* Skips validation where there is no attribute definition, but keeps the attribute value. Previously, the attribute would be omitted from the attributes passed to `render_callback`. Notably, this resolves an issue where `render_callback` cannot receive a block's `align` and `customClassName` attribute values, since these are defined as a client-side filter.
* Validates `null` as a proper value in its own right. Previously, a client implementation of a block could track `{"attribute":null}` as an explicitly empty value, and the server would wrongly initiate defaulting behavior. The new behavior will now only populate a default value if the attribute is not defined at all, including when unset in its being invalid per the attribute schema.
Props aduth, noisysocks, youknowriad.
See #45145 for the patch, #45098 for the original ticket.
Built from https://develop.svn.wordpress.org/branches/5.0@43918
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43736], we prevented rendering fields when not present in `?_fields=`. However, because `get_fields_for_response()` is dependent on `get_item_schema()`, any custom fields registered with a null schema would be incorrectly excluded from the response. Because the REST API permits a null schema for `register_rest_field()`, those fields should be included in the available fields for a response.
Fixes#45220.
Built from https://develop.svn.wordpress.org/branches/5.0@43908
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When 'parent' is set as the path argument name, it gets passed down through to the `create_item()` method and can erroneously reset the 'parent' value on the post itself. Instead, we rename the argument to 'id' and replicate the revision controller's `get_items_permissions_check()` to instead reference 'id'.
Also ensures revision query params (of which there are many) aren't exposed as the query params for autosaves (of which there are two).
Props TimothyBlynJacobs.
See #43316.
Built from https://develop.svn.wordpress.org/branches/5.0@43897
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Responsive embeds is a way for a theme to opt in to WordPress dynamically scaling the width/height of an embed. When a theme supports responsive embeds, a `wp-embed-responsive` class is added to the `<body>` tag. This information is also presented through the REST API for clients to respect.
Props desrosj.
Fixes#45125.
Built from https://develop.svn.wordpress.org/branches/5.0@43790
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Narrow the scope of the included wp-admin files loaded for `wp_generate_attachment_metadata()`, `wp_handle_upload()`, `wp_tempnam()`, and `wp_handle_sideload()`. Requires only `wp-admin/includes/file.php` and `wp-admin/includes/image.php` instead of `wp-admin/includes/admin.php`.
Props ocean90, lonelyvegan, soulseekah, pratikthink.
Merges [43589], [43604] to the 5.0 branch.
Fixes#43757.
Built from https://develop.svn.wordpress.org/branches/5.0@43773
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Adds `WP_REST_Autosaves_Controller` which extends `WP_REST_Revisions_Controller`.
* Autosaves endpoint is registered for all post types except `attachment` because even post types without revisions enabled are expected to autosave.
* Because setting the `DOING_AUTOSAVE` constant pollutes the test suite, autosaves tests are run last. We may want to improve upon this later.
Props adamsilverstein, aduth, azaozz, danielbachhuber, rmccue.
Fixes#43316.
Built from https://develop.svn.wordpress.org/branches/5.0@43768
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The 409 error code is intended for situations where it is expected that the user will resolve the conflict and resubmit the same request. We use 400 error codes for other routes when a duplicate request is made. The 400 status code tells the user they need to modify their request for it to be successful.
Props shooper.
Merges [42354] to the 5.0 branch.
Fixes#42781. See #41370.
Built from https://develop.svn.wordpress.org/branches/5.0@43756
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The permissions error message when a request tries to fetch post statuses unauthenticated is incorrect. It was a copy/paste from elsewhere, as indicated by the use of "in this post type" where this is no post type referenced.
Props schlessera.
Merges [42356] to the 5.0 branch.
Fixes#42303.
Built from https://develop.svn.wordpress.org/branches/5.0@43755
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a `WP_REST_Search_Controller` class which registers a `/wp/v2/search` endpoint. Search types are handled by extending `WP_REST_Search_Handler`. The default search type is `WP_REST_Post_Search_Handler` but can be filtered by plugins or a theme.
Props danielbachhuber, flixos90, pento, rmccue.
Fixes#39965.
