Commit Graph

119 Commits

Author SHA1 Message Date
spacedmonkey
7d1e95ec7f REST API: Avoid unnecessarily preparing item links REST API index.
Building upon the changes introduced in [53760], this commit refines the behavior of the REST API index. Specifically, it addresses performance concerns related to the unnecessary preparation of item links, such as site icon and logo links.

Prior to this update, the index controller was invoking the prepare_links method regardless of whether the _links or _embedded fields were requested in the response. This led to unnecessary database lookups and decreased overall performance.

In this commit, we implement a more efficient approach. Now, the prepare_links method will only be called when the _links or _embedded fields are explicitly requested in the response. This optimization ensures that we prepare links only when they are intended for inclusion in the API response, reducing unnecessary overhead.

By implementing this improvement, we enhance the overall efficiency and performance of the WordPress core REST API index controller.

Props spacedmonkey, niravsherasiya7707, dlh, mukesh27, costdev, swissspidy.
Fixes #57902.
Built from https://develop.svn.wordpress.org/trunk@56566


git-svn-id: http://core.svn.wordpress.org/trunk@56078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-09-13 14:34:20 +00:00
audrasjb
55b31a92be Docs: Replace multiple single line comments with multi-line comments.
This changeset updates various comments as per WordPress PHP Inline Documentation Standards.
See https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#5-inline-comments.

Follow-up to [56174], [56175], [56176], [56177], [56178], [56179], [56180], [56191], [56192].

Props costdev, audrasjb.
See #58459.



Built from https://develop.svn.wordpress.org/trunk@56193


git-svn-id: http://core.svn.wordpress.org/trunk@55705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-10 23:00:22 +00:00
John Blackbourn
bf9257de5f REST API: Correct some filter docblocks.
See #57752

Built from https://develop.svn.wordpress.org/trunk@56156


git-svn-id: http://core.svn.wordpress.org/trunk@55668 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-07-06 23:23:22 +00:00
K. Adam White
f028b4e781 REST API: Expose current $request object to cors_header filters in WP_REST_SERVER->serve_request().
Allows headers to be more easily set on a per-response basis when more or less security is needed on a specific route.

Props bor0, rachelbaker, spacedmonkey, chaion07, oglekler, SergeyBiryukov.
Fixes #57752.


Built from https://develop.svn.wordpress.org/trunk@56096


git-svn-id: http://core.svn.wordpress.org/trunk@55608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-28 17:39:29 +00:00
Sergey Biryukov
ad16732d27 Code Modernization: Use str_contains() in a few more places.
`str_contains()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) contains the given substring (needle).

WordPress core includes a polyfill for `str_contains()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `false !== strpos( ... )` with `str_contains()` in core files, making the code more readable and consistent, as well as better aligned with modern development practices.

Follow-up to [55988], [56021].

See #58206.
Built from https://develop.svn.wordpress.org/trunk@56031


git-svn-id: http://core.svn.wordpress.org/trunk@55543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-06-26 10:17:25 +00:00
Sergey Biryukov
2ec23a82ed Code Modernization: Replace usage of strpos() with str_starts_with().
`str_starts_with()` was introduced in PHP 8.0 to perform a case-sensitive check indicating if the string to search in (haystack) begins with the given substring (needle).

WordPress core includes a polyfill for `str_starts_with()` on PHP < 8.0 as of WordPress 5.9.

This commit replaces `0 === strpos( ... )` with `str_starts_with()` in core files, making the code more readable and consistent, as well as improving performance.

While `strpos()` is slightly faster than the polyfill on PHP < 8.0, `str_starts_with()` is noticeably faster on PHP 8.0+, as it is optimized to avoid unnecessarily searching along the whole haystack if it does not find the needle.

Follow-up to [52039], [52040], [52326].

Props spacedmonkey, costdev, sabernhardt, mukesh27, desrosj, jorbin, TobiasBg, ayeshrajans, lgadzhev, SergeyBiryukov.
Fixes #58012.
Built from https://develop.svn.wordpress.org/trunk@55703


git-svn-id: http://core.svn.wordpress.org/trunk@55215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-05-02 15:45:22 +00:00
John Blackbourn
cc24b047eb Docs: Correct and improve various documented types for properties, functions, and hooks.
See #57840

Built from https://develop.svn.wordpress.org/trunk@55693


git-svn-id: http://core.svn.wordpress.org/trunk@55205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-27 22:29:18 +00:00
TimothyBlynJacobs
42b25d58ea REST API: Normalize WP_REST_Server::dispatch() to return a response object.
Previously, the `rest_pre_dispatch` filter could be used to return a `WP_Error` instance. This would cause a fatal error for `rest_post_dispath` 
filters that were rightly expecting a `WP_REST_Response` object to be passed instead.

