Commit Graph

394 Commits

Author SHA1 Message Date
Rachel Baker
0e656c1a10 REST API: Correct HTTP status code in error for requests to create a duplicate term.
The 409 error code is intended for situations where it is expected that the user will resolve the conflict and resubmit the same request. We use 400 error codes for other routes when a duplicate request is made. The 400 status code tells the user they need to modify their request for it to be successful.

Props shooper.
Fixes #42781. See #41370.
Built from https://develop.svn.wordpress.org/trunk@42354


git-svn-id: http://core.svn.wordpress.org/trunk@42183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-03 19:09:49 +00:00
Rachel Baker
01eeeb80fd REST API: Add existing term_id to the error data object when attempting to create a duplicate term.
Props shooper, coleh.
Fixes #42597. See #41370.
Built from https://develop.svn.wordpress.org/trunk@42350


git-svn-id: http://core.svn.wordpress.org/trunk@42179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-03 18:11:53 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast
e8229a25d5 REST API: Add permalink_structure to the index endpoint.
This allows Gutenberg to implement permalink editing.

Props schlessera.
Fixes #42465.


Built from https://develop.svn.wordpress.org/trunk@42142


git-svn-id: http://core.svn.wordpress.org/trunk@41973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 06:11:51 +00:00
Joe Hoyle
bebb0b0d82 REST API: Don’t remove unregistered properties from objects in schema.
In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.

See #38583.
Built from https://develop.svn.wordpress.org/trunk@42000


git-svn-id: http://core.svn.wordpress.org/trunk@41834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 21:05:49 +00:00
Weston Ruter
29d213cfbd REST API: Allow passing existing template value for posts even when template no longer exists.
Also remove `enum` for validating allowed templates to allow plugins to dynamically supply their own templates for specific posts, even when they are not in the theme.

Props TimothyBlynJacobs, jnylen0, swissspidy.
Fixes #39996.

Built from https://develop.svn.wordpress.org/trunk@41979


git-svn-id: http://core.svn.wordpress.org/trunk@41813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 22:11:46 +00:00
K. Adam White
30827e4a4f REST API: Support ordering response collection by listed slugs.
Adds an "include_slug" orderby value for REST API collections to permit returning a collection filtered by slugs in the same order in which those slugs are specified.
Previously, the order of slugs provided with the ?slug query parameter had no effect on the order of the returned records.

Props wonderboymusic, ocean90, boonebgorges.
Fixes #40826.


Built from https://develop.svn.wordpress.org/trunk@41760


git-svn-id: http://core.svn.wordpress.org/trunk@41594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:37:47 +00:00
K. Adam White
704fb3900b REST API: Support objects in settings schema.
Enables register_setting to accept an object as its schema value, allowing settings to accept non-scalar values through the REST API.
This whitelists the added type in the settings controller, and passes properties from argument registration into the validation functions.

Props joehoyle.
See #38583.


Built from https://develop.svn.wordpress.org/trunk@41758


git-svn-id: http://core.svn.wordpress.org/trunk@41592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:19:49 +00:00
K. Adam White
fe29c9c881 REST API: Return 409 status when attempting to create an existing term.
Fixes an issue where submitting a well-formed request to create a term inappropriately returns a 500 error status if that term already exists.
HTTP 5xx error codes should be reserved for unexpected server errors, so "409 Conflict" is a more appropriate response.

Props alibasheer, guzzilar, shooper.
Fixes #41370.


Built from https://develop.svn.wordpress.org/trunk@41737


git-svn-id: http://core.svn.wordpress.org/trunk@41571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 16:24:46 +00:00
John Blackbourn
090dfae53e REST API: Avoid counting an uncountable type when checking read permissions for comment posts.
This avoids deprecated notices from showing in PHP 7.2 and above.

Props ayeshrajans
Fixes #41457

Built from https://develop.svn.wordpress.org/trunk@41735


git-svn-id: http://core.svn.wordpress.org/trunk@41569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 15:38:49 +00:00
K. Adam White
18d9cc6051 REST API: Specify specific json-schema version.
Explicitly specifies that the REST API uses JSON Schema draft-04,
as JSON Schema has deprecated versionless schema URIs and recommends
the use of a specific draft version.

Props @TimothyBlynJacobs
Fixes #41734


Built from https://develop.svn.wordpress.org/trunk@41731


git-svn-id: http://core.svn.wordpress.org/trunk@41565 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 14:52:46 +00:00
Joe Hoyle
f276b4901b REST API: Support for objects in schema validation and sanitization.
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.

See #38583.
Props TimothyBlynJacobs5.
Built from https://develop.svn.wordpress.org/trunk@41727


git-svn-id: http://core.svn.wordpress.org/trunk@41561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 08:27:47 +00:00
Sergey Biryukov
486ab09a0e I18N: Add translator comments for placeholders in WP_REST_Controller strings.
Props ramiy.
Fixes #41667.
Built from https://develop.svn.wordpress.org/trunk@41591


git-svn-id: http://core.svn.wordpress.org/trunk@41424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-25 10:27:43 +00:00
Sergey Biryukov
4a42f4e835 I18N: Replace code fragments in translatable strings for rest_trash_not_supported errors with a placeholder.
Props ramiy.
Fixes #41643.
Built from https://develop.svn.wordpress.org/trunk@41588


git-svn-id: http://core.svn.wordpress.org/trunk@41421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-24 22:29:46 +00:00
Sergey Biryukov
982ba72da9 I18N: Replace method name in a translatable string in WP_REST_Controller::register_routes() with a placeholder.
Props ramiy.
Fixes #41667.
Built from https://develop.svn.wordpress.org/trunk@41587


git-svn-id: http://core.svn.wordpress.org/trunk@41420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-24 22:04:46 +00:00
Sergey Biryukov
deb9b82032 Docs: Remove "to to" dittography from inline comments.
Props birgire.
See #41841.
Built from https://develop.svn.wordpress.org/trunk@41354


git-svn-id: http://core.svn.wordpress.org/trunk@41187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-09 13:49:43 +00:00
Felix Arntz
1d0478d4b1 REST API: Allow site administrators to edit user roles in multisite.
While site administrators cannot generally edit users in multisite, they have always been able to change the roles of users on their site. In the REST API however, this has not been possible so far. This changeset brings parity with how it is handled in the administration panel: A REST request to edit only a user's roles succeeds correctly, while a REST request to edit any further details of a user fails.

Props jnylen0.
Fixes #40263.

Built from https://develop.svn.wordpress.org/trunk@41226


git-svn-id: http://core.svn.wordpress.org/trunk@41066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 21:59:44 +00:00
Felix Arntz
7e2ca92e69 Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

Built from https://develop.svn.wordpress.org/trunk@41225


git-svn-id: http://core.svn.wordpress.org/trunk@41065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 21:41:45 +00:00
James Nylen
0ef4d4289f REST API: Exclude numeric parameters from regex parsing
The list of endpoint parameters should only include explicitly named and requested parameters.

Props flixos90, rmccue, jnylen0.
Fixes #40704.

Built from https://develop.svn.wordpress.org/trunk@41223


git-svn-id: http://core.svn.wordpress.org/trunk@41063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 19:55:43 +00:00
John Blackbourn
b140e8f574 General: Fix various instances of incorrect filter docs and incorrect filter and action parameters.
Props keesiemeijer for identifying the issues

See #38462

Built from https://develop.svn.wordpress.org/trunk@41219


git-svn-id: http://core.svn.wordpress.org/trunk@41059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 15:43:43 +00:00
Sergey Biryukov
e412ea2e6b Docs: Replace HTTP links to stackoverflow.com in DocBlocks with HTTPS.
Update the Nginx "Missing (disappearing) HTTP Headers" link.

Props johnpgreen.
Fixes #41331.
Built from https://develop.svn.wordpress.org/trunk@41189


git-svn-id: http://core.svn.wordpress.org/trunk@41029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-30 14:52:44 +00:00
Drew Jaynes
0860bb2771 Docs: Remove @access notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
James Nylen
8f6088ba6e REST API: Add a filter to allow modifying the response *after* embedded data is added.
Fixes #38964.

