. public function post_process_item_permissions_check( $request ) {
  329. return $this->update_item_permissions_check( $request );
  330. }
  331. /**
  332. * Checks if a given request has access to editing media.
  333. *
  334. * @since 5.5.0
  335. *
  336. * @param WP_REST_Request $request Full details about the request.
  337. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
  338. */
  339. public function edit_media_item_permissions_check( $request ) {
  340. if ( ! current_user_can( 'upload_files' ) ) {
  341. return new WP_Error(
  342. 'rest_cannot_edit_image',
  343. __( 'Sorry, you are not allowed to upload media on this site.' ),
  344. array( 'status' => rest_authorization_required_code() )
  345. );
  346. }
  347. return $this->update_item_permissions_check( $request );
  348. }
  349. /**
  350. * Applies edits to a media item and creates a new attachment record.
  351. *
  352. * @since 5.5.0
  353. *
  354. * @param WP_REST_Request $request Full details about the request.
  355. * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
  356. */
  357. public function edit_media_item( $request ) {
  358. require_once ABSPATH . 'wp-admin/includes/image.php';
  359. $attachment_id = $request['id'];
  360. // This also confirms the attachment is an image.
  361. $image_file = wp_get_original_image_path( $attachment_id );
  362. $image_meta = wp_get_attachment_metadata( $attachment_id );
  363. if (
  364. ! $image_meta ||
  365. ! $image_file ||
  366. ! wp_image_file_matches_image_meta( $request['src'], $image_meta, $attachment_id )
  367. ) {
  368. return new WP_Error(
  369. 'rest_unknown_attachment',
  370. __( 'Unable to get meta information for file.' ),
  371. array( 'status' => 404 )
  372. );
  373. }
  374. $supported_types = array( 'image/jpeg', 'image/png', 'image/gif', 'image/webp' );
  375. $mime_type = get_post_mime_type( $attachment_id );
  376. if ( ! in_array( $mime_type, $supported_types, true ) ) {
  377. return new WP_Error(
  378. 'rest_cannot_edit_file_type',
  379. __( 'This type of file cannot be edited.' ),
  380. array( 'status' => 400 )
  381. );
  382. }
  383. // The `modifiers` param takes precedence over the older format.
  384. if ( isset( $request['modifiers'] ) ) {
  385. $modifiers = $request['modifiers'];
  386. } else {
  387. $modifiers = array();
  388. if ( ! empty( $request['rotation'] ) ) {
  389. $modifiers[] = array(
  390. 'type' => 'rotate',
  391. 'args' => array(
  392. 'angle' => $request['rotation'],
  393. ),
  394. );
  395. }
  396. if ( isset( $request['x'], $request['y'], $request['width'], $request['height'] ) ) {
  397. $modifiers[] = array(
  398. 'type' => 'crop',
  399. 'args' => array(
  400. 'left' => $request['x'],
  401. 'top' => $request['y'],
  402. 'width' => $request['width'],
  403. 'height' => $request['height'],
  404. ),
  405. );
  406. }
  407. if ( 0 === count( $modifiers ) ) {
  408. return new WP_Error(
  409. 'rest_image_not_edited',
  410. __( 'The image was not edited. Edit the image before applying the changes.' ),
  411. array( 'status' => 400 )
  412. );
  413. }
  414. }
  415. /*
  416. * If the file doesn't exist, attempt a URL fopen on the src link.
  417. * This can occur with certain file replication plugins.
  418. * Keep the original file path to get a modified name later.
  419. */
  420. $image_file_to_edit = $image_file;
  421. if ( ! file_exists( $image_file_to_edit ) ) {
  422. $image_file_to_edit = _load_image_to_edit_path( $attachment_id );
  423. }
  424. $image_editor = wp_get_image_editor( $image_file_to_edit );
  425. if ( is_wp_error( $image_editor ) ) {
  426. return new WP_Error(
  427. 'rest_unknown_image_file_type',
  428. __( 'Unable to edit this image.' ),
  429. array( 'status' => 500 )
  430. );
  431. }
  432. foreach ( $modifiers as $modifier ) {
  433. $args = $modifier['args'];
  434. switch ( $modifier['type'] ) {
  435. case 'rotate':
  436. // Rotation direction: clockwise vs. counter clockwise.
