Commit Graph

252 Commits

Author SHA1 Message Date
Sergey Biryukov 9cb0a09d1f REST API: Merge two similar permission error strings.
Props ramiy.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39304


git-svn-id: http://core.svn.wordpress.org/trunk@39244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 23:53:30 +00:00
Rachel Baker 0fdb955ce8 REST API: On Comment create, limit the ability to set the `author_ip` value directly.
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.

Props dd32, rachelbaker, joehoyle.
Fixes #38819.
Built from https://develop.svn.wordpress.org/trunk@39302


git-svn-id: http://core.svn.wordpress.org/trunk@39242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 21:13:32 +00:00
Joe Hoyle 0c14c16ced REST API: Clarify parameters when used in error strings.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ocean90, ramiy, danielbachhuber.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39298


git-svn-id: http://core.svn.wordpress.org/trunk@39238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 20:20:32 +00:00
Joe Hoyle a38b863ae4 REST API: Change “ipv4” types to “ip” to support ipv6.
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.

Props dd32, schlessera, danielbachhuber.
Fixes #38818.
Built from https://develop.svn.wordpress.org/trunk@39296


git-svn-id: http://core.svn.wordpress.org/trunk@39236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:33:31 +00:00
Joe Hoyle 81c5b03029 REST API: Check read permissions on posts when viewing comments.
With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.
Built from https://develop.svn.wordpress.org/trunk@39295


git-svn-id: http://core.svn.wordpress.org/trunk@39235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:07:30 +00:00
Rachel Baker 3f6131c2e6 REST API: Remove the `karma` property and query parameter from the Comments endpoints.
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.

Props dd32, danielbachhuber.
Fixes #38821.
Built from https://develop.svn.wordpress.org/trunk@39292


git-svn-id: http://core.svn.wordpress.org/trunk@39232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:53:29 +00:00
Rachel Baker 191e085fa3 REST API: On comment create, return an error if the `type` property is set to anything other than `comment`.
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.

Props dd32, boonebgorges, rachelbaker.
Fixes #38820.
Built from https://develop.svn.wordpress.org/trunk@39290


git-svn-id: http://core.svn.wordpress.org/trunk@39230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:37:30 +00:00
Rachel Baker ccb4c7c8b9 REST API: Allow `parent` property to be explicitly set to `0` when creating or updating a Post.
Props lucasstark, danielbachhuber.
Fixes #38852.
Built from https://develop.svn.wordpress.org/trunk@39289


git-svn-id: http://core.svn.wordpress.org/trunk@39229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:12:31 +00:00
Rachel Baker 735fa34d42 REST API: On comment create, return an error if the `post` parameter does not relate to a valid WP_Post object.
Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.

Props dd32, jnylen0, rachelbaker.
Fixes #38816.
Built from https://develop.svn.wordpress.org/trunk@39288


git-svn-id: http://core.svn.wordpress.org/trunk@39228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 16:56:30 +00:00
Rachel Baker 10bddfac39 REST API: On comment create, fallback to the `user_agent` header value.
If a user-agent is not explicitly provided in the `author_user_agent` parameter, fallback to the `user_agent` value in the request header.

Props dd32, jnylen0, rachelbaker.
Fixes #38817.
Built from https://develop.svn.wordpress.org/trunk@39287


git-svn-id: http://core.svn.wordpress.org/trunk@39227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 16:22:33 +00:00
Sergey Biryukov acc30b09d7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.
Built from https://develop.svn.wordpress.org/trunk@39278


git-svn-id: http://core.svn.wordpress.org/trunk@39218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-17 15:53:33 +00:00
Sergey Biryukov b92266a72b REST API: After [39252] and [39264], uppercase some more 'ID' references in translatable strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39266


git-svn-id: http://core.svn.wordpress.org/trunk@39206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 13:28:37 +00:00
Sergey Biryukov ce74afdae2 REST API: Uppercase 'ID' in endpoint descriptions and error messages for consistency with other strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39264


git-svn-id: http://core.svn.wordpress.org/trunk@39204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 12:18:33 +00:00
Sergey Biryukov 74c9f82ef2 REST API: Unify some more permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39259


git-svn-id: http://core.svn.wordpress.org/trunk@39199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 23:36:31 +00:00
Sergey Biryukov 07cf16f7ba REST API: Unify permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39257


git-svn-id: http://core.svn.wordpress.org/trunk@39197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 22:23:30 +00:00
Sergey Biryukov 9c2ea0b8c7 REST API: Remove two duplicate strings, use the ones we already have.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39252


git-svn-id: http://core.svn.wordpress.org/trunk@39192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 20:40:29 +00:00
Sergey Biryukov cc14606094 REST API: Unify permission error messages.
Props ramiy.
See #38791, #34521.
Built from https://develop.svn.wordpress.org/trunk@39251


git-svn-id: http://core.svn.wordpress.org/trunk@39191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 20:37:32 +00:00
Joe Hoyle d049f72459 REST API: Clean up argument and property types.
There's a couple of places where we were missing type notes for arguments, which mainly affects documentation.

Props jnylen0.
Fixes #38792.

Built from https://develop.svn.wordpress.org/trunk@39250


git-svn-id: http://core.svn.wordpress.org/trunk@39190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 18:16:30 +00:00
Sergey Biryukov 65fb74561b REST API: After [39238] and [39239], move the remaining translator comments to preceding line.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39245


git-svn-id: http://core.svn.wordpress.org/trunk@39185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 13:07:33 +00:00
Ryan McCue 0f5a44e093 REST API: Move translator comments to preceding line.
Inline translator comments break POT file generation.

Props dd32.
See #38791.

Built from https://develop.svn.wordpress.org/trunk@39239


git-svn-id: http://core.svn.wordpress.org/trunk@39179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 05:39:32 +00:00
Ryan McCue 705f17cea2 REST API: Add translator comments to text with placeholders.
Props dimadin.
Fixes #38791.