Built from https://develop.svn.wordpress.org/trunk@40961


git-svn-id: http://core.svn.wordpress.org/trunk@40811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-29 13:17:43 +00:00
James Nylen
252ab08d88 REST API: Fix changing parameters with set_param() for some requests.
Prior to this commit, `WP_Rest_Request::get_param()` traversed through the parameter order but `WP_Rest_Request::set_param()` did not. For JSON requests (and likely other situations as well), this meant that changing a parameter with `set_param()` would have no effect on `get_param()`.

Props TimothyBlynJacobs.
Fixes #40344.


Built from https://develop.svn.wordpress.org/trunk@40815


git-svn-id: http://core.svn.wordpress.org/trunk@40673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-22 16:16:42 +00:00
James Nylen
df5b8dcc82 REST API: Avoid sending blank Last-Modified headers with authenticated requests.
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests).  This matches the behavior of the `nocache_headers` function used in other parts of WordPress.

Previously, the REST API would send an empty `Last-Modified` header in this situation.  Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.

Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes #40444.

Built from https://develop.svn.wordpress.org/trunk@40805


git-svn-id: http://core.svn.wordpress.org/trunk@40663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-19 20:27:44 +00:00
James Nylen
802c923873 REST API: Improve a few more strings added after the 4.7 string freeze.
See #39178.

See also #40720 for potential follow-up steps.

Built from https://develop.svn.wordpress.org/trunk@40606


git-svn-id: http://core.svn.wordpress.org/trunk@40476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 19:41:41 +00:00
James Nylen
7d337c1327 REST API: Add author, modified, and parent sort order options for posts.
These (and a few others that can be revisited later if needed) were present in
beta versions of the WP REST API but were removed during the merge to WP 4.7.

Props ChopinBach, jnylen0.
Fixes #38693.

Built from https://develop.svn.wordpress.org/trunk@40605


git-svn-id: http://core.svn.wordpress.org/trunk@40475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 18:52:44 +00:00
Ryan McCue
131518542e REST API: Include featured_media in embed responses.
Props kadamwhite, jnylen0, westonruter.
Fixes #39805.

Built from https://develop.svn.wordpress.org/trunk@40602


git-svn-id: http://core.svn.wordpress.org/trunk@40472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 04:46:43 +00:00
Ryan McCue
ba94bd62a0 REST API: Set global $post when preparing revisions.
For compatibility with filters on hooks on content filters (such as shortcodes), we need to set the global. This mirrors the Posts controller.

Props pdufour, jnylen0.
Fixes #40626.

Built from https://develop.svn.wordpress.org/trunk@40601


git-svn-id: http://core.svn.wordpress.org/trunk@40471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 04:32:39 +00:00
Joe Hoyle
b0a327cf3c REST API: WP_REST_Request::remove_header() should canonicalize header names.
When headers are stored in WP_REST_Request internally they are canonicalized. This step already happens on setting / getting headers in any way, but was missed when implementing remove_header().

Props TimothyBlynJacobs.
Fixes #40347.

Built from https://develop.svn.wordpress.org/trunk@40577


git-svn-id: http://core.svn.wordpress.org/trunk@40447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-07 04:09:41 +00:00
Adam Silverstein
428afdaa5a REST API: Improve strings added after 4.7 string freeze.
Clarify the `rest_orderby_include_missing_include` error message.

Props PranaliPatel.
Fixes #39178.

Built from https://develop.svn.wordpress.org/trunk@40571


git-svn-id: http://core.svn.wordpress.org/trunk@40441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-05 18:49:47 +00:00
James Nylen
99b13790c2 REST API: Allow fetching multiple users at once via the slug parameter.
This matches similar changes previously made for posts (#38579) and terms (#40027).

Props curdin, MatheusGimenez.
Fixes #40213.

Built from https://develop.svn.wordpress.org/trunk@40378


git-svn-id: http://core.svn.wordpress.org/trunk@40285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 22:25:43 +00:00
James Nylen
1979815aef REST API: Update description string of terms endpoint slug parameter.
As a follow-up to [40376], and for consistency with the posts endpoint, we should indicate in the description that the `slug` filter parameter can accept multiple values.

See #40027.

Built from https://develop.svn.wordpress.org/trunk@40377


git-svn-id: http://core.svn.wordpress.org/trunk@40284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 21:08:43 +00:00
James Nylen
9f2d94b211 REST API: Allow fetching multiple terms at once via the slug parameter.
This matches a similar change previously made for posts (#38579) and an upcoming change for users (#40213).

Props wonderboymusic, MatheusGimenez, curdin.
Fixes #40027.

Built from https://develop.svn.wordpress.org/trunk@40376


git-svn-id: http://core.svn.wordpress.org/trunk@40283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 20:25:46 +00:00
Pascal Birchler
0d42f8549c REST API: Use get_gmt_from_date() when preparing a draft post for response.
This prevents wrong dates when dealing with DST, see [40115] and [40284].

Props nerrad.
Fixes #40136.
Built from https://develop.svn.wordpress.org/trunk@40324


git-svn-id: http://core.svn.wordpress.org/trunk@40231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-24 17:32:46 +00:00
Rachel Baker
f78ceb362e REST API: Confirm the parent post object of an attachment exists in WP_REST_Posts_Controller::check_read_permission().
Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post object exists before checking the read permission for the parent post.

Props GhostToast.
Fixes #39881. 

Built from https://develop.svn.wordpress.org/trunk@40306


git-svn-id: http://core.svn.wordpress.org/trunk@40213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-20 04:30:46 +00:00
James Nylen
27aa0664df REST API: Add gmt_offset and timezone_string to the base /wp-json response.
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates.  It has not been previously available.

Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight savings time) via the "site info" endpoint (the base `/wp-json` response).

Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.

Props sagarkbhatt.
Fixes #39854.

Built from https://develop.svn.wordpress.org/trunk@40238


git-svn-id: http://core.svn.wordpress.org/trunk@40168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-07 05:48:41 +00:00
James Nylen
0c005fdb0e REST API: Fix behavior of sticky posts filter when no posts are sticky.
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts  as if the `sticky` argument was not set.  In this situation, the query should return an empty array instead.

A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.

Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.

Props ryelle.
Fixes #39947.

Built from https://develop.svn.wordpress.org/trunk@40122


git-svn-id: http://core.svn.wordpress.org/trunk@40059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-25 05:03:42 +00:00
James Nylen
889c790eb6 REST API: Allow setting post formats even if they are not supported by the theme.
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information.  It's just not used at this point in time.  Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.

After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.

Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes #39232.

Built from https://develop.svn.wordpress.org/trunk@40120


git-svn-id: http://core.svn.wordpress.org/trunk@40057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 23:30:44 +00:00
James Nylen
78b298f0f3 REST API: Shim post_date_gmt for drafts / empty dates in the REST API.
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved.  This makes it much more difficult for API clients to know the correct date of a draft post.

This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.

Props joehoyle.
Fixes #38883.

Built from https://develop.svn.wordpress.org/trunk@40108


git-svn-id: http://core.svn.wordpress.org/trunk@40045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 18:15:44 +00:00
Felix Arntz
eb8457d3f4 REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.

This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.

Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes #39701.

Built from https://develop.svn.wordpress.org/trunk@40106


git-svn-id: http://core.svn.wordpress.org/trunk@40043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 22:37:44 +00:00
James Nylen
7d421b2042 REST API: Correctly parse body parameters for DELETE requests.
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters.  Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes `application/x-www-form-urlencoded` parameters as well.

Props mnelson4.
Fixes #39933.

Built from https://develop.svn.wordpress.org/trunk@40105


git-svn-id: http://core.svn.wordpress.org/trunk@40042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 20:10:44 +00:00
James Nylen
b6ce4e2830 REST API: Fix multiple issues with setting dates of posts and comments.
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.

It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.

Overall this commit ensures that post and comment dates can be set and updated as expected.

Fixes #39256.