  437. $rotate = 0 - $args['angle'];
  438. if ( 0 !== $rotate ) {
  439. $result = $image_editor->rotate( $rotate );
  440. if ( is_wp_error( $result ) ) {
  441. return new WP_Error(
  442. 'rest_image_rotation_failed',
  443. __( 'Unable to rotate this image.' ),
  444. array( 'status' => 500 )
  445. );
  446. }
  447. }
  448. break;
  449. case 'crop':
  450. $size = $image_editor->get_size();
  451. $crop_x = round( ( $size['width'] * $args['left'] ) / 100.0 );
  452. $crop_y = round( ( $size['height'] * $args['top'] ) / 100.0 );
  453. $width = round( ( $size['width'] * $args['width'] ) / 100.0 );
  454. $height = round( ( $size['height'] * $args['height'] ) / 100.0 );
  455. if ( $size['width'] !== $width && $size['height'] !== $height ) {
  456. $result = $image_editor->crop( $crop_x, $crop_y, $width, $height );
  457. if ( is_wp_error( $result ) ) {
  458. return new WP_Error(
  459. 'rest_image_crop_failed',
  460. __( 'Unable to crop this image.' ),
  461. array( 'status' => 500 )
  462. );
  463. }
  464. }
  465. break;
  466. }
  467. }
  468. // Calculate the file name.
  469. $image_ext = pathinfo( $image_file, PATHINFO_EXTENSION );
  470. $image_name = wp_basename( $image_file, ".{$image_ext}" );
  471. // Do not append multiple `-edited` to the file name.
  472. // The user may be editing a previously edited image.
  473. if ( preg_match( '/-edited(-\d+)?$/', $image_name ) ) {
  474. // Remove any `-1`, `-2`, etc. `wp_unique_filename()` will add the proper number.
  475. $image_name = preg_replace( '/-edited(-\d+)?$/', '-edited', $image_name );
  476. } else {
  477. // Append `-edited` before the extension.
  478. $image_name .= '-edited';
  479. }
  480. $filename = "{$image_name}.{$image_ext}";
  481. // Create the uploads sub-directory if needed.
  482. $uploads = wp_upload_dir();
  483. // Make the file name unique in the (new) upload directory.
  484. $filename = wp_unique_filename( $uploads['path'], $filename );
  485. // Save to disk.
  486. $saved = $image_editor->save( $uploads['path'] . "/$filename" );
  487. if ( is_wp_error( $saved ) ) {
  488. return $saved;
  489. }
  490. // Create new attachment post.
  491. $new_attachment_post = array(
  492. 'post_mime_type' => $saved['mime-type'],
  493. 'guid' => $uploads['url'] . "/$filename",
  494. 'post_title' => $image_name,
  495. 'post_content' => '',
  496. );
  497. // Copy post_content, post_excerpt, and post_title from the edited image's attachment post.
  498. $attachment_post = get_post( $attachment_id );
  499. if ( $attachment_post ) {
  500. $new_attachment_post['post_content'] = $attachment_post->post_content;
  501. $new_attachment_post['post_excerpt'] = $attachment_post->post_excerpt;
  502. $new_attachment_post['post_title'] = $attachment_post->post_title;
  503. }
  504. $new_attachment_id = wp_insert_attachment( wp_slash( $new_attachment_post ), $saved['path'], 0, true );
  505. if ( is_wp_error( $new_attachment_id ) ) {
  506. if ( 'db_update_error' === $new_attachment_id->get_error_code() ) {
  507. $new_attachment_id->add_data( array( 'status' => 500 ) );
  508. } else {
  509. $new_attachment_id->add_data( array( 'status' => 400 ) );
  510. }
  511. return $new_attachment_id;
  512. }
  513. // Copy the image alt text from the edited image.
  514. $image_alt = get_post_meta( $attachment_id, '_wp_attachment_image_alt', true );
  515. if ( ! empty( $image_alt ) ) {
  516. // update_post_meta() expects slashed.
  517. update_post_meta( $new_attachment_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
  518. }
  519. if ( defined( 'REST_REQUEST' ) && REST_REQUEST ) {
  520. // Set a custom header with the attachment_id.
  521. // Used by the browser/client to resume creating image sub-sizes after a PHP fatal error.
  522. header( 'X-WP-Upload-Attachment-ID: ' . $new_attachment_id );
  523. }
  524. // Generate image sub-sizes and meta.
  525. $new_image_meta = wp_generate_attachment_metadata( $new_attachment_id, $saved['path'] );
  526. // Copy the EXIF metadata from the original attachment if not generated for the edited image.
  527. if ( isset( $image_meta['image_meta'] ) && isset( $new_image_meta['image_meta'] ) && is_array( $new_image_meta['image_meta'] ) ) {
  528. // Merge but skip empty values.
  529. foreach ( (array) $image_meta['image_meta'] as $key => $value ) {
  530. if ( empty( $new_image_meta['image_meta'][ $key ] ) && ! empty( $value ) ) {
  531. $new_image_meta['image_meta'][ $key ] = $value;
  532. }
  533. }
  534. }
  535. // Reset orientation. At this point the image is edited and orientation is correct.
