diff options
Diffstat (limited to 'plugins/jetpack/json-endpoints/class.wpcom-json-api-comment-endpoint.php')
| -rw-r--r-- | plugins/jetpack/json-endpoints/class.wpcom-json-api-comment-endpoint.php | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/plugins/jetpack/json-endpoints/class.wpcom-json-api-comment-endpoint.php b/plugins/jetpack/json-endpoints/class.wpcom-json-api-comment-endpoint.php new file mode 100644 index 00000000..20aee2b8 --- /dev/null +++ b/plugins/jetpack/json-endpoints/class.wpcom-json-api-comment-endpoint.php @@ -0,0 +1,207 @@ +<?php + + +abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint { + public $comment_object_format = array( + // explicitly document and cast all output + 'ID' => '(int) The comment ID.', + 'post' => "(object>post_reference) A reference to the comment's post.", + 'author' => '(object>author) The author of the comment.', + 'date' => "(ISO 8601 datetime) The comment's creation time.", + 'URL' => '(URL) The full permalink URL to the comment.', + 'short_URL' => '(URL) The wp.me short URL.', + 'content' => '(HTML) <code>context</code> dependent.', + 'raw_content' => '(string) Raw comment content.', + 'status' => array( + 'approved' => 'The comment has been approved.', + 'unapproved' => 'The comment has been held for review in the moderation queue.', + 'spam' => 'The comment has been marked as spam.', + 'trash' => 'The comment is in the trash.', + ), + 'parent' => "(object>comment_reference|false) A reference to the comment's parent, if it has one.", + 'type' => array( + 'comment' => 'The comment is a regular comment.', + 'trackback' => 'The comment is a trackback.', + 'pingback' => 'The comment is a pingback.', + 'review' => 'The comment is a product review.', + ), + 'like_count' => '(int) The number of likes for this comment.', + 'i_like' => '(bool) Does the current user like this comment?', + 'meta' => '(object) Meta data', + 'can_moderate' => '(bool) Whether current user can moderate the comment.', + ); + + // public $response_format =& $this->comment_object_format; + + function __construct( $args ) { + if ( !$this->response_format ) { + $this->response_format =& $this->comment_object_format; + } + parent::__construct( $args ); + } + + function get_comment( $comment_id, $context ) { + global $blog_id; + + $comment = get_comment( $comment_id ); + if ( !$comment || is_wp_error( $comment ) ) { + return new WP_Error( 'unknown_comment', 'Unknown comment', 404 ); + } + + $types = array( '', 'comment', 'pingback', 'trackback', 'review' ); + if ( !in_array( $comment->comment_type, $types ) ) { + return new WP_Error( 'unknown_comment', 'Unknown comment', 404 ); + } + + $post = get_post( $comment->comment_post_ID ); + if ( !$post || is_wp_error( $post ) ) { + return new WP_Error( 'unknown_post', 'Unknown post', 404 ); + } + + $status = wp_get_comment_status( $comment->comment_ID ); + + // Permissions + switch ( $context ) { + case 'edit' : + if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) { + return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 ); + } + + $GLOBALS['post'] = $post; + $comment = get_comment_to_edit( $comment->comment_ID ); + foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) { + $comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES ); + } + break; + case 'display' : + if ( 'approved' !== $status ) { + $current_user_id = get_current_user_id(); + $user_can_read_comment = false; + if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) { + $user_can_read_comment = true; + } elseif ( + $comment->comment_author_email && $comment->comment_author + && + isset( $this->api->token_details['user'] ) + && + isset( $this->api->token_details['user']['user_email'] ) + && + $this->api->token_details['user']['user_email'] === $comment->comment_author_email + && + $this->api->token_details['user']['display_name'] === $comment->comment_author + ) { + $user_can_read_comment = true; + } else { + $user_can_read_comment = current_user_can( 'edit_posts' ); + } + + if ( !$user_can_read_comment ) { + return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 ); + } + } + + $GLOBALS['post'] = $post; + setup_postdata( $post ); + break; + default : + return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 ); + } + + $can_view = $this->user_can_view_post( $post->ID ); + if ( !$can_view || is_wp_error( $can_view ) ) { + return $can_view; + } + + $GLOBALS['comment'] = $comment; + $response = array(); + + foreach ( array_keys( $this->comment_object_format ) as $key ) { + switch ( $key ) { + case 'ID' : + // explicitly cast all output + $response[$key] = (int) $comment->comment_ID; + break; + case 'post' : + $response[$key] = (object) array( + 'ID' => (int) $post->ID, + 'title' => (string) get_the_title( $post->ID ), + 'type' => (string) $post->post_type, + 'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ), + ); + break; + case 'author' : + $response[$key] = (object) $this->get_author( $comment, current_user_can( 'edit_comment', $comment->comment_ID ) ); + break; + case 'date' : + $response[$key] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date ); + break; + case 'URL' : + $response[$key] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) ); + break; + case 'short_URL' : + // @todo - pagination + $response[$key] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" ); + break; + case 'content' : + if ( 'display' === $context ) { + ob_start(); + comment_text(); + $response[$key] = (string) ob_get_clean(); + } else { + $response[$key] = (string) $comment->comment_content; + } + break; + case 'raw_content': + $response[$key] = (string) $comment->comment_content; + break; + case 'status' : + $response[$key] = (string) $status; + break; + case 'parent' : // (object|false) + if ( $comment->comment_parent ) { + $parent = get_comment( $comment->comment_parent ); + $response[$key] = (object) array( + 'ID' => (int) $parent->comment_ID, + 'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ), + 'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ), + ); + } else { + $response[$key] = false; + } + break; + case 'type' : + $response[$key] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' ); + break; + case 'like_count' : + if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { + $response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID ); + } + break; + case 'i_like' : + if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { + $response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID ); + } + break; + case 'meta' : + $response[$key] = (object) array( + 'links' => (object) array( + 'self' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ), + 'help' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ), + 'site' => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ), + 'post' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ), + 'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ), + 'likes' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ), + ), + ); + break; + case 'can_moderate': + $response[ $key ] = (bool) current_user_can( 'edit_comment', $comment_id ); + break; + } + } + + unset( $GLOBALS['comment'], $GLOBALS['post'] ); + return $response; + } +} + |