Built from https://develop.svn.wordpress.org/trunk@40101


git-svn-id: http://core.svn.wordpress.org/trunk@40038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-21 18:18:45 +00:00
Rachel Baker
da8ae2facd REST API: Include the status property in view context responses from the Posts endpoints.
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.

Props dhanendran, jnylen0, rachelbaker.
Fixes #39466.

Built from https://develop.svn.wordpress.org/trunk@40080


git-svn-id: http://core.svn.wordpress.org/trunk@40017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-19 04:32:41 +00:00
James Nylen
cb7a9a731d REST API: Cast revision author ID to int.
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API.  This was already done for posts, but not for revisions.  The field is already declared as an integer in both controllers.

Fixes #39871.

Built from https://develop.svn.wordpress.org/trunk@40063


git-svn-id: http://core.svn.wordpress.org/trunk@40000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-16 20:09:45 +00:00
Sergey Biryukov
e0e9568e24 REST API: After [38947], improve the wording of the message to clarify that rest_authentication_errors is a filter.
See #38446.
Built from https://develop.svn.wordpress.org/trunk@40038


git-svn-id: http://core.svn.wordpress.org/trunk@39975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-01 21:32:47 +00:00
Joe Hoyle
99cf07d882 REST API: Return an error if the page number is out of bounds.
Return an error from the REST API if a page number larger than the total pages count is requested.

Props morganestes.
Fixes #39061.
Built from https://develop.svn.wordpress.org/trunk@39967


git-svn-id: http://core.svn.wordpress.org/trunk@39904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:54:41 +00:00
Joe Hoyle
e357195ce3 REST API: Unify object access handling for simplicity.
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.

See #38792.
Built from https://develop.svn.wordpress.org/trunk@39954


git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:39:41 +00:00
Ryan McCue
dc133c3f2d REST API: Allow shortcircuiting rest_pre_insert_comment
rest_pre_insert_{post_type} allows returning a WP_Error from the filter to shortcircuit actually creating the object, so it makes sense to do so for comments too.

Props dspilka.
Fixes #39578.

Built from https://develop.svn.wordpress.org/trunk@39922


git-svn-id: http://core.svn.wordpress.org/trunk@39859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-17 05:18:41 +00:00
Aaron Campbell
daf358983c REST API: Change which users are shown in the users endpoint.
Only show users that have authored a post of a post type that has `show_in_rest` set to true.

Props rachelbaker, jnylen0.
See #38878.


Built from https://develop.svn.wordpress.org/trunk@39843


git-svn-id: http://core.svn.wordpress.org/trunk@39781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 14:14:42 +00:00
Sergey Biryukov
fd78085a92 Docs: Correct rest_insert_* duplicate hook references in REST API.
Props keesiemeijer.
Fixes #39371.
Built from https://develop.svn.wordpress.org/trunk@39671


git-svn-id: http://core.svn.wordpress.org/trunk@39611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-04 13:23:40 +00:00
Rachel Baker
c6f8182eb0 REST API: Merge similiar error message strings in the Terms Controller.
Replaces the "doesn't" contraction with "does not" to be consistent with similar strings in `WP_Error` messages when a specified term or parent term is missing in `WP_REST_Terms_Controller`.

Props ramiy, ocean90.
Fixes #39176.

Built from https://develop.svn.wordpress.org/trunk@39648


git-svn-id: http://core.svn.wordpress.org/trunk@39588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-29 18:45:40 +00:00
Rachel Baker
158f302112 REST API: Add the supports property to the Post Type response object.
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.

Props timmydcrawford, tyxla.
Fixes #39033.

Built from https://develop.svn.wordpress.org/trunk@39647


git-svn-id: http://core.svn.wordpress.org/trunk@39587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-29 17:28:45 +00:00
John Blackbourn
80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn
d327c92e4b Docs: Add and correct @since docs for a variety of functions and methods.
Props keesiemeijer, chris_dev
Fixes #39343, #39357, #39344
See #39130

Built from https://develop.svn.wordpress.org/trunk@39638


git-svn-id: http://core.svn.wordpress.org/trunk@39578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:21:44 +00:00
James Nylen
5b39869860 REST API: Improve the rest_*_collection_params filter docs and fix the terms filter.
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using
single quotes instead of double quotes, which means it is not working correctly
as a dynamic filter.  This fixes the quotes around the filter name, and also
updates the docblocks for the other 3 similar filters for better conformance to
the documentation standards.

Props shazahm1hotmailcom, JPry, jnylen0.
Fixes #39300.

Built from https://develop.svn.wordpress.org/trunk@39621


git-svn-id: http://core.svn.wordpress.org/trunk@39561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-20 01:37:40 +00:00
James Nylen
d515e20a1a REST API: Fix PHP warnings when get_theme_support( 'post-formats' ) is not an array.
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats.  Avoid generating PHP warnings in this
situation.

Props dreamon11, ChopinBach.
Fixes #39293.

Built from https://develop.svn.wordpress.org/trunk@39620


git-svn-id: http://core.svn.wordpress.org/trunk@39560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-20 00:56:44 +00:00
James Nylen
505e135f4c REST API: Add support for filename search in media endpoint.
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function.  This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.

Props jblz, tyxla.
Fixes #39092.

Built from https://develop.svn.wordpress.org/trunk@39598


git-svn-id: http://core.svn.wordpress.org/trunk@39538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 14:09:42 +00:00
James Nylen
7cc41e47ac REST API: Allow sending an empty or no-op comment update.
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.

Fixes #38700.

Built from https://develop.svn.wordpress.org/trunk@39597


git-svn-id: http://core.svn.wordpress.org/trunk@39537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 13:53:45 +00:00
James Nylen
d7ab7fdf5a REST API: Do not include the password argument when getting media items
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.

Fixes #38977.

Built from https://develop.svn.wordpress.org/trunk@39595


git-svn-id: http://core.svn.wordpress.org/trunk@39535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 03:51:44 +00:00
James Nylen
0b599cce41 REST API: Do not error on empty JSON body
It's fairly common for clients to send `Content-Type: application/json` with an
empty body.  While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry.
Fixes #39150.

Built from https://develop.svn.wordpress.org/trunk@39594


git-svn-id: http://core.svn.wordpress.org/trunk@39534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 03:34:41 +00:00
Rachel Baker
d054b9afba REST API: Allow schema sanitization_callback to be set to null to bypass fallback sanitization functions.
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.

Props kkoppenhaver, rachelbaker, jnylen0.
Fixes #39042.

Built from https://develop.svn.wordpress.org/trunk@39563


git-svn-id: http://core.svn.wordpress.org/trunk@39503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-11 21:26:43 +00:00
Dominik Schilling
a5dbd53a46 Comments: Merge a similar string between comments.php, XML-RPC and the REST API comments controller.
Props ramiy.
Fixes #39013.
Built from https://develop.svn.wordpress.org/trunk@39508


git-svn-id: http://core.svn.wordpress.org/trunk@39448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-05 20:16:41 +00:00
Rachel Baker
f3b71b49d0 REST API: Merge similar date strings in the revisions and comments controllers.
Props ramiy.
Fixes #39016.

Built from https://develop.svn.wordpress.org/trunk@39488


git-svn-id: http://core.svn.wordpress.org/trunk@39428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 20:25:43 +00:00
James Nylen
87eedbd2f7 REST API: Treat any falsy value as false in 'rest_allow_anonymous_comments'.
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).

One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.

Props joehoyle, jnylen0.

Fixes #39010.

Built from https://develop.svn.wordpress.org/trunk@39487


git-svn-id: http://core.svn.wordpress.org/trunk@39427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 19:30:41 +00:00
Gary Pendergast
cc214a219b REST API: Capability check for editing a single term should use the singular form.
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.


Built from https://develop.svn.wordpress.org/trunk@39464


git-svn-id: http://core.svn.wordpress.org/trunk@39404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 05:08:41 +00:00
Gary Pendergast
f2a4d010cd REST API: Use the correct error message when editing a single term.
Props ramiy, johnbillion.
Fixes #39017.


