[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

Search

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-attachments-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Attachments_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core controller used to access attachments via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Posts_Controller
  16   */
  17  class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller {
  18  
  19      /**
  20       * Whether the controller supports batching.
  21       *
  22       * @since 5.9.0
  23       * @var false
  24       */
  25      protected $allow_batch = false;
  26  
  27      /**
  28       * Registers the routes for attachments.
  29       *
  30       * @since 5.3.0
  31       *
  32       * @see register_rest_route()
  33       */
  34  	public function register_routes() {
  35          parent::register_routes();
  36          register_rest_route(
  37              $this->namespace,
  38              '/' . $this->rest_base . '/(?P<id>[\d]+)/post-process',
  39              array(
  40                  'methods'             => WP_REST_Server::CREATABLE,
  41                  'callback'            => array( $this, 'post_process_item' ),
  42                  'permission_callback' => array( $this, 'post_process_item_permissions_check' ),
  43                  'args'                => array(
  44                      'id'     => array(
  45                          'description' => __( 'Unique identifier for the attachment.' ),
  46                          'type'        => 'integer',
  47                      ),
  48                      'action' => array(
  49                          'type'     => 'string',
  50                          'enum'     => array( 'create-image-subsizes' ),
  51                          'required' => true,
  52                      ),
  53                  ),
  54              )
  55          );
  56          register_rest_route(
  57              $this->namespace,
  58              '/' . $this->rest_base . '/(?P<id>[\d]+)/edit',
  59              array(
  60                  'methods'             => WP_REST_Server::CREATABLE,
  61                  'callback'            => array( $this, 'edit_media_item' ),
  62                  'permission_callback' => array( $this, 'edit_media_item_permissions_check' ),
  63                  'args'                => $this->get_edit_media_item_args(),
  64              )
  65          );
  66      }
  67  
  68      /**
  69       * Determines the allowed query_vars for a get_items() response and
  70       * prepares for WP_Query.
  71       *
  72       * @since 4.7.0
  73       *
  74       * @param array           $prepared_args Optional. Array of prepared arguments. Default empty array.
  75       * @param WP_REST_Request $request       Optional. Request to prepare items for.
  76       * @return array Array of query arguments.
  77       */
  78  	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
  79          $query_args = parent::prepare_items_query( $prepared_args, $request );
  80  
  81          if ( empty( $query_args['post_status'] ) ) {
  82              $query_args['post_status'] = 'inherit';
  83          }
  84  
  85          $media_types = $this->get_media_types();
  86  
  87          if ( ! empty( $request['media_type'] ) && isset( $media_types[ $request['media_type'] ] ) ) {
  88              $query_args['post_mime_type'] = $media_types[ $request['media_type'] ];
  89          }
  90  
  91          if ( ! empty( $request['mime_type'] ) ) {
  92              $parts = explode( '/', $request['mime_type'] );
  93              if ( isset( $media_types[ $parts[0] ] ) && in_array( $request['mime_type'], $media_types[ $parts[0] ], true ) ) {
  94                  $query_args['post_mime_type'] = $request['mime_type'];
  95              }
  96          }
  97  
  98          // Filter query clauses to include filenames.
  99          if ( isset( $query_args['s'] ) ) {
 100              add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' );
 101          }
 102  
 103          return $query_args;
 104      }
 105  
 106      /**
 107       * Checks if a given request has access to create an attachment.
 108       *
 109       * @since 4.7.0
 110       *
 111       * @param WP_REST_Request $request Full details about the request.
 112       * @return true|WP_Error Boolean true if the attachment may be created, or a WP_Error if not.
 113       */
 114  	public function create_item_permissions_check( $request ) {
 115          $ret = parent::create_item_permissions_check( $request );
 116  
 117          if ( ! $ret || is_wp_error( $ret ) ) {
 118              return $ret;
 119          }
 120  
 121          if ( ! current_user_can( 'upload_files' ) ) {
 122              return new WP_Error(
 123                  'rest_cannot_create',
 124                  __( 'Sorry, you are not allowed to upload media on this site.' ),
 125                  array( 'status' => 400 )
 126              );
 127          }
 128  
 129          // Attaching media to a post requires ability to edit said post.
 130          if ( ! empty( $request['post'] ) && ! current_user_can( 'edit_post', (int) $request['post'] ) ) {
 131              return new WP_Error(
 132                  'rest_cannot_edit',
 133                  __( 'Sorry, you are not allowed to upload media to this post.' ),
 134                  array( 'status' => rest_authorization_required_code() )
 135              );
 136          }
 137          $files = $request->get_file_params();
 138  
 139          /**
 140           * Filter whether the server should prevent uploads for image types it doesn't support. Default true.
 141           *
 142           * Developers can use this filter to enable uploads of certain image types. By default image types that are not
 143           * supported by the server are prevented from being uploaded.
 144           *
 145           * @since 6.8.0
 146           *
 147           * @param bool        $check_mime Whether to prevent uploads of unsupported image types.
 148           * @param string|null $mime_type  The mime type of the file being uploaded (if available).
 149           */
 150          $prevent_unsupported_uploads = apply_filters( 'wp_prevent_unsupported_mime_type_uploads', true, isset( $files['file']['type'] ) ? $files['file']['type'] : null );
 151  
 152          // If the upload is an image, check if the server can handle the mime type.
 153          if (
 154              $prevent_unsupported_uploads &&
 155              isset( $files['file']['type'] ) &&
 156              str_starts_with( $files['file']['type'], 'image/' )
 157          ) {
 158              // List of non-resizable image formats.
 159              $editor_non_resizable_formats = array(
 160                  'image/svg+xml',
 161              );
 162  
 163              // Check if the image editor supports the type or ignore if it isn't a format resizable by an editor.
 164              if (
 165                  ! in_array( $files['file']['type'], $editor_non_resizable_formats, true ) &&
 166                  ! wp_image_editor_supports( array( 'mime_type' => $files['file']['type'] ) )
 167              ) {
 168                  return new WP_Error(
 169                      'rest_upload_image_type_not_supported',
 170                      __( 'The web server cannot generate responsive image sizes for this image. Convert it to JPEG or PNG before uploading.' ),
 171                      array( 'status' => 400 )
 172                  );
 173              }
 174          }
 175  
 176          return true;
 177      }
 178  
 179      /**
 180       * Creates a single attachment.
 181       *
 182       * @since 4.7.0
 183       *
 184       * @param WP_REST_Request $request Full details about the request.
 185       * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
 186       */
 187  	public function create_item( $request ) {
 188          if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) {
 189              return new WP_Error(
 190                  'rest_invalid_param',
 191                  __( 'Invalid parent type.' ),
 192                  array( 'status' => 400 )
 193              );
 194          }
 195  
 196          $insert = $this->insert_attachment( $request );
 197  
 198          if ( is_wp_error( $insert ) ) {
 199              return $insert;
 200          }
 201  
 202          $schema = $this->get_item_schema();
 203  
 204          // Extract by name.
