Skip to content

Commit

Permalink
Block Bindings: Don't show protected fields that are bound to blocks (W…
Browse files Browse the repository at this point in the history
…ordPress#59326)

* Check if the meta field is protected

* Check if the meta field is available in the REST API

* Use `get_registered_meta_keys` function

* Return empty string instead of null

* Return null if the bindings config is not correct

* Return `null` when the field is unavailable or protected

* Add tests for protected fields

* Update tests to match current behavior

* Remove unnecessary `show_in_rest` conditional

Co-authored-by: Pascal Birchler <[email protected]>

---------

Co-authored-by: Pascal Birchler <[email protected]>
  • Loading branch information
SantosGuillamot and swissspidy authored Feb 28, 2024
1 parent fdb715e commit 11ee353
Show file tree
Hide file tree
Showing 3 changed files with 100 additions and 5 deletions.
13 changes: 13 additions & 0 deletions lib/compat/wordpress-6.5/block-bindings/post-meta.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,19 @@ function gutenberg_block_bindings_post_meta_callback( $source_attrs, $block_inst
return null;
}

// Check if the meta field is protected.
if ( is_protected_meta( $source_attrs['key'], 'post' ) ) {
return null;
}

// Check if the meta field is registered to be shown in REST.
$meta_keys = get_registered_meta_keys( 'post', $block_instance->context['postType'] );
// Add fields registered for all subtypes.
$meta_keys = array_merge( $meta_keys, get_registered_meta_keys( 'post', '' ) );
if ( empty( $meta_keys[ $source_attrs['key'] ]['show_in_rest'] ) ) {
return null;
}

return get_post_meta( $post_id, $source_attrs['key'], true );
}

Expand Down
20 changes: 19 additions & 1 deletion packages/e2e-tests/plugins/block-bindings.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ function gutenberg_test_block_bindings_register_custom_fields() {
'default' => 'Value of the text_custom_field',
)
);
// TODO: Change url.
register_meta(
'post',
'url_custom_field',
Expand All @@ -32,5 +31,24 @@ function gutenberg_test_block_bindings_register_custom_fields() {
'default' => '#url-custom-field',
)
);
register_meta(
'post',
'_protected_field',
array(
'type' => 'string',
'single' => true,
'default' => 'protected field value',
)
);
register_meta(
'post',
'show_in_rest_false_field',
array(
'show_in_rest' => false,
'type' => 'string',
'single' => true,
'default' => 'show_in_rest false field value',
)
);
}
add_action( 'init', 'gutenberg_test_block_bindings_register_custom_fields' );
72 changes: 68 additions & 4 deletions test/e2e/specs/editor/various/block-bindings.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -1218,7 +1218,7 @@ test.describe( 'Block bindings', () => {
name: 'core/paragraph',
attributes: {
anchor: 'paragraph-binding',
content: 'p',
content: 'fallback value',
metadata: {
bindings: {
content: {
Expand All @@ -1244,9 +1244,73 @@ test.describe( 'Block bindings', () => {
// Check the frontend doesn't show the content.
const postId = await editor.publishPost();
await page.goto( `/?p=${ postId }` );
await expect(
page.locator( '#paragraph-binding' )
).toBeHidden();
await expect( page.locator( '#paragraph-binding' ) ).toHaveText(
'non_existing_custom_field'
);
} );

test( 'should not show the value of a protected meta field', async ( {
editor,
page,
} ) => {
await editor.insertBlock( {
name: 'core/paragraph',
attributes: {
anchor: 'paragraph-binding',
content: 'fallback value',
metadata: {
bindings: {
content: {
source: 'core/post-meta',
args: { key: '_protected_field' },
},
},
},
},
} );
const paragraphBlock = editor.canvas.getByRole( 'document', {
name: 'Block: Paragraph',
} );
await expect( paragraphBlock ).toHaveText( '_protected_field' );
// Check the frontend doesn't show the content.
const postId = await editor.publishPost();
await page.goto( `/?p=${ postId }` );
await expect( page.locator( '#paragraph-binding' ) ).toHaveText(
'_protected_field'
);
} );

test( 'should not show the value of a meta field with `show_in_rest` false', async ( {
editor,
page,
} ) => {
await editor.insertBlock( {
name: 'core/paragraph',
attributes: {
anchor: 'paragraph-binding',
content: 'fallback value',
metadata: {
bindings: {
content: {
source: 'core/post-meta',
args: { key: 'show_in_rest_false_field' },
},
},
},
},
} );
const paragraphBlock = editor.canvas.getByRole( 'document', {
name: 'Block: Paragraph',
} );
await expect( paragraphBlock ).toHaveText(
'show_in_rest_false_field'
);
// Check the frontend doesn't show the content.
const postId = await editor.publishPost();
await page.goto( `/?p=${ postId }` );
await expect( page.locator( '#paragraph-binding' ) ).toHaveText(
'show_in_rest_false_field'
);
} );
} );

Expand Down

0 comments on commit 11ee353

Please sign in to comment.