  536. if ( ! empty( $new_image_meta['image_meta']['orientation'] ) ) {
  537. $new_image_meta['image_meta']['orientation'] = 1;
  538. }
  539. // The attachment_id may change if the site is exported and imported.
  540. $new_image_meta['parent_image'] = array(
  541. 'attachment_id' => $attachment_id,
  542. // Path to the originally uploaded image file relative to the uploads directory.
  543. 'file' => _wp_relative_upload_path( $image_file ),
  544. );
  545. /**
  546. * Filters the meta data for the new image created by editing an existing image.
  547. *
  548. * @since 5.5.0
  549. *
  550. * @param array $new_image_meta Meta data for the new image.
  551. * @param int $new_attachment_id Attachment post ID for the new image.
  552. * @param int $attachment_id Attachment post ID for the edited (parent) image.
  553. */
  554. $new_image_meta = apply_filters( 'wp_edited_image_metadata', $new_image_meta, $new_attachment_id, $attachment_id );
  555. wp_update_attachment_metadata( $new_attachment_id, $new_image_meta );
  556. $response = $this->prepare_item_for_response( get_post( $new_attachment_id ), $request );
  557. $response->set_status( 201 );
  558. $response->header( 'Location', rest_url( sprintf( '%s/%s/%s', $this->namespace, $this->rest_base, $new_attachment_id ) ) );
  559. return $response;
  560. }
  561. /**
  562. * Prepares a single attachment for create or update.
  563. *
  564. * @since 4.7.0
  565. *
  566. * @param WP_REST_Request $request Request object.
  567. * @return stdClass|WP_Error Post object.
  568. */
  569. protected function prepare_item_for_database( $request ) {
  570. $prepared_attachment = parent::prepare_item_for_database( $request );
  571. // Attachment caption (post_excerpt internally).
  572. if ( isset( $request['caption'] ) ) {
  573. if ( is_string( $request['caption'] ) ) {
  574. $prepared_attachment->post_excerpt = $request['caption'];
  575. } elseif ( isset( $request['caption']['raw'] ) ) {
  576. $prepared_attachment->post_excerpt = $request['caption']['raw'];
  577. }
  578. }
  579. // Attachment description (post_content internally).
  580. if ( isset( $request['description'] ) ) {
  581. if ( is_string( $request['description'] ) ) {
  582. $prepared_attachment->post_content = $request['description'];
  583. } elseif ( isset( $request['description']['raw'] ) ) {
  584. $prepared_attachment->post_content = $request['description']['raw'];
  585. }
  586. }
  587. if ( isset( $request['post'] ) ) {
  588. $prepared_attachment->post_parent = (int) $request['post'];
  589. }
  590. return $prepared_attachment;
  591. }
  592. /**
  593. * Prepares a single attachment output for response.
  594. *
  595. * @since 4.7.0
  596. * @since 5.9.0 Renamed `$post` to `$item` to match parent class for PHP 8 named parameter support.
  597. *
  598. * @param WP_Post $item Attachment object.
  599. * @param WP_REST_Request $request Request object.
  600. * @return WP_REST_Response Response object.
  601. */
  602. public function prepare_item_for_response( $item, $request ) {
  603. // Restores the more descriptive, specific name for use within this method.
  604. $post = $item;
  605. $response = parent::prepare_item_for_response( $post, $request );
  606. $fields = $this->get_fields_for_response( $request );
  607. $data = $response->get_data();
  608. if ( in_array( 'description', $fields, true ) ) {
  609. $data['description'] = array(
  610. 'raw' => $post->post_content,
  611. /** This filter is documented in wp-includes/post-template.php */
  612. 'rendered' => apply_filters( 'the_content', $post->post_content ),
  613. );
  614. }
  615. if ( in_array( 'caption', $fields, true ) ) {
  616. /** This filter is documented in wp-includes/post-template.php */
  617. $caption = apply_filters( 'get_the_excerpt', $post->post_excerpt, $post );
  618. /** This filter is documented in wp-includes/post-template.php */
  619. $caption = apply_filters( 'the_excerpt', $caption );
  620. $data['caption'] = array(
  621. 'raw' => $post->post_excerpt,
  622. 'rendered' => $caption,
  623. );
  624. }
  625. if ( in_array( 'alt_text', $fields, true ) ) {
  626. $data['alt_text'] = get_post_meta( $post->ID, '_wp_attachment_image_alt', true );
  627. }
  628. if ( in_array( 'media_type', $fields, true ) ) {
  629. $data['media_type'] = wp_attachment_is_image( $post->ID ) ? 'image' : 'file';
  630. }
  631. if ( in_array( 'mime_type', $fields, true ) ) {
  632. $data['mime_type'] = $post->post_mime_type;
  633. }
  634. if ( in_array( 'media_details', $fields, true ) ) {
  635. $data['media_details'] = wp_get_attachment_metadata( $post->ID );
  636. // Ensure empty details is an empty object.
