Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post
object exists before checking the read permission for the parent post.
Props GhostToast.
Fixes#39881.
Merges [40306] to the 4.7 branch.
Built from https://develop.svn.wordpress.org/branches/4.7@40337
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information. It's just not used at this point in time. Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.
After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.
Merge of [40120] and [40121] to the 4.7 branch.
Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes#39232.
Built from https://develop.svn.wordpress.org/branches/4.7@40137
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts as if the `sticky` argument was not set. In this situation, the query should return an empty array instead.
A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.
Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.
Merge of [40037] and [40122] to the 4.7 branch.
Props ryelle, jnylen0.
See #39079.
Fixes#39947.
Built from https://develop.svn.wordpress.org/branches/4.7@40136
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.
This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.
Props joehoyle, jnylen0.
Merges [40108] to the 4.7 branch.
Fixes#38883.
Built from https://develop.svn.wordpress.org/branches/4.7@40115
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.
It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.
Overall this commit ensures that post and comment dates can be set and updated as expected.
Props jnylen0.
Merges [40101] to the 4.7 branch.
Fixes#39256.
Built from https://develop.svn.wordpress.org/branches/4.7@40114
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.
This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.
Props jnylen0, jeremyfelt, johnjamesjacoby.
Merges [40106] to the 4.7 branch.
Fixes#39701.
Built from https://develop.svn.wordpress.org/branches/4.7@40111
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.
Props dhanendran, jnylen0, rachelbaker.
Merges [40080] to the 4.7 branch.
Fixes#39466.
Built from https://develop.svn.wordpress.org/branches/4.7@40081
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API. This was already done for posts, but not for revisions. The field is already declared as an integer in both controllers.
Props jnylen0.
Merges [40063] to the 4.7 branch.
Fixes#39871.
Built from https://develop.svn.wordpress.org/branches/4.7@40078
git-svn-id: http://core.svn.wordpress.org/branches/4.7@40015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using single quotes instead of double quotes, which means it is not working correctly as a dynamic filter. This fixes the quotes around the filter name, and also updates the docblocks for the other 3 similar filters for better conformance to the documentation standards.
Merge of [39621] to the 4.7 branch.
Props shazahm1hotmailcom, JPry, jnylen0.
Fixes#39300.
Built from https://develop.svn.wordpress.org/branches/4.7@39631
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If `add_theme_support( 'post-formats' )` is called with no additional arguments, then `get_theme_support( 'post-formats' )` returns `true` rather than an array of supported formats. Avoid generating PHP warnings in this situation.
Merge of [39620] to the 4.7 branch.
Props dreamon11, ChopinBach.
Fixes#39293.
Built from https://develop.svn.wordpress.org/branches/4.7@39630
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [38625], the functionality to search for attachments by filename was added via the `posts_clauses` filter and the `_filter_query_attachment_filenames()` function. This moves `_filter_query_attachment_filenames()` from `wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be applied in the same manner in the REST API media endpoint.
Merge of [39598] to the 4.7 branch.
Props jblz, tyxla.
Fixes#39092.
Built from https://develop.svn.wordpress.org/branches/4.7@39629
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value (previously this was an explicit check for `false`).
One possible failure case is that a plugin developer forgets to include a return value for some code path in their callback for this filter, leading to a value of null which is currently treated like `true`.
Props joehoyle, jnylen0.
Merges [39487] to the 4.7 branch.
Fixes#39010.
Built from https://develop.svn.wordpress.org/branches/4.7@39566
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.
Merges [39444] into the 4.7 branch.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.
Fixes#38971 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@39446
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- 'orderby' => 'include' requires an array of post_ids via the include collection param.
- 'orderby' => 'id' and 'orderby' => 'slug' need map the correct WP_Query equivalents.
Merges [39440] to the 4.7 branch.
Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.
Fixes#38971 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@39441
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a PUT request that removes a user's site and content associations is available, DELETE requests are disabled to avoid possible issues with lost content.
Merges [34938] onto 4.7 branch.
Props jnylen0, rachelbaker.
Fixes#38962 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@39439
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.
This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.
Merges [39426] to the 4.7 branch.
Props jeremyfelt.
Fixes#39000.
Built from https://develop.svn.wordpress.org/branches/4.7@39427
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Change the capability check used in `WP_REST_Terms_Controller` when creating a new term is attempted, from `manage_terms` to `edit_terms`. This matches the behavior within the WordPress admin. See #35614.
Props johnbillion, rmccue, rachelbaker, helen, jorbin, SergeyBiryukov.
Merges [39402] to the 4.7 branch.
Fixes#38958 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@39403
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing.
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.
Props jnylen0, joehoyle, rachelbaker, ocean90.
Merges [39400] to the 4.7 branch.
Fixes#38984 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@39401
git-svn-id: http://core.svn.wordpress.org/branches/4.7@39341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.
Props flixos90, jnylen0.
Fixes#38692.
Built from https://develop.svn.wordpress.org/trunk@39349
git-svn-id: http://core.svn.wordpress.org/trunk@39289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call.
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs
Props rachelbaker, joehoyle
Fixes#38905.
Built from https://develop.svn.wordpress.org/trunk@39348
git-svn-id: http://core.svn.wordpress.org/trunk@39288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.
Props helen, rachelbaker, joehoyle.
Fixes#38855.
Built from https://develop.svn.wordpress.org/trunk@39327
git-svn-id: http://core.svn.wordpress.org/trunk@39267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.
Props dd32, rachelbaker, joehoyle.
Fixes#38819.
Built from https://develop.svn.wordpress.org/trunk@39302
git-svn-id: http://core.svn.wordpress.org/trunk@39242 1a063a9b-81f0-0310-95a4-ce76da25c4cd