Built from https://develop.svn.wordpress.org/trunk@39238


git-svn-id: http://core.svn.wordpress.org/trunk@39178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 04:28:31 +00:00
Joe Hoyle a4fa8c528f REST API: Make all collection params filterable.
For developers wanting to add their own registered collection parameters, they can now use the `rest_$type_collection_params` filter. This brings consistency with the already existing `rest_$post_type_collection_params`.

Fixes #38710.
Props jnylen0.

Built from https://develop.svn.wordpress.org/trunk@39223


git-svn-id: http://core.svn.wordpress.org/trunk@39163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:42:31 +00:00
Joe Hoyle 5c90d9ed8e REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.

Built from https://develop.svn.wordpress.org/trunk@39222


git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:36:33 +00:00
Ryan McCue 65664731e9 REST API: Improve validation for usernames and passwords.
Also improves the slashing of user data in the REST API to avoid data loss.

Props jnylen0.
Fixes #38739.

Built from https://develop.svn.wordpress.org/trunk@39219


git-svn-id: http://core.svn.wordpress.org/trunk@39159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 07:13:31 +00:00
Joe Hoyle f325af9caa REST API: Allow updating a comment without the content present.
For all resources in the REST API, sending partial updates is supported. This fixes needing to _always_ specify comment content.

Props jnylen.
Fixes #38720.

Built from https://develop.svn.wordpress.org/trunk@39196


git-svn-id: http://core.svn.wordpress.org/trunk@39136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 03:35:30 +00:00
Joe Hoyle 3138878aa5 REST API: Use wp_slash rather than addslashes.
See #38726.
Props dd32.

Built from https://develop.svn.wordpress.org/trunk@39192


git-svn-id: http://core.svn.wordpress.org/trunk@39132 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 02:39:30 +00:00
Joe Hoyle 67da42825e REST API: Add `rest_base` to response objects of `wp/v2/taxonomies` and `wp/v2/types`
Though we have the `_links.collection` available, having this value can be useful to know post type / taxonomy urls if you need to build them another way.

Props youknowriad, jnylen0.
Fixes #38607.

Built from https://develop.svn.wordpress.org/trunk@39191


git-svn-id: http://core.svn.wordpress.org/trunk@39131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 02:21:30 +00:00
Joe Hoyle e66d2478ee REST API: `unfiltered_html` and slashing: terms.
Follow-up to #38609 and #38704; handle slashes correctly for taxonomy terms.

Props westonruter, jnylen0.
Fixes #38726, see #38609.

Built from https://develop.svn.wordpress.org/trunk@39190


git-svn-id: http://core.svn.wordpress.org/trunk@39130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-10 02:10:30 +00:00
Ryan McCue a2bbbddb9e REST API: Include template in all post type schemas.
[38951] added templates to all post types, but didn't add them to the schema.

Props swissspidy.
Fixes #38698.

Built from https://develop.svn.wordpress.org/trunk@39182


git-svn-id: http://core.svn.wordpress.org/trunk@39122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 07:12:32 +00:00
Ryan McCue 3a449ea543 Roles/Capabilities: Add meta-caps for comment, term, and user meta.
Additionally, use these meta-caps in the REST API endpoints.

Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.

Props tharsheblows, boonebgorges.
Fixes #38303, fixes #38412.

Built from https://develop.svn.wordpress.org/trunk@39179


git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 03:42:30 +00:00
Ryan McCue 4060c68f85 REST API: Fire correct hooks when creating users on multiste.
`add_user_to_blog()` is now called, ensuring the correct hooks are called, along with setting the primary blog and clearing relevant caches.

Props jeremyfelt.
Fixes #38526.

Built from https://develop.svn.wordpress.org/trunk@39177


git-svn-id: http://core.svn.wordpress.org/trunk@39117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 01:35:30 +00:00
Pascal Birchler 548ac82b06 I18N: Add ability to change user's locale back to site's locale.
Previously there was no way to remove the user locale setting again, even though that might be desirable.

This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.

Props ocean90.
See #29783.
Fixes #38632.
Built from https://develop.svn.wordpress.org/trunk@39169


git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 23:01:31 +00:00
Joe Hoyle c15065dddf REST API: Remove get_allowed_query_vars() now `filter` is gone.
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.

Props rmccue, rachelbacker, danielbachhuber.
Fixes #38629.

Built from https://develop.svn.wordpress.org/trunk@39162


git-svn-id: http://core.svn.wordpress.org/trunk@39102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 14:08:32 +00:00
Joe Hoyle 8de95582e2 REST API: Remove rest_get_post filter and `get_post` abstraction.
This filter was originally introduced in https://github.com/WP-API/WP-API/pull/2535 to support Customizer Changesets (née Transactions). This is a super broad filter and doesn't really fit with the design of the API, nor is it (arguably) the right level to do this.

Props rmccue.
Fixes #38701.

Built from https://develop.svn.wordpress.org/trunk@39161


git-svn-id: http://core.svn.wordpress.org/trunk@39101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 13:09:33 +00:00
Ryan McCue caabc52753 REST API: Respect unfiltered_html for HTML comment fields.
Same as [39155], but for comments, natch.

Props jnylen0.
Fixes #38704, see #38609.

Built from https://develop.svn.wordpress.org/trunk@39157


git-svn-id: http://core.svn.wordpress.org/trunk@39097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 06:36:31 +00:00
Ryan McCue f1975b18ea REST API: Respect unfiltered_html for HTML post fields.
This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.

Props jnylen0.
Fixes #38609.

