In `WP_REST_Search_Controller`, the `type` parameter is accessed via the sanitization callback for the `subtype` parameter, which is too early for `type` itself to be already sanitized. This change adds a type check in the `get_search_handler()` method to prevent errors when the type doesn’t match.
Props swissspidy, timothyblynjacobs, dd32.
Fixes#60771.
Built from https://develop.svn.wordpress.org/trunk@57839
git-svn-id: http://core.svn.wordpress.org/trunk@57340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This removes settings that are the default value or required for side-loading from the `WP_REST_Font_Faces_Controller::handle_font_file_upload()`.
This is to harden the endpoint and future proof against any changes to `wp_handle_upload()` and related functions/security checks.
Props peterwilsoncc, dd32.
Fixes#60741.
Built from https://develop.svn.wordpress.org/trunk@57804
git-svn-id: http://core.svn.wordpress.org/trunk@57305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds a new `rest_pre_insert_{$this->post_type}` filter in the `WP_REST_Templates_Controller`, where it is applied to the return value of the `prepare_item_for_database` method. (This is consistent with the `WP_REST_Post_Controller`, where that filter has existed before.)
The new filter is then used to inject hooked blocks into the template (or template part) content received via the endpoint, prior to persisting it to the database.
This supersedes the previous mechanism, which was using the `rest_after_insert_{$this->post_type}` ''action'', from which it performed an additional `wp_update_post` call to update the template (part) content with the hooked blocks injected. The new technique eschews that additional call and the resulting extra revision it created, as well as a problem with regard to duplicated escaping and sanitization, which had caused some special characters to be garbled.
Props tomjcafferkey, gziolo, swissspidy, karolmanijak.
Fixes#60671.
Built from https://develop.svn.wordpress.org/trunk@57790
git-svn-id: http://core.svn.wordpress.org/trunk@57291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Changing the font library is something we expect hosts to perform.
It's important that we make this filter as seemless as possible.
This commit prevents a potential infinite loop caused by calling wp_get_upload_dir() within the font_dir filter.
Props mmaattiiaass, ironprogrammer, costdev, swissspidy.
Fixes#60652.
Built from https://develop.svn.wordpress.org/trunk@57740
git-svn-id: http://core.svn.wordpress.org/trunk@57241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates `wp_register_font_collection()` and `WP_Font_Collection` so that only font families can be loaded from a file or URL.
All metadata, such as name, description, and list of font categories, needs to be passed directly in PHP so that it can be properly localized.
Props swissspidy, mmaattiiaass, grantmkin, youknowriad.
Fixes#60509.
Built from https://develop.svn.wordpress.org/trunk@57686
git-svn-id: http://core.svn.wordpress.org/trunk@57187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updated the global styles endpoints in the REST API to extend from existing posts and revisions controllers. This reduces duplicated code and inconsistencies. The revisions controller is now a subclass of the WP_REST_Revisions_Controller. Related redundant methods were removed and schema generation and collection parameters were adjusted to suit the global styles context. Updated permission checks, constructor, and collection parameters accordingly. This change allows for easy override of these classes using the `register_post_type_args` filter.
Props ramonopoly, spacedmonkey, mukesh27.
Fixes#60131.
Built from https://develop.svn.wordpress.org/trunk@57624
git-svn-id: http://core.svn.wordpress.org/trunk@57125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This enhancement refines the REST API server to automatically establish the maximum 'per_page' value for embedded objects, adhering to the endpoint's schema when not explicitly defined in the request. This adjustment elevates the limit from the default of 10 items to 100 items, significantly improving the likelihood of receiving the complete dataset of embedded objects.
Props manyourisms, lpawlik, spacedmonkey, kadamwhite, TimothyBlynJacobs.
Fixes#43439.
Built from https://develop.svn.wordpress.org/trunk@57623
git-svn-id: http://core.svn.wordpress.org/trunk@57124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This update modifies the error handling mechanism in the REST API meta fields functionality. Instead of halting execution and returning on the first encountered error, it now collects all errors in a WP_Error object and continues execution. Thus, this enhancement enables handling and displaying of multiple errors in a single response, improving the debugging process.