 205          $attachment_id = $insert['attachment_id'];
 206          $file          = $insert['file'];
 207  
 208          if ( isset( $request['alt_text'] ) ) {
 209              update_post_meta( $attachment_id, '_wp_attachment_image_alt', sanitize_text_field( $request['alt_text'] ) );
 210          }
 211  
 212          if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) {
 213              $thumbnail_update = $this->handle_featured_media( $request['featured_media'], $attachment_id );
 214  
 215              if ( is_wp_error( $thumbnail_update ) ) {
 216                  return $thumbnail_update;
 217              }
 218          }
 219  
 220          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 221              $meta_update = $this->meta->update_value( $request['meta'], $attachment_id );
 222  
 223              if ( is_wp_error( $meta_update ) ) {
 224                  return $meta_update;
 225              }
 226          }
 227  
 228          $attachment    = get_post( $attachment_id );
 229          $fields_update = $this->update_additional_fields_for_object( $attachment, $request );
 230  
 231          if ( is_wp_error( $fields_update ) ) {
 232              return $fields_update;
 233          }
 234  
 235          $terms_update = $this->handle_terms( $attachment_id, $request );
 236  
 237          if ( is_wp_error( $terms_update ) ) {
 238              return $terms_update;
 239          }
 240  
 241          $request->set_param( 'context', 'edit' );
 242  
 243          /**
 244           * Fires after a single attachment is completely created or updated via the REST API.
 245           *
 246           * @since 5.0.0
 247           *
 248           * @param WP_Post         $attachment Inserted or updated attachment object.
 249           * @param WP_REST_Request $request    Request object.
 250           * @param bool            $creating   True when creating an attachment, false when updating.
 251           */
 252          do_action( 'rest_after_insert_attachment', $attachment, $request, true );
 253  
 254          wp_after_insert_post( $attachment, false, null );
 255  
 256          if ( wp_is_serving_rest_request() ) {
 257              /*
 258               * Set a custom header with the attachment_id.
 259               * Used by the browser/client to resume creating image sub-sizes after a PHP fatal error.
 260               */
 261              header( 'X-WP-Upload-Attachment-ID: ' . $attachment_id );
 262          }
 263  
 264          // Include media and image functions to get access to wp_generate_attachment_metadata().
 265          require_once  ABSPATH . 'wp-admin/includes/media.php';
 266          require_once  ABSPATH . 'wp-admin/includes/image.php';
 267  
 268          /*
 269           * Post-process the upload (create image sub-sizes, make PDF thumbnails, etc.) and insert attachment meta.
 270           * At this point the server may run out of resources and post-processing of uploaded images may fail.
 271           */
 272          wp_update_attachment_metadata( $attachment_id, wp_generate_attachment_metadata( $attachment_id, $file ) );
 273  
 274          $response = $this->prepare_item_for_response( $attachment, $request );
 275          $response = rest_ensure_response( $response );
 276          $response->set_status( 201 );
 277          $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $attachment_id ) ) );
 278  
 279          return $response;
 280      }
 281  
 282      /**
 283       * Inserts the attachment post in the database. Does not update the attachment meta.
 284       *
 285       * @since 5.3.0
 286       *
 287       * @param WP_REST_Request $request
 288       * @return array|WP_Error
 289       */
 290  	protected function insert_attachment( $request ) {
 291          // Get the file via $_FILES or raw data.
 292          $files   = $request->get_file_params();
 293          $headers = $request->get_headers();
 294  
 295          $time = null;
 296  
 297          // Matches logic in media_handle_upload().
 298          if ( ! empty( $request['post'] ) ) {
 299              $post = get_post( $request['post'] );
 300              // The post date doesn't usually matter for pages, so don't backdate this upload.
 301              if ( $post && 'page' !== $post->post_type && substr( $post->post_date, 0, 4 ) > 0 ) {
 302                  $time = $post->post_date;
 303              }
 304          }
 305  
 306          if ( ! empty( $files ) ) {
 307              $file = $this->upload_from_file( $files, $headers, $time );
 308          } else {
 309              $file = $this->upload_from_data( $request->get_body(), $headers, $time );
 310          }
 311  
 312          if ( is_wp_error( $file ) ) {
 313              return $file;
 314          }
 315  
 316          $name       = wp_basename( $file['file'] );
 317          $name_parts = pathinfo( $name );
 318          $name       = trim( substr( $name, 0, -( 1 + strlen( $name_parts['extension'] ) ) ) );
 319  
 320          $url  = $file['url'];
 321          $type = $file['type'];
 322          $file = $file['file'];
 323  
 324          // Include image functions to get access to wp_read_image_metadata().
 325          require_once  ABSPATH . 'wp-admin/includes/image.php';
 326  
 327          // Use image exif/iptc data for title and caption defaults if possible.
 328          $image_meta = wp_read_image_metadata( $file );
 329  
 330          if ( ! empty( $image_meta ) ) {
 331              if ( empty( $request['title'] ) && trim( $image_meta['title'] ) && ! is_numeric( sanitize_title( $image_meta['title'] ) ) ) {
 332                  $request['title'] = $image_meta['title'];
 333              }
 334  
 335              if ( empty( $request['caption'] ) && trim( $image_meta['caption'] ) ) {
 336                  $request['caption'] = $image_meta['caption'];
 337              }
 338          }
 339  
 340          $attachment = $this->prepare_item_for_database( $request );
 341  
 342          $attachment->post_mime_type = $type;
 343          $attachment->guid           = $url;
 344  
 345          // If the title was not set, use the original filename.
 346          if ( empty( $attachment->post_title ) && ! empty( $files['file']['name'] ) ) {
 347              // Remove the file extension (after the last `.`)
 348              $tmp_title = substr( $files['file']['name'], 0, strrpos( $files['file']['name'], '.' ) );
 349  
 350              if ( ! empty( $tmp_title ) ) {
 351                  $attachment->post_title = $tmp_title;
 352              }
 353          }
 354  
 355          // Fall back to the original approach.
 356          if ( empty( $attachment->post_title ) ) {
 357              $attachment->post_title = preg_replace( '/\.[^.]+$/', '', wp_basename( $file ) );
 358          }
 359  
 360          // $post_parent is inherited from $attachment['post_parent'].
 361          $id = wp_insert_attachment( wp_slash( (array) $attachment ), $file, 0, true, false );
 362  
 363          if ( is_wp_error( $id ) ) {
 364              if ( 'db_update_error' === $id->get_error_code() ) {
 365                  $id->add_data( array( 'status' => 500 ) );
 366              } else {
 367                  $id->add_data( array( 'status' => 400 ) );
 368              }
 369  
 370              return $id;
 371          }
 372  
 373          $attachment = get_post( $id );
 374  
 375          /**
 376           * Fires after a single attachment is created or updated via the REST API.
 377           *
 378           * @since 4.7.0
 379           *
 380           * @param WP_Post         $attachment Inserted or updated attachment object.
 381           * @param WP_REST_Request $request    The request sent to the API.
 382           * @param bool            $creating   True when creating an attachment, false when updating.
 383           */
 384          do_action( 'rest_insert_attachment', $attachment, $request, true );
 385  
 386          return array(
 387              'attachment_id' => $id,
 388              'file'          => $file,
 389          );
 390      }
 391  
 392      /**
 393       * Determines the featured media based on a request param.
 394       *
 395       * @since 6.5.0
 396       *
 397       * @param int $featured_media Featured Media ID.
 398       * @param int $post_id        Post ID.
 399       * @return bool|WP_Error Whether the post thumbnail was successfully deleted, otherwise WP_Error.