Built from https://develop.svn.wordpress.org/trunk@39460


git-svn-id: http://core.svn.wordpress.org/trunk@39400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:42:41 +00:00
Gary Pendergast
e8042cfef7 REST API: Merge similar strings in a comments endpoint parameter description.
Props ramiy.
Fixes #39036.


Built from https://develop.svn.wordpress.org/trunk@39457


git-svn-id: http://core.svn.wordpress.org/trunk@39397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:21:39 +00:00
Rachel Baker
179e9f20b6 REST API: Fix bug where comment author and author email could be an empty string when creating a comment.
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted.  Both values can be an empty string on update.

Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971.

Built from https://develop.svn.wordpress.org/trunk@39444


git-svn-id: http://core.svn.wordpress.org/trunk@39384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:44:42 +00:00
Rachel Baker
62129ebe85 REST API: Fix handling of some orderby parameters for the Posts controller.
- `'orderby' => 'include'` requires an array of post_ids via the `include` collection param.
`'orderby' => 'id'` and `'orderby' => 'slug'` need map the correct WP_Query equivalents. 

Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.

Fixes #38971.

Built from https://develop.svn.wordpress.org/trunk@39440


git-svn-id: http://core.svn.wordpress.org/trunk@39380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:18:42 +00:00
Jeremy Felt
1797ea7098 REST API: Disable DELETE requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.

Built from https://develop.svn.wordpress.org/trunk@39438


git-svn-id: http://core.svn.wordpress.org/trunk@39378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:10:42 +00:00
Rachel Baker
08b7e8adaf REST API: Return a WP_Error if meta property is not an array.
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.

Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes #38989.
Built from https://develop.svn.wordpress.org/trunk@39436


git-svn-id: http://core.svn.wordpress.org/trunk@39376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 21:56:42 +00:00
Gary Pendergast
161a41e44c REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.


Built from https://develop.svn.wordpress.org/trunk@39426


git-svn-id: http://core.svn.wordpress.org/trunk@39366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 06:54:42 +00:00
Rachel Baker
a1ec867b61 REST API: Fix incorrect capability check on term create.
Change the capability check used in `WP_REST_Terms_Controller` when creating a new term is attempted, from `manage_terms` to `edit_terms`. This matches the behavior within the WordPress admin. See #35614.

Props johnbillion, rmccue, rachelbaker, helen, jorbin, SergeyBiryukov.

Fixes #38958.
Built from https://develop.svn.wordpress.org/trunk@39402


git-svn-id: http://core.svn.wordpress.org/trunk@39342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:31:44 +00:00
Rachel Baker
606c9905ef REST API: Fix incorrect uses of rest_sanitize_value_from_schema().
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.
Built from https://develop.svn.wordpress.org/trunk@39400


git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:12:41 +00:00
Joe Hoyle
c662bb84dc REST API: Special case the “standard” post format to always be allowed.
Fixes #38916.
Built from https://develop.svn.wordpress.org/trunk@39353


git-svn-id: http://core.svn.wordpress.org/trunk@39293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-24 00:08:31 +00:00
Joe Hoyle
0a787caec6 REST API: Allow unsetting a post’s password.
Props danielbachhuber, iseulde.
Fixes #38919.
Built from https://develop.svn.wordpress.org/trunk@39352


git-svn-id: http://core.svn.wordpress.org/trunk@39292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 23:13:32 +00:00
Joe Hoyle
6f189ddbc8 REST API: Add support for comments of password-protected posts.
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.

Props flixos90, jnylen0.
Fixes #38692.
Built from https://develop.svn.wordpress.org/trunk@39349


git-svn-id: http://core.svn.wordpress.org/trunk@39289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 16:15:31 +00:00
Rachel Baker
a985a4d126 REST API: Always fire the rest_insert_* actions after the related object is updated or inserted.
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call. 
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs

Props rachelbaker, joehoyle
Fixes #38905.
Built from https://develop.svn.wordpress.org/trunk@39348


git-svn-id: http://core.svn.wordpress.org/trunk@39288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 15:33:31 +00:00
Joe Hoyle
14654d9539 REST API: Allow unsetting of page templates in update requests.
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.

Props lucasstark, swissspidy.
Fixes #38877.
Built from https://develop.svn.wordpress.org/trunk@39343


git-svn-id: http://core.svn.wordpress.org/trunk@39283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:47:30 +00:00
Joe Hoyle
d711f2c18d REST API: Update “resource” strings to use the appropriate nouns.
Props ramiy.
Fixes #38811.
Built from https://develop.svn.wordpress.org/trunk@39342


git-svn-id: http://core.svn.wordpress.org/trunk@39282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:42:30 +00:00
Rachel Baker
d87fe366a9 REST API: Set the comment type to a readonly property in the schema.
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.

Props jnylen0, rachelbaker.
Fixes #38886.
Built from https://develop.svn.wordpress.org/trunk@39337


git-svn-id: http://core.svn.wordpress.org/trunk@39277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 22:56:30 +00:00
Ryan McCue
ca9f71e9b2 REST API: Correctly map meta keys to field names.
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.

Props tharsheblows, joehoyle.
Fixes #38786.

Built from https://develop.svn.wordpress.org/trunk@39328


git-svn-id: http://core.svn.wordpress.org/trunk@39268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 05:41:30 +00:00
Ryan McCue
4e05ff6a11 REST API: Disable anonymous commenting by default.
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.

Props helen, rachelbaker, joehoyle.
Fixes #38855.

Built from https://develop.svn.wordpress.org/trunk@39327


git-svn-id: http://core.svn.wordpress.org/trunk@39267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 05:32:33 +00:00
Joe Hoyle
5b97952cab REST API: Merge two error messages for edit / update.
Props ramiy.
Fixes #38879.
Built from https://develop.svn.wordpress.org/trunk@39322


git-svn-id: http://core.svn.wordpress.org/trunk@39262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-20 22:36:31 +00:00
Sergey Biryukov
9b23ccfc29 REST API: Update error messages in WP_REST_Comments_Controller to use the common text for permission errors.
Props ramiy.
Fixes #38875.
Built from https://develop.svn.wordpress.org/trunk@39321


git-svn-id: http://core.svn.wordpress.org/trunk@39261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-20 11:46:34 +00:00
Sergey Biryukov
4811484433 REST API: Merge some more permission error strings missed in [39309].
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39313


git-svn-id: http://core.svn.wordpress.org/trunk@39253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:21:31 +00:00
Sergey Biryukov
dca7d8d0ea Text Changes: Merge strings referring to list_users capability.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39312


git-svn-id: http://core.svn.wordpress.org/trunk@39252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:16:30 +00:00
Sergey Biryukov
a1f285641f REST API: After [39306], move author_ip argument to the correct place.
See #38822.
Built from https://develop.svn.wordpress.org/trunk@39310


git-svn-id: http://core.svn.wordpress.org/trunk@39250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:51:30 +00:00
Sergey Biryukov
5ded4db04c REST API: Merge and clarify some permission error strings.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39309


git-svn-id: http://core.svn.wordpress.org/trunk@39249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:46:32 +00:00
Sergey Biryukov
4afa19184a REST API: After [39302], clarify author_ip parameter in error message.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ramiy.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39306


git-svn-id: http://core.svn.wordpress.org/trunk@39246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:06:30 +00:00
Sergey Biryukov
0f31b1da72 REST API: Merge two similar permission error strings in class-wp-rest-comments-controller.php.
We're checking if `current_user_can( 'moderate_comments' )` here, not the specific comment permissions.

See #38857.
Built from https://develop.svn.wordpress.org/trunk@39305


git-svn-id: http://core.svn.wordpress.org/trunk@39245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 00:10:31 +00:00
Sergey Biryukov
9cb0a09d1f REST API: Merge two similar permission error strings.
Props ramiy.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39304


git-svn-id: http://core.svn.wordpress.org/trunk@39244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 23:53:30 +00:00
Rachel Baker
0fdb955ce8 REST API: On Comment create, limit the ability to set the author_ip value directly.
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.