  637. if ( empty( $data['media_details'] ) ) {
  638. $data['media_details'] = new stdClass;
  639. } elseif ( ! empty( $data['media_details']['sizes'] ) ) {
  640. foreach ( $data['media_details']['sizes'] as $size => &$size_data ) {
  641. if ( isset( $size_data['mime-type'] ) ) {
  642. $size_data['mime_type'] = $size_data['mime-type'];
  643. unset( $size_data['mime-type'] );
  644. }
  645. // Use the same method image_downsize() does.
  646. $image_src = wp_get_attachment_image_src( $post->ID, $size );
  647. if ( ! $image_src ) {
  648. continue;
  649. }
  650. $size_data['source_url'] = $image_src[0];
  651. }
  652. $full_src = wp_get_attachment_image_src( $post->ID, 'full' );
  653. if ( ! empty( $full_src ) ) {
  654. $data['media_details']['sizes']['full'] = array(
  655. 'file' => wp_basename( $full_src[0] ),
  656. 'width' => $full_src[1],
  657. 'height' => $full_src[2],
  658. 'mime_type' => $post->post_mime_type,
  659. 'source_url' => $full_src[0],
  660. );
  661. }
  662. } else {
  663. $data['media_details']['sizes'] = new stdClass;
  664. }
  665. }
  666. if ( in_array( 'post', $fields, true ) ) {
  667. $data['post'] = ! empty( $post->post_parent ) ? (int) $post->post_parent : null;
  668. }
  669. if ( in_array( 'source_url', $fields, true ) ) {
  670. $data['source_url'] = wp_get_attachment_url( $post->ID );
  671. }
  672. if ( in_array( 'missing_image_sizes', $fields, true ) ) {
  673. require_once ABSPATH . 'wp-admin/includes/image.php';
  674. $data['missing_image_sizes'] = array_keys( wp_get_missing_image_subsizes( $post->ID ) );
  675. }
  676. $context = ! empty( $request['context'] ) ? $request['context'] : 'view';
  677. $data = $this->filter_response_by_context( $data, $context );
  678. $links = $response->get_links();
  679. // Wrap the data in a response object.
  680. $response = rest_ensure_response( $data );
  681. foreach ( $links as $rel => $rel_links ) {
  682. foreach ( $rel_links as $link ) {
  683. $response->add_link( $rel, $link['href'], $link['attributes'] );
  684. }
  685. }
  686. /**
  687. * Filters an attachment returned from the REST API.
  688. *
  689. * Allows modification of the attachment right before it is returned.
  690. *
  691. * @since 4.7.0
  692. *
  693. * @param WP_REST_Response $response The response object.
  694. * @param WP_Post $post The original attachment post.
  695. * @param WP_REST_Request $request Request used to generate the response.
  696. */
  697. return apply_filters( 'rest_prepare_attachment', $response, $post, $request );
  698. }
  699. /**
  700. * Retrieves the attachment's schema, conforming to JSON Schema.
  701. *
  702. * @since 4.7.0
  703. *
  704. * @return array Item schema as an array.
  705. */
  706. public function get_item_schema() {
  707. if ( $this->schema ) {
  708. return $this->add_additional_fields_schema( $this->schema );
  709. }
  710. $schema = parent::get_item_schema();
  711. $schema['properties']['alt_text'] = array(
  712. 'description' => __( 'Alternative text to display when attachment is not displayed.' ),
  713. 'type' => 'string',
  714. 'context' => array( 'view', 'edit', 'embed' ),
  715. 'arg_options' => array(
  716. 'sanitize_callback' => 'sanitize_text_field',
  717. ),
  718. );
  719. $schema['properties']['caption'] = array(
  720. 'description' => __( 'The attachment caption.' ),
  721. 'type' => 'object',
  722. 'context' => array( 'view', 'edit', 'embed' ),
  723. 'arg_options' => array(
  724. 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
  725. 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
  726. ),
  727. 'properties' => array(
  728. 'raw' => array(
  729. 'description' => __( 'Caption for the attachment, as it exists in the database.' ),
  730. 'type' => 'string',
  731. 'context' => array( 'edit' ),
  732. ),
  733. 'rendered' => array(
  734. 'description' => __( 'HTML caption for the attachment, transformed for display.' ),
  735. 'type' => 'string',
  736. 'context' => array( 'view', 'edit', 'embed' ),
  737. 'readonly' => true,
  738. ),
  739. ),
  740. );
  741. $schema['properties']['description'] = array(
  742. 'description' => __( 'The attachment description.' ),
  743. 'type' => 'object',
  744. 'context' => array( 'view', 'edit' ),
