Commit Graph

51 Commits

Author SHA1 Message Date
Dominik Schilling
4d3ca52c45 REST API: Pass current request object to rest_authentication_errors filter in WP_REST_Server::check_authentication().
Fixes #46907.
Built from https://develop.svn.wordpress.org/trunk@45687


git-svn-id: http://core.svn.wordpress.org/trunk@45498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-27 13:44:57 +00:00
Gary Pendergast
abcbee954f Coding Standards: Fix instances of WordPress.PHP.NoSilencedErrors.Discouraged.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Sergey Biryukov
e23ce44744 REST API: Call WP_REST_Server::get_compact_response_links() and ::get_raw_data() static methods the right way.
Props andizer, TimothyBlynJacobs.
Fixes #47578.
Built from https://develop.svn.wordpress.org/trunk@45566


git-svn-id: http://core.svn.wordpress.org/trunk@45377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-06-26 18:07:54 +00:00
John Blackbourn
47d32decd6 Docs: Correct and improve various inline documentation.
See #42505

Built from https://develop.svn.wordpress.org/trunk@43582


git-svn-id: http://core.svn.wordpress.org/trunk@43411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-27 14:28:26 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast
e22489f06c REST API: Remove permalink_structure from the index.
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.

Reverts [42142].
Fixes #42465.


Built from https://develop.svn.wordpress.org/trunk@42997


git-svn-id: http://core.svn.wordpress.org/trunk@42826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-23 04:12:20 +00:00
Sergey Biryukov
08227812a0 Docs: Remove @static notations from method DocBlocks in wp-includes/* classes.
This tag has been used in the past, but should no longer be used. Just using the `static` keyword in code is enough for PhpDocumentor on PHP5+ to recognize static variables and methods, and PhpDocumentor will mark them as static.

Props birgire.
See #42803.
Built from https://develop.svn.wordpress.org/trunk@42746


git-svn-id: http://core.svn.wordpress.org/trunk@42576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-25 20:22:30 +00:00
Rachel Baker
a787006298 REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch().
Use the `rest_authorization_required_code()` function to return a 401 status code when a permission callback fails due to a user not being logged in.

Props jaswrks.
Fixes #42828.
Built from https://develop.svn.wordpress.org/trunk@42421


git-svn-id: http://core.svn.wordpress.org/trunk@42252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-30 20:37:47 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast
e8229a25d5 REST API: Add permalink_structure to the index endpoint.
This allows Gutenberg to implement permalink editing.

Props schlessera.
Fixes #42465.


Built from https://develop.svn.wordpress.org/trunk@42142


git-svn-id: http://core.svn.wordpress.org/trunk@41973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 06:11:51 +00:00
James Nylen
0ef4d4289f REST API: Exclude numeric parameters from regex parsing
The list of endpoint parameters should only include explicitly named and requested parameters.

Props flixos90, rmccue, jnylen0.
Fixes #40704.

Built from https://develop.svn.wordpress.org/trunk@41223


git-svn-id: http://core.svn.wordpress.org/trunk@41063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 19:55:43 +00:00
Drew Jaynes
0860bb2771 Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
James Nylen
8f6088ba6e REST API: Add a filter to allow modifying the response *after* embedded data is added.
Fixes #38964.

Built from https://develop.svn.wordpress.org/trunk@40961


git-svn-id: http://core.svn.wordpress.org/trunk@40811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-29 13:17:43 +00:00
James Nylen
df5b8dcc82 REST API: Avoid sending blank Last-Modified headers with authenticated requests.
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests).  This matches the behavior of the `nocache_headers` function used in other parts of WordPress.

Previously, the REST API would send an empty `Last-Modified` header in this situation.  Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.

Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes #40444.

Built from https://develop.svn.wordpress.org/trunk@40805


git-svn-id: http://core.svn.wordpress.org/trunk@40663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-19 20:27:44 +00:00
James Nylen
27aa0664df REST API: Add gmt_offset and timezone_string to the base /wp-json response.
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates.  It has not been previously available.

Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight savings time) via the "site info" endpoint (the base `/wp-json` response).

Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.

Props sagarkbhatt.
Fixes #39854.

Built from https://develop.svn.wordpress.org/trunk@40238


git-svn-id: http://core.svn.wordpress.org/trunk@40168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-07 05:48:41 +00:00
Sergey Biryukov
e0e9568e24 REST API: After [38947], improve the wording of the message to clarify that rest_authentication_errors is a filter.
See #38446.
Built from https://develop.svn.wordpress.org/trunk@40038


git-svn-id: http://core.svn.wordpress.org/trunk@39975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-01 21:32:47 +00:00
Sergey Biryukov
acc30b09d7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.
Built from https://develop.svn.wordpress.org/trunk@39278


git-svn-id: http://core.svn.wordpress.org/trunk@39218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-17 15:53:33 +00:00
Joe Hoyle
901c4ed17a REST API: Support querying for multiple post statuses.
Multiple post statuses can be specified by the usual CSV or array-propper format.