Props DaveFX, felipeelia.
Fixes #56566.

Built from https://develop.svn.wordpress.org/trunk@55361


git-svn-id: http://core.svn.wordpress.org/trunk@54894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-02-17 15:45:24 +00:00
Sergey Biryukov
0230731505 Code Modernization: Rename parameters that use reserved keywords in wp-includes/rest-api/class-wp-rest-server.php.
While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit renames the `$namespace` parameter to `$route_namespace` in:
* `WP_REST_Server::register_route()`
* `WP_REST_Server::get_routes()`

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932], [54933], [54938], [54943], [54944], [54945], [54946], [54947], [54948], [54950], [54951], [54952], [54956], [54959], [54960], [54961], [54962], [54964].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.
Built from https://develop.svn.wordpress.org/trunk@54965


git-svn-id: http://core.svn.wordpress.org/trunk@54517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-12-13 18:34:12 +00:00
Sergey Biryukov
25ea9680ae Docs: Update various DocBlocks and inline comments per the documentation standards.
Includes minor formatting edits for consistency.

Follow-up to [53/tests], [12179], [12946], [35288], [37884], [38810], [38928], [46596], [48131], [52955], [53548], [53813], [53873], [54118], [54316], [54420], [54421], [54803].

See #56792.
Built from https://develop.svn.wordpress.org/trunk@54855


git-svn-id: http://core.svn.wordpress.org/trunk@54407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-11-17 18:15:19 +00:00
audrasjb
823517e1de Docs: Align spelling with American English.
This changeset replaces "behaviour" with "behavior" in various docblocks.

Props kebbet, jrf.
See #56811, #56792.

Built from https://develop.svn.wordpress.org/trunk@54663


git-svn-id: http://core.svn.wordpress.org/trunk@54215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-21 21:12:14 +00:00
davidbaumwald
7a15b3353a REST API: Ensure args is an array of arrays in register_rest_route().
When calling `register_rest_route()`, the `args` parameter for a route should be an array of arrays.  However, some plugins/themes have passed an array of strings or key-value pairs which produces a PHP warning when `array_intersect_key` is used to filter the array keys based on an allowed list of schema keywords.

This change adds a check of the `args` parameter to ensure it's an array of arrays, presenting a `_doing_it_wrong` if any element of `args` is not an array and restructuring to an array of arrays.  This change also adds a unit test for the incorrect usage described above, expecting that a `_doing_it_wrong` is produced.

Props slaFFik, desrosj, apermo, AndrewNZ, aristath, poena, dovyp, timothyblynjacobs, Hinjiriyo, johnmark8080, nateallen.
Fixes #51986.
Built from https://develop.svn.wordpress.org/trunk@54339


git-svn-id: http://core.svn.wordpress.org/trunk@53898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-27 20:13:13 +00:00
Sergey Biryukov
c03305852e Code Modernization: Add AllowDynamicProperties attribute to all (parent) classes.
Dynamic (non-explicitly declared) properties are deprecated as of PHP 8.2 and are expected to become a fatal error in PHP 9.0.

There are a number of ways to mitigate this:
* If it is an accidental typo for a declared property: fix the typo.
* For known properties: declare them on the class.
* For unknown properties: add the magic `__get()`, `__set()`, et al. methods to the class or let the class extend `stdClass` which has highly optimized versions of these magic methods built in.
* For unknown ''use'' of dynamic properties, the `#[AllowDynamicProperties]` attribute can be added to the class. The attribute will automatically be inherited by child classes.

Trac ticket #56034 is open to investigate and handle the third and fourth type of situations, however it has become clear this will need more time and will not be ready in time for WP 6.1.

To reduce “noise” in the meantime, both in the error logs of WP users moving onto PHP 8.2, in the test run logs of WP itself, in test runs of plugins and themes, as well as to prevent duplicate tickets from being opened for the same issue, this commit adds the `#[AllowDynamicProperties]` attribute to all “parent” classes in WP.