  745. 'arg_options' => array(
  746. 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
  747. 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
  748. ),
  749. 'properties' => array(
  750. 'raw' => array(
  751. 'description' => __( 'Description for the attachment, as it exists in the database.' ),
  752. 'type' => 'string',
  753. 'context' => array( 'edit' ),
  754. ),
  755. 'rendered' => array(
  756. 'description' => __( 'HTML description for the attachment, transformed for display.' ),
  757. 'type' => 'string',
  758. 'context' => array( 'view', 'edit' ),
  759. 'readonly' => true,
  760. ),
  761. ),
  762. );
  763. $schema['properties']['media_type'] = array(
  764. 'description' => __( 'Attachment type.' ),
  765. 'type' => 'string',
  766. 'enum' => array( 'image', 'file' ),
  767. 'context' => array( 'view', 'edit', 'embed' ),
  768. 'readonly' => true,
  769. );
  770. $schema['properties']['mime_type'] = array(
  771. 'description' => __( 'The attachment MIME type.' ),
  772. 'type' => 'string',
  773. 'context' => array( 'view', 'edit', 'embed' ),
  774. 'readonly' => true,
  775. );
  776. $schema['properties']['media_details'] = array(
  777. 'description' => __( 'Details about the media file, specific to its type.' ),
  778. 'type' => 'object',
  779. 'context' => array( 'view', 'edit', 'embed' ),
  780. 'readonly' => true,
  781. );
  782. $schema['properties']['post'] = array(
  783. 'description' => __( 'The ID for the associated post of the attachment.' ),
  784. 'type' => 'integer',
  785. 'context' => array( 'view', 'edit' ),
  786. );
  787. $schema['properties']['source_url'] = array(
  788. 'description' => __( 'URL to the original attachment file.' ),
  789. 'type' => 'string',
  790. 'format' => 'uri',
  791. 'context' => array( 'view', 'edit', 'embed' ),
  792. 'readonly' => true,
  793. );
  794. $schema['properties']['missing_image_sizes'] = array(
  795. 'description' => __( 'List of the missing image sizes of the attachment.' ),
  796. 'type' => 'array',
  797. 'items' => array( 'type' => 'string' ),
  798. 'context' => array( 'edit' ),
  799. 'readonly' => true,
  800. );
  801. unset( $schema['properties']['password'] );
  802. $this->schema = $schema;
  803. return $this->add_additional_fields_schema( $this->schema );
  804. }
  805. /**
  806. * Handles an upload via raw POST data.
  807. *
  808. * @since 4.7.0
  809. *
  810. * @param array $data Supplied file data.
  811. * @param array $headers HTTP headers from the request.
  812. * @return array|WP_Error Data from wp_handle_sideload().
  813. */
  814. protected function upload_from_data( $data, $headers ) {
  815. if ( empty( $data ) ) {
  816. return new WP_Error(
  817. 'rest_upload_no_data',
  818. __( 'No data supplied.' ),
  819. array( 'status' => 400 )
  820. );
  821. }
  822. if ( empty( $headers['content_type'] ) ) {
  823. return new WP_Error(
  824. 'rest_upload_no_content_type',
  825. __( 'No Content-Type supplied.' ),
  826. array( 'status' => 400 )
  827. );
  828. }
  829. if ( empty( $headers['content_disposition'] ) ) {
  830. return new WP_Error(
  831. 'rest_upload_no_content_disposition',
  832. __( 'No Content-Disposition supplied.' ),
  833. array( 'status' => 400 )
  834. );
  835. }
  836. $filename = self::get_filename_from_disposition( $headers['content_disposition'] );
  837. if ( empty( $filename ) ) {
  838. return new WP_Error(
  839. 'rest_upload_invalid_disposition',
  840. __( 'Invalid Content-Disposition supplied. Content-Disposition needs to be formatted as `attachment; filename="image.png"` or similar.' ),
  841. array( 'status' => 400 )
  842. );
  843. }
  844. if ( ! empty( $headers['content_md5'] ) ) {
  845. $content_md5 = array_shift( $headers['content_md5'] );
  846. $expected = trim( $content_md5 );
  847. $actual = md5( $data );
  848. if ( $expected !== $actual ) {
  849. return new WP_Error(
  850. 'rest_upload_hash_mismatch',
  851. __( 'Content hash did not match expected.' ),
  852. array( 'status' => 412 )
  853. );
  854. }
  855. }
  856. // Get the content-type.
  857. $type = array_shift( $headers['content_type'] );
  858. // Include filesystem functions to get access to wp_tempnam() and wp_handle_sideload().