Props dd32, rachelbaker, joehoyle.
Fixes #38819.
Built from https://develop.svn.wordpress.org/trunk@39302


git-svn-id: http://core.svn.wordpress.org/trunk@39242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 21:13:32 +00:00
Joe Hoyle
0c14c16ced REST API: Clarify parameters when used in error strings.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ocean90, ramiy, danielbachhuber.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39298


git-svn-id: http://core.svn.wordpress.org/trunk@39238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 20:20:32 +00:00
Joe Hoyle
a38b863ae4 REST API: Change “ipv4” types to “ip” to support ipv6.
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.

Props dd32, schlessera, danielbachhuber.
Fixes #38818.
Built from https://develop.svn.wordpress.org/trunk@39296


git-svn-id: http://core.svn.wordpress.org/trunk@39236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:33:31 +00:00
Joe Hoyle
81c5b03029 REST API: Check read permissions on posts when viewing comments.
With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.
Built from https://develop.svn.wordpress.org/trunk@39295


git-svn-id: http://core.svn.wordpress.org/trunk@39235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:07:30 +00:00
Rachel Baker
3f6131c2e6 REST API: Remove the karma property and query parameter from the Comments endpoints.
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.

Props dd32, danielbachhuber.
Fixes #38821.
Built from https://develop.svn.wordpress.org/trunk@39292


git-svn-id: http://core.svn.wordpress.org/trunk@39232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:53:29 +00:00
Rachel Baker
191e085fa3 REST API: On comment create, return an error if the type property is set to anything other than comment.
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.

Props dd32, boonebgorges, rachelbaker.
Fixes #38820.
Built from https://develop.svn.wordpress.org/trunk@39290


git-svn-id: http://core.svn.wordpress.org/trunk@39230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:37:30 +00:00
Rachel Baker
ccb4c7c8b9 REST API: Allow parent property to be explicitly set to 0 when creating or updating a Post.
Props lucasstark, danielbachhuber.
Fixes #38852.
Built from https://develop.svn.wordpress.org/trunk@39289


git-svn-id: http://core.svn.wordpress.org/trunk@39229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:12:31 +00:00
Rachel Baker
735fa34d42 REST API: On comment create, return an error if the post parameter does not relate to a valid WP_Post object.
Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.

Props dd32, jnylen0, rachelbaker.
Fixes #38816.
Built from https://develop.svn.wordpress.org/trunk@39288


git-svn-id: http://core.svn.wordpress.org/trunk@39228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 16:56:30 +00:00
Rachel Baker
10bddfac39 REST API: On comment create, fallback to the user_agent header value.
If a user-agent is not explicitly provided in the `author_user_agent` parameter, fallback to the `user_agent` value in the request header.

Props dd32, jnylen0, rachelbaker.
Fixes #38817.
Built from https://develop.svn.wordpress.org/trunk@39287


git-svn-id: http://core.svn.wordpress.org/trunk@39227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 16:22:33 +00:00
Sergey Biryukov
acc30b09d7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.
Built from https://develop.svn.wordpress.org/trunk@39278


git-svn-id: http://core.svn.wordpress.org/trunk@39218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-17 15:53:33 +00:00
Sergey Biryukov
b92266a72b REST API: After [39252] and [39264], uppercase some more 'ID' references in translatable strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39266


git-svn-id: http://core.svn.wordpress.org/trunk@39206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 13:28:37 +00:00
Sergey Biryukov
ce74afdae2 REST API: Uppercase 'ID' in endpoint descriptions and error messages for consistency with other strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39264


git-svn-id: http://core.svn.wordpress.org/trunk@39204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 12:18:33 +00:00
Sergey Biryukov
74c9f82ef2 REST API: Unify some more permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39259


git-svn-id: http://core.svn.wordpress.org/trunk@39199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 23:36:31 +00:00
Sergey Biryukov
07cf16f7ba REST API: Unify permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39257


git-svn-id: http://core.svn.wordpress.org/trunk@39197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 22:23:30 +00:00
Sergey Biryukov
9c2ea0b8c7 REST API: Remove two duplicate strings, use the ones we already have.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39252


git-svn-id: http://core.svn.wordpress.org/trunk@39192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 20:40:29 +00:00
Sergey Biryukov
cc14606094 REST API: Unify permission error messages.
Props ramiy.
See #38791, #34521.
Built from https://develop.svn.wordpress.org/trunk@39251


git-svn-id: http://core.svn.wordpress.org/trunk@39191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 20:37:32 +00:00
Joe Hoyle
d049f72459 REST API: Clean up argument and property types.
There's a couple of places where we were missing type notes for arguments, which mainly affects documentation.

Props jnylen0.
Fixes #38792.

Built from https://develop.svn.wordpress.org/trunk@39250


git-svn-id: http://core.svn.wordpress.org/trunk@39190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 18:16:30 +00:00
Sergey Biryukov
65fb74561b REST API: After [39238] and [39239], move the remaining translator comments to preceding line.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39245


git-svn-id: http://core.svn.wordpress.org/trunk@39185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 13:07:33 +00:00
Ryan McCue
0f5a44e093 REST API: Move translator comments to preceding line.
Inline translator comments break POT file generation.

Props dd32.
See #38791.

Built from https://develop.svn.wordpress.org/trunk@39239


git-svn-id: http://core.svn.wordpress.org/trunk@39179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 05:39:32 +00:00
Ryan McCue
705f17cea2 REST API: Add translator comments to text with placeholders.
Props dimadin.
Fixes #38791.

Built from https://develop.svn.wordpress.org/trunk@39238


git-svn-id: http://core.svn.wordpress.org/trunk@39178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 04:28:31 +00:00
Joe Hoyle
a4fa8c528f REST API: Make all collection params filterable.
For developers wanting to add their own registered collection parameters, they can now use the `rest_$type_collection_params` filter. This brings consistency with the already existing `rest_$post_type_collection_params`.

Fixes #38710.
Props jnylen0.

Built from https://develop.svn.wordpress.org/trunk@39223


git-svn-id: http://core.svn.wordpress.org/trunk@39163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:42:31 +00:00
Joe Hoyle
5c90d9ed8e REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.

Built from https://develop.svn.wordpress.org/trunk@39222


git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:36:33 +00:00
Ryan McCue
65664731e9 REST API: Improve validation for usernames and passwords.
Also improves the slashing of user data in the REST API to avoid data loss.

Props jnylen0.
Fixes #38739.

Built from https://develop.svn.wordpress.org/trunk@39219


git-svn-id: http://core.svn.wordpress.org/trunk@39159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 07:13:31 +00:00
Joe Hoyle
f325af9caa REST API: Allow updating a comment without the content present.
For all resources in the REST API, sending partial updates is supported. This fixes needing to _always_ specify comment content.

Props jnylen.
Fixes #38720.

Built from https://develop.svn.wordpress.org/trunk@39196


git-svn-id: http://core.svn.wordpress.org/trunk@39136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 03:35:30 +00:00
Joe Hoyle
3138878aa5 REST API: Use wp_slash rather than addslashes.
See #38726.
Props dd32.

Built from https://develop.svn.wordpress.org/trunk@39192


git-svn-id: http://core.svn.wordpress.org/trunk@39132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 02:39:30 +00:00
Joe Hoyle
67da42825e REST API: Add rest_base to response objects of wp/v2/taxonomies and wp/v2/types
Though we have the `_links.collection` available, having this value can be useful to know post type / taxonomy urls if you need to build them another way.

Props youknowriad, jnylen0.
Fixes #38607.

Built from https://develop.svn.wordpress.org/trunk@39191


git-svn-id: http://core.svn.wordpress.org/trunk@39131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 02:21:30 +00:00
Joe Hoyle
e66d2478ee REST API: unfiltered_html and slashing: terms.
Follow-up to #38609 and #38704; handle slashes correctly for taxonomy terms.

Props westonruter, jnylen0.
Fixes #38726, see #38609.

Built from https://develop.svn.wordpress.org/trunk@39190


git-svn-id: http://core.svn.wordpress.org/trunk@39130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 02:10:30 +00:00
Ryan McCue
a2bbbddb9e REST API: Include template in all post type schemas.
[38951] added templates to all post types, but didn't add them to the schema.