Built from https://develop.svn.wordpress.org/trunk@39155


git-svn-id: http://core.svn.wordpress.org/trunk@39095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 05:55:32 +00:00
Ryan McCue 8760c9a91d REST API: Change attachment caption & description to objects.
Just like excerpt and content for regular posts, these have transformations applied that can make the content significantly different from the raw value.

Props jnylen0.
Fixes #38679.

Built from https://develop.svn.wordpress.org/trunk@39154


git-svn-id: http://core.svn.wordpress.org/trunk@39094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 04:29:32 +00:00
Rachel Baker 5564716a07 REST API: Modify the structure of our DELETE responses to be more explicit.
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property.  As a result DELETE responses are now structured like so:
 `{ deleted: true, previous: { ... } }`

Also includes helpful information to DELETE requests for resources that are not trashable.

Props timmydcrawford, rmccue, jnylen0.
Fixes #38494.
Built from https://develop.svn.wordpress.org/trunk@39126


git-svn-id: http://core.svn.wordpress.org/trunk@39066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-04 17:11:29 +00:00
Ryan McCue 721cf281a3 REST API: Only provide JSON error code on PHP 5.3+.
json_last_error() was only added to PHP 5.3.0, so we can't provide the information for older versions.

See #38547.

Built from https://develop.svn.wordpress.org/trunk@39111


git-svn-id: http://core.svn.wordpress.org/trunk@39053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 04:57:30 +00:00
Joe Hoyle 6b08485cfa REST API: Return error when JSON decoding fails.
If you send a request to the REST API with invalid JSON in body than it will now return a error. This assists developers if they accidentally send invalid JSON and wonder why their data appears to be ignored.

Props rmccue.
Fixes #38547.

Built from https://develop.svn.wordpress.org/trunk@39109


git-svn-id: http://core.svn.wordpress.org/trunk@39051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 04:05:36 +00:00
Rachel Baker 8c9f4f812a REST API: Return a `WP_Error` when a user does not have permission to create or update a post with the provided terms.
Add the 'assign_term' check for post create and update.

Props boonebgorges, johnbillion.
Fixes #38505.
Built from https://develop.svn.wordpress.org/trunk@39108


git-svn-id: http://core.svn.wordpress.org/trunk@39050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 03:16:30 +00:00
Joe Hoyle d544c6ddd0 REST API: Switch to stable version of JSON Schema.
Props danielbachhuber.
Fixes #38635.

Built from https://develop.svn.wordpress.org/trunk@39106


git-svn-id: http://core.svn.wordpress.org/trunk@39048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 02:22:29 +00:00
Rachel Baker dcb12c35cf REST API: Clean-up our validation callbacks and add missing array `items` properties in our endpoint schemas.
Props joehoyle, jnylen0.
Fixes #38617.
Built from https://develop.svn.wordpress.org/trunk@39105


git-svn-id: http://core.svn.wordpress.org/trunk@39047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 02:18:29 +00:00
Joe Hoyle 901c4ed17a REST API: Support querying for multiple post statuses.
Multiple post statuses can be specified by the usual CSV or array-propper format.

Props jnylen0, kadamwhite, websupporter.
Fixes #38420.

Built from https://develop.svn.wordpress.org/trunk@39104


git-svn-id: http://core.svn.wordpress.org/trunk@39046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:46:29 +00:00
Rachel Baker 676ae9fc2b REST API: Use the `items` attribute for the taxonomies `types` schema property for proper sanitization/validation.
Props danielbachhuber, joehoyle.
Fixes #38631.
Built from https://develop.svn.wordpress.org/trunk@39103


git-svn-id: http://core.svn.wordpress.org/trunk@39045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:26:28 +00:00
Rachel Baker 94ab2f9b16 REST API: Return an error when the length of a comment field is too long.
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.

Props rachelbaker, mangeshp, salcode, pento.
Fixes #38477.
Built from https://develop.svn.wordpress.org/trunk@39101


git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:12:31 +00:00
Joe Hoyle 5666292dda REST API: Include `taxonomies` as an attribute of post types.
Add the taxonomies for a post type to the `/wp/v2/types` endpoint, so clients know which taxonomies are available for which post types.

Props danielbachhuber.
Fixes #38438, #38631.

Built from https://develop.svn.wordpress.org/trunk@39097


git-svn-id: http://core.svn.wordpress.org/trunk@39039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 21:51:30 +00:00
Joe Hoyle 37858faf96 REST API: Add en_US to the locales enum.
Props ocean90.
Fixes #38528. 

Built from https://develop.svn.wordpress.org/trunk@39096


git-svn-id: http://core.svn.wordpress.org/trunk@39038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 21:21:32 +00:00
Ryan McCue 34cf5d8934 REST API: Allow querying for multiple `slug` values.
Props jnylen0, rachelbaker.
Fixes #38579.

Built from https://develop.svn.wordpress.org/trunk@39093


git-svn-id: http://core.svn.wordpress.org/trunk@39035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 07:14:29 +00:00
Ryan McCue 624def0ec3 REST API: Add update and delete endpoints to /users/me
Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.

Props pento.
Fixes #38521 (hopefully).

Built from https://develop.svn.wordpress.org/trunk@39092


git-svn-id: http://core.svn.wordpress.org/trunk@39034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:53:32 +00:00
Ryan McCue 3fef086ede REST API: Set default sanitize callback if type is set.
Props joehoyle, ChopinBach, jnylen0.
Fixes #38593.

Built from https://develop.svn.wordpress.org/trunk@39091


git-svn-id: http://core.svn.wordpress.org/trunk@39033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:28:29 +00:00
Ryan McCue 862724274e REST API: Add locale to user resource.
Props ocean90, joehoyle.
Fixes #38528.

