Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
34,157 Commits 48 Branches 718 Tags 906 MiB
Commit Graph

47 Commits

Author SHA1 Message Date
davidbaumwald 3dd30db613 Grouped backports to the 4.5 branch. 
- Comments: Prevent users who can not see a post from seeing comments on it.
- Shortcodes: Restrict media shortcode ajax to certain type.
- REST API: Ensure no-cache headers are sent when methods are overridden.
- Prevent unintended behavior when certain objects are unserialized.

Merges [56834], [56835], [56836], and [56838] to the 4.5 branch.
Props xknown, jorbin, joehoyle, timothyblynjacobs, peterwilsoncc, ehtis, tykoted, antpb, rmccue.
Built from https://develop.svn.wordpress.org/branches/4.5@56857


git-svn-id: http://core.svn.wordpress.org/branches/4.5@56368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2023-10-12 18:10:07 +00:00
Mark Jaquith 31152de134 REST API: Deliver parameters unadulterated instead of slashed. 
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.

Props joehoyle.
Fixes #36419.
Built from https://develop.svn.wordpress.org/trunk@37163


git-svn-id: http://core.svn.wordpress.org/trunk@37130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-04-06 21:02:28 +00:00
Joe Hoyle a07988c1c5 REST API: Provide better method for generating CURIEs 
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.

This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.

Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.

Fixes #34729.


Built from https://develop.svn.wordpress.org/trunk@37041


git-svn-id: http://core.svn.wordpress.org/trunk@37008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-22 00:16:27 +00:00
Rachel Baker 6edbcc88ff REST API: Add `home_url` to API index to avoid confusion with `site_url`. 
Confusion abound, the API index is the generic term `url` to display the `site_url`. New `home` key will display the `home_url` in the index as well.

Fixes #35647.
Built from https://develop.svn.wordpress.org/trunk@37031


git-svn-id: http://core.svn.wordpress.org/trunk@36998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-17 19:16:29 +00:00
Rachel Baker 76d14c1d24 REST API: Remove unused variable `$api_root` from WP_Rest_Server->embed_links() method. 
After [r36674] the variable `$api_root` is no longer used in this method and should be removed.

See #35803.
Built from https://develop.svn.wordpress.org/trunk@37021


git-svn-id: http://core.svn.wordpress.org/trunk@36988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-16 21:41:28 +00:00
Drew Jaynes a65c79b3d2 Docs: Use a third-person singular verb in the DocBlock summary for `WP_REST_Response::get_curies()`, introduced in [36533]. 
Also adds a missing return description.

See #34729. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37015


git-svn-id: http://core.svn.wordpress.org/trunk@36982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-16 16:54:26 +00:00
Drew Jaynes ddf7375217 Docs: Improve parameter description syntax in the hook doc for the `rest_request_from_url` filter, introduced in [36673]. 
See #35803. See #35986,

Built from https://develop.svn.wordpress.org/trunk@37014


git-svn-id: http://core.svn.wordpress.org/trunk@36981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-16 16:52:27 +00:00
Drew Jaynes 408da605e4 Docs: Improve the DocBlock for `WP_REST_Request::from_url()`, introduced in [36673]. 
See #35803. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37013


git-svn-id: http://core.svn.wordpress.org/trunk@36980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-03-16 16:50:27 +00:00
Ryan McCue 937b0c3241 REST API: Use WP_REST_Request::from_url() when embedding. 
See #35803.

Built from https://develop.svn.wordpress.org/trunk@36674


git-svn-id: http://core.svn.wordpress.org/trunk@36641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-24 04:20:25 +00:00
Ryan McCue 0b7e133054 REST API: Add WP_REST_Request::from_url() 
Allows converting a REST URL into a Request object.

Props danielbachhuber.
Fixes #35803.