Props TimothyBlynJacobs, spacedmonkey, hellofromTonya, oglekler.
Fixes#48823.
Built from https://develop.svn.wordpress.org/trunk@57611
git-svn-id: http://core.svn.wordpress.org/trunk@57112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Audio and video attachments can have a featured image, also known as a poster image. This functionality is now properly exposed by the `wp/v2/media` endpoint.
Props swissspidy, timothyblynjacobs, wonderboymusic, dlh, spacedmonkey.
Fixes#41692.
Built from https://develop.svn.wordpress.org/trunk@57603
git-svn-id: http://core.svn.wordpress.org/trunk@57104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commits add three endpoints to retrieve and manipulate fonts in WordPress.
This commit also means that we now have a fully functional Font Library in the site editor.
Props get_dave, youknowriad, mmaattiiaass, grantmkin, swissspidy, mcsf, jorbin, ocean90.
See #59166.
Built from https://develop.svn.wordpress.org/trunk@57548
git-svn-id: http://core.svn.wordpress.org/trunk@57049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving AVIF images when supported by the server.
Add 'image/avif' to supported mime types. Correctly identify AVIF images and sizes even when PHP doesn't support AVIF. Resize uploaded AVIF files (when supported) and use for front end markup.
Props adamsilverstein, lukefiretoss, ayeshrajans, navjotjsingh, Tyrannous, jb510, gregbenz, nickpagz, JavierCasares, mukesh27, yguyon, swissspidy.
Fixes#51228.
Built from https://develop.svn.wordpress.org/trunk@57524
git-svn-id: http://core.svn.wordpress.org/trunk@57025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit removes unnecessary access and internal annotations from two functions that are private and as such don't require the annotation. It also adds the since annotation with the 6.5 release given that the annotation may be useful.
Props swissspidy.
See #60358.
Built from https://develop.svn.wordpress.org/trunk@57374
git-svn-id: http://core.svn.wordpress.org/trunk@56880 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset introduces two functions:
* `wp_is_serving_rest_request()` returns a boolean for whether WordPress is serving an actual REST API request.
* `wp_is_rest_endpoint()` returns a boolean for whether a WordPress REST API endpoint is currently being used. While this is always the case if `wp_is_serving_rest_request()` returns `true`, the function additionally covers the scenario of internal REST API requests, i.e. where WordPress calls a REST API endpoint within the same request.
Both functions should only be used after the `parse_request` action.
All relevant manual checks have been adjusted to use one of the new functions, depending on the use-case. They were all using the same constant check so far, while in fact some of them were intending to check for an actual REST API request while others were intending to check for REST endpoint usage.
A new filter `wp_is_rest_endpoint` can be used to alter the return value of the `wp_is_rest_endpoint()` function.
Props lots.0.logs, TimothyBlynJacobs, flixos90, joehoyle, peterwilsoncc, swissspidy, SergeyBiryukov, pento, mikejolley, iandunn, hellofromTonya, Cybr, petitphp.
Fixes#42061.
Built from https://develop.svn.wordpress.org/trunk@57312
git-svn-id: http://core.svn.wordpress.org/trunk@56818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that `WP_REST_Comments_Controller::prepare_item_for_response()` passes three arguments to the `comment_text` filter, for consistency with all the other instances in core.
Follow-up to [15957], [16357], [25555], [38832], [40664].
Props sjregan, SergeyBiryukov.
Fixes#58238.
Built from https://develop.svn.wordpress.org/trunk@57176
git-svn-id: http://core.svn.wordpress.org/trunk@56687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Restores setting the site's logo, icon, and wp-admin's back button image (which defaults to W).
Prior to [56566], the site logo and icon were unconditionally added to the index. [56566] changed this by conditionally adding them if either the `_links` or `_embedded` fields were included. However, these fields are not included when using the Site Logo block, as it uses the `site_logo`, `site_icon`, and `site_icon_url` fields instead.
