Slashing non-string data caused PUT requests containing unmodified meta arrays of integers to fail the check against the existing stored meta value, causing a 500 when posting an unmodified response body back to the server.
Props TimothyBlynJacobs, augustuswm.
Fixes#48264.
Built from https://develop.svn.wordpress.org/trunk@46454
git-svn-id: http://core.svn.wordpress.org/trunk@46252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that the ::get_rest_controller() method will always return an instanceof the expected controller class, or null.
Removes unused private static property $post_type_controllers.
Props dlh, TimothyBlynJacobs.
Fixes#45677.
Built from https://develop.svn.wordpress.org/trunk@46435
git-svn-id: http://core.svn.wordpress.org/trunk@46233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
1. `POST /wp/v2/media`.
2. If the upload failed (HTTP 500 error), look for a response header with `X-WP-Upload-Attachment-ID` header that contains the newly created attachment ID.
3. `POST /wp/v2/media/{id}/post-process` with `{ "action": "create-image-subsizes" }`. This request may still fail, but it will save its progress.
4. On continued failure, `DELETE /wp/v2/media/{id}` to give up on the upload and instruct the user to resize their image before uploading.
Props TimothyBlynJacobs.
Fixes#47987.
Built from https://develop.svn.wordpress.org/trunk@46422
git-svn-id: http://core.svn.wordpress.org/trunk@46220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Cache REST controller references on their associated post type object to prevent unnecessary controller re-instantiation, which previously caused "rest_prepare_{$post_type}" and "rest_{$post_type}_query" to run twice per request.
Props TimothyBlynJacobs, patrelentlesstechnologycom.
Fixes#45677.
Built from https://develop.svn.wordpress.org/trunk@46272
git-svn-id: http://core.svn.wordpress.org/trunk@46084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Expose a date_floating property on all status objects to permit clients (including the block editor) to make correct decisions about date handling for posts of varying status.
Props mnelson4, earnjam, kadamwhite, jnylen0, nerrad, pento.
See #39953.
Built from https://develop.svn.wordpress.org/trunk@46252
git-svn-id: http://core.svn.wordpress.org/trunk@46064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The PHP native JSON extension has been bundled and compiled with PHP by default since version 5.2.0. Because the minimum version of PHP required by WordPress is now 5.6.20 (see #46594 and [45058]), JSON extension related polyfills and backwards compatibility code can now be removed.
This change removes code that supported JSON related functionality on older versions of PHP. This includes (but is not limited to) checks that `json_last_error()` exists, checking and setting the `JSON_UNESCAPED_SLASHES` and `JSON_PRETTY_PRINT` constants if not previously defined, and deprecating the `_wp_json_prepare_data()` function (which was 100% workaround code).
Follow up of [46205].
See #47699.
Props jrf, Clorith, pento.
Built from https://develop.svn.wordpress.org/trunk@46206
git-svn-id: http://core.svn.wordpress.org/trunk@46018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enable clients to opt-in to receipt of one or more specific sub-properties within a response, and not other sub-properties.
Skip potentially expensive filtering and processing for post resources which were explicitly not requested.
Props kadamwhite, TimothyBlynJacobs, dlh.
Fixes#42094.
Built from https://develop.svn.wordpress.org/trunk@46184
git-svn-id: http://core.svn.wordpress.org/trunk@45996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version.
For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes.
Props ayeshrajans, jrf, jorbin.
See #47783.
Fixes#18322.
Built from https://develop.svn.wordpress.org/trunk@46105
git-svn-id: http://core.svn.wordpress.org/trunk@45917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hook documentation should be on the line directly above the line containing the `do_action()` or `apply_filters()` call. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of duplicate hook references.
Includes minor code layout fixes.
See #47110.
Built from https://develop.svn.wordpress.org/trunk@46088
git-svn-id: http://core.svn.wordpress.org/trunk@45900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents a non-sequential post type array such as [ 0 => 'post', 2 => 'page' ] from being improperly converted to an object in the taxonomy endpoint's response JSON.
Props TimothyBlynJacobs, birgire, spectacula.
Fixes#42209.
Built from https://develop.svn.wordpress.org/trunk@45813
git-svn-id: http://core.svn.wordpress.org/trunk@45624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allowing the client to delete revisions breaks the "audit trail" functionality. This is not allowed in WordPress and shouldn't be allowed through the API.
While not recommended, a plugin may opt-in to the previous behavior by setting a custom 'delete_post' capability for the revisions post type.
Props dlh, danielbachhuber, TimothyBlynJacobs, azaozz, kadamwhite.
Fixes#43709.