Built from https://develop.svn.wordpress.org/trunk@36673


git-svn-id: http://core.svn.wordpress.org/trunk@36640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-24 04:01:26 +00:00
Drew Jaynes a0aa608970 Docs: Improve documentation for `WP_REST_Request` to highlight a caveat of ArrayAccess when it comes to passing similar arguments for multiple request methods. 
Props danielbachhuber, DrewAPicture.
Fixes #35799.

Built from https://develop.svn.wordpress.org/trunk@36636


git-svn-id: http://core.svn.wordpress.org/trunk@36603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-23 16:57:26 +00:00
Rachel Baker 9fdb970ceb Docs: Add missing @since and @access tags to `get_curies` method and filter from r36533 
See #34729, #32246.
Built from https://develop.svn.wordpress.org/trunk@36593


git-svn-id: http://core.svn.wordpress.org/trunk@36560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-19 23:42:27 +00:00
Drew Jaynes e020ccd081 Docs: Add formatting to a changelog entry in the hook doc for the `rest_dispatch_request` filter. 
See [36534]. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36576


git-svn-id: http://core.svn.wordpress.org/trunk@36543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-18 18:18:25 +00:00
Ryan McCue 3e65236aa7 REST API: Apply rest_post_dispatch to embedded responses. 
Fixes #35628.
Props @danielbachhuber.

Built from https://develop.svn.wordpress.org/trunk@36536


git-svn-id: http://core.svn.wordpress.org/trunk@36503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-16 06:06:27 +00:00
Ryan McCue 03ba67a0b7 REST API: Allow explicit HEAD callbacks. 
HEAD callbacks can now be registered independently, with the GET
callback still used as a fallback.

Fixes #34841.

Built from https://develop.svn.wordpress.org/trunk@36535


git-svn-id: http://core.svn.wordpress.org/trunk@36502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-16 05:51:26 +00:00
Ryan McCue 0438795671 REST API: Add routing args to rest_dispatch_request filter. 
This allows requests to be hijacked via the filter more easily.

Fixes #35507.

Built from https://develop.svn.wordpress.org/trunk@36534


git-svn-id: http://core.svn.wordpress.org/trunk@36501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-16 04:40:26 +00:00
Ryan McCue 47bee5157b REST API: Add support for CURIEs. 
CURIEs are Compact URIs, which provide a more usable way to use
custom relations in the API. The `wp` CURIE is registered by default
for `https://api.w.org/` URI relations.

Fixes #34729.
Props joehoyle.

Built from https://develop.svn.wordpress.org/trunk@36533


git-svn-id: http://core.svn.wordpress.org/trunk@36500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2016-02-16 02:19:27 +00:00
Joe Hoyle ee94a28953 REST API: Improve formatting of failed validation errors. 
If a validation_callback returns a WP_Error it should give the same response format as if it returned `false`. This makes programmatically reading the validation errors better.

Props bradyvercher for initial patch.
Fixes #35028.

Built from https://develop.svn.wordpress.org/trunk@35890


git-svn-id: http://core.svn.wordpress.org/trunk@35854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-12 18:23:28 +00:00
Scott Taylor 4ae83ec7ec REST API: Core typically sends nocache headers on all auth'ed responses, as in `wp`, `admin-ajax`, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves. 
Adds unit tests.

Props joehoyle.
Fixes #34832.

Built from https://develop.svn.wordpress.org/trunk@35773


git-svn-id: http://core.svn.wordpress.org/trunk@35737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-04 23:36:25 +00:00
Mark Jaquith 6cc98e6fcd Route HEAD API requests through the GET callback method 
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-12-03 16:34:25 +00:00
Ryan McCue d1436af513 REST API: Unabbreviate error string. 
Props daniel-koskinen.
Fixes #34818.