The logic used for this commit is as follows:
* If a class already has the attribute: no action needed.
* If a class does not `extend`: add the attribute.
* If a class does `extend`:
 - If it extends `stdClass`: no action needed (as `stdClass` supports dynamic properties).
 - If it extends a PHP native class: add the attribute.
 - If it extends a class from one of WP's external dependencies: add the attribute.
* In all other cases: no action — the attribute should not be needed as child classes inherit from the parent.

Whether or not a class contains magic methods has not been taken into account, as a review of the currently existing magic methods has shown that those are generally not sturdy enough and often even set dynamic properties (which they should not). See the [https://www.youtube.com/watch?v=vDZWepDQQVE live stream from August 16, 2022] for more details.

This commit only affects classes in the `src` directory of WordPress core.
* Tests should not get this attribute, but should be fixed to not use dynamic properties instead. Patches for this are already being committed under ticket #56033.
* While a number bundled themes (2014, 2019, 2020, 2021) contain classes, they are not a part of this commit and may be updated separately.

Reference: [https://wiki.php.net/rfc/deprecate_dynamic_properties PHP RFC: Deprecate dynamic properties].

Follow-up to [53922].

Props jrf, hellofromTonya, markjaquith, peterwilsoncc, costdev, knutsp, aristath.
See #56513, #56034.
Built from https://develop.svn.wordpress.org/trunk@54133


git-svn-id: http://core.svn.wordpress.org/trunk@53692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-12 15:47:14 +00:00
K. Adam White
bd607c1118 REST API: Introduce _pretty query parameter to opt in to JSON_PRETTY_PRINT.
Add support for a "_pretty" meta-parameter on all REST controllers which instructs WordPress to return pretty-printed JSON, for better readability when inspecting endpoint responses in curl output or certain developer tools.

Introduce the "rest_json_encode_options" filter to permit site owners to control this behavior globally.

Props Viper007Bond, TimothyBlynJacobs, chrisguitarguy, johnbillion, swissspidy, adamsilverstein, danielbachhuber, rmccue.
Fixes #41998.

Built from https://develop.svn.wordpress.org/trunk@54127


git-svn-id: http://core.svn.wordpress.org/trunk@53686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-11 22:02:09 +00:00
Sergey Biryukov
6e26f8f8c7 REST API: Add the missing site_icon_url to the index.
The `site_icon_url` index was supposed to ship with WordPress 5.6, but was [https://github.com/WordPress/gutenberg/pull/22952 never backported to core].

This commit backports the original PR from Gutenberg repository:
* [https://github.com/WordPress/gutenberg/pull/42957 #42957: REST API: Add the missing 'site_icon_url' to the index]

Follow-up to [52080].

Props Mamaduka, bernhard-reiter, TimothyBlynJacobs.
See #56467.
Built from https://develop.svn.wordpress.org/trunk@54083


git-svn-id: http://core.svn.wordpress.org/trunk@53642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-09-06 14:43:09 +00:00
Sergey Biryukov
01d172b581 General: Replace all esc_url_raw() calls in core with sanitize_url().
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.
Built from https://develop.svn.wordpress.org/trunk@53455


git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-06-01 18:14:10 +00:00
spacedmonkey
06ab86cee6 REST API: Use rest_parse_embed_param function in WP_REST_Server class.
Ensure that the value get parameter `_embed ` that is passed to the `envelope_response` method, is run through the `rest_parse_embed_param` function. 

Props Spacedmonkey, johnbillion, TimothyBlynJacobs. 
Fixes #54015.


Built from https://develop.svn.wordpress.org/trunk@53110


git-svn-id: http://core.svn.wordpress.org/trunk@52699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-04-08 17:29:01 +00:00
spacedmonkey
2ae4784ca0 REST API: Pass WP_REST_Request object to the rest_index filter.
Props johnregan3, TimothyBlynJacobs, Spacedmonkey, hasanuzzamanshamim.
Fixes #48638. 

Built from https://develop.svn.wordpress.org/trunk@52796


git-svn-id: http://core.svn.wordpress.org/trunk@52385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-02-24 22:36:01 +00:00
Sergey Biryukov
2eaeae58ff Docs: Update spelling for inline comments in a few files.
Per the [https://make.wordpress.org/core/handbook/best-practices/spelling/ spelling] and [https://make.wordpress.org/docs/style-guide/language-grammar/word-choice/ word choice] documentation guidelines, American (US) spelling should be preferred.