This changeset restores the functionality by checking specifically for the `site_*` fields when neither of the `_links` or `_embedded` fields are present.
Follow up to [56566].
Props antonvlasenko, hellofromTonya, ironprogrammer, priethor, wildworks.
Fixes#59935.
Built from https://develop.svn.wordpress.org/trunk@57147
git-svn-id: http://core.svn.wordpress.org/trunk@56658 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[56834] adjusted the order of activity inside the rest server responses. This lead to the `rest_pre_serve_request` filter potentially blocking the sending of the no cache headers. This moves that action back to being after the sending of no cache headers has finished to restore the pre 6.3.2 order of these two actions.
Props perrelet, SergeyBiryukov, peterwilsoncc.
Fixes#59722.
Built from https://develop.svn.wordpress.org/trunk@57012
git-svn-id: http://core.svn.wordpress.org/trunk@56523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The Template and Template Part REST API controllers have unique characteristics compared to other post type REST API controllers. They do not rely on integer IDs to reference objects; instead, they use a combination of the theme name and slug of the template, like 'twentytwentyfour//home.' Consequently, when the post types template and template part were introduced in [52062], it led to the registration of REST API endpoints for autosaves and revisions with invalid URL structures.
In this commit, we introduce new functionality to enable custom autosave and revisions endpoints to be registered at the post type level. Similar to the 'rest_controller_class' parameter, developers can now define 'revisions_rest_controller' and 'autosave_rest_controller.' This empowers developers to create custom controllers for these functionalities. Additionally, we introduce a 'late_route_registration' parameter, which proves helpful when dealing with custom URL patterns and regex pattern matching issues.
This commit registers new classes for template and template part autosave and revisions controllers, differentiating them from standard controllers in the following ways:
* The response shape now matches that of the template controller.
* Permission checks align with the template controller.
* A custom URL pattern is introduced to support slug-based identification of templates.
Furthermore, we've updated the utility function '_build_block_template_result_from_post' to support passing revision post objects. This enhancement ensures compatibility with the custom revisions controller.
Props spacedmonkey, revgeorge, andraganescu, hellofromTonya, antonvlasenko, kadamwhite, ironprogrammer, costdev, mukesh27, timothyblynjacobs, adamsilverstein.
Fixes 56922.
Built from https://develop.svn.wordpress.org/trunk@56819
git-svn-id: http://core.svn.wordpress.org/trunk@56331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In cases where `WP_Comment_Query` or `get_comments` is employed with the 'count' parameter set to true, specify 'order by' as 'none'. Since these queries serve solely to determine the count of comments matching specific query parameters, the 'order by' clause becomes redundant and places unnecessary strain on the database server, resulting in slower query execution. Given that count queries are executed on every admin request to retrieve comment counts, this change enhances the performance of the wp-admin interface.
Props guss77, davidbaumwald, SergeyBiryukov, westonruter, peterwilsoncc, foliovision, hareesh-pillai, spacedmonkey.
Fixes#58368
Built from https://develop.svn.wordpress.org/trunk@56747
git-svn-id: http://core.svn.wordpress.org/trunk@56259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Correct an issue where meta values containing characters like quote `”` could not be previewed on published posts. The function `update_metadata` expects data to be slashed.
Also, add a test to confirm that storing JSON data which requires slashing in autosave meta works as expected, and improve naming for a data provider added in [56714].
Follow up to [56714].
Props mukesh27, spacedmonkey.
Fixes#20564.
Built from https://develop.svn.wordpress.org/trunk@56745
git-svn-id: http://core.svn.wordpress.org/trunk@56257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enable the storing of post meta in revisions including autosaves and previews:
Add a new argument `revisions_enabled` to the `register_meta` function which enables storing meta in revisions.
Add a new `wp_post_revision_meta_keys` filter which developers can use to control which meta is revisioned - it passes an array of the meta keys with revisions enabled as well as the post type.