Built from https://develop.svn.wordpress.org/trunk@35750


git-svn-id: http://core.svn.wordpress.org/trunk@35714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-30 09:51:27 +00:00
Ryan McCue 7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static. 
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-25 22:22:25 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes. 
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-20 07:24:30 +00:00
John Blackbourn 16502d03f2 Remove `register_api_field()` from core. This is the only core function that utilises the `$wp_rest_additional_fields` global, and doesn't belong as part of the infrastructure. 
See https://github.com/WP-API/WP-API/pull/1748

Fixes #34730

Built from https://develop.svn.wordpress.org/trunk@35687


git-svn-id: http://core.svn.wordpress.org/trunk@35651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-18 20:39:26 +00:00
John Blackbourn 407f641cf3 Update `WP_REST_Response::as_error()` to handle the new format error responses introduced in [35653]. 
Props danielbachhuber
Fixes #34551

Built from https://develop.svn.wordpress.org/trunk@35671


git-svn-id: http://core.svn.wordpress.org/trunk@35635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-18 18:29:26 +00:00
Ryan McCue 0801acbdd8 REST API: Remove redundant "0" parameter. 
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()

Props danielbachhuber.
Fixes #34647.

Built from https://develop.svn.wordpress.org/trunk@35659


git-svn-id: http://core.svn.wordpress.org/trunk@35623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-18 07:24:28 +00:00
Ryan McCue 81ffd2492c REST API: Optimise for singular error instances. 
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.

Fixes #34551.

Built from https://develop.svn.wordpress.org/trunk@35653


git-svn-id: http://core.svn.wordpress.org/trunk@35617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-17 04:12:26 +00:00
Ryan McCue 9524ebb38e REST API: Include enum and description in help data. 
Props lcherpit.
Fixes #34543.

Built from https://develop.svn.wordpress.org/trunk@35652


git-svn-id: http://core.svn.wordpress.org/trunk@35616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-17 02:49:28 +00:00
Ryan McCue b03e036e94 REST API: Require namespace when registering routes. 
Props danielbachhuber.
Fixes #34416.

Built from https://develop.svn.wordpress.org/trunk@35651


git-svn-id: http://core.svn.wordpress.org/trunk@35615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-17 02:39:30 +00:00
Ryan McCue b0ee5efef2 REST API: Change link relations to api.w.org 
Fixes #34303.

Built from https://develop.svn.wordpress.org/trunk@35650


git-svn-id: http://core.svn.wordpress.org/trunk@35614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-17 02:24:27 +00:00
Dominik Schilling 5403b62a6a REST API: Use correct `@access` tag for `WP_REST_Request->get_parameter_order()`. 
Props Frozzare.
Fixes #34624.
Built from https://develop.svn.wordpress.org/trunk@35612


git-svn-id: http://core.svn.wordpress.org/trunk@35576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-11 19:39:25 +00:00
Scott Taylor 16637eeee4 REST API: in `WP_REST_Server::dispatch()`, move `preg_match()` out of it's current loop, which doesn't affect the context passed to it. 
Props TobiasBg.
Fixes #34488.

Built from https://develop.svn.wordpress.org/trunk@35514


git-svn-id: http://core.svn.wordpress.org/trunk@35478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-11-04 21:23:25 +00:00
Scott Taylor a36900c076 REST API: remove the `@internal` annotation from `rest_api_default_filters()`. 
Props swissspidy, rachelbaker.
Fixes #34219.

Built from https://develop.svn.wordpress.org/trunk@35474


git-svn-id: http://core.svn.wordpress.org/trunk@35438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-31 20:08:25 +00:00
John Blackbourn 37c2054778 Remove trailing whitespace introduced in [35351]. 
Props rachelbaker
Unprops johnbillion
Fixes #34512

Built from https://develop.svn.wordpress.org/trunk@35462


git-svn-id: http://core.svn.wordpress.org/trunk@35426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-30 21:39:25 +00:00
Sergey Biryukov 5d9dc4b8bf REST API: Use correct version in `_doing_it_wrong()` call. 
Props TobiasBg.
Fixes #34490.
Built from https://develop.svn.wordpress.org/trunk@35434


git-svn-id: http://core.svn.wordpress.org/trunk@35398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-29 20:12:24 +00:00
Sergey Biryukov e7082e31dd REST API: Add missing translator comments for deprecated function and argument strings. 
Props akirk.
Fixes #34486.
Built from https://develop.svn.wordpress.org/trunk@35433


git-svn-id: http://core.svn.wordpress.org/trunk@35397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-29 19:04:26 +00:00
Scott Taylor 31e0b06125 REST API: don't load `wp-admin/includes/admin.php` on every request. 
Props swissspidy.
Fixes #34395.