Props mohadeseghasemi, subrataemfluence, rehanali, SergeyBiryukov.
Fixes #46837.
Built from https://develop.svn.wordpress.org/trunk@52640


git-svn-id: http://core.svn.wordpress.org/trunk@52229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-01-25 13:55:05 +00:00
John Blackbourn
c9746ab584 Docs: Various corrections and improvements relating to types used in inline documentation.
See #53399

Built from https://develop.svn.wordpress.org/trunk@52204


git-svn-id: http://core.svn.wordpress.org/trunk@51796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-18 13:50:05 +00:00
TimothyBlynJacobs
d224b7cf10 REST API: Expose the site icon in the REST API index.
Props spacedmonkey, palmiak.
Fixes #52321.

Built from https://develop.svn.wordpress.org/trunk@52080


git-svn-id: http://core.svn.wordpress.org/trunk@51672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 20:37:59 +00:00
TimothyBlynJacobs
84dae82fd3 REST API: Add batch support for posts and terms controllers.
This also exposes the value of `allow_batch` in `OPTIONS` requests to a route.

A future commit will add batch support to more resources.

Props spacedmonkey, chrisvanpatten.
See #53063.

Built from https://develop.svn.wordpress.org/trunk@52068


git-svn-id: http://core.svn.wordpress.org/trunk@51660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-09 01:59:02 +00:00
TimothyBlynJacobs
bac6e41c85 REST API: Support custom namespaces for custom post types.
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument. 

A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.

While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.

Props spacedmonkey, swissspidy.
Fixes #53656.

Built from https://develop.svn.wordpress.org/trunk@51962


git-svn-id: http://core.svn.wordpress.org/trunk@51551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 23:16:58 +00:00
TimothyBlynJacobs
af212ad9b3 REST API: Send a 500 status code when JSON encoding fails.
Previously, a 200 status code would be sent despite the 500 status code present in the response body.

Props hermpheus, lalitjalandhar.
Fixes #53056.

Built from https://develop.svn.wordpress.org/trunk@51960


git-svn-id: http://core.svn.wordpress.org/trunk@51549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-31 06:07:56 +00:00
John Blackbourn
00b914db08 REST API: Correct the order of the parameters documented for WP_REST_Server::respond_to_request().
See #53399

Built from https://develop.svn.wordpress.org/trunk@51915


git-svn-id: http://core.svn.wordpress.org/trunk@51508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-18 11:14:57 +00:00
Sergey Biryukov
1b749d971a Docs: Remove an empty line between @param and @return tags in some newly added REST API methods, per the documentation standards.
Follow-up to [48242], [49925], [51003], [51021].

See #52628, #53461.
Built from https://develop.svn.wordpress.org/trunk@51289


git-svn-id: http://core.svn.wordpress.org/trunk@50898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-30 18:43:58 +00:00
youknowriad
be0d5b2534 Block Editor: Update the packages with a number of fixes targeted for Beta 4.
It includes fixes from these two backport PRs: 

 - https://github.com/WordPress/gutenberg/pull/32992
 - https://github.com/WordPress/gutenberg/pull/32956

Props gziolo, ryelle, ntsekouras, desrosj, jorgefilipecosta.
See #53397

Built from https://develop.svn.wordpress.org/trunk@51241


git-svn-id: http://core.svn.wordpress.org/trunk@50850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-25 15:52:22 +00:00
davidbaumwald
9cd6547f13 Docs: Update help key documentation link in REST API response.
Props dd32, mukesh27, audrasjb, SergeyBiryukov.
Fixes #53162.
Built from https://develop.svn.wordpress.org/trunk@50840


git-svn-id: http://core.svn.wordpress.org/trunk@50449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-11 18:05:02 +00:00
Rachel Baker
3d04a220be REST API: Move the rest_jsonp_enabled filter before setting the Content-Type header.
Fixes an issue where if JSONP was disabled the `Content-Type` HTTP header was still set to `application/javascript`.  

Props dd32, TimothyBlynJacobs.
Fixes #52691.
Built from https://develop.svn.wordpress.org/trunk@50695


git-svn-id: http://core.svn.wordpress.org/trunk@50304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-09 21:28:08 +00:00
TimothyBlynJacobs
8a51ab57e0 REST API: Return detailed error information from request validation.
Previously, only the first error message for each parameter was made available. Now, all error messages for a parameter are concatenated. Additionally, the detailed error for each parameter is made available in a new `details` section of the validation error. Each error is formatted following the standard REST API error formatting.