Props jnylen0, kadamwhite, websupporter.
Fixes #38420.

Built from https://develop.svn.wordpress.org/trunk@39104


git-svn-id: http://core.svn.wordpress.org/trunk@39046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:46:29 +00:00
Drew Jaynes
5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Gary Pendergast
dbc4b87b7f REST API: Allow Content-Type on CORS requests.
This allows `POST` requests with a wider variety of `Content-Type' headers - `Content-Type: application/json`, for example.

Props jnylen0.
Fixes #37994.


Built from https://develop.svn.wordpress.org/trunk@39044


git-svn-id: http://core.svn.wordpress.org/trunk@38986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 00:34:33 +00:00
Drew Jaynes
2452f69485 REST: Fix some errant else if conditions and add a few missing periods on inline comments.
Props mrahmadawais.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39029


git-svn-id: http://core.svn.wordpress.org/trunk@38971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:54:30 +00:00
Gary Pendergast
6b4357e14b REST API: Deprecate the rest_enabled filter.
As the REST API becomes more integral to WordPress Core, turning it off will cause a... suboptimal experience. If we don't want it to be turned off, the off switch needs to be removed.

Props jorbin, pento.
Fixes #38446.


Built from https://develop.svn.wordpress.org/trunk@38947


git-svn-id: http://core.svn.wordpress.org/trunk@38890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 06:28:30 +00:00
Dominik Schilling
ae2ff33c91 Docs: Improve formatting of filter docs added in [38689].
Fixes #35590.
Built from https://develop.svn.wordpress.org/trunk@38749


git-svn-id: http://core.svn.wordpress.org/trunk@38692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-07 19:24:28 +00:00
Joe Hoyle
d72da116be REST API: Add filters to allow creating REST API middleware plugins.
Introduce two new filters: `rest_request_before_callbacks` and `rest_request_after_callbacks` to
assist REST API middleware plugins to perform pre-callback and cleanup hooks such as `switch_to_blog()`
or caching implementations.

Props jnylen0.
Fixes #35590.

Built from https://develop.svn.wordpress.org/trunk@38689


git-svn-id: http://core.svn.wordpress.org/trunk@38632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 20:12:28 +00:00
Joe Hoyle
794dd5d8cb REST API: Enable sanitize_callback to return WP_Error.
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Built from https://develop.svn.wordpress.org/trunk@38601


git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-14 15:50:29 +00:00
Dominik Schilling
97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Rachel Baker
e5fcbb3514 REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.
Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.

Props schlessera, rachelbaker.
See #37247.
Fixes #37192.



Built from https://develop.svn.wordpress.org/trunk@37943


git-svn-id: http://core.svn.wordpress.org/trunk@37884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-02 23:03:27 +00:00
Rachel Baker
a475d0a161 REST API: Include auto-discovery Link header when serving API requests.
The Link header allows clients to verify if a site has made the REST API available, as well as indicating how to access it.

Props danielbachhuber.
Fixes #35580.



Built from https://develop.svn.wordpress.org/trunk@37903


git-svn-id: http://core.svn.wordpress.org/trunk@37844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 01:57:55 +00:00
Rachel Baker
228c60a222 REST API: Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines.
Prevent duplicate content issues with search engines and REST API endpoint response data.

Fixes #36390.
Props m_uysl for the initial patch.
Built from https://develop.svn.wordpress.org/trunk@37726


git-svn-id: http://core.svn.wordpress.org/trunk@37692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 14:59:28 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Rachel Baker
99cca27041 REST API: Create the general wp_check_jsonp_callback() function for validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.

Props rmccue.
Fixes #28523.
Built from https://develop.svn.wordpress.org/trunk@37646


git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:34:28 +00:00
Drew Jaynes
f03eef071e Docs: Standardize hook docs in wp-includes/rest-api/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37490


git-svn-id: http://core.svn.wordpress.org/trunk@37458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:08:29 +00:00
Mark Jaquith
31152de134 REST API: Deliver parameters unadulterated instead of slashed.
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.

Props joehoyle.
Fixes #36419.
Built from https://develop.svn.wordpress.org/trunk@37163


git-svn-id: http://core.svn.wordpress.org/trunk@37130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-06 21:02:28 +00:00
Joe Hoyle
a07988c1c5 REST API: Provide better method for generating CURIEs
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.

This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.

Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.

Fixes #34729.