Built from https://develop.svn.wordpress.org/trunk@35353


git-svn-id: http://core.svn.wordpress.org/trunk@35319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-22 16:29:28 +00:00
John Blackbourn 7757d04ce3 Force the REST API URL to use `https` for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL. 
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299

Built from https://develop.svn.wordpress.org/trunk@35351


git-svn-id: http://core.svn.wordpress.org/trunk@35317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-22 00:08:26 +00:00
John Blackbourn e552b77739 Revert [34352], pending investigation. 
See #34299

Built from https://develop.svn.wordpress.org/trunk@35349


git-svn-id: http://core.svn.wordpress.org/trunk@35315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-21 23:06:30 +00:00
John Blackbourn f7f5b64a7e Force the REST API URL to use `https` for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL. 
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299

Built from https://develop.svn.wordpress.org/trunk@35342


git-svn-id: http://core.svn.wordpress.org/trunk@35308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-21 20:38:50 +00:00
Drew Jaynes 6a51505a23 Docs: Improve the return description in the DocBlock for `rest_send_allow_header()`. 
Props danielbachhuber.
Fixes #34374.

Built from https://develop.svn.wordpress.org/trunk@35324


git-svn-id: http://core.svn.wordpress.org/trunk@35290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-21 13:48:27 +00:00
Sergey Biryukov 116f59af60 REST API: Change nonce name to `_wpnonce`. 
It's shorter and is compatible with the default name in `wp_nonce_field()`.

Props danielbachhuber.
Fixes #34375.
Built from https://develop.svn.wordpress.org/trunk@35323


git-svn-id: http://core.svn.wordpress.org/trunk@35289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-21 08:14:24 +00:00
Drew Jaynes a92d4f6fcb Docs: Update the default scheme for `get_rest_url()` from 'json' to 'rest'. 
Also adds 'rest' to the documented list of schemes for `home_url()`, `get_home_url()`, `set_url_scheme()`, and the `home_url` and `set_url_scheme` hooks.

Props rachelbaker.
Fixes #34300.

Built from https://develop.svn.wordpress.org/trunk@35274


git-svn-id: http://core.svn.wordpress.org/trunk@35240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-19 22:39:25 +00:00
Drew Jaynes fd9bcf111d Docs: Fix a typo in the `$blog_id` parameter name in the `rest_url` filter doc. 
Props rachelbaker.
Fixes #34351.

Built from https://develop.svn.wordpress.org/trunk@35266


git-svn-id: http://core.svn.wordpress.org/trunk@35232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-18 23:12:25 +00:00
Scott Taylor c756465146 HTTP/REST API: move `WP_HTTP_Response` to `wp-includes/` with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically. 
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34953


git-svn-id: http://core.svn.wordpress.org/trunk@34918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 19:27:28 +00:00
Sergey Biryukov 45bda3af69 REST API: Add some missing documentation. 
Props swissspidy.
Fixes #34215.
Built from https://develop.svn.wordpress.org/trunk@34949


git-svn-id: http://core.svn.wordpress.org/trunk@34914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 18:01:25 +00:00
Ryan McCue 94e2352956 REST API: Introduce baby API to the world. 
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.

Thanks to everyone who helped along the way:

Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.

Fixes #33982.

Built from https://develop.svn.wordpress.org/trunk@34928


git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2015-10-08 02:31:25 +00:00