 400       */
 401  	protected function handle_featured_media( $featured_media, $post_id ) {
 402          $post_type         = get_post_type( $post_id );
 403          $thumbnail_support = current_theme_supports( 'post-thumbnails', $post_type ) && post_type_supports( $post_type, 'thumbnail' );
 404  
 405          // Similar check as in wp_insert_post().
 406          if ( ! $thumbnail_support && get_post_mime_type( $post_id ) ) {
 407              if ( wp_attachment_is( 'audio', $post_id ) ) {
 408                  $thumbnail_support = post_type_supports( 'attachment:audio', 'thumbnail' ) || current_theme_supports( 'post-thumbnails', 'attachment:audio' );
 409              } elseif ( wp_attachment_is( 'video', $post_id ) ) {
 410                  $thumbnail_support = post_type_supports( 'attachment:video', 'thumbnail' ) || current_theme_supports( 'post-thumbnails', 'attachment:video' );
 411              }
 412          }
 413  
 414          if ( $thumbnail_support ) {
 415              return parent::handle_featured_media( $featured_media, $post_id );
 416          }
 417  
 418          return new WP_Error(
 419              'rest_no_featured_media',
 420              sprintf(
 421                  /* translators: %s: attachment mime type */
 422                  __( 'This site does not support post thumbnails on attachments with MIME type %s.' ),
 423                  get_post_mime_type( $post_id )
 424              ),
 425              array( 'status' => 400 )
 426          );
 427      }
 428  
 429      /**
 430       * Updates a single attachment.
 431       *
 432       * @since 4.7.0
 433       *
 434       * @param WP_REST_Request $request Full details about the request.
 435       * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
 436       */
 437  	public function update_item( $request ) {
 438          if ( ! empty( $request['post'] ) && in_array( get_post_type( $request['post'] ), array( 'revision', 'attachment' ), true ) ) {
 439              return new WP_Error(
 440                  'rest_invalid_param',
 441                  __( 'Invalid parent type.' ),
 442                  array( 'status' => 400 )
 443              );
 444          }
 445  
 446          $attachment_before = get_post( $request['id'] );
 447          $response          = parent::update_item( $request );
 448  
 449          if ( is_wp_error( $response ) ) {
 450              return $response;
 451          }
 452  
 453          $response = rest_ensure_response( $response );
 454          $data     = $response->get_data();
 455  
 456          if ( isset( $request['alt_text'] ) ) {
 457              update_post_meta( $data['id'], '_wp_attachment_image_alt', $request['alt_text'] );
 458          }
 459  
 460          $attachment = get_post( $request['id'] );
 461  
 462          if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) {
 463              $thumbnail_update = $this->handle_featured_media( $request['featured_media'], $attachment->ID );
 464  
 465              if ( is_wp_error( $thumbnail_update ) ) {
 466                  return $thumbnail_update;
 467              }
 468          }
 469  
 470          $fields_update = $this->update_additional_fields_for_object( $attachment, $request );
 471  
 472          if ( is_wp_error( $fields_update ) ) {
 473              return $fields_update;
 474          }
 475  
 476          $request->set_param( 'context', 'edit' );
 477  
 478          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php */
 479          do_action( 'rest_after_insert_attachment', $attachment, $request, false );
 480  
 481          wp_after_insert_post( $attachment, true, $attachment_before );
 482  
 483          $response = $this->prepare_item_for_response( $attachment, $request );
 484          $response = rest_ensure_response( $response );
 485  
 486          return $response;
 487      }
 488  
 489      /**
 490       * Performs post-processing on an attachment.
 491       *
 492       * @since 5.3.0
 493       *
 494       * @param WP_REST_Request $request Full details about the request.
 495       * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
 496       */
 497  	public function post_process_item( $request ) {
 498          switch ( $request['action'] ) {
 499              case 'create-image-subsizes':
 500                  require_once  ABSPATH . 'wp-admin/includes/image.php';
 501                  wp_update_image_subsizes( $request['id'] );
 502                  break;
 503          }
 504  
 505          $request['context'] = 'edit';
 506  
 507          return $this->prepare_item_for_response( get_post( $request['id'] ), $request );
 508      }
 509  
 510      /**
 511       * Checks if a given request can perform post-processing on an attachment.
 512       *
 513       * @since 5.3.0
 514       *
 515       * @param WP_REST_Request $request Full details about the request.
 516       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 517       */
 518  	public function post_process_item_permissions_check( $request ) {
 519          return $this->update_item_permissions_check( $request );
 520      }
 521  
 522      /**
 523       * Checks if a given request has access to editing media.
 524       *
 525       * @since 5.5.0
 526       *
 527       * @param WP_REST_Request $request Full details about the request.
 528       * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
 529       */
 530  	public function edit_media_item_permissions_check( $request ) {
 531          if ( ! current_user_can( 'upload_files' ) ) {
 532              return new WP_Error(
 533                  'rest_cannot_edit_image',
 534                  __( 'Sorry, you are not allowed to upload media on this site.' ),
 535                  array( 'status' => rest_authorization_required_code() )
 536              );
 537          }
 538  
 539          return $this->update_item_permissions_check( $request );
 540      }
 541  
 542      /**
 543       * Applies edits to a media item and creates a new attachment record.
 544       *
 545       * @since 5.5.0
 546       *
 547       * @param WP_REST_Request $request Full details about the request.
 548       * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure.
 549       */
 550  	public function edit_media_item( $request ) {
 551          require_once  ABSPATH . 'wp-admin/includes/image.php';
 552  
 553          $attachment_id = $request['id'];
 554  
 555          // This also confirms the attachment is an image.
 556          $image_file = wp_get_original_image_path( $attachment_id );
 557          $image_meta = wp_get_attachment_metadata( $attachment_id );
 558  
 559          if (
 560              ! $image_meta ||
 561              ! $image_file ||
 562              ! wp_image_file_matches_image_meta( $request['src'], $image_meta, $attachment_id )
 563          ) {
 564              return new WP_Error(
 565                  'rest_unknown_attachment',
 566                  __( 'Unable to get meta information for file.' ),
 567                  array( 'status' => 404 )
 568              );
 569          }
 570  
 571          $supported_types = array( 'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/avif', 'image/heic' );
 572          $mime_type       = get_post_mime_type( $attachment_id );
 573          if ( ! in_array( $mime_type, $supported_types, true ) ) {
 574              return new WP_Error(
 575                  'rest_cannot_edit_file_type',
 576                  __( 'This type of file cannot be edited.' ),
 577                  array( 'status' => 400 )
 578              );
 579          }
 580  
 581          // The `modifiers` param takes precedence over the older format.
 582          if ( isset( $request['modifiers'] ) ) {
 583              $modifiers = $request['modifiers'];
 584          } else {
 585              $modifiers = array();
 586  
 587              if ( ! empty( $request['rotation'] ) ) {
 588                  $modifiers[] = array(
 589                      'type' => 'rotate',
 590                      'args' => array(
 591                          'angle' => $request['rotation'],
 592                      ),
 593                  );
 594              }
 595  
 596              if ( isset( $request['x'], $request['y'], $request['width'], $request['height'] ) ) {
 597                  $modifiers[] = array(
 598                      'type' => 'crop',
 599                      'args' => array(
 600                          'left'   => $request['x'],
 601                          'top'    => $request['y'],
 602                          'width'  => $request['width'],
 603                          'height' => $request['height'],
 604                      ),
 605                  );
 606              }
 607  
 608              if ( 0 === count( $modifiers ) ) {
 609                  return new WP_Error(
 610                      'rest_image_not_edited',
 611                      __( 'The image was not edited. Edit the image before applying the changes.' ),
 612                      array( 'status' => 400 )
 613                  );
 614              }
 615          }
 616  
 617          /*
 618           * If the file doesn't exist, attempt a URL fopen on the src link.