Meta keys with revisions enabled are also stored for autosaves, and are restored when a revision or autosave is restored. In addition, meta values are now stored with the autosave revision used for previews. Changes to meta can now be previewed correctly without overwriting the published meta (see #20299) or passing data as a query variable, as the editor currently does to preview changes to the featured image.
Changes to meta with revisions enabled are considered when determining if a new revision should be created. A new revision is created if the meta value has changed since the last revision.
Revisions are now saved on the `wp_after_insert_post` hook instead of `post_updated`. The `wp_after_insert_post` action is fired after post meta has been saved by the REST API which enables attaching meta to the revision. To ensure backwards compatibility with existing action uses, `wp_save_post_revision_on_insert` function exits early if plugins have removed the previous `do_action( 'post_updated', 'wp_save_post_revision' )` call.
Props: alexkingorg, johnbillion, markjaquith, WraithKenny, kovshenin, azaozz, tv-productions, p51labs, mattheu, mikeschroder, Mamaduka, ellatrix, timothyblynjacobs, jakemgold, bookwyrm, ryanduff, mintindeed, wonderboymusic, sanchothefat, westonruter, spacedmonkey, hellofromTonya, drewapicture, adamsilverstein, swisspiddy.
Fixes#20564, #20299.
Built from https://develop.svn.wordpress.org/trunk@56714
git-svn-id: http://core.svn.wordpress.org/trunk@56226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Align the schema between `block.json` defined in Gutenberg and the REST API endpoint for block types. It looks like the `name` field isn't validated in all places and when it uses pattern matching in the REST API code, then it was slightly different.
Props spacedmonkey, ockham.
See #59346.
Built from https://develop.svn.wordpress.org/trunk@56676
git-svn-id: http://core.svn.wordpress.org/trunk@56188 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [56587], a spelling error was introduced in the documentation of the new `block_hooks` field in `WP_REST_Block_Types_Controller`.
This fixes the spelling error.
Follow-up to [56587].
Props kebbet, mukesh27, tahmina1du.
Fixes#59426. See #59346.
Built from https://develop.svn.wordpress.org/trunk@56668
git-svn-id: http://core.svn.wordpress.org/trunk@56180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously initialized in `WP_REST_Server::dispatch()`, the `$response` variable became unused when the logic was split into two new methods, `::match_request_to_handler()` and `::respond_to_request()`.
Follow-up to [34928], [48947].
Props upadalavipul, mukesh27.
Fixes#59420.
Built from https://develop.svn.wordpress.org/trunk@56645
git-svn-id: http://core.svn.wordpress.org/trunk@56157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When various methods parameters in child classes were renamed to `$item` to match the parent class for PHP 8 named parameter support, most of the methods restored the more descriptive, specific name at the beginning for better readability, with several exceptions for methods consisting only of a few lines.
To avoid confusion about why some methods do that and some don't, this commit aims to bring more consistency to the code, specifically in list tables' `::column_default()` methods.
Follow-up to [51728], [51737], [51786].
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56586
git-svn-id: http://core.svn.wordpress.org/trunk@56098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Building upon the changes introduced in [53760], this commit refines the behavior of the REST API index. Specifically, it addresses performance concerns related to the unnecessary preparation of item links, such as site icon and logo links.
Prior to this update, the index controller was invoking the prepare_links method regardless of whether the _links or _embedded fields were requested in the response. This led to unnecessary database lookups and decreased overall performance.
In this commit, we implement a more efficient approach. Now, the prepare_links method will only be called when the _links or _embedded fields are explicitly requested in the response. This optimization ensures that we prepare links only when they are intended for inclusion in the API response, reducing unnecessary overhead.
By implementing this improvement, we enhance the overall efficiency and performance of the WordPress core REST API index controller.
Props spacedmonkey, niravsherasiya7707, dlh, mukesh27, costdev, swissspidy.
Fixes#57902.
Built from https://develop.svn.wordpress.org/trunk@56566
git-svn-id: http://core.svn.wordpress.org/trunk@56078 1a063a9b-81f0-0310-95a4-ce76da25c4cd