Built from https://develop.svn.wordpress.org/trunk@39090


git-svn-id: http://core.svn.wordpress.org/trunk@39032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:24:29 +00:00
Ryan McCue a911bf7e2c REST API: Avoid default sanitization for polymorphic params.
Some parameters (`title`, `content`, etc) are objects in the output, but allow objects or strings to be sent in updates for a more ergonomic interface. This is pretty weird behaviour, so the default sanitisation doesn't handle this. We instead handle this ourselves in the preparation.

Props joehoyle, rachelbaker.
Fixes #38529.

Built from https://develop.svn.wordpress.org/trunk@39089


git-svn-id: http://core.svn.wordpress.org/trunk@39031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:02:29 +00:00
Ryan McCue d7bdd72510 REST API: Change method of merging parameters.
`array_merge()` incorrectly reindexes numeric parameters, causing things like `{"123": true}` to be "dropped".

Props sswells, joehoyle.
Fixes #38306.

Built from https://develop.svn.wordpress.org/trunk@39087


git-svn-id: http://core.svn.wordpress.org/trunk@39029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 05:53:31 +00:00
Ryan McCue ba039f7546 REST API: Remove the Location redirect for the /users/me endpoint.
This is a re-commit of [38980], which was reverted in [38990].

Props youknowriad, jnylen0, pento.
Fixes #38521.

Built from https://develop.svn.wordpress.org/trunk@39085


git-svn-id: http://core.svn.wordpress.org/trunk@39027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 03:44:30 +00:00
Ryan McCue 08ea66490b REST API: Only expose formats supported by the current theme.
While it's valid to save any format to the database, and WordPress is totally fine with that, we should only include the formats specified by the theme in the schema.

Props danielbachhuber.
Fixes #38610.

Built from https://develop.svn.wordpress.org/trunk@39084


git-svn-id: http://core.svn.wordpress.org/trunk@39026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 03:37:32 +00:00
Joe Hoyle f1591eccca REST API: Add support for "integer" type for meta and options
Previously Settings only supported "number" which meant it was possible to push floats to things like posts_per_page. This means now developers can also specify `type => ineger` in meta nad settings resgration.

Props flixos90.
Fixes #38393.

Built from https://develop.svn.wordpress.org/trunk@39058


git-svn-id: http://core.svn.wordpress.org/trunk@39000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 16:07:31 +00:00
Gary Pendergast 03e34ab461 REST API: Allow a CSV list of user roles to be passed to `/users`.
After [39048], this changes explicitly parses the list of user roles as slugs, and adds tests.

Props jnylen0.
Fixes #38557.


Built from https://develop.svn.wordpress.org/trunk@39056


git-svn-id: http://core.svn.wordpress.org/trunk@38998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 11:11:29 +00:00
Gary Pendergast 9862543913 REST API: Allow a CSV list of term IDs to be passed to `/posts`.
[39048] added CSV support to array types, this change explicitly parses term lists as IDs, and adds tests.

Props timmydcrawford, pento.
Fixes #38553.


Built from https://develop.svn.wordpress.org/trunk@39055


git-svn-id: http://core.svn.wordpress.org/trunk@38997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 11:06:31 +00:00
Drew Jaynes 5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Drew Jaynes 9635867540 Docs: The `query_vars` filter used in the REST posts controller should be notated as a duplicate rather than a new hook.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39049


git-svn-id: http://core.svn.wordpress.org/trunk@38991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 05:50:29 +00:00
Ryan McCue 4dab905dba REST API: Support password on non-post post types.
The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI.

Props jnylen0.
Fixes #38582.

Built from https://develop.svn.wordpress.org/trunk@39047


git-svn-id: http://core.svn.wordpress.org/trunk@38989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 03:53:32 +00:00
Gary Pendergast 6c1e98d1fb REST API: Add support for arrays in schema validation and sanitization.
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.

This can easily be extended to support new data types, such as CSV fields or objects.

Props joehoyle, rachelbaker, pento.
Fixes #38531.


Built from https://develop.svn.wordpress.org/trunk@39046


git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 01:48:41 +00:00
Gary Pendergast dbc4b87b7f REST API: Allow Content-Type on CORS requests.
This allows `POST` requests with a wider variety of `Content-Type' headers - `Content-Type: application/json`, for example.

Props jnylen0.
Fixes #37994.


Built from https://develop.svn.wordpress.org/trunk@39044


git-svn-id: http://core.svn.wordpress.org/trunk@38986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 00:34:33 +00:00
Drew Jaynes 993b3a5c6e Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Users_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39036


git-svn-id: http://core.svn.wordpress.org/trunk@38978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:52:30 +00:00
Drew Jaynes b8f14e00ef Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_User_Meta_Fields` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39034


git-svn-id: http://core.svn.wordpress.org/trunk@38976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:28:30 +00:00
Drew Jaynes 90c17ccbf1 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Terms_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39033


git-svn-id: http://core.svn.wordpress.org/trunk@38975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:21:30 +00:00
Drew Jaynes b71e62b9eb Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Term_Meta_Fields` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39032


git-svn-id: http://core.svn.wordpress.org/trunk@38974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:09:32 +00:00
Drew Jaynes 7d7d0c8599 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Taxonomies_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39031


git-svn-id: http://core.svn.wordpress.org/trunk@38973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:07:33 +00:00
Drew Jaynes 5dfa0c4cee Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Settings_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39030


git-svn-id: http://core.svn.wordpress.org/trunk@38972 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:01:30 +00:00
Drew Jaynes 2452f69485 REST: Fix some errant `else if` conditions and add a few missing periods on inline comments.
Props mrahmadawais.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39029


git-svn-id: http://core.svn.wordpress.org/trunk@38971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:54:30 +00:00
Drew Jaynes 596ee8bc9d Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Revisions_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39028


git-svn-id: http://core.svn.wordpress.org/trunk@38970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:50:29 +00:00
Drew Jaynes 1ef0a5514e REST: Fix a yoda condition in `WP_REST_Request::get_parameter_order()` and add a missing period for an inline comment in `WP_REST_Request::from_url().
Props mrahmadawais.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39027