 619           * This can occur with certain file replication plugins.
 620           * Keep the original file path to get a modified name later.
 621           */
 622          $image_file_to_edit = $image_file;
 623          if ( ! file_exists( $image_file_to_edit ) ) {
 624              $image_file_to_edit = _load_image_to_edit_path( $attachment_id );
 625          }
 626  
 627          $image_editor = wp_get_image_editor( $image_file_to_edit );
 628  
 629          if ( is_wp_error( $image_editor ) ) {
 630              return new WP_Error(
 631                  'rest_unknown_image_file_type',
 632                  __( 'Unable to edit this image.' ),
 633                  array( 'status' => 500 )
 634              );
 635          }
 636  
 637          foreach ( $modifiers as $modifier ) {
 638              $args = $modifier['args'];
 639              switch ( $modifier['type'] ) {
 640                  case 'rotate':
 641                      // Rotation direction: clockwise vs. counterclockwise.
 642                      $rotate = 0 - $args['angle'];
 643  
 644                      if ( 0 !== $rotate ) {
 645                          $result = $image_editor->rotate( $rotate );
 646  
 647                          if ( is_wp_error( $result ) ) {
 648                              return new WP_Error(
 649                                  'rest_image_rotation_failed',
 650                                  __( 'Unable to rotate this image.' ),
 651                                  array( 'status' => 500 )
 652                              );
 653                          }
 654                      }
 655  
 656                      break;
 657  
 658                  case 'crop':
 659                      $size = $image_editor->get_size();
 660  
 661                      $crop_x = (int) round( ( $size['width'] * $args['left'] ) / 100.0 );
 662                      $crop_y = (int) round( ( $size['height'] * $args['top'] ) / 100.0 );
 663                      $width  = (int) round( ( $size['width'] * $args['width'] ) / 100.0 );
 664                      $height = (int) round( ( $size['height'] * $args['height'] ) / 100.0 );
 665  
 666                      if ( $size['width'] !== $width || $size['height'] !== $height ) {
 667                          $result = $image_editor->crop( $crop_x, $crop_y, $width, $height );
 668  
 669                          if ( is_wp_error( $result ) ) {
 670                              return new WP_Error(
 671                                  'rest_image_crop_failed',
 672                                  __( 'Unable to crop this image.' ),
 673                                  array( 'status' => 500 )
 674                              );
 675                          }
 676                      }
 677  
 678                      break;
 679  
 680              }
 681          }
 682  
 683          // Calculate the file name.
 684          $image_ext  = pathinfo( $image_file, PATHINFO_EXTENSION );
 685          $image_name = wp_basename( $image_file, ".{$image_ext}" );
 686  
 687          /*
 688           * Do not append multiple `-edited` to the file name.
 689           * The user may be editing a previously edited image.
 690           */
 691          if ( preg_match( '/-edited(-\d+)?$/', $image_name ) ) {
 692              // Remove any `-1`, `-2`, etc. `wp_unique_filename()` will add the proper number.
 693              $image_name = preg_replace( '/-edited(-\d+)?$/', '-edited', $image_name );
 694          } else {
 695              // Append `-edited` before the extension.
 696              $image_name .= '-edited';
 697          }
 698  
 699          $filename = "{$image_name}.{$image_ext}";
 700  
 701          // Create the uploads subdirectory if needed.
 702          $uploads = wp_upload_dir();
 703  
 704          // Make the file name unique in the (new) upload directory.
 705          $filename = wp_unique_filename( $uploads['path'], $filename );
 706  
 707          // Save to disk.
 708          $saved = $image_editor->save( $uploads['path'] . "/$filename" );
 709  
 710          if ( is_wp_error( $saved ) ) {
 711              return $saved;
 712          }
 713  
 714          // Create new attachment post.
 715          $new_attachment_post = array(
 716              'post_mime_type' => $saved['mime-type'],
 717              'guid'           => $uploads['url'] . "/$filename",
 718              'post_title'     => $image_name,
 719              'post_content'   => '',
 720          );
 721  
 722          // Copy post_content, post_excerpt, and post_title from the edited image's attachment post.
 723          $attachment_post = get_post( $attachment_id );
 724  
 725          if ( $attachment_post ) {
 726              $new_attachment_post['post_content'] = $attachment_post->post_content;
 727              $new_attachment_post['post_excerpt'] = $attachment_post->post_excerpt;
 728              $new_attachment_post['post_title']   = $attachment_post->post_title;
 729          }
 730  
 731          $new_attachment_id = wp_insert_attachment( wp_slash( $new_attachment_post ), $saved['path'], 0, true );
 732  
 733          if ( is_wp_error( $new_attachment_id ) ) {
 734              if ( 'db_update_error' === $new_attachment_id->get_error_code() ) {
 735                  $new_attachment_id->add_data( array( 'status' => 500 ) );
 736              } else {
 737                  $new_attachment_id->add_data( array( 'status' => 400 ) );
 738              }
 739  
 740              return $new_attachment_id;
 741          }
 742  
 743          // Copy the image alt text from the edited image.
 744          $image_alt = get_post_meta( $attachment_id, '_wp_attachment_image_alt', true );
 745  
 746          if ( ! empty( $image_alt ) ) {
 747              // update_post_meta() expects slashed.
 748              update_post_meta( $new_attachment_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
 749          }
 750  
 751          if ( wp_is_serving_rest_request() ) {
 752              /*
 753               * Set a custom header with the attachment_id.
 754               * Used by the browser/client to resume creating image sub-sizes after a PHP fatal error.
 755               */
 756              header( 'X-WP-Upload-Attachment-ID: ' . $new_attachment_id );
 757          }
 758  
 759          // Generate image sub-sizes and meta.
 760          $new_image_meta = wp_generate_attachment_metadata( $new_attachment_id, $saved['path'] );
 761  
 762          // Copy the EXIF metadata from the original attachment if not generated for the edited image.
 763          if ( isset( $image_meta['image_meta'] ) && isset( $new_image_meta['image_meta'] ) && is_array( $new_image_meta['image_meta'] ) ) {
 764              // Merge but skip empty values.
 765              foreach ( (array) $image_meta['image_meta'] as $key => $value ) {
 766                  if ( empty( $new_image_meta['image_meta'][ $key ] ) && ! empty( $value ) ) {
 767                      $new_image_meta['image_meta'][ $key ] = $value;
 768                  }
 769              }
 770          }
 771  
 772          // Reset orientation. At this point the image is edited and orientation is correct.
 773          if ( ! empty( $new_image_meta['image_meta']['orientation'] ) ) {
 774              $new_image_meta['image_meta']['orientation'] = 1;
 775          }
 776  
 777          // The attachment_id may change if the site is exported and imported.
 778          $new_image_meta['parent_image'] = array(
 779              'attachment_id' => $attachment_id,
 780              // Path to the originally uploaded image file relative to the uploads directory.