The `WP_REST_Server::error_to_response` method has been abstracted out into a standalone function `rest_convert_error_to_response` to allow for reuse by `WP_REST_Request`. The formatted errors now also contain an `additional_data` property which contains the additional error data provided by `WP_Error::get_all_error_data`.

Props dlh, xkon, TimothyBlynJacobs.
Fixes #46191.

Built from https://develop.svn.wordpress.org/trunk@50150


git-svn-id: http://core.svn.wordpress.org/trunk@49829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-02 17:28:02 +00:00
John Blackbourn
35e1b34f8e REST API: Corrections and improvements to docblocks for REST API filters.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49955


git-svn-id: http://core.svn.wordpress.org/trunk@49654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-10 22:23:09 +00:00
John Blackbourn
6f3a940e64 Plugins: Replace usage of $this in action and filter parameter docblocks with more appropriate variable names.
See #51800, #52217

Fixes #52243

Built from https://develop.svn.wordpress.org/trunk@49946


git-svn-id: http://core.svn.wordpress.org/trunk@49645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-08 14:30:14 +00:00
John Blackbourn
dfe1f9b322 Docs: Promote many bool types to true or false where only that value is used.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49927


git-svn-id: http://core.svn.wordpress.org/trunk@49626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-03 22:04:04 +00:00
TimothyBlynJacobs
bf51961e7e REST API: Expose all themes in the themes controller.
Previously, only the active theme was made available. This commit allows for all themes to be queried if the user has the `switch_themes` or `manage_network_themes` capabilities.

This commit also no longer exposes the `page`, `per_page`, `search` and `context` query parameters since they are not supported by this controller.

Props spacedmonkey, lpawlik, TimothyBlynJacobs.
Fixes #50152.

Built from https://develop.svn.wordpress.org/trunk@49925


git-svn-id: http://core.svn.wordpress.org/trunk@49624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-03 21:47:05 +00:00
TimothyBlynJacobs
c56eb69d7d REST API: Properly display JSON encoding errors.
Previously `null` was returned because the server was accessing the incorrect variable.

Props atimmer, technosailor.
Fixes #52106.

Built from https://develop.svn.wordpress.org/trunk@49918


git-svn-id: http://core.svn.wordpress.org/trunk@49617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-02 20:36:06 +00:00
John Blackbourn
1ead0719b7 Docs: Fix some docblock issues introduced in 5.6.
See #51800

Built from https://develop.svn.wordpress.org/trunk@49787


git-svn-id: http://core.svn.wordpress.org/trunk@49510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-10 23:27:06 +00:00
Sergey Biryukov
4a69dfa63a Docs: Fix typo in some DocBlocks.
See #51800.
Built from https://develop.svn.wordpress.org/trunk@49785


git-svn-id: http://core.svn.wordpress.org/trunk@49508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-12-10 18:12:03 +00:00
John Blackbourn
753ae723ad Docs: Corrections and improvements to inline docs relating to the REST API.
See #50768

Built from https://develop.svn.wordpress.org/trunk@49610


git-svn-id: http://core.svn.wordpress.org/trunk@49348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-16 11:04:12 +00:00
TimothyBlynJacobs
7fe78e2f18 REST API: Make sure all supported JSON Schema keywords are output in the index.
Previously, only a small subset of keywords were exposed which limited the utility of `OPTIONS` requests.

Props raubvogel, TimothyBlynJacobs.
Fixes #51020.

Built from https://develop.svn.wordpress.org/trunk@49257


git-svn-id: http://core.svn.wordpress.org/trunk@49019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 20:19:09 +00:00
TimothyBlynJacobs
499e4e9053 REST API: Introduce support for batching API requests.
A new route is introduced, `batch/v1`, that accepts a list of API requests to run. Each request runs in sequence, and the responses are returned in the order they've been received.

Optionally, the `require-all-validate` validation mode can be used to first validate each request's parameters and only proceed with processing if each request validates successfully.

By default, the batch size is limited to 25 requests. This can be controlled using the `rest_get_max_batch_size` filter. Clients are strongly encouraged to discover the maximum batch size supported by the server by making an OPTIONS request to the `batch/v1` endpoint and inspecting the described arguments.

Additionally, the two new methods, `match_request_to_handler` and `respond_to_request` introduced in [48947] now have a `protected` visibility as we don't want to expose the inner workings of the `WP_REST_Server::dispatch` API.