git-svn-id: http://core.svn.wordpress.org/trunk@38969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:42:45 +00:00
Drew Jaynes e84b257852 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Posts_Controller` class.
Props Soean, mrahmadawais, flixos90, DrewAPicture.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39026


git-svn-id: http://core.svn.wordpress.org/trunk@38968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:37:35 +00:00
Drew Jaynes 7d488bd2b1 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Post_Types_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39025


git-svn-id: http://core.svn.wordpress.org/trunk@38967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:51:30 +00:00
Drew Jaynes 04f0340a96 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Post_Statuses_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39024


git-svn-id: http://core.svn.wordpress.org/trunk@38966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:44:38 +00:00
Drew Jaynes c4df9d63ba Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Post_Meta_Fields` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39023


git-svn-id: http://core.svn.wordpress.org/trunk@38965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:36:32 +00:00
Drew Jaynes 9ce98d98ac Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Meta_Fields` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39022


git-svn-id: http://core.svn.wordpress.org/trunk@38964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:33:30 +00:00
Drew Jaynes 718f9fe868 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39021


git-svn-id: http://core.svn.wordpress.org/trunk@38963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 16:20:29 +00:00
Drew Jaynes e2e47a192d Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Comments_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39015


git-svn-id: http://core.svn.wordpress.org/trunk@38957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 06:55:30 +00:00
Drew Jaynes 7d25657c01 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Comment_Meta_Fields` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39014


git-svn-id: http://core.svn.wordpress.org/trunk@38956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 06:34:31 +00:00
Drew Jaynes 08b0407367 Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Attachments_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39011


git-svn-id: http://core.svn.wordpress.org/trunk@38953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 05:40:37 +00:00
Gary Pendergast 60eb1ddc5c REST API: Revert [38980].
`/users/me` still needs attention, but this change wasn't quite ready.

See #38521.


Built from https://develop.svn.wordpress.org/trunk@38990


git-svn-id: http://core.svn.wordpress.org/trunk@38933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 02:07:35 +00:00
Rachel Baker 4a37a04d0f REST API: Return `WP_Error` when a client is attempting to update an option with a non-scalar value to `null`.
A `null` value is returned in the response for any option that has a non-scalar value.

To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.

Props joehoyle, rachelbaker.
Fixes #38527.
Built from https://develop.svn.wordpress.org/trunk@38982


git-svn-id: http://core.svn.wordpress.org/trunk@38925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 16:08:45 +00:00
Rachel Baker d42acc530c REST API: Remove the Location header redirect for the /users/me endpoint.
Props youknowriad jnylen0.
Fixes #38521.
Built from https://develop.svn.wordpress.org/trunk@38980


git-svn-id: http://core.svn.wordpress.org/trunk@38923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 14:37:36 +00:00
Boone Gorges 493f76a3d2 REST API: Use `wp_get_object_terms()` when fetching terms for a post object.
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.

Fixes #38504.
Built from https://develop.svn.wordpress.org/trunk@38974


git-svn-id: http://core.svn.wordpress.org/trunk@38917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 01:42:32 +00:00
Rachel Baker d359ffc270 REST API: Remove experimental `filter` wrapper parameter from the Posts Controller class.
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.

Props websupporter, rachelbaker.
Fixes #38378.
Built from https://develop.svn.wordpress.org/trunk@38968


git-svn-id: http://core.svn.wordpress.org/trunk@38911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 21:37:31 +00:00
Boone Gorges 91b518a716 REST API: Use term-specific caps for permission checks in term update and delete endpoints.
See #38505.
Built from https://develop.svn.wordpress.org/trunk@38960


git-svn-id: http://core.svn.wordpress.org/trunk@38903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 14:52:29 +00:00
Rachel Baker 0c2a6184eb REST API: Add constructor to the `WP_REST_Settings_Controller` class.
Provides consistency with the other API endpoint controller classes.

Props Soean.
Fixes #38429.
Built from https://develop.svn.wordpress.org/trunk@38954


git-svn-id: http://core.svn.wordpress.org/trunk@38897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 13:45:47 +00:00
Gary Pendergast 6b4357e14b REST API: Deprecate the `rest_enabled` filter.
As the REST API becomes more integral to WordPress Core, turning it off will cause a... suboptimal experience. If we don't want it to be turned off, the off switch needs to be removed.

Props jorbin, pento.
Fixes #38446.


Built from https://develop.svn.wordpress.org/trunk@38947


git-svn-id: http://core.svn.wordpress.org/trunk@38890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 06:28:30 +00:00
Rachel Baker b13da6ae73 REST API: Add missing sanitization callback for the `hide_empty` parameter of the Terms Controller.
Fixes a bug where the boolean parameter `hide_empty` was not being properly sanitized in the Terms controller.

Props websupporter.
Fixes #38465.
Built from https://develop.svn.wordpress.org/trunk@38942


git-svn-id: http://core.svn.wordpress.org/trunk@38885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 02:29:30 +00:00
Joe Hoyle e8a311ed02 REST API: Validate posts status enum
Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function.

Fixes #38417.

Built from https://develop.svn.wordpress.org/trunk@38911


git-svn-id: http://core.svn.wordpress.org/trunk@38854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 17:13:28 +00:00
Rachel Baker cdce9d5dac REST API: Allow comments to be created setting the user_agent parameter.
As of WordPress 4.3 the `wp_new_comment()` function has been updated to allow the comment_agent value to be set when a comment is created. The comments API endpoint now allows the comment author's user agent to be set when creating a comment.
Also, the `readonly` property on the `author_user_agent` parameter in the schema was removed.