 781              'file'          => _wp_relative_upload_path( $image_file ),
 782          );
 783  
 784          /**
 785           * Filters the meta data for the new image created by editing an existing image.
 786           *
 787           * @since 5.5.0
 788           *
 789           * @param array $new_image_meta    Meta data for the new image.
 790           * @param int   $new_attachment_id Attachment post ID for the new image.
 791           * @param int   $attachment_id     Attachment post ID for the edited (parent) image.
 792           */
 793          $new_image_meta = apply_filters( 'wp_edited_image_metadata', $new_image_meta, $new_attachment_id, $attachment_id );
 794  
 795          wp_update_attachment_metadata( $new_attachment_id, $new_image_meta );
 796  
 797          $response = $this->prepare_item_for_response( get_post( $new_attachment_id ), $request );
 798          $response->set_status( 201 );
 799          $response->header( 'Location', rest_url( sprintf( '%s/%s/%s', $this->namespace, $this->rest_base, $new_attachment_id ) ) );
 800  
 801          return $response;
 802      }
 803  
 804      /**
 805       * Prepares a single attachment for create or update.
 806       *
 807       * @since 4.7.0
 808       *
 809       * @param WP_REST_Request $request Request object.
 810       * @return stdClass|WP_Error Post object.
 811       */
 812  	protected function prepare_item_for_database( $request ) {
 813          $prepared_attachment = parent::prepare_item_for_database( $request );
 814  
 815          // Attachment caption (post_excerpt internally).
 816          if ( isset( $request['caption'] ) ) {
 817              if ( is_string( $request['caption'] ) ) {
 818                  $prepared_attachment->post_excerpt = $request['caption'];
 819              } elseif ( isset( $request['caption']['raw'] ) ) {
 820                  $prepared_attachment->post_excerpt = $request['caption']['raw'];
 821              }
 822          }
 823  
 824          // Attachment description (post_content internally).
 825          if ( isset( $request['description'] ) ) {
 826              if ( is_string( $request['description'] ) ) {
 827                  $prepared_attachment->post_content = $request['description'];
 828              } elseif ( isset( $request['description']['raw'] ) ) {
 829                  $prepared_attachment->post_content = $request['description']['raw'];
 830              }
 831          }
 832  
 833          if ( isset( $request['post'] ) ) {
 834              $prepared_attachment->post_parent = (int) $request['post'];
 835          }
 836  
 837          return $prepared_attachment;
 838      }
 839  
 840      /**
 841       * Prepares a single attachment output for response.
 842       *
 843       * @since 4.7.0
 844       * @since 5.9.0 Renamed `$post` to `$item` to match parent class for PHP 8 named parameter support.
 845       *
 846       * @param WP_Post         $item    Attachment object.
 847       * @param WP_REST_Request $request Request object.
 848       * @return WP_REST_Response Response object.
 849       */
 850  	public function prepare_item_for_response( $item, $request ) {
 851          // Restores the more descriptive, specific name for use within this method.
 852          $post = $item;
 853  
 854          $response = parent::prepare_item_for_response( $post, $request );
 855          $fields   = $this->get_fields_for_response( $request );
 856          $data     = $response->get_data();
 857  
 858          if ( in_array( 'description', $fields, true ) ) {
 859              $data['description'] = array(
 860                  'raw'      => $post->post_content,
 861                  /** This filter is documented in wp-includes/post-template.php */
 862                  'rendered' => apply_filters( 'the_content', $post->post_content ),
 863              );
 864          }
 865  
 866          if ( in_array( 'caption', $fields, true ) ) {
 867              /** This filter is documented in wp-includes/post-template.php */
 868              $caption = apply_filters( 'get_the_excerpt', $post->post_excerpt, $post );
 869  
 870              /** This filter is documented in wp-includes/post-template.php */
 871              $caption = apply_filters( 'the_excerpt', $caption );
 872  
 873              $data['caption'] = array(
 874                  'raw'      => $post->post_excerpt,
 875                  'rendered' => $caption,
 876              );
 877          }
 878  
 879          if ( in_array( 'alt_text', $fields, true ) ) {
 880              $data['alt_text'] = get_post_meta( $post->ID, '_wp_attachment_image_alt', true );
 881          }
 882  
 883          if ( in_array( 'media_type', $fields, true ) ) {
 884              $data['media_type'] = wp_attachment_is_image( $post->ID ) ? 'image' : 'file';
 885          }
 886  
 887          if ( in_array( 'mime_type', $fields, true ) ) {
 888              $data['mime_type'] = $post->post_mime_type;
 889          }
 890  
 891          if ( in_array( 'media_details', $fields, true ) ) {
 892              $data['media_details'] = wp_get_attachment_metadata( $post->ID );
 893  
 894              // Ensure empty details is an empty object.
 895              if ( empty( $data['media_details'] ) ) {
 896                  $data['media_details'] = new stdClass();
 897              } elseif ( ! empty( $data['media_details']['sizes'] ) ) {
 898  
 899                  foreach ( $data['media_details']['sizes'] as $size => &$size_data ) {
 900  
 901                      if ( isset( $size_data['mime-type'] ) ) {
 902                          $size_data['mime_type'] = $size_data['mime-type'];
 903                          unset( $size_data['mime-type'] );
 904                      }
 905  
 906                      // Use the same method image_downsize() does.
 907                      $image_src = wp_get_attachment_image_src( $post->ID, $size );
 908                      if ( ! $image_src ) {
 909                          continue;
 910                      }
 911  
 912                      $size_data['source_url'] = $image_src[0];
 913                  }
 914  
 915                  $full_src = wp_get_attachment_image_src( $post->ID, 'full' );
 916  
 917                  if ( ! empty( $full_src ) ) {
 918                      $data['media_details']['sizes']['full'] = array(
 919                          'file'       => wp_basename( $full_src[0] ),
 920                          'width'      => $full_src[1],
 921                          'height'     => $full_src[2],
 922                          'mime_type'  => $post->post_mime_type,
 923                          'source_url' => $full_src[0],
 924                      );
 925                  }
 926              } else {
 927                  $data['media_details']['sizes'] = new stdClass();
 928              }
 929          }
 930  
 931          if ( in_array( 'post', $fields, true ) ) {
 932              $data['post'] = ! empty( $post->post_parent ) ? (int) $post->post_parent : null;
 933          }
 934  
 935          if ( in_array( 'source_url', $fields, true ) ) {
 936              $data['source_url'] = wp_get_attachment_url( $post->ID );
 937          }
 938  
 939          if ( in_array( 'missing_image_sizes', $fields, true ) ) {
 940              require_once  ABSPATH . 'wp-admin/includes/image.php';
 941              $data['missing_image_sizes'] = array_keys( wp_get_missing_image_subsizes( $post->ID ) );
 942          }
 943  
 944          $context = ! empty( $request['context'] ) ? $request['context'] : 'view';
 945  
 946          $data = $this->filter_response_by_context( $data, $context );
 947  
 948          $links = $response->get_links();
 949  
 950          // Wrap the data in a response object.
 951          $response = rest_ensure_response( $data );
 952  
 953          foreach ( $links as $rel => $rel_links ) {
 954              foreach ( $rel_links as $link ) {
 955                  $response->add_link( $rel, $link['href'], $link['attributes'] );
 956              }
 957          }
 958  
 959          /**
 960           * Filters an attachment returned from the REST API.