  859. require_once ABSPATH . 'wp-admin/includes/file.php';
  860. // Save the file.
  861. $tmpfname = wp_tempnam( $filename );
  862. $fp = fopen( $tmpfname, 'w+' );
  863. if ( ! $fp ) {
  864. return new WP_Error(
  865. 'rest_upload_file_error',
  866. __( 'Could not open file handle.' ),
  867. array( 'status' => 500 )
  868. );
  869. }
  870. fwrite( $fp, $data );
  871. fclose( $fp );
  872. // Now, sideload it in.
  873. $file_data = array(
  874. 'error' => null,
  875. 'tmp_name' => $tmpfname,
  876. 'name' => $filename,
  877. 'type' => $type,
  878. );
  879. $size_check = self::check_upload_size( $file_data );
  880. if ( is_wp_error( $size_check ) ) {
  881. return $size_check;
  882. }
  883. $overrides = array(
  884. 'test_form' => false,
  885. );
  886. $sideloaded = wp_handle_sideload( $file_data, $overrides );
  887. if ( isset( $sideloaded['error'] ) ) {
  888. @unlink( $tmpfname );
  889. return new WP_Error(
  890. 'rest_upload_sideload_error',
  891. $sideloaded['error'],
  892. array( 'status' => 500 )
  893. );
  894. }
  895. return $sideloaded;
  896. }
  897. /**
  898. * Parses filename from a Content-Disposition header value.
  899. *
  900. * As per RFC6266:
  901. *
  902. * content-disposition = "Content-Disposition" ":"
  903. * disposition-type *( ";" disposition-parm )
  904. *
  905. * disposition-type = "inline" | "attachment" | disp-ext-type
  906. * ; case-insensitive
  907. * disp-ext-type = token
  908. *
  909. * disposition-parm = filename-parm | disp-ext-parm
  910. *
  911. * filename-parm = "filename" "=" value
  912. * | "filename*" "=" ext-value
  913. *
  914. * disp-ext-parm = token "=" value
  915. * | ext-token "=" ext-value
  916. * ext-token = <the characters in token, followed by "*">
  917. *
  918. * @since 4.7.0
  919. *
  920. * @link https://tools.ietf.org/html/rfc2388
  921. * @link https://tools.ietf.org/html/rfc6266
  922. *
  923. * @param string[] $disposition_header List of Content-Disposition header values.
  924. * @return string|null Filename if available, or null if not found.
  925. */
  926. public static function get_filename_from_disposition( $disposition_header ) {
  927. // Get the filename.
  928. $filename = null;
  929. foreach ( $disposition_header as $value ) {
  930. $value = trim( $value );
  931. if ( strpos( $value, ';' ) === false ) {
  932. continue;
  933. }
  934. list( $type, $attr_parts ) = explode( ';', $value, 2 );
  935. $attr_parts = explode( ';', $attr_parts );
  936. $attributes = array();
  937. foreach ( $attr_parts as $part ) {
  938. if ( strpos( $part, '=' ) === false ) {
  939. continue;
  940. }
  941. list( $key, $value ) = explode( '=', $part, 2 );
  942. $attributes[ trim( $key ) ] = trim( $value );
  943. }
  944. if ( empty( $attributes['filename'] ) ) {
  945. continue;
  946. }
  947. $filename = trim( $attributes['filename'] );
  948. // Unquote quoted filename, but after trimming.
  949. if ( substr( $filename, 0, 1 ) === '"' && substr( $filename, -1, 1 ) === '"' ) {
  950. $filename = substr( $filename, 1, -1 );
  951. }
  952. }
  953. return $filename;
  954. }
  955. /**
  956. * Retrieves the query params for collections of attachments.
  957. *
  958. * @since 4.7.0
  959. *
  960. * @return array Query parameters for the attachment collection as an array.
  961. */
  962. public function get_collection_params() {
  963. $params = parent::get_collection_params();
  964. $params['status']['default'] = 'inherit';
  965. $params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' );
  966. $media_types = $this->get_media_types();
  967. $params['media_type'] = array(
  968. 'default' => null,
  969. 'description' => __( 'Limit result set to attachments of a particular media type.' ),
  970. 'type' => 'string',
  971. 'enum' => array_keys( $media_types ),
  972. );
  973. $params['mime_type'] = array(
  974. 'default' => null,
  975. 'description' => __( 'Limit result set to attachments of a particular MIME type.' ),
  976. 'type' => 'string',
  977. );
  978. return $params;
  979. }
  980. /**
  981. * Handles an upload via multipart/form-data ($_FILES).
  982. *
  983. * @since 4.7.0
  984. *
  985. * @param array $files Data from the `$_FILES` superglobal.
  986. * @param array $headers HTTP headers from the request.
  987. * @return array|WP_Error Data from wp_handle_upload().
  988. */
  989. protected function upload_from_file( $files, $headers ) {
  990. if ( empty( $files ) ) {
  991. return new WP_Error(
  992. 'rest_upload_no_data',
  993. __( 'No data supplied.' ),
  994. array( 'status' => 400 )
  995. );
  996. }
  997. // Verify hash, if given.
  998. if ( ! empty( $headers['content_md5'] ) ) {
  999. $content_md5 = array_shift( $headers['content_md5'] );
  1000. $expected = trim( $content_md5 );
  1001. $actual = md5_file( $files['file']['tmp_name'] );
  1002. if ( $expected !== $actual ) {
  1003. return new WP_Error(
  1004. 'rest_upload_hash_mismatch',
  1005. __( 'Content hash did not match expected.' ),
  1006. array( 'status' => 412 )
  1007. );
  1008. }
  1009. }
  1010. // Pass off to WP to handle the actual upload.
  1011. $overrides = array(
  1012. 'test_form' => false,
  1013. );
  1014. // Bypasses is_uploaded_file() when running unit tests.
  1015. if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
  1016. $overrides['action'] = 'wp_handle_mock_upload';
  1017. }
  1018. $size_check = self::check_upload_size( $files['file'] );
  1019. if ( is_wp_error( $size_check ) ) {
  1020. return $size_check;
  1021. }
  1022. // Include filesystem functions to get access to wp_handle_upload().
  1023. require_once ABSPATH . 'wp-admin/includes/file.php';
  1024. $file = wp_handle_upload( $files['file'], $overrides );
  1025. if ( isset( $file['error'] ) ) {
  1026. return new WP_Error(
  1027. 'rest_upload_unknown_error',
  1028. $file['error'],
  1029. array( 'status' => 500 )
  1030. );
  1031. }
  1032. return $file;
  1033. }
  1034. /**
  1035. * Retrieves the supported media types.
  1036. *
  1037. * Media types are considered the MIME type category.
  1038. *
  1039. * @since 4.7.0
  1040. *
  1041. * @return array Array of supported media types.
  1042. */
  1043. protected function get_media_types() {
  1044. $media_types = array();
  1045. foreach ( get_allowed_mime_types() as $mime_type ) {
  1046. $parts = explode( '/', $mime_type );
  1047. if ( ! isset( $media_types[ $parts[0] ] ) ) {
  1048. $media_types[ $parts[0] ] = array();
  1049. }
  1050. $media_types[ $parts[0] ][] = $mime_type;
  1051. }
  1052. return $media_types;
  1053. }
  1054. /**
  1055. * Determine if uploaded file exceeds space quota on multisite.
  1056. *
  1057. * Replicates check_upload_size().
  1058. *
  1059. * @since 4.9.8
  1060. *
  1061. * @param array $file $_FILES array for a given file.
  1062. * @return true|WP_Error True if can upload, error for errors.
  1063. */
  1064. protected function check_upload_size( $file ) {
  1065. if ( ! is_multisite() ) {
  1066. return true;
  1067. }
  1068. if ( get_site_option( 'upload_space_check_disabled' ) ) {
  1069. return true;
  1070. }
  1071. $space_left = get_upload_space_available();
  1072. $file_size = filesize( $file['tmp_name'] );
  1073. if ( $space_left < $file_size ) {
  1074. return new WP_Error(
  1075. 'rest_upload_limited_space',
  1076. /* translators: %s: Required disk space in kilobytes. */
  1077. sprintf( __( 'Not enough space to upload. %s KB needed.' ), number_format( ( $file_size - $space_left ) / KB_IN_BYTES ) ),
  1078. array( 'status' => 400 )
  1079. );
  1080. }
  1081. if ( $file_size > ( KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ) ) ) {
  1082. return new WP_Error(
  1083. 'rest_upload_file_too_big',
  1084. /* translators: %s: Maximum allowed file size in kilobytes. */
  1085. sprintf( __( 'This file is too big. Files must be less than %s KB in size.' ), get_site_option( 'fileupload_maxk', 1500 ) ),
  1086. array( 'status' => 400 )
  1087. );
  1088. }
  1089. // Include multisite admin functions to get access to upload_is_user_over_quota().
  1090. require_once ABSPATH . 'wp-admin/includes/ms.php';
  1091. if ( upload_is_user_over_quota( false ) ) {
  1092. return new WP_Error(
  1093. 'rest_upload_user_quota_exceeded',
  1094. __( 'You have used your space quota. Please delete files before uploading.' ),
  1095. array( 'status' => 400 )
  1096. );
  1097. }
  1098. return true;
  1099. }
  1100. /**
  1101. * Gets the request args for the edit item route.
  1102. *
  1103. * @since 5.5.0
  1104. *
  1105. * @return array
  1106. */
  1107. protected function get_edit_media_item_args() {
  1108. return array(
  1109. 'src' => array(
  1110. 'description' => __( 'URL to the edited image file.' ),
  1111. 'type' => 'string',
  1112. 'format' => 'uri',
  1113. 'required' => true,
  1114. ),
  1115. 'modifiers' => array(
  1116. 'description' => __( 'Array of image edits.' ),
  1117. 'type' => 'array',
  1118. 'minItems' => 1,
  1119. 'items' => array(
  1120. 'description' => __( 'Image edit.' ),
  1121. 'type' => 'object',
  1122. 'required' => array(
  1123. 'type',
  1124. 'args',
  1125. ),
  1126. 'oneOf' => array(
  1127. array(
  1128. 'title' => __( 'Rotation' ),
  1129. 'properties' => array(
  1130. 'type' => array(
  1131. 'description' => __( 'Rotation type.' ),
  1132. 'type' => 'string',
  1133. 'enum' => array( 'rotate' ),
  1134. ),
  1135. 'args' => array(
  1136. 'description' => __( 'Rotation arguments.' ),
  1137. 'type' => 'object',
  1138. 'required' => array(
  1139. 'angle',
  1140. ),
  1141. 'properties' => array(
  1142. 'angle' => array(
  1143. 'description' => __( 'Angle to rotate clockwise in degrees.' ),
  1144. 'type' => 'number',
  1145. ),
  1146. ),
  1147. ),
  1148. ),
  1149. ),
  1150. array(
  1151. 'title' => __( 'Crop' ),
  1152. 'properties' => array(
  1153. 'type' => array(
  1154. 'description' => __( 'Crop type.' ),
  1155. 'type' => 'string',
  1156. 'enum' => array( 'crop' ),
  1157. ),
  1158. 'args' => array(
  1159. 'description' => __( 'Crop arguments.' ),
  1160. 'type' => 'object',
  1161. 'required' => array(
  1162. 'left',
  1163. 'top',
  1164. 'width',
  1165. 'height',
  1166. ),
  1167. 'properties' => array(
  1168. 'left' => array(
  1169. 'description' => __( 'Horizontal position from the left to begin the crop as a percentage of the image width.' ),
  1170. 'type' => 'number',
  1171. ),
  1172. 'top' => array(
  1173. 'description' => __( 'Vertical position from the top to begin the crop as a percentage of the image height.' ),
  1174. 'type' => 'number',
  1175. ),
  1176. 'width' => array(
  1177. 'description' => __( 'Width of the crop as a percentage of the image width.' ),
  1178. 'type' => 'number',
  1179. ),
  1180. 'height' => array(
  1181. 'description' => __( 'Height of the crop as a percentage of the image height.' ),
  1182. 'type' => 'number',
  1183. ),
  1184. ),
  1185. ),
  1186. ),
  1187. ),
  1188. ),
  1189. ),
  1190. ),
  1191. 'rotation' => array(
  1192. 'description' => __( 'The amount to rotate the image clockwise in degrees. DEPRECATED: Use `modifiers` instead.' ),
  1193. 'type' => 'integer',
  1194. 'minimum' => 0,
  1195. 'exclusiveMinimum' => true,
  1196. 'maximum' => 360,
  1197. 'exclusiveMaximum' => true,
  1198. ),
  1199. 'x' => array(
  1200. 'description' => __( 'As a percentage of the image, the x position to start the crop from. DEPRECATED: Use `modifiers` instead.' ),
  1201. 'type' => 'number',
  1202. 'minimum' => 0,
  1203. 'maximum' => 100,
  1204. ),
  1205. 'y' => array(
  1206. 'description' => __( 'As a percentage of the image, the y position to start the crop from. DEPRECATED: Use `modifiers` instead.' ),
  1207. 'type' => 'number',
  1208. 'minimum' => 0,
  1209. 'maximum' => 100,
  1210. ),
  1211. 'width' => array(
  1212. 'description' => __( 'As a percentage of the image, the width to crop the image to. DEPRECATED: Use `modifiers` instead.' ),
  1213. 'type' => 'number',
  1214. 'minimum' => 0,
  1215. 'maximum' => 100,
  1216. ),
  1217. 'height' => array(
  1218. 'description' => __( 'As a percentage of the image, the height to crop the image to. DEPRECATED: Use `modifiers` instead.' ),
  1219. 'type' => 'number',
  1220. 'minimum' => 0,
  1221. 'maximum' => 100,
  1222. ),
  1223. );
  1224. }
  1225. }