Props swissspidy.
Fixes #38698.

Built from https://develop.svn.wordpress.org/trunk@39182


git-svn-id: http://core.svn.wordpress.org/trunk@39122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 07:12:32 +00:00
Ryan McCue
3a449ea543 Roles/Capabilities: Add meta-caps for comment, term, and user meta.
Additionally, use these meta-caps in the REST API endpoints.

Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.

Props tharsheblows, boonebgorges.
Fixes #38303, fixes #38412.

Built from https://develop.svn.wordpress.org/trunk@39179


git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 03:42:30 +00:00
Ryan McCue
4060c68f85 REST API: Fire correct hooks when creating users on multiste.
`add_user_to_blog()` is now called, ensuring the correct hooks are called, along with setting the primary blog and clearing relevant caches.

Props jeremyfelt.
Fixes #38526.

Built from https://develop.svn.wordpress.org/trunk@39177


git-svn-id: http://core.svn.wordpress.org/trunk@39117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 01:35:30 +00:00
Pascal Birchler
548ac82b06 I18N: Add ability to change user's locale back to site's locale.
Previously there was no way to remove the user locale setting again, even though that might be desirable.

This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.

Props ocean90.
See #29783.
Fixes #38632.
Built from https://develop.svn.wordpress.org/trunk@39169


git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 23:01:31 +00:00
Joe Hoyle
c15065dddf REST API: Remove get_allowed_query_vars() now filter is gone.
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.

Props rmccue, rachelbacker, danielbachhuber.
Fixes #38629.

Built from https://develop.svn.wordpress.org/trunk@39162


git-svn-id: http://core.svn.wordpress.org/trunk@39102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 14:08:32 +00:00
Joe Hoyle
8de95582e2 REST API: Remove rest_get_post filter and get_post abstraction.
This filter was originally introduced in https://github.com/WP-API/WP-API/pull/2535 to support Customizer Changesets (née Transactions). This is a super broad filter and doesn't really fit with the design of the API, nor is it (arguably) the right level to do this.

Props rmccue.
Fixes #38701.

Built from https://develop.svn.wordpress.org/trunk@39161


git-svn-id: http://core.svn.wordpress.org/trunk@39101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 13:09:33 +00:00
Ryan McCue
caabc52753 REST API: Respect unfiltered_html for HTML comment fields.
Same as [39155], but for comments, natch.

Props jnylen0.
Fixes #38704, see #38609.

Built from https://develop.svn.wordpress.org/trunk@39157


git-svn-id: http://core.svn.wordpress.org/trunk@39097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 06:36:31 +00:00
Ryan McCue
f1975b18ea REST API: Respect unfiltered_html for HTML post fields.
This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.

Props jnylen0.
Fixes #38609.

Built from https://develop.svn.wordpress.org/trunk@39155


git-svn-id: http://core.svn.wordpress.org/trunk@39095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 05:55:32 +00:00
Ryan McCue
8760c9a91d REST API: Change attachment caption & description to objects.
Just like excerpt and content for regular posts, these have transformations applied that can make the content significantly different from the raw value.

Props jnylen0.
Fixes #38679.

Built from https://develop.svn.wordpress.org/trunk@39154


git-svn-id: http://core.svn.wordpress.org/trunk@39094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 04:29:32 +00:00
Rachel Baker
5564716a07 REST API: Modify the structure of our DELETE responses to be more explicit.
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property.  As a result DELETE responses are now structured like so:
 `{ deleted: true, previous: { ... } }`

Also includes helpful information to DELETE requests for resources that are not trashable.

Props timmydcrawford, rmccue, jnylen0.
Fixes #38494.
Built from https://develop.svn.wordpress.org/trunk@39126


git-svn-id: http://core.svn.wordpress.org/trunk@39066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-04 17:11:29 +00:00
Ryan McCue
721cf281a3 REST API: Only provide JSON error code on PHP 5.3+.
json_last_error() was only added to PHP 5.3.0, so we can't provide the information for older versions.

See #38547.

Built from https://develop.svn.wordpress.org/trunk@39111


git-svn-id: http://core.svn.wordpress.org/trunk@39053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 04:57:30 +00:00
Joe Hoyle
6b08485cfa REST API: Return error when JSON decoding fails.
If you send a request to the REST API with invalid JSON in body than it will now return a error. This assists developers if they accidentally send invalid JSON and wonder why their data appears to be ignored.

Props rmccue.
Fixes #38547.

Built from https://develop.svn.wordpress.org/trunk@39109


git-svn-id: http://core.svn.wordpress.org/trunk@39051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 04:05:36 +00:00
Rachel Baker
8c9f4f812a REST API: Return a WP_Error when a user does not have permission to create or update a post with the provided terms.
Add the 'assign_term' check for post create and update.

Props boonebgorges, johnbillion.
Fixes #38505.
Built from https://develop.svn.wordpress.org/trunk@39108


git-svn-id: http://core.svn.wordpress.org/trunk@39050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 03:16:30 +00:00
Joe Hoyle
d544c6ddd0 REST API: Switch to stable version of JSON Schema.
Props danielbachhuber.
Fixes #38635.

Built from https://develop.svn.wordpress.org/trunk@39106


git-svn-id: http://core.svn.wordpress.org/trunk@39048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 02:22:29 +00:00
Rachel Baker
dcb12c35cf REST API: Clean-up our validation callbacks and add missing array items properties in our endpoint schemas.
Props joehoyle, jnylen0.
Fixes #38617.
Built from https://develop.svn.wordpress.org/trunk@39105


git-svn-id: http://core.svn.wordpress.org/trunk@39047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 02:18:29 +00:00
Joe Hoyle
901c4ed17a REST API: Support querying for multiple post statuses.
Multiple post statuses can be specified by the usual CSV or array-propper format.

Props jnylen0, kadamwhite, websupporter.
Fixes #38420.

Built from https://develop.svn.wordpress.org/trunk@39104


git-svn-id: http://core.svn.wordpress.org/trunk@39046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:46:29 +00:00
Rachel Baker
676ae9fc2b REST API: Use the items attribute for the taxonomies types schema property for proper sanitization/validation.
Props danielbachhuber, joehoyle.
Fixes #38631.
Built from https://develop.svn.wordpress.org/trunk@39103


git-svn-id: http://core.svn.wordpress.org/trunk@39045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:26:28 +00:00
Rachel Baker
94ab2f9b16 REST API: Return an error when the length of a comment field is too long.
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.
Built from https://develop.svn.wordpress.org/trunk@39101


git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:12:31 +00:00
Joe Hoyle
5666292dda REST API: Include taxonomies as an attribute of post types.
Add the taxonomies for a post type to the `/wp/v2/types` endpoint, so clients know which taxonomies are available for which post types.

Props danielbachhuber.
Fixes #38438, #38631.

Built from https://develop.svn.wordpress.org/trunk@39097


git-svn-id: http://core.svn.wordpress.org/trunk@39039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 21:51:30 +00:00
Joe Hoyle
37858faf96 REST API: Add en_US to the locales enum.
Props ocean90.
Fixes #38528. 

Built from https://develop.svn.wordpress.org/trunk@39096


git-svn-id: http://core.svn.wordpress.org/trunk@39038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 21:21:32 +00:00
Ryan McCue
34cf5d8934 REST API: Allow querying for multiple slug values.
Props jnylen0, rachelbaker.
Fixes #38579.

Built from https://develop.svn.wordpress.org/trunk@39093


git-svn-id: http://core.svn.wordpress.org/trunk@39035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 07:14:29 +00:00
Ryan McCue
624def0ec3 REST API: Add update and delete endpoints to /users/me
Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.

Props pento.
Fixes #38521 (hopefully).

Built from https://develop.svn.wordpress.org/trunk@39092


git-svn-id: http://core.svn.wordpress.org/trunk@39034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:53:32 +00:00
Ryan McCue
3fef086ede REST API: Set default sanitize callback if type is set.
Props joehoyle, ChopinBach, jnylen0.
Fixes #38593.