Props rabmalin for the initial patch.
Fixes #38425.
Built from https://develop.svn.wordpress.org/trunk@38864


git-svn-id: http://core.svn.wordpress.org/trunk@38807 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-21 18:28:32 +00:00
Rachel Baker e4a7c0a397 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832


git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 02:55:32 +00:00
Dominik Schilling ae2ff33c91 Docs: Improve formatting of filter docs added in [38689].
Fixes #35590.
Built from https://develop.svn.wordpress.org/trunk@38749


git-svn-id: http://core.svn.wordpress.org/trunk@38692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-07 19:24:28 +00:00
Joe Hoyle d72da116be REST API: Add filters to allow creating REST API middleware plugins.
Introduce two new filters: `rest_request_before_callbacks` and `rest_request_after_callbacks` to
assist REST API middleware plugins to perform pre-callback and cleanup hooks such as `switch_to_blog()`
or caching implementations.

Props jnylen0.
Fixes #35590.

Built from https://develop.svn.wordpress.org/trunk@38689


git-svn-id: http://core.svn.wordpress.org/trunk@38632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 20:12:28 +00:00
Joe Hoyle 794dd5d8cb REST API: Enable sanitize_callback to return WP_Error.
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Built from https://develop.svn.wordpress.org/trunk@38601


git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-14 15:50:29 +00:00
Dominik Schilling 97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Rachel Baker e5fcbb3514 REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.
Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.

Props schlessera, rachelbaker.
See #37247.
Fixes #37192.



Built from https://develop.svn.wordpress.org/trunk@37943


git-svn-id: http://core.svn.wordpress.org/trunk@37884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-02 23:03:27 +00:00
Rachel Baker a475d0a161 REST API: Include auto-discovery Link header when serving API requests.
The Link header allows clients to verify if a site has made the REST API available, as well as indicating how to access it.

Props danielbachhuber.
Fixes #35580.



Built from https://develop.svn.wordpress.org/trunk@37903


git-svn-id: http://core.svn.wordpress.org/trunk@37844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 01:57:55 +00:00
Rachel Baker 228c60a222 REST API: Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines.
Prevent duplicate content issues with search engines and REST API endpoint response data.

Fixes #36390.
Props m_uysl for the initial patch.
Built from https://develop.svn.wordpress.org/trunk@37726


git-svn-id: http://core.svn.wordpress.org/trunk@37692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 14:59:28 +00:00
Peter Wilson 47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Rachel Baker 99cca27041 REST API: Create the general `wp_check_jsonp_callback()` function for validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.

Props rmccue.
Fixes #28523.
Built from https://develop.svn.wordpress.org/trunk@37646


git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:34:28 +00:00
Drew Jaynes f03eef071e Docs: Standardize hook docs in wp-includes/rest-api/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37490


git-svn-id: http://core.svn.wordpress.org/trunk@37458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:08:29 +00:00
Drew Jaynes b1804afeaf Docs: Standardize on 'backward compatibility/compatible' nomenclature in core inline docs.
Also use 'back-compat' in some inline comments where backward compatibility is the subject and shorthand feels more natural.

Note: 'backwards compatibility/compatibile' can also be considered correct, though it's primary seen in regular use in British English.

Props ocean90.
Fixes #36835.

Built from https://develop.svn.wordpress.org/trunk@37431


git-svn-id: http://core.svn.wordpress.org/trunk@37397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-13 18:41:31 +00:00
Drew Jaynes fe3b007fdd Docs: Remove inline `@see` tags from function, class, and method references in inline docs.
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.

Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@37342


git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Mark Jaquith 31152de134 REST API: Deliver parameters unadulterated instead of slashed.
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.

Props joehoyle.
Fixes #36419.
Built from https://develop.svn.wordpress.org/trunk@37163


git-svn-id: http://core.svn.wordpress.org/trunk@37130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-06 21:02:28 +00:00
Joe Hoyle a07988c1c5 REST API: Provide better method for generating CURIEs
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.

This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.

Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.

Fixes #34729.


Built from https://develop.svn.wordpress.org/trunk@37041


git-svn-id: http://core.svn.wordpress.org/trunk@37008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-22 00:16:27 +00:00
Rachel Baker 6edbcc88ff REST API: Add `home_url` to API index to avoid confusion with `site_url`.
Confusion abound, the API index is the generic term `url` to display the `site_url`. New `home` key will display the `home_url` in the index as well.

Fixes #35647.
Built from https://develop.svn.wordpress.org/trunk@37031


git-svn-id: http://core.svn.wordpress.org/trunk@36998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 19:16:29 +00:00
Rachel Baker 76d14c1d24 REST API: Remove unused variable `$api_root` from WP_Rest_Server->embed_links() method.
After [r36674] the variable `$api_root` is no longer used in this method and should be removed.

See #35803.
Built from https://develop.svn.wordpress.org/trunk@37021


git-svn-id: http://core.svn.wordpress.org/trunk@36988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 21:41:28 +00:00
Drew Jaynes a65c79b3d2 Docs: Use a third-person singular verb in the DocBlock summary for `WP_REST_Response::get_curies()`, introduced in [36533].
Also adds a missing return description.

See #34729. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37015


git-svn-id: http://core.svn.wordpress.org/trunk@36982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 16:54:26 +00:00
Drew Jaynes ddf7375217 Docs: Improve parameter description syntax in the hook doc for the `rest_request_from_url` filter, introduced in [36673].
See #35803. See #35986,

Built from https://develop.svn.wordpress.org/trunk@37014


git-svn-id: http://core.svn.wordpress.org/trunk@36981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 16:52:27 +00:00
Drew Jaynes 408da605e4 Docs: Improve the DocBlock for `WP_REST_Request::from_url()`, introduced in [36673].
See #35803. See #35986.