Built from https://develop.svn.wordpress.org/branches/5.0@43739
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order for clients to present permalink previews, the REST API must share the computed results of `get_sample_permalink()`. These two values are now exposed as `permalink_template` and `generated_slug` for public, viewable post types, but only for `context=edit`.
Props danielbachhuber, rahulsprajapati.
Fixes#45017.
Built from https://develop.svn.wordpress.org/branches/5.0@43720
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Merges [43584-43586], [43647] to the 5.0 branch.
Fixes#40510.
Built from https://develop.svn.wordpress.org/branches/5.0@43716
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An authorized request with the `read_private_posts` capability for a post type should be able to `GET /wp/v2/posts` for posts of `status=private`. This query is further sanity-checked by `WP_REST_Posts_Controller->check_read_permission()`, which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Fixes#43701.
Built from https://develop.svn.wordpress.org/branches/5.0@43694
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema `targetSchema` provides an appropriate paradigm for doing so.
Props timothyblynjacobs.
Fixes#45014.
Built from https://develop.svn.wordpress.org/branches/5.0@43682
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For Gutenberg and other admin-type interfaces, it's
useful to be able to see the visibility settings for
taxonomies.
The original changeset was partially included in [43445].
Merges [42729], [42730], [42973] to the 5.0 branch.
Props joehoyle, TimothyBlynJacobs, pento.
Fixes#42707
Built from https://develop.svn.wordpress.org/branches/5.0@43680
git-svn-id: http://core.svn.wordpress.org/branches/5.0@43509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Merges [43087] to the 4.9 branch.
Props danielbachhuber.
See #43874.
Built from https://develop.svn.wordpress.org/branches/4.9@43445
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Merge of [43439] and [43441] to the 4.9 branch.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs, pento.
Fixes#44321.
Built from https://develop.svn.wordpress.org/branches/4.9@43442
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Merges [43437] to the 4.9 branch.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
Built from https://develop.svn.wordpress.org/branches/4.9@43438
git-svn-id: http://core.svn.wordpress.org/branches/4.9@43265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).
This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.
Props danielbachhuber.
Merges [43001] to the 4.9 branch.
Fixes#42202.
Built from https://develop.svn.wordpress.org/branches/4.9@43067
git-svn-id: http://core.svn.wordpress.org/branches/4.9@42896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.
See #38583.
Built from https://develop.svn.wordpress.org/trunk@42000
git-svn-id: http://core.svn.wordpress.org/trunk@41834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Also remove `enum` for validating allowed templates to allow plugins to dynamically supply their own templates for specific posts, even when they are not in the theme.
Props TimothyBlynJacobs, jnylen0, swissspidy.
Fixes#39996.
Built from https://develop.svn.wordpress.org/trunk@41979
git-svn-id: http://core.svn.wordpress.org/trunk@41813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds an "include_slug" orderby value for REST API collections to permit returning a collection filtered by slugs in the same order in which those slugs are specified.
Previously, the order of slugs provided with the ?slug query parameter had no effect on the order of the returned records.
Props wonderboymusic, ocean90, boonebgorges.
Fixes#40826.
Built from https://develop.svn.wordpress.org/trunk@41760
git-svn-id: http://core.svn.wordpress.org/trunk@41594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enables register_setting to accept an object as its schema value, allowing settings to accept non-scalar values through the REST API.
This whitelists the added type in the settings controller, and passes properties from argument registration into the validation functions.
Props joehoyle.
See #38583.
Built from https://develop.svn.wordpress.org/trunk@41758
git-svn-id: http://core.svn.wordpress.org/trunk@41592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fixes an issue where submitting a well-formed request to create a term inappropriately returns a 500 error status if that term already exists.
HTTP 5xx error codes should be reserved for unexpected server errors, so "409 Conflict" is a more appropriate response.
Props alibasheer, guzzilar, shooper.
Fixes#41370.
Built from https://develop.svn.wordpress.org/trunk@41737
git-svn-id: http://core.svn.wordpress.org/trunk@41571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.
See #38583.
Props TimothyBlynJacobs5.
Built from https://develop.svn.wordpress.org/trunk@41727
git-svn-id: http://core.svn.wordpress.org/trunk@41561 1a063a9b-81f0-0310-95a4-ce76da25c4cd