 961           *
 962           * Allows modification of the attachment right before it is returned.
 963           *
 964           * @since 4.7.0
 965           *
 966           * @param WP_REST_Response $response The response object.
 967           * @param WP_Post          $post     The original attachment post.
 968           * @param WP_REST_Request  $request  Request used to generate the response.
 969           */
 970          return apply_filters( 'rest_prepare_attachment', $response, $post, $request );
 971      }
 972  
 973      /**
 974       * Retrieves the attachment's schema, conforming to JSON Schema.
 975       *
 976       * @since 4.7.0
 977       *
 978       * @return array Item schema as an array.
 979       */
 980  	public function get_item_schema() {
 981          if ( $this->schema ) {
 982              return $this->add_additional_fields_schema( $this->schema );
 983          }
 984  
 985          $schema = parent::get_item_schema();
 986  
 987          $schema['properties']['alt_text'] = array(
 988              'description' => __( 'Alternative text to display when attachment is not displayed.' ),
 989              'type'        => 'string',
 990              'context'     => array( 'view', 'edit', 'embed' ),
 991              'arg_options' => array(
 992                  'sanitize_callback' => 'sanitize_text_field',
 993              ),
 994          );
 995  
 996          $schema['properties']['caption'] = array(
 997              'description' => __( 'The attachment caption.' ),
 998              'type'        => 'object',
 999              'context'     => array( 'view', 'edit', 'embed' ),
1000              'arg_options' => array(
1001                  'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
1002                  'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
1003              ),
1004              'properties'  => array(
1005                  'raw'      => array(
1006                      'description' => __( 'Caption for the attachment, as it exists in the database.' ),
1007                      'type'        => 'string',
1008                      'context'     => array( 'edit' ),
1009                  ),
1010                  'rendered' => array(
1011                      'description' => __( 'HTML caption for the attachment, transformed for display.' ),
1012                      'type'        => 'string',
1013                      'context'     => array( 'view', 'edit', 'embed' ),
1014                      'readonly'    => true,
1015                  ),
1016              ),
1017          );
1018  
1019          $schema['properties']['description'] = array(
1020              'description' => __( 'The attachment description.' ),
1021              'type'        => 'object',
1022              'context'     => array( 'view', 'edit' ),
1023              'arg_options' => array(
1024                  'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
1025                  'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
1026              ),
1027              'properties'  => array(
1028                  'raw'      => array(
1029                      'description' => __( 'Description for the attachment, as it exists in the database.' ),
1030                      'type'        => 'string',
1031                      'context'     => array( 'edit' ),
1032                  ),
1033                  'rendered' => array(
1034                      'description' => __( 'HTML description for the attachment, transformed for display.' ),
1035                      'type'        => 'string',
1036                      'context'     => array( 'view', 'edit' ),
1037                      'readonly'    => true,
1038                  ),
1039              ),
1040          );
1041  
1042          $schema['properties']['media_type'] = array(
1043              'description' => __( 'Attachment type.' ),
1044              'type'        => 'string',
1045              'enum'        => array( 'image', 'file' ),
1046              'context'     => array( 'view', 'edit', 'embed' ),
1047              'readonly'    => true,
1048          );
1049  
1050          $schema['properties']['mime_type'] = array(
1051              'description' => __( 'The attachment MIME type.' ),
1052              'type'        => 'string',
1053              'context'     => array( 'view', 'edit', 'embed' ),
1054              'readonly'    => true,
1055          );
1056  
1057          $schema['properties']['media_details'] = array(
1058              'description' => __( 'Details about the media file, specific to its type.' ),
1059              'type'        => 'object',
1060              'context'     => array( 'view', 'edit', 'embed' ),
1061              'readonly'    => true,
1062          );
1063  
1064          $schema['properties']['post'] = array(
1065              'description' => __( 'The ID for the associated post of the attachment.' ),
1066              'type'        => 'integer',
1067              'context'     => array( 'view', 'edit' ),
1068          );
1069  
1070          $schema['properties']['source_url'] = array(
1071              'description' => __( 'URL to the original attachment file.' ),
1072              'type'        => 'string',
1073              'format'      => 'uri',
1074              'context'     => array( 'view', 'edit', 'embed' ),
1075              'readonly'    => true,
1076          );
1077  
1078          $schema['properties']['missing_image_sizes'] = array(
1079              'description' => __( 'List of the missing image sizes of the attachment.' ),
1080              'type'        => 'array',
1081              'items'       => array( 'type' => 'string' ),
1082              'context'     => array( 'edit' ),
1083              'readonly'    => true,
1084          );
1085  
1086          unset( $schema['properties']['password'] );
1087  
1088          $this->schema = $schema;
1089  
1090          return $this->add_additional_fields_schema( $this->schema );
1091      }
1092  
1093      /**
1094       * Handles an upload via raw POST data.
1095       *
1096       * @since 4.7.0
1097       * @since 6.6.0 Added the `$time` parameter.
1098       *
1099       * @param string      $data    Supplied file data.
1100       * @param array       $headers HTTP headers from the request.
1101       * @param string|null $time    Optional. Time formatted in 'yyyy/mm'. Default null.
1102       * @return array|WP_Error Data from wp_handle_sideload().
1103       */
1104  	protected function upload_from_data( $data, $headers, $time = null ) {
1105          if ( empty( $data ) ) {
1106              return new WP_Error(
1107                  'rest_upload_no_data',
1108                  __( 'No data supplied.' ),
1109                  array( 'status' => 400 )
1110              );
1111          }
1112  
1113          if ( empty( $headers['content_type'] ) ) {
1114              return new WP_Error(
1115                  'rest_upload_no_content_type',
1116                  __( 'No Content-Type supplied.' ),
1117                  array( 'status' => 400 )
1118              );
1119          }
1120  
1121          if ( empty( $headers['content_disposition'] ) ) {
1122              return new WP_Error(
1123                  'rest_upload_no_content_disposition',
1124                  __( 'No Content-Disposition supplied.' ),
1125                  array( 'status' => 400 )
1126              );
1127          }
1128  
1129          $filename = self::get_filename_from_disposition( $headers['content_disposition'] );
1130  
1131          if ( empty( $filename ) ) {
1132              return new WP_Error(
1133                  'rest_upload_invalid_disposition',
1134                  __( 'Invalid Content-Disposition supplied. Content-Disposition needs to be formatted as `attachment; filename="image.png"` or similar.' ),
1135                  array( 'status' => 400 )
1136              );
1137          }
1138  
1139          if ( ! empty( $headers['content_md5'] ) ) {
1140              $content_md5 = array_shift( $headers['content_md5'] );
1141              $expected    = trim( $content_md5 );
1142              $actual      = md5( $data );
1143  
1144              if ( $expected !== $actual ) {
1145                  return new WP_Error(
1146                      'rest_upload_hash_mismatch',
1147                      __( 'Content hash did not match expected.' ),
1148                      array( 'status' => 412 )
1149                  );
1150              }
1151          }
1152  
1153          // Get the content-type.
1154          $type = array_shift( $headers['content_type'] );
1155  
1156          // Include filesystem functions to get access to wp_tempnam() and wp_handle_sideload().
1157          require_once  ABSPATH . 'wp-admin/includes/file.php';
1158  
1159          // Save the file.