Built from https://develop.svn.wordpress.org/trunk@37013


git-svn-id: http://core.svn.wordpress.org/trunk@36980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 16:50:27 +00:00
Ryan McCue 937b0c3241 REST API: Use WP_REST_Request::from_url() when embedding.
See #35803.

Built from https://develop.svn.wordpress.org/trunk@36674


git-svn-id: http://core.svn.wordpress.org/trunk@36641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 04:20:25 +00:00
Ryan McCue 0b7e133054 REST API: Add WP_REST_Request::from_url()
Allows converting a REST URL into a Request object.

Props danielbachhuber.
Fixes #35803.

Built from https://develop.svn.wordpress.org/trunk@36673


git-svn-id: http://core.svn.wordpress.org/trunk@36640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 04:01:26 +00:00
Drew Jaynes a0aa608970 Docs: Improve documentation for `WP_REST_Request` to highlight a caveat of ArrayAccess when it comes to passing similar arguments for multiple request methods.
Props danielbachhuber, DrewAPicture.
Fixes #35799.

Built from https://develop.svn.wordpress.org/trunk@36636


git-svn-id: http://core.svn.wordpress.org/trunk@36603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-23 16:57:26 +00:00
Rachel Baker 9fdb970ceb Docs: Add missing @since and @access tags to `get_curies` method and filter from r36533
See #34729, #32246.
Built from https://develop.svn.wordpress.org/trunk@36593


git-svn-id: http://core.svn.wordpress.org/trunk@36560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-19 23:42:27 +00:00
Drew Jaynes e020ccd081 Docs: Add formatting to a changelog entry in the hook doc for the `rest_dispatch_request` filter.
See [36534]. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36576


git-svn-id: http://core.svn.wordpress.org/trunk@36543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-18 18:18:25 +00:00
Ryan McCue 3e65236aa7 REST API: Apply rest_post_dispatch to embedded responses.
Fixes #35628.
Props @danielbachhuber.

Built from https://develop.svn.wordpress.org/trunk@36536


git-svn-id: http://core.svn.wordpress.org/trunk@36503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 06:06:27 +00:00
Ryan McCue 03ba67a0b7 REST API: Allow explicit HEAD callbacks.
HEAD callbacks can now be registered independently, with the GET
callback still used as a fallback.

Fixes #34841.

Built from https://develop.svn.wordpress.org/trunk@36535


git-svn-id: http://core.svn.wordpress.org/trunk@36502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 05:51:26 +00:00
Ryan McCue 0438795671 REST API: Add routing args to rest_dispatch_request filter.
This allows requests to be hijacked via the filter more easily.

Fixes #35507.

Built from https://develop.svn.wordpress.org/trunk@36534


git-svn-id: http://core.svn.wordpress.org/trunk@36501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 04:40:26 +00:00
Ryan McCue 47bee5157b REST API: Add support for CURIEs.
CURIEs are Compact URIs, which provide a more usable way to use
custom relations in the API. The `wp` CURIE is registered by default
for `https://api.w.org/` URI relations.

Fixes #34729.
Props joehoyle.

Built from https://develop.svn.wordpress.org/trunk@36533


git-svn-id: http://core.svn.wordpress.org/trunk@36500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 02:19:27 +00:00
Joe Hoyle ee94a28953 REST API: Improve formatting of failed validation errors.
If a validation_callback returns a WP_Error it should give the same response format as if it returned `false`. This makes programmatically reading the validation errors better.

Props bradyvercher for initial patch.
Fixes #35028.

Built from https://develop.svn.wordpress.org/trunk@35890


git-svn-id: http://core.svn.wordpress.org/trunk@35854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-12 18:23:28 +00:00
Scott Taylor 4ae83ec7ec REST API: Core typically sends nocache headers on all auth'ed responses, as in `wp`, `admin-ajax`, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.
Adds unit tests.

Props joehoyle.
Fixes #34832.

Built from https://develop.svn.wordpress.org/trunk@35773


git-svn-id: http://core.svn.wordpress.org/trunk@35737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:36:25 +00:00
Mark Jaquith 6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Ryan McCue d1436af513 REST API: Unabbreviate error string.
Props daniel-koskinen.
Fixes #34818.

Built from https://develop.svn.wordpress.org/trunk@35750


git-svn-id: http://core.svn.wordpress.org/trunk@35714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-30 09:51:27 +00:00
Ryan McCue 7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static.
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
John Blackbourn 16502d03f2 Remove `register_api_field()` from core. This is the only core function that utilises the `$wp_rest_additional_fields` global, and doesn't belong as part of the infrastructure.
See https://github.com/WP-API/WP-API/pull/1748

Fixes #34730

Built from https://develop.svn.wordpress.org/trunk@35687


git-svn-id: http://core.svn.wordpress.org/trunk@35651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:39:26 +00:00
John Blackbourn 407f641cf3 Update `WP_REST_Response::as_error()` to handle the new format error responses introduced in [35653].
Props danielbachhuber
Fixes #34551

Built from https://develop.svn.wordpress.org/trunk@35671


git-svn-id: http://core.svn.wordpress.org/trunk@35635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 18:29:26 +00:00
Ryan McCue 0801acbdd8 REST API: Remove redundant "0" parameter.
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()

Props danielbachhuber.
Fixes #34647.

Built from https://develop.svn.wordpress.org/trunk@35659


git-svn-id: http://core.svn.wordpress.org/trunk@35623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 07:24:28 +00:00
Ryan McCue 81ffd2492c REST API: Optimise for singular error instances.
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.

Fixes #34551.

Built from https://develop.svn.wordpress.org/trunk@35653


git-svn-id: http://core.svn.wordpress.org/trunk@35617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 04:12:26 +00:00
Ryan McCue 9524ebb38e REST API: Include enum and description in help data.
Props lcherpit.
Fixes #34543.