Batching is not currently supported for GET requests.

Fixes #50244.
Props andraganescu, zieladam, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@49252


git-svn-id: http://core.svn.wordpress.org/trunk@49014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 19:10:08 +00:00
TimothyBlynJacobs
d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
Sergey Biryukov
09570be924 Docs: Fix typos in some DocBlocks in js/_enqueues/wp/api.js.
Additionally, rename a variable for clarity.

Props mukesh27.
Fixes #51420.
Built from https://develop.svn.wordpress.org/trunk@49075


git-svn-id: http://core.svn.wordpress.org/trunk@48837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-30 13:54:06 +00:00
Helen Hou-Sandí
75262781d9 i18n: Ensure block type strings in the REST API end with a full stop.
Props ramiy, justinahinon.
Fixes #50805.


Built from https://develop.svn.wordpress.org/trunk@48982


git-svn-id: http://core.svn.wordpress.org/trunk@48744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-16 19:23:07 +00:00
TimothyBlynJacobs
a63708debf REST API: Refactor WP_REST_Server::dispatch() to make internal logic reusable.
#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.

This necessitates splitting `WP_REST_Server::dispatch()` into two methods so the batch controller can determine the request handler to perform pre-validation and then respond to the requests.

The two new methods, `match_request_to_handler` and `respond_to_request`, have a public visibility, but are marked as `@access private`. This is to allow for iteration on the batch controller to happen in the Gutenberg repository. Developers should not rely upon these methods, their visibility may change in the future.

See #50244.
Props andraganescu, zieladam, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@48947


git-svn-id: http://core.svn.wordpress.org/trunk@48709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-05 21:52:07 +00:00
John Blackbourn
124972f2c6 Docs: Further corrections and improvements to various inline docblocks.
See #49572
Built from https://develop.svn.wordpress.org/trunk@48576


git-svn-id: http://core.svn.wordpress.org/trunk@48338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 07:39:02 +00:00
TimothyBlynJacobs
df2b9b1689 REST API: Add Content-Disposition, Content-MD5 and X-WP-Nonce as allowed cors headers.
The Content-Disposition and Content-MD5 headers allow for easier file uploading across domains by using a File/Blob object directly. The X-WP-Nonce header is allowed for making cross-origin and same-origin authenticated requests consistent.

Additionally a filter is introduced, "rest_allowed_cors_headers", to simplify the process of allowing additional request headers.

Props rmccue, TimothyBlynJacobs.
Fixes #41696.

Built from https://develop.svn.wordpress.org/trunk@48452


git-svn-id: http://core.svn.wordpress.org/trunk@48221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-12 19:37:12 +00:00
Sergey Biryukov
c892c420b7 Docs: Miscellaneous DocBlock corrections.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48198


git-svn-id: http://core.svn.wordpress.org/trunk@47967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-28 11:53:04 +00:00
desrosj
4b60af1a6a General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”

With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).

Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.

Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.

Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121


git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 17:26:13 +00:00
TimothyBlynJacobs
88f54b22ba REST API: Add "Link" to the list of exposed cors headers.
Currently, only the X-WP-Total and X-WP-TotalPages headers are exposed which means that clients have to manually construct the URL to implement pagination instead of using the "prev" and "next" Links.

Additionally, a filter "rest_exposed_cors_headers" is introduced to make it simpler for plugins to expose additional headers.

Props Toro_Unit, ayeshrajans.
Fixes #50369.

Built from https://develop.svn.wordpress.org/trunk@48112


git-svn-id: http://core.svn.wordpress.org/trunk@47881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-20 23:56:12 +00:00
desrosj
c591d94cc5 General: Remove or add inline comments to $HTTP_RAW_POST_DATA occurrences.
The `$HTTP_RAW_POST_DATA` global was deprecated in PHP 5.6 and removed completely in PHP 7.0. In general, `php://input` should be used instead of `$HTTP_RAW_POST_DATA`.

Because WordPress Core still supports PHP 5.6, some plugins or sites may still rely on this variable being present and populated with the expected data. For that reason, occurrences of the variable will remain with updated inline documentation until support for PHP 5.6 is officially dropped in WordPress.

Props skoskie, jrf, desrosj, TimothyBlynJacobs.
See #49922.
Fixes #49810.
Built from https://develop.svn.wordpress.org/trunk@47926


git-svn-id: http://core.svn.wordpress.org/trunk@47700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-08 19:55:10 +00:00