Built from https://develop.svn.wordpress.org/trunk@39091


git-svn-id: http://core.svn.wordpress.org/trunk@39033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:28:29 +00:00
Ryan McCue
862724274e REST API: Add locale to user resource.
Props ocean90, joehoyle.
Fixes #38528.

Built from https://develop.svn.wordpress.org/trunk@39090


git-svn-id: http://core.svn.wordpress.org/trunk@39032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:24:29 +00:00
Ryan McCue
a911bf7e2c REST API: Avoid default sanitization for polymorphic params.
Some parameters (`title`, `content`, etc) are objects in the output, but allow objects or strings to be sent in updates for a more ergonomic interface. This is pretty weird behaviour, so the default sanitisation doesn't handle this. We instead handle this ourselves in the preparation.

Props joehoyle, rachelbaker.
Fixes #38529.

Built from https://develop.svn.wordpress.org/trunk@39089


git-svn-id: http://core.svn.wordpress.org/trunk@39031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:02:29 +00:00
Ryan McCue
d7bdd72510 REST API: Change method of merging parameters.
`array_merge()` incorrectly reindexes numeric parameters, causing things like `{"123": true}` to be "dropped".

Props sswells, joehoyle.
Fixes #38306.

Built from https://develop.svn.wordpress.org/trunk@39087


git-svn-id: http://core.svn.wordpress.org/trunk@39029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 05:53:31 +00:00
Ryan McCue
ba039f7546 REST API: Remove the Location redirect for the /users/me endpoint.
This is a re-commit of [38980], which was reverted in [38990].

Props youknowriad, jnylen0, pento.
Fixes #38521.

Built from https://develop.svn.wordpress.org/trunk@39085


git-svn-id: http://core.svn.wordpress.org/trunk@39027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 03:44:30 +00:00
Ryan McCue
08ea66490b REST API: Only expose formats supported by the current theme.
While it's valid to save any format to the database, and WordPress is totally fine with that, we should only include the formats specified by the theme in the schema.

Props danielbachhuber.
Fixes #38610.

Built from https://develop.svn.wordpress.org/trunk@39084


git-svn-id: http://core.svn.wordpress.org/trunk@39026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 03:37:32 +00:00
Joe Hoyle
f1591eccca REST API: Add support for "integer" type for meta and options
Previously Settings only supported "number" which meant it was possible to push floats to things like posts_per_page. This means now developers can also specify `type => ineger` in meta nad settings resgration.

Props flixos90.
Fixes #38393.

Built from https://develop.svn.wordpress.org/trunk@39058


git-svn-id: http://core.svn.wordpress.org/trunk@39000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 16:07:31 +00:00
Gary Pendergast
03e34ab461 REST API: Allow a CSV list of user roles to be passed to /users.
After [39048], this changes explicitly parses the list of user roles as slugs, and adds tests.

Props jnylen0.
Fixes #38557.


Built from https://develop.svn.wordpress.org/trunk@39056


git-svn-id: http://core.svn.wordpress.org/trunk@38998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 11:11:29 +00:00
Gary Pendergast
9862543913 REST API: Allow a CSV list of term IDs to be passed to /posts.
[39048] added CSV support to array types, this change explicitly parses term lists as IDs, and adds tests.

Props timmydcrawford, pento.
Fixes #38553.


Built from https://develop.svn.wordpress.org/trunk@39055


git-svn-id: http://core.svn.wordpress.org/trunk@38997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 11:06:31 +00:00
Drew Jaynes
5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Drew Jaynes
9635867540 Docs: The query_vars filter used in the REST posts controller should be notated as a duplicate rather than a new hook.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39049


git-svn-id: http://core.svn.wordpress.org/trunk@38991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 05:50:29 +00:00
Ryan McCue
4dab905dba REST API: Support password on non-post post types.
The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI.

Props jnylen0.
Fixes #38582.

Built from https://develop.svn.wordpress.org/trunk@39047


git-svn-id: http://core.svn.wordpress.org/trunk@38989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 03:53:32 +00:00
Gary Pendergast
6c1e98d1fb REST API: Add support for arrays in schema validation and sanitization.
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.

This can easily be extended to support new data types, such as CSV fields or objects.

Props joehoyle, rachelbaker, pento.
Fixes #38531.


Built from https://develop.svn.wordpress.org/trunk@39046


git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 01:48:41 +00:00
Gary Pendergast
dbc4b87b7f REST API: Allow Content-Type on CORS requests.
This allows `POST` requests with a wider variety of `Content-Type' headers - `Content-Type: application/json`, for example.

Props jnylen0.
Fixes #37994.


Built from https://develop.svn.wordpress.org/trunk@39044


git-svn-id: http://core.svn.wordpress.org/trunk@38986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 00:34:33 +00:00
Drew Jaynes
993b3a5c6e Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Users_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39036


git-svn-id: http://core.svn.wordpress.org/trunk@38978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:52:30 +00:00
Drew Jaynes
b8f14e00ef Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_User_Meta_Fields class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39034


git-svn-id: http://core.svn.wordpress.org/trunk@38976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:28:30 +00:00
Drew Jaynes
90c17ccbf1 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Terms_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39033


git-svn-id: http://core.svn.wordpress.org/trunk@38975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:21:30 +00:00
Drew Jaynes
b71e62b9eb Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Term_Meta_Fields class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39032


git-svn-id: http://core.svn.wordpress.org/trunk@38974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:09:32 +00:00
Drew Jaynes
7d7d0c8599 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Taxonomies_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39031


git-svn-id: http://core.svn.wordpress.org/trunk@38973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:07:33 +00:00
Drew Jaynes
5dfa0c4cee Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Settings_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39030


git-svn-id: http://core.svn.wordpress.org/trunk@38972 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:01:30 +00:00
Drew Jaynes
2452f69485 REST: Fix some errant else if conditions and add a few missing periods on inline comments.
Props mrahmadawais.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39029


git-svn-id: http://core.svn.wordpress.org/trunk@38971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:54:30 +00:00
Drew Jaynes
596ee8bc9d Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Revisions_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39028


git-svn-id: http://core.svn.wordpress.org/trunk@38970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:50:29 +00:00
Drew Jaynes
1ef0a5514e REST: Fix a yoda condition in WP_REST_Request::get_parameter_order() and add a missing period for an inline comment in `WP_REST_Request::from_url().
Props mrahmadawais.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39027


git-svn-id: http://core.svn.wordpress.org/trunk@38969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:42:45 +00:00
Drew Jaynes
e84b257852 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Posts_Controller class.
Props Soean, mrahmadawais, flixos90, DrewAPicture.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39026


git-svn-id: http://core.svn.wordpress.org/trunk@38968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:37:35 +00:00
Drew Jaynes
7d488bd2b1 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Post_Types_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39025


git-svn-id: http://core.svn.wordpress.org/trunk@38967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:51:30 +00:00
Drew Jaynes
04f0340a96 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Post_Statuses_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39024


git-svn-id: http://core.svn.wordpress.org/trunk@38966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:44:38 +00:00
Drew Jaynes
c4df9d63ba Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Post_Meta_Fields class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39023


git-svn-id: http://core.svn.wordpress.org/trunk@38965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:36:32 +00:00
Drew Jaynes
9ce98d98ac Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Meta_Fields class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39022


git-svn-id: http://core.svn.wordpress.org/trunk@38964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:33:30 +00:00
Drew Jaynes
718f9fe868 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39021


git-svn-id: http://core.svn.wordpress.org/trunk@38963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:20:29 +00:00
Drew Jaynes
e2e47a192d Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Comments_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39015


git-svn-id: http://core.svn.wordpress.org/trunk@38957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 06:55:30 +00:00
Drew Jaynes
7d25657c01 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Comment_Meta_Fields class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39014


git-svn-id: http://core.svn.wordpress.org/trunk@38956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 06:34:31 +00:00
Drew Jaynes
08b0407367 Docs: Add much more complete and syntactically correct documentation throughout the WP_REST_Attachments_Controller class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39011


git-svn-id: http://core.svn.wordpress.org/trunk@38953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 05:40:37 +00:00
Gary Pendergast
60eb1ddc5c REST API: Revert [38980].
`/users/me` still needs attention, but this change wasn't quite ready.