Built from https://develop.svn.wordpress.org/trunk@35652


git-svn-id: http://core.svn.wordpress.org/trunk@35616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 02:49:28 +00:00
Ryan McCue b03e036e94 REST API: Require namespace when registering routes.
Props danielbachhuber.
Fixes #34416.

Built from https://develop.svn.wordpress.org/trunk@35651


git-svn-id: http://core.svn.wordpress.org/trunk@35615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 02:39:30 +00:00
Ryan McCue b0ee5efef2 REST API: Change link relations to api.w.org
Fixes #34303.

Built from https://develop.svn.wordpress.org/trunk@35650


git-svn-id: http://core.svn.wordpress.org/trunk@35614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 02:24:27 +00:00
Dominik Schilling 5403b62a6a REST API: Use correct `@access` tag for `WP_REST_Request->get_parameter_order()`.
Props Frozzare.
Fixes #34624.
Built from https://develop.svn.wordpress.org/trunk@35612


git-svn-id: http://core.svn.wordpress.org/trunk@35576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-11 19:39:25 +00:00
Scott Taylor 16637eeee4 REST API: in `WP_REST_Server::dispatch()`, move `preg_match()` out of it's current loop, which doesn't affect the context passed to it.
Props TobiasBg.
Fixes #34488.

Built from https://develop.svn.wordpress.org/trunk@35514


git-svn-id: http://core.svn.wordpress.org/trunk@35478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 21:23:25 +00:00
Scott Taylor a36900c076 REST API: remove the `@internal` annotation from `rest_api_default_filters()`.
Props swissspidy, rachelbaker.
Fixes #34219.

Built from https://develop.svn.wordpress.org/trunk@35474


git-svn-id: http://core.svn.wordpress.org/trunk@35438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:08:25 +00:00
John Blackbourn 37c2054778 Remove trailing whitespace introduced in [35351].
Props rachelbaker
Unprops johnbillion
Fixes #34512

Built from https://develop.svn.wordpress.org/trunk@35462


git-svn-id: http://core.svn.wordpress.org/trunk@35426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-30 21:39:25 +00:00
Sergey Biryukov 5d9dc4b8bf REST API: Use correct version in `_doing_it_wrong()` call.
Props TobiasBg.
Fixes #34490.
Built from https://develop.svn.wordpress.org/trunk@35434


git-svn-id: http://core.svn.wordpress.org/trunk@35398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 20:12:24 +00:00
Sergey Biryukov e7082e31dd REST API: Add missing translator comments for deprecated function and argument strings.
Props akirk.
Fixes #34486.
Built from https://develop.svn.wordpress.org/trunk@35433


git-svn-id: http://core.svn.wordpress.org/trunk@35397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-29 19:04:26 +00:00
Scott Taylor 31e0b06125 REST API: don't load `wp-admin/includes/admin.php` on every request.
Props swissspidy.
Fixes #34395.

Built from https://develop.svn.wordpress.org/trunk@35353


git-svn-id: http://core.svn.wordpress.org/trunk@35319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 16:29:28 +00:00
John Blackbourn 7757d04ce3 Force the REST API URL to use `https` for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL.
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299

Built from https://develop.svn.wordpress.org/trunk@35351


git-svn-id: http://core.svn.wordpress.org/trunk@35317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 00:08:26 +00:00
John Blackbourn e552b77739 Revert [34352], pending investigation.
See #34299

Built from https://develop.svn.wordpress.org/trunk@35349


git-svn-id: http://core.svn.wordpress.org/trunk@35315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 23:06:30 +00:00
John Blackbourn f7f5b64a7e Force the REST API URL to use `https` for its scheme when the current request is served over HTTPS and the host name matches that of the REST API URL.
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.

Fixes #34299

Built from https://develop.svn.wordpress.org/trunk@35342


git-svn-id: http://core.svn.wordpress.org/trunk@35308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 20:38:50 +00:00
Drew Jaynes 6a51505a23 Docs: Improve the return description in the DocBlock for `rest_send_allow_header()`.
Props danielbachhuber.
Fixes #34374.

Built from https://develop.svn.wordpress.org/trunk@35324


git-svn-id: http://core.svn.wordpress.org/trunk@35290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 13:48:27 +00:00
Sergey Biryukov 116f59af60 REST API: Change nonce name to `_wpnonce`.
It's shorter and is compatible with the default name in `wp_nonce_field()`.

Props danielbachhuber.
Fixes #34375.
Built from https://develop.svn.wordpress.org/trunk@35323


git-svn-id: http://core.svn.wordpress.org/trunk@35289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 08:14:24 +00:00
Drew Jaynes a92d4f6fcb Docs: Update the default scheme for `get_rest_url()` from 'json' to 'rest'.
Also adds 'rest' to the documented list of schemes for `home_url()`, `get_home_url()`, `set_url_scheme()`, and the `home_url` and `set_url_scheme` hooks.

Props rachelbaker.
Fixes #34300.

Built from https://develop.svn.wordpress.org/trunk@35274


git-svn-id: http://core.svn.wordpress.org/trunk@35240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-19 22:39:25 +00:00
Drew Jaynes fd9bcf111d Docs: Fix a typo in the `$blog_id` parameter name in the `rest_url` filter doc.
Props rachelbaker.
Fixes #34351.

Built from https://develop.svn.wordpress.org/trunk@35266


git-svn-id: http://core.svn.wordpress.org/trunk@35232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-18 23:12:25 +00:00
Scott Taylor c756465146 HTTP/REST API: move `WP_HTTP_Response` to `wp-includes/` with the rest (ha!) of the HTTP classes. This is PHP 5.2, so this class is global, and as per @rmccue, unrelated to REST specifically.
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34953


git-svn-id: http://core.svn.wordpress.org/trunk@34918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 19:27:28 +00:00