protected function get_allowed_query_vars()
{
global $wp;
/**
* Filter the publicly allowed query vars.
*
* Allows adjusting of the default query vars that are made public.
*
* @param array Array of allowed WP_Query query vars.
*/
$valid_vars = apply_filters('query_vars', $wp->public_query_vars);
$post_type_obj = get_post_type_object($this->post_type);
if (current_user_can($post_type_obj->cap->edit_posts)) {
/**
* Filter the allowed 'private' query vars for authorized users.
*
* If the user has the `edit_posts` capability, we also allow use of
* private query parameters, which are only undesirable on the
* frontend, but are safe for use in query strings.
*
* To disable anyway, use
* `add_filter( 'woocommerce_rest_private_query_vars', '__return_empty_array' );`
*
* @param array $private_query_vars Array of allowed query vars for authorized users.
* }
*/
$private = apply_filters('woocommerce_rest_private_query_vars', $wp->private_query_vars);
$valid_vars = array_merge($valid_vars, $private);
}
// Define our own in addition to WP's normal vars.
$rest_valid = array('date_query', 'ignore_sticky_posts', 'offset', 'post__in', 'post__not_in', 'post_parent', 'post_parent__in', 'post_parent__not_in', 'posts_per_page', 'meta_query', 'tax_query', 'meta_key', 'meta_value', 'meta_compare', 'meta_value_num');
$valid_vars = array_merge($valid_vars, $rest_valid);
/**
* Filter allowed query vars for the REST API.
*
* This filter allows you to add or remove query vars from the final allowed
* list for all requests, including unauthenticated ones. To alter the
* vars for editors only.
*
* @param array {
* Array of allowed WP_Query query vars.
*
* @param string $allowed_query_var The query var to allow.
* }
*/
$valid_vars = apply_filters('woocommerce_rest_query_vars', $valid_vars);
return $valid_vars;
}