diff --git a/wp-includes/rest-api.php b/wp-includes/rest-api.php index 34e1c591f6..697a7cc64b 100644 --- a/wp-includes/rest-api.php +++ b/wp-includes/rest-api.php @@ -165,6 +165,7 @@ function rest_api_default_filters() { // Default serving. add_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' ); add_filter( 'rest_post_dispatch', 'rest_send_allow_header', 10, 3 ); + add_filter( 'rest_post_dispatch', 'rest_filter_response_fields', 10, 3 ); add_filter( 'rest_pre_dispatch', 'rest_handle_options_request', 10, 3 ); } @@ -632,6 +633,49 @@ function rest_send_allow_header( $response, $server, $request ) { return $response; } +/** + * Filter the API response to include only a white-listed set of response object fields. + * + * @since 4.8.0 + * + * @param WP_REST_Response $response Current response being served. + * @param WP_REST_Server $server ResponseHandler instance (usually WP_REST_Server). + * @param WP_REST_Request $request The request that was used to make current response. + * + * @return WP_REST_Response Response to be served, trimmed down to contain a subset of fields. + */ +function rest_filter_response_fields( $response, $server, $request ) { + if ( ! isset( $request['_fields'] ) || $response->is_error() ) { + return $response; + } + + $data = $response->get_data(); + + $fields = is_array( $request['_fields'] ) ? $request['_fields'] : preg_split( '/[\s,]+/', $request['_fields'] ); + + if ( 0 === count( $fields ) ) { + return $response; + } + + // Trim off outside whitespace from the comma delimited list. + $fields = array_map( 'trim', $fields ); + + $fields_as_keyed = array_combine( $fields, array_fill( 0, count( $fields ), true ) ); + + if ( wp_is_numeric_array( $data ) ) { + $new_data = array(); + foreach ( $data as $item ) { + $new_data[] = array_intersect_key( $item, $fields_as_keyed ); + } + } else { + $new_data = array_intersect_key( $data, $fields_as_keyed ); + } + + $response->set_data( $new_data ); + + return $response; +} + /** * Adds the REST API URL to the WP RSD endpoint. * diff --git a/wp-includes/version.php b/wp-includes/version.php index 5bd854e447..77514acbc3 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9-alpha-41743'; +$wp_version = '4.9-alpha-41744'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.