See #38521.


Built from https://develop.svn.wordpress.org/trunk@38990


git-svn-id: http://core.svn.wordpress.org/trunk@38933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 02:07:35 +00:00
Rachel Baker
4a37a04d0f REST API: Return WP_Error when a client is attempting to update an option with a non-scalar value to null.
A `null` value is returned in the response for any option that has a non-scalar value.

To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.

Props joehoyle, rachelbaker.
Fixes #38527.
Built from https://develop.svn.wordpress.org/trunk@38982


git-svn-id: http://core.svn.wordpress.org/trunk@38925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 16:08:45 +00:00
Rachel Baker
d42acc530c REST API: Remove the Location header redirect for the /users/me endpoint.
Props youknowriad jnylen0.
Fixes #38521.
Built from https://develop.svn.wordpress.org/trunk@38980


git-svn-id: http://core.svn.wordpress.org/trunk@38923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 14:37:36 +00:00
Boone Gorges
493f76a3d2 REST API: Use wp_get_object_terms() when fetching terms for a post object.
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.

Fixes #38504.
Built from https://develop.svn.wordpress.org/trunk@38974


git-svn-id: http://core.svn.wordpress.org/trunk@38917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 01:42:32 +00:00
Rachel Baker
d359ffc270 REST API: Remove experimental filter wrapper parameter from the Posts Controller class.
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.

Props websupporter, rachelbaker.
Fixes #38378.
Built from https://develop.svn.wordpress.org/trunk@38968


git-svn-id: http://core.svn.wordpress.org/trunk@38911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 21:37:31 +00:00
Boone Gorges
91b518a716 REST API: Use term-specific caps for permission checks in term update and delete endpoints.
See #38505.
Built from https://develop.svn.wordpress.org/trunk@38960


git-svn-id: http://core.svn.wordpress.org/trunk@38903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 14:52:29 +00:00
Rachel Baker
0c2a6184eb REST API: Add constructor to the WP_REST_Settings_Controller class.
Provides consistency with the other API endpoint controller classes.

Props Soean.
Fixes #38429.
Built from https://develop.svn.wordpress.org/trunk@38954


git-svn-id: http://core.svn.wordpress.org/trunk@38897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 13:45:47 +00:00
Gary Pendergast
6b4357e14b REST API: Deprecate the rest_enabled filter.
As the REST API becomes more integral to WordPress Core, turning it off will cause a... suboptimal experience. If we don't want it to be turned off, the off switch needs to be removed.

Props jorbin, pento.
Fixes #38446.


Built from https://develop.svn.wordpress.org/trunk@38947


git-svn-id: http://core.svn.wordpress.org/trunk@38890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 06:28:30 +00:00
Rachel Baker
b13da6ae73 REST API: Add missing sanitization callback for the hide_empty parameter of the Terms Controller.
Fixes a bug where the boolean parameter `hide_empty` was not being properly sanitized in the Terms controller.

Props websupporter.
Fixes #38465.
Built from https://develop.svn.wordpress.org/trunk@38942


git-svn-id: http://core.svn.wordpress.org/trunk@38885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 02:29:30 +00:00
Joe Hoyle
e8a311ed02 REST API: Validate posts status enum
Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function.

Fixes #38417.

Built from https://develop.svn.wordpress.org/trunk@38911


git-svn-id: http://core.svn.wordpress.org/trunk@38854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 17:13:28 +00:00
Rachel Baker
cdce9d5dac REST API: Allow comments to be created setting the user_agent parameter.
As of WordPress 4.3 the `wp_new_comment()` function has been updated to allow the comment_agent value to be set when a comment is created. The comments API endpoint now allows the comment author's user agent to be set when creating a comment.
Also, the `readonly` property on the `author_user_agent` parameter in the schema was removed.

Props rabmalin for the initial patch.
Fixes #38425.
Built from https://develop.svn.wordpress.org/trunk@38864


git-svn-id: http://core.svn.wordpress.org/trunk@38807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 18:28:32 +00:00
Rachel Baker
e4a7c0a397 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832


git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 02:55:32 +00:00
Dominik Schilling
ae2ff33c91 Docs: Improve formatting of filter docs added in [38689].
Fixes #35590.
Built from https://develop.svn.wordpress.org/trunk@38749


git-svn-id: http://core.svn.wordpress.org/trunk@38692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-07 19:24:28 +00:00
Joe Hoyle
d72da116be REST API: Add filters to allow creating REST API middleware plugins.
Introduce two new filters: `rest_request_before_callbacks` and `rest_request_after_callbacks` to
assist REST API middleware plugins to perform pre-callback and cleanup hooks such as `switch_to_blog()`
or caching implementations.

Props jnylen0.
Fixes #35590.

Built from https://develop.svn.wordpress.org/trunk@38689


git-svn-id: http://core.svn.wordpress.org/trunk@38632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 20:12:28 +00:00
Joe Hoyle
794dd5d8cb REST API: Enable sanitize_callback to return WP_Error.
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Built from https://develop.svn.wordpress.org/trunk@38601


git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-14 15:50:29 +00:00
Dominik Schilling
97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Rachel Baker
e5fcbb3514 REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.
Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.

Props schlessera, rachelbaker.
See #37247.
Fixes #37192.



Built from https://develop.svn.wordpress.org/trunk@37943


git-svn-id: http://core.svn.wordpress.org/trunk@37884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-02 23:03:27 +00:00
Rachel Baker
a475d0a161 REST API: Include auto-discovery Link header when serving API requests.
The Link header allows clients to verify if a site has made the REST API available, as well as indicating how to access it.

Props danielbachhuber.
Fixes #35580.



Built from https://develop.svn.wordpress.org/trunk@37903


git-svn-id: http://core.svn.wordpress.org/trunk@37844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 01:57:55 +00:00
Rachel Baker
228c60a222 REST API: Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines.
Prevent duplicate content issues with search engines and REST API endpoint response data.

Fixes #36390.
Props m_uysl for the initial patch.
Built from https://develop.svn.wordpress.org/trunk@37726


git-svn-id: http://core.svn.wordpress.org/trunk@37692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 14:59:28 +00:00
Peter Wilson
47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Rachel Baker
99cca27041 REST API: Create the general wp_check_jsonp_callback() function for validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.

Props rmccue.
Fixes #28523.
Built from https://develop.svn.wordpress.org/trunk@37646


git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:34:28 +00:00
Drew Jaynes
f03eef071e Docs: Standardize hook docs in wp-includes/rest-api/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37490


git-svn-id: http://core.svn.wordpress.org/trunk@37458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:08:29 +00:00
Drew Jaynes
b1804afeaf Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs.
Also use 'back-compat' in some inline comments where backward compatibility is the subject and shorthand feels more natural.

Note: 'backwards compatibility/compatibile' can also be considered correct, though it's primary seen in regular use in British English.

Props ocean90.
Fixes #36835.

Built from https://develop.svn.wordpress.org/trunk@37431


git-svn-id: http://core.svn.wordpress.org/trunk@37397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 18:41:31 +00:00
Drew Jaynes
fe3b007fdd Docs: Remove inline @see tags from function, class, and method references in inline docs.
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.

Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@37342


git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Mark Jaquith
31152de134 REST API: Deliver parameters unadulterated instead of slashed.
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.

Props joehoyle.
Fixes #36419.
Built from https://develop.svn.wordpress.org/trunk@37163


git-svn-id: http://core.svn.wordpress.org/trunk@37130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-06 21:02:28 +00:00
Joe Hoyle
a07988c1c5 REST API: Provide better method for generating CURIEs
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.

This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.

Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.

Fixes #34729.


Built from https://develop.svn.wordpress.org/trunk@37041


git-svn-id: http://core.svn.wordpress.org/trunk@37008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-22 00:16:27 +00:00