Built from https://develop.svn.wordpress.org/trunk@45812
git-svn-id: http://core.svn.wordpress.org/trunk@45623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Caches the output of get_item_schema() to avoid redundant recomputation of translatable strings and other computed values. This method is called many times per item in each REST request, and the results of the method should not vary between calls.
Additional schema fields are not cached.
Props kadamwhite, joehoyle, TimothyBlynJacobs.
Fixes#47871.
Built from https://develop.svn.wordpress.org/trunk@45811
git-svn-id: http://core.svn.wordpress.org/trunk@45622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Status code 204 should indicate no response body is sent. Previously, a "null" string was sent, which MacOS Safari would try to parse as JSON and thereby fail to complete the request.
Props TimothyBlynJacobs, andizer, matthias.thiel.
Fixes#43691.
Built from https://develop.svn.wordpress.org/trunk@45809
git-svn-id: http://core.svn.wordpress.org/trunk@45620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Extends meta registration to support complex schema values, mirroring the functionality in the settings controller.
Error when trying to modify a meta key containing schema-nonconformant data.
Props @TimothyBlynJacobs, @birgire, @mnelson4, @flixos90.
Fixes#43392.
Built from https://develop.svn.wordpress.org/trunk@45807
git-svn-id: http://core.svn.wordpress.org/trunk@45618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `WP_REST_Controller::get_fields_for_response()`, exclude fields which are not registered to appear in the request's context.
In conjunction with r45705 this prevents the unnecessary computation of the sample permalink when making a request that is not context=edit.
Props dlh.
Fixes#45605.
Built from https://develop.svn.wordpress.org/trunk@45706
git-svn-id: http://core.svn.wordpress.org/trunk@45517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The sample permalink will now only be generated if the derivative `permalink_template` or `generated_slug` fields are to be included in the response, preventing an unnecessary database request for each post (via `wp_unique_post_slug()`) when those fields are not requested.
Props dlh.
See #45605.
Built from https://develop.svn.wordpress.org/trunk@45705
git-svn-id: http://core.svn.wordpress.org/trunk@45516 1a063a9b-81f0-0310-95a4-ce76da25c4cd
PHP 7.4 addes a warning when trying access a null/bool/int/float/resource (everything but array, string and object) as if it were an array.
This change fixes all of these warnings visible in unit tests.
Props jrf.
See #47704.
Built from https://develop.svn.wordpress.org/trunk@45639
git-svn-id: http://core.svn.wordpress.org/trunk@45450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.
See #46732.
Built from https://develop.svn.wordpress.org/trunk@45611
git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use of `date()` in core depends on PHP timezone set to UTC and not changed by third party code (which cannot be guaranteed).
`gmdate()` is functionally equivalent, but is not affected by PHP timezone setting: it's always UTC, which is the exact behavior the core needs.
Props nielsdeblaauw, Rarst.
Fixes#46438. See #44491.
Built from https://develop.svn.wordpress.org/trunk@45424
git-svn-id: http://core.svn.wordpress.org/trunk@45235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a `PUT` request is performed to update a user, a `rest_user_invalid_email` error is incorrectly being returned when the email exists with different letter casing, even if it belongs to the user being updated. `email_exists()` performs a case insensitive lookup, but the conditional statement following that lookup was performing a strict comparison between the new email and the user’s current email.
This changes that comparison to instead compare the user ID returned by `email_exists()` with the user ID being updated. This more closely matches the logic used in `edit_user()` and allows a user to change the letter casing of their email.
Props fuchsws, rachelbaker, desrosj.
Fixes#44672.
Built from https://develop.svn.wordpress.org/trunk@44641
git-svn-id: http://core.svn.wordpress.org/trunk@44472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
Built from https://develop.svn.wordpress.org/trunk@44546
git-svn-id: http://core.svn.wordpress.org/trunk@44377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `WP_REST_Attachments_Controller::create_item()`, `wp-admin/includes/image.php` was being `require_once()`-ed... twice. The superflous `require_once()` has been quietly removed.
Props david.binda.
Merges [44206] to trunk.
Fixes#45420.
Built from https://develop.svn.wordpress.org/trunk@44309
git-svn-id: http://core.svn.wordpress.org/trunk@44139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Skips validation where there is no attribute definition, but keeps the attribute value. Previously, the attribute would be omitted from the attributes passed to `render_callback`. Notably, this resolves an issue where `render_callback` cannot receive a block's `align` and `customClassName` attribute values, since these are defined as a client-side filter.
- Validates `null` as a proper value in its own right. Previously, a client implementation of a block could track `{“attribute":null}` as an explicitly empty value, and the server would wrongly initiate defaulting behavior. The new behavior will now only populate a default value if the attribute is not defined at all, including when unset in its being invalid per the attribute schema.
