Open up Hybrid_Media_Meta class

themehybrid / hybrid-core

Official repository for the Hybrid Core WordPress development framework.

GNU General Public License v2.0

687 stars 143 forks source link

Open up Hybrid_Media_Meta class #151

Closed sharmashivanand closed 6 years ago

sharmashivanand commented 6 years ago

If the $meta var was not protected, I could iterate over all meta and list below the attachment. Currently this is not possible. Here's what have to use to get around it. Not sure if / how it would hurt.

<?php

$attachment_attribs = wp_get_attachment_metadata( get_the_ID() );
if ( $attachment_attribs ) {
    echo '<ul class="media-meta">';
    echo langer_get_array_meta( $attachment_attribs );
    echo '</ul>';
}

function langer_get_array_meta( $arr = array() ) {
    $output = '';
    foreach ( $arr as $key => $val ) {
        if ( is_array( $val ) ) {
            $output .= '<li><strong>' . ucwords( str_replace( '_', ' ', $key ) ) . ':</strong><ul class="children">' . langer_get_array_meta( $val ) . '</ul>' . '</li>';
        } else {
            $output .= '<li><strong>' . ucwords( str_replace( '_', ' ', $key ) ) . ':</strong> ' . $val . '</li>';
        }
    }
    return $output;
}

justintadlock commented 6 years ago

$meta shouldn't be unprotected. If you just wanted that raw data, use wp_get_attachment_metadata(). The main reason to keep this protected is to make sure that theme authors are getting the safe, escaped data.

I could definitely see a use case for a get_escaped_meta() function or similar that returns an array of all the escaped data.

Really, I want to take some time to flesh this class out more and make it more useful for working with.

sharmashivanand commented 6 years ago

Is it possible that the media meta is unsafe? I mean it's extracted out of media, there's no uploader-intervention. Is it possible that someone can upload a media file with metadata which is unsafe? I need to read more on escaping data though.

Definitely need to escape the data before outputting on the front-end.

justintadlock commented 6 years ago

I haven't forgotten about this one. I done some major rewrites of the media meta feature in the 5.0 branch. So, anything we do should be based on the code there.

I'm still not certain of the current direction for the feature in 5.0, but we have time to mull over any ideas.

justintadlock commented 6 years ago

How WP handles attachment meta is simply not conducive to returning an array of data here. The media meta gets meta in one of 4 ways:

Builds it from meta not available in wp_get_attachment_meta().
Gets it from $meta[ $key ].
Gets it from $meta['image_meta'][ $key ]
Gets it from $meta['audio'][ $key ].

It's possible to flatten all the the $meta stuff into a single array, but then you run the risk of overwriting keys.

Making $meta public in the media meta class would only serve to allow it to be altered, which is something the class should protect against. And, it would create back-compat issues when we want people to code to the contract/interface.

Your own code is the best path forward for looping through all the meta. It's really no different than allowing access to the $meta method if it were public.