Built from https://develop.svn.wordpress.org/trunk@37041


git-svn-id: http://core.svn.wordpress.org/trunk@37008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-22 00:16:27 +00:00
Rachel Baker
6edbcc88ff REST API: Add home_url to API index to avoid confusion with site_url.
Confusion abound, the API index is the generic term `url` to display the `site_url`. New `home` key will display the `home_url` in the index as well.

Fixes #35647.
Built from https://develop.svn.wordpress.org/trunk@37031


git-svn-id: http://core.svn.wordpress.org/trunk@36998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 19:16:29 +00:00
Rachel Baker
76d14c1d24 REST API: Remove unused variable $api_root from WP_Rest_Server->embed_links() method.
After [r36674] the variable `$api_root` is no longer used in this method and should be removed.

See #35803.
Built from https://develop.svn.wordpress.org/trunk@37021


git-svn-id: http://core.svn.wordpress.org/trunk@36988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 21:41:28 +00:00
Ryan McCue
937b0c3241 REST API: Use WP_REST_Request::from_url() when embedding.
See #35803.

Built from https://develop.svn.wordpress.org/trunk@36674


git-svn-id: http://core.svn.wordpress.org/trunk@36641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 04:20:25 +00:00
Drew Jaynes
e020ccd081 Docs: Add formatting to a changelog entry in the hook doc for the rest_dispatch_request filter.
See [36534]. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36576


git-svn-id: http://core.svn.wordpress.org/trunk@36543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-18 18:18:25 +00:00
Ryan McCue
3e65236aa7 REST API: Apply rest_post_dispatch to embedded responses.
Fixes #35628.
Props @danielbachhuber.

Built from https://develop.svn.wordpress.org/trunk@36536


git-svn-id: http://core.svn.wordpress.org/trunk@36503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 06:06:27 +00:00
Ryan McCue
03ba67a0b7 REST API: Allow explicit HEAD callbacks.
HEAD callbacks can now be registered independently, with the GET
callback still used as a fallback.

Fixes #34841.

Built from https://develop.svn.wordpress.org/trunk@36535


git-svn-id: http://core.svn.wordpress.org/trunk@36502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 05:51:26 +00:00
Ryan McCue
0438795671 REST API: Add routing args to rest_dispatch_request filter.
This allows requests to be hijacked via the filter more easily.

Fixes #35507.

Built from https://develop.svn.wordpress.org/trunk@36534


git-svn-id: http://core.svn.wordpress.org/trunk@36501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 04:40:26 +00:00
Ryan McCue
47bee5157b REST API: Add support for CURIEs.
CURIEs are Compact URIs, which provide a more usable way to use
custom relations in the API. The `wp` CURIE is registered by default
for `https://api.w.org/` URI relations.

Fixes #34729.
Props joehoyle.

Built from https://develop.svn.wordpress.org/trunk@36533


git-svn-id: http://core.svn.wordpress.org/trunk@36500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 02:19:27 +00:00
Scott Taylor
4ae83ec7ec REST API: Core typically sends nocache headers on all auth'ed responses, as in wp, admin-ajax, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.
Adds unit tests.

Props joehoyle.
Fixes #34832.

Built from https://develop.svn.wordpress.org/trunk@35773


git-svn-id: http://core.svn.wordpress.org/trunk@35737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:36:25 +00:00
Mark Jaquith
6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Ryan McCue
7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static.
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Ryan McCue
0801acbdd8 REST API: Remove redundant "0" parameter.
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()

Props danielbachhuber.
Fixes #34647.

Built from https://develop.svn.wordpress.org/trunk@35659


git-svn-id: http://core.svn.wordpress.org/trunk@35623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 07:24:28 +00:00
Ryan McCue
81ffd2492c REST API: Optimise for singular error instances.
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.

Fixes #34551.

Built from https://develop.svn.wordpress.org/trunk@35653


git-svn-id: http://core.svn.wordpress.org/trunk@35617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 04:12:26 +00:00
Ryan McCue
9524ebb38e REST API: Include enum and description in help data.
Props lcherpit.
Fixes #34543.

Built from https://develop.svn.wordpress.org/trunk@35652


git-svn-id: http://core.svn.wordpress.org/trunk@35616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 02:49:28 +00:00
Scott Taylor
16637eeee4 REST API: in WP_REST_Server::dispatch(), move preg_match() out of it's current loop, which doesn't affect the context passed to it.
Props TobiasBg.
Fixes #34488.

Built from https://develop.svn.wordpress.org/trunk@35514


git-svn-id: http://core.svn.wordpress.org/trunk@35478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 21:23:25 +00:00
Scott Taylor
31e0b06125 REST API: don't load wp-admin/includes/admin.php on every request.
Props swissspidy.
Fixes #34395.

Built from https://develop.svn.wordpress.org/trunk@35353


git-svn-id: http://core.svn.wordpress.org/trunk@35319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 16:29:28 +00:00