1160          $tmpfname = wp_tempnam( $filename );
1161  
1162          $fp = fopen( $tmpfname, 'w+' );
1163  
1164          if ( ! $fp ) {
1165              return new WP_Error(
1166                  'rest_upload_file_error',
1167                  __( 'Could not open file handle.' ),
1168                  array( 'status' => 500 )
1169              );
1170          }
1171  
1172          fwrite( $fp, $data );
1173          fclose( $fp );
1174  
1175          // Now, sideload it in.
1176          $file_data = array(
1177              'error'    => null,
1178              'tmp_name' => $tmpfname,
1179              'name'     => $filename,
1180              'type'     => $type,
1181          );
1182  
1183          $size_check = self::check_upload_size( $file_data );
1184          if ( is_wp_error( $size_check ) ) {
1185              return $size_check;
1186          }
1187  
1188          $overrides = array(
1189              'test_form' => false,
1190          );
1191  
1192          $sideloaded = wp_handle_sideload( $file_data, $overrides, $time );
1193  
1194          if ( isset( $sideloaded['error'] ) ) {
1195              @unlink( $tmpfname );
1196  
1197              return new WP_Error(
1198                  'rest_upload_sideload_error',
1199                  $sideloaded['error'],
1200                  array( 'status' => 500 )
1201              );
1202          }
1203  
1204          return $sideloaded;
1205      }
1206  
1207      /**
1208       * Parses filename from a Content-Disposition header value.
1209       *
1210       * As per RFC6266:
1211       *
1212       *     content-disposition = "Content-Disposition" ":"
1213       *                            disposition-type *( ";" disposition-parm )
1214       *
1215       *     disposition-type    = "inline" | "attachment" | disp-ext-type
1216       *                         ; case-insensitive
1217       *     disp-ext-type       = token
1218       *
1219       *     disposition-parm    = filename-parm | disp-ext-parm
1220       *
1221       *     filename-parm       = "filename" "=" value
1222       *                         | "filename*" "=" ext-value
1223       *
1224       *     disp-ext-parm       = token "=" value
1225       *                         | ext-token "=" ext-value
1226       *     ext-token           = <the characters in token, followed by "*">
1227       *
1228       * @since 4.7.0
1229       *
1230       * @link https://tools.ietf.org/html/rfc2388
1231       * @link https://tools.ietf.org/html/rfc6266
1232       *
1233       * @param string[] $disposition_header List of Content-Disposition header values.
1234       * @return string|null Filename if available, or null if not found.
1235       */
1236  	public static function get_filename_from_disposition( $disposition_header ) {
1237          // Get the filename.
1238          $filename = null;
1239  
1240          foreach ( $disposition_header as $value ) {
1241              $value = trim( $value );
1242  
1243              if ( ! str_contains( $value, ';' ) ) {
1244                  continue;
1245              }
1246  
1247              list( , $attr_parts ) = explode( ';', $value, 2 );
1248  
1249              $attr_parts = explode( ';', $attr_parts );
1250              $attributes = array();
1251  
1252              foreach ( $attr_parts as $part ) {
1253                  if ( ! str_contains( $part, '=' ) ) {
1254                      continue;
1255                  }
1256  
1257                  list( $key, $value ) = explode( '=', $part, 2 );
1258  
1259                  $attributes[ trim( $key ) ] = trim( $value );
1260              }
1261  
1262              if ( empty( $attributes['filename'] ) ) {
1263                  continue;
1264              }
1265  
1266              $filename = trim( $attributes['filename'] );
1267  
1268              // Unquote quoted filename, but after trimming.
1269              if ( str_starts_with( $filename, '"' ) && str_ends_with( $filename, '"' ) ) {
1270                  $filename = substr( $filename, 1, -1 );
1271              }
1272          }
1273  
1274          return $filename;
1275      }
1276  
1277      /**
1278       * Retrieves the query params for collections of attachments.
1279       *
1280       * @since 4.7.0
1281       *
1282       * @return array Query parameters for the attachment collection as an array.
1283       */
1284  	public function get_collection_params() {
1285          $params                            = parent::get_collection_params();
1286          $params['status']['default']       = 'inherit';
1287          $params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' );
1288          $media_types                       = $this->get_media_types();
1289  
1290          $params['media_type'] = array(
1291              'default'     => null,
1292              'description' => __( 'Limit result set to attachments of a particular media type.' ),
1293              'type'        => 'string',
1294              'enum'        => array_keys( $media_types ),
1295          );
1296  
1297          $params['mime_type'] = array(
1298              'default'     => null,
1299              'description' => __( 'Limit result set to attachments of a particular MIME type.' ),
1300              'type'        => 'string',
1301          );
1302  
1303          return $params;
1304      }
1305  
1306      /**
1307       * Handles an upload via multipart/form-data ($_FILES).
1308       *
1309       * @since 4.7.0
1310       * @since 6.6.0 Added the `$time` parameter.
1311       *
1312       * @param array       $files   Data from the `$_FILES` superglobal.
1313       * @param array       $headers HTTP headers from the request.
1314       * @param string|null $time    Optional. Time formatted in 'yyyy/mm'. Default null.
1315       * @return array|WP_Error Data from wp_handle_upload().
1316       */
1317  	protected function upload_from_file( $files, $headers, $time = null ) {
1318          if ( empty( $files ) ) {
1319              return new WP_Error(
1320                  'rest_upload_no_data',
1321                  __( 'No data supplied.' ),
1322                  array( 'status' => 400 )
1323              );
1324          }
1325  
1326          // Verify hash, if given.
1327          if ( ! empty( $headers['content_md5'] ) ) {
1328              $content_md5 = array_shift( $headers['content_md5'] );
1329              $expected    = trim( $content_md5 );
1330              $actual      = md5_file( $files['file']['tmp_name'] );
1331  
1332              if ( $expected !== $actual ) {
1333                  return new WP_Error(
1334                      'rest_upload_hash_mismatch',
1335                      __( 'Content hash did not match expected.' ),
1336                      array( 'status' => 412 )
1337                  );
1338              }
1339          }
1340  
1341          // Pass off to WP to handle the actual upload.
1342          $overrides = array(
1343              'test_form' => false,
1344          );
1345  
1346          // Bypasses is_uploaded_file() when running unit tests.
1347          if ( defined( 'DIR_TESTDATA' ) && DIR_TESTDATA ) {
1348              $overrides['action'] = 'wp_handle_mock_upload';
1349          }
1350  
1351          $size_check = self::check_upload_size( $files['file'] );
1352          if ( is_wp_error( $size_check ) ) {
1353              return $size_check;
1354          }
1355  
1356          // Include filesystem functions to get access to wp_handle_upload().
1357          require_once  ABSPATH . 'wp-admin/includes/file.php';
1358  
1359          $file = wp_handle_upload( $files['file'], $overrides, $time );
1360  
1361          if ( isset( $file['error'] ) ) {
1362              return new WP_Error(
1363                  'rest_upload_unknown_error',
1364                  $file['error'],
1365                  array( 'status' => 500 )
1366              );
1367          }
1368  
1369          return $file;
1370      }
1371  
1372      /**
1373       * Retrieves the supported media types.
1374       *
1375       * Media types are considered the MIME type category.
1376       *
1377       * @since 4.7.0
1378       *
1379       * @return array Array of supported media types.
1380       */
1381  	protected function get_media_types() {
1382          $media_types = array();
1383  
1384          foreach ( get_allowed_mime_types() as $mime_type ) {
1385              $parts = explode( '/', $mime_type );
1386  
1387              if ( ! isset( $media_types[ $parts[0] ] ) ) {
1388                  $media_types[ $parts[0] ] = array();
1389              }
1390  
1391              $media_types[ $parts[0] ][] = $mime_type;
1392          }
1393  
1394          return $media_types;
1395      }
1396  
1397      /**
1398       * Determine if uploaded file exceeds space quota on multisite.
1399       *
1400       * Replicates check_upload_size().
1401       *
1402       * @since 4.9.8
1403       *
1404       * @param array $file $_FILES array for a given file.
1405       * @return true|WP_Error True if can upload, error for errors.
1406       */
1407  	protected function check_upload_size( $file ) {
1408          if ( ! is_multisite() ) {
1409              return true;
1410          }
1411  
1412          if ( get_site_option( 'upload_space_check_disabled' ) ) {
1413              return true;
1414          }
1415  
1416          $space_left = get_upload_space_available();
1417  
1418          $file_size = filesize( $file['tmp_name'] );
1419  
1420          if ( $space_left < $file_size ) {
1421              return new WP_Error(
1422                  'rest_upload_limited_space',
1423                  /* translators: %s: Required disk space in kilobytes. */
1424                  sprintf( __( 'Not enough space to upload. %s KB needed.' ), number_format( ( $file_size - $space_left ) / KB_IN_BYTES ) ),
1425                  array( 'status' => 400 )
1426              );
1427          }
1428  
1429          if ( $file_size > ( KB_IN_BYTES * get_site_option( 'fileupload_maxk', 1500 ) ) ) {
1430              return new WP_Error(
1431                  'rest_upload_file_too_big',
1432                  /* translators: %s: Maximum allowed file size in kilobytes. */
1433                  sprintf( __( 'This file is too big. Files must be less than %s KB in size.' ), get_site_option( 'fileupload_maxk', 1500 ) ),
1434                  array( 'status' => 400 )
1435              );
1436          }
1437  
1438          // Include multisite admin functions to get access to upload_is_user_over_quota().
1439          require_once  ABSPATH . 'wp-admin/includes/ms.php';
1440  
1441          if ( upload_is_user_over_quota( false ) ) {
1442              return new WP_Error(
1443                  'rest_upload_user_quota_exceeded',
1444                  __( 'You have used your space quota. Please delete files before uploading.' ),
1445                  array( 'status' => 400 )
1446              );
1447          }
1448  
1449          return true;
1450      }
1451  
1452      /**
1453       * Gets the request args for the edit item route.
1454       *
1455       * @since 5.5.0
1456       *
1457       * @return array
1458       */
1459  	protected function get_edit_media_item_args() {
1460          return array(
1461              'src'       => array(
1462                  'description' => __( 'URL to the edited image file.' ),
1463                  'type'        => 'string',
1464                  'format'      => 'uri',
1465                  'required'    => true,
1466              ),
1467              'modifiers' => array(
1468                  'description' => __( 'Array of image edits.' ),
1469                  'type'        => 'array',
1470                  'minItems'    => 1,
1471                  'items'       => array(
1472                      'description' => __( 'Image edit.' ),
1473                      'type'        => 'object',
1474                      'required'    => array(
1475                          'type',
1476                          'args',
1477                      ),
1478                      'oneOf'       => array(
1479                          array(
1480                              'title'      => __( 'Rotation' ),
1481                              'properties' => array(
1482                                  'type' => array(
1483                                      'description' => __( 'Rotation type.' ),
1484                                      'type'        => 'string',
1485                                      'enum'        => array( 'rotate' ),
1486                                  ),
1487                                  'args' => array(
1488                                      'description' => __( 'Rotation arguments.' ),
1489                                      'type'        => 'object',
1490                                      'required'    => array(
1491                                          'angle',
1492                                      ),
1493                                      'properties'  => array(
1494                                          'angle' => array(
1495                                              'description' => __( 'Angle to rotate clockwise in degrees.' ),
1496                                              'type'        => 'number',
1497                                          ),
1498                                      ),
1499                                  ),
1500                              ),
1501                          ),
1502                          array(
1503                              'title'      => __( 'Crop' ),
1504                              'properties' => array(
1505                                  'type' => array(
1506                                      'description' => __( 'Crop type.' ),
1507                                      'type'        => 'string',
1508                                      'enum'        => array( 'crop' ),
1509                                  ),
1510                                  'args' => array(
1511                                      'description' => __( 'Crop arguments.' ),
1512                                      'type'        => 'object',
1513                                      'required'    => array(
1514                                          'left',
1515                                          'top',
1516                                          'width',
1517                                          'height',
1518                                      ),
1519                                      'properties'  => array(
1520                                          'left'   => array(
1521                                              'description' => __( 'Horizontal position from the left to begin the crop as a percentage of the image width.' ),
1522                                              'type'        => 'number',
1523                                          ),
1524                                          'top'    => array(
1525                                              'description' => __( 'Vertical position from the top to begin the crop as a percentage of the image height.' ),
1526                                              'type'        => 'number',
1527                                          ),
1528                                          'width'  => array(
1529                                              'description' => __( 'Width of the crop as a percentage of the image width.' ),
1530                                              'type'        => 'number',
1531                                          ),
1532                                          'height' => array(
1533                                              'description' => __( 'Height of the crop as a percentage of the image height.' ),
1534                                              'type'        => 'number',
1535                                          ),
1536                                      ),
1537                                  ),
1538                              ),
1539                          ),
1540                      ),
1541                  ),
1542              ),
1543              'rotation'  => array(
1544                  'description'      => __( 'The amount to rotate the image clockwise in degrees. DEPRECATED: Use `modifiers` instead.' ),
1545                  'type'             => 'integer',
1546                  'minimum'          => 0,
1547                  'exclusiveMinimum' => true,
1548                  'maximum'          => 360,
1549                  'exclusiveMaximum' => true,
1550              ),
1551              'x'         => array(
1552                  'description' => __( 'As a percentage of the image, the x position to start the crop from. DEPRECATED: Use `modifiers` instead.' ),
1553                  'type'        => 'number',
1554                  'minimum'     => 0,
1555                  'maximum'     => 100,
1556              ),
1557              'y'         => array(
1558                  'description' => __( 'As a percentage of the image, the y position to start the crop from. DEPRECATED: Use `modifiers` instead.' ),
1559                  'type'        => 'number',
1560                  'minimum'     => 0,
1561                  'maximum'     => 100,
1562              ),
1563              'width'     => array(
1564                  'description' => __( 'As a percentage of the image, the width to crop the image to. DEPRECATED: Use `modifiers` instead.' ),
1565                  'type'        => 'number',
1566                  'minimum'     => 0,
1567                  'maximum'     => 100,
1568              ),
1569              'height'    => array(
1570                  'description' => __( 'As a percentage of the image, the height to crop the image to. DEPRECATED: Use `modifiers` instead.' ),
1571                  'type'        => 'number',
1572                  'minimum'     => 0,
1573                  'maximum'     => 100,
1574              ),
1575          );
1576      }
1577  }


Generated : Sat May 3 08:20:01 2025 Cross-referenced by PHPXref