Props aduth, noisysocks, youknowriad, danielbachhuber.
Merges [43918] to trunk.
See #45145 for the patch, #45098 for the original ticket.
Built from https://develop.svn.wordpress.org/trunk@44269
git-svn-id: http://core.svn.wordpress.org/trunk@44099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43736], we prevented rendering fields when not present in `?_fields=`. However, because `get_fields_for_response()` is dependent on `get_item_schema()`, any custom fields registered with a null schema would be incorrectly excluded from the response. Because the REST API permits a null schema for `register_rest_field()`, those fields should be included in the available fields for a response.
Props danielbachhuber.
Merges [43908] to trunk.
Fixes#45220.
Built from https://develop.svn.wordpress.org/trunk@44254
git-svn-id: http://core.svn.wordpress.org/trunk@44084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When 'parent' is set as the path argument name, it gets passed down through to the `create_item()` method and can erroneously reset the 'parent' value on the post itself. Instead, we rename the argument to 'id' and replicate the revision controller's `get_items_permissions_check()` to instead reference 'id'.
Also ensures revision query params (of which there are many) aren't exposed as the query params for autosaves (of which there are two).
Props TimothyBlynJacobs.
Merges [43897] to trunk.
See #43316.
Built from https://develop.svn.wordpress.org/trunk@44250
git-svn-id: http://core.svn.wordpress.org/trunk@44080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures `wp_read_video_metadata()`/`wp_read_audio_metadata()` functions are available when uploading video and audio. Fixes error introduced in [43589].
Merges [43850] from the 5.0 branch to trunk.
Props ocean90.
See #43757.
Built from https://develop.svn.wordpress.org/trunk@44216
git-svn-id: http://core.svn.wordpress.org/trunk@44046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
`WP_REST_Block_Renderer_Controller` allows rendering of server-side rendered blocks, whilst `WP_REST_Blocks_Controller` allows retrieving of reusable blocks.
Merges [43805] and [43806] from the 5.0 branch to trunk.
Props desrosj, danielbachhuber, pento, Presskopp, swissspidy.
See #45065, #45098.
Built from https://develop.svn.wordpress.org/trunk@44150
git-svn-id: http://core.svn.wordpress.org/trunk@43980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Responsive embeds is a way for a theme to opt in to WordPress dynamically scaling the width/height of an embed. When a theme supports responsive embeds, a `wp-embed-responsive` class is added to the `<body>` tag. This information is also presented through the REST API for clients to respect.
Merges [43790] and [43791] from the 5.0 branch to trunk.
Props desrosj, danielbachhuber, ocean90.
Fixes#45125.
Built from https://develop.svn.wordpress.org/trunk@44138
git-svn-id: http://core.svn.wordpress.org/trunk@43968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `block_version` denotes which version of Blocks the `post_content` contains. Introduces new `block_version()` function for versioning Blocks.
Merges [43770] from the 5.0 branch to trunk.
Props danielbachhuber, birgire.
Fixes#43887.
Built from https://develop.svn.wordpress.org/trunk@44127
git-svn-id: http://core.svn.wordpress.org/trunk@43957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- Adds `WP_REST_Autosaves_Controller` which extends `WP_REST_Revisions_Controller`.
- Autosaves endpoint is registered for all post types except attachment because even post types without revisions enabled are expected to autosave.
- Because setting the `DOING_AUTOSAVE` constant pollutes the test suite, autosaves tests are run last. We may want to improve upon this later.
Also, use a truly impossibly high number in User Controller tests. The number `100`, (or `7777` in `trunk`), could be valid in certain test run configurations. The `REST_TESTS_IMPOSSIBLY_HIGH_NUMBER` constant is impossibly high for this very reason.
Finally, Skip Autosaves controller test for multisite. There's a PHP 5.2 edge case where paths calculated differently, possibly caused by differing version of PHPUnit.
Props adamsilverstein, aduth, azaozz, danielbachhuber, rmccue, danielbachhuber.
Merges [43767], [43768], [43769] to trunk.
See #45132, #45131.
Fixes#45128, #43316.
Built from https://develop.svn.wordpress.org/trunk@44126
git-svn-id: http://core.svn.wordpress.org/trunk@43956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When comparing the old and new values for a meta key being set, ensure both values are sanitized using the same logic so that equal values match.
props boonebgorges, dcavins, MattGeri, pilou69, TimothyBlynJacobs, kadamwhite.
Merges [43740] to trunk.
Fixes#42069.
Built from https://develop.svn.wordpress.org/trