You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

103 lines
2.5 KiB

9 months ago
<?php
use MetaBox\Support\Arr;
class RWMB_Shortcode {
public function init() {
add_shortcode( 'rwmb_meta', [ $this, 'register_shortcode' ] );
}
public function register_shortcode( $atts ) {
$atts = wp_parse_args( $atts, [
'id' => '',
'object_id' => null,
'attribute' => '',
'render_shortcodes' => 'true',
] );
Arr::change_key( $atts, 'post_id', 'object_id' );
Arr::change_key( $atts, 'meta_key', 'id' );
if ( empty( $atts['id'] ) ) {
return '';
}
$field_id = $atts['id'];
$object_id = $atts['object_id'];
unset( $atts['id'], $atts['object_id'] );
$value = $this->get_value( $field_id, $object_id, $atts );
$value = 'true' === $atts['render_shortcodes'] ? do_shortcode( $value ) : $value;
$secure = apply_filters( 'rwmb_meta_shortcode_secure', true, $field_id, $atts, $object_id );
$secure = apply_filters( "rwmb_meta_shortcode_secure_{$field_id}", $secure, $atts, $object_id );
if ( $secure ) {
$value = wp_kses_post( $value );
}
return $value;
}
private function get_value( $field_id, $object_id, $atts ) {
// If we pass object_id via shortcode, we need to make sure current user
// has permission to view the object
if ( ! is_null ( $object_id ) ) {
$has_object_permission = $this->check_object_permission( $object_id, $atts );
if ( ! $has_object_permission ) {
return null;
}
}
$attribute = $atts['attribute'];
if ( ! $attribute ) {
return rwmb_the_value( $field_id, $atts, $object_id, false );
}
$value = rwmb_get_value( $field_id, $atts, $object_id );
if ( ! is_array( $value ) && ! is_object( $value ) ) {
return $value;
}
if ( is_object( $value ) ) {
return $value->$attribute;
}
if ( isset( $value[ $attribute ] ) ) {
return $value[ $attribute ];
}
$value = wp_list_pluck( $value, $attribute );
$value = implode( ',', array_filter( $value ) );
return $value;
}
private function check_object_permission( $object_id, $atts ) {
// Skip checking if object_type is not post
if ( isset( $atts['object_type'] ) && $atts['object_type'] !== 'post' ) {
return true;
}
$post = get_post( $object_id );
if ( ! $post ) {
return false;
}
// Skip checking if post status is publish AND no password is set
if ( 'publish' === $post->post_status && ! post_password_required( $post ) ) {
return true;
}
$object_type = get_post_type_object( $post->post_type );
if ( ! $object_type ) {
return false;
}
$read_post = $object_type->cap->read_post;
return current_user_can( $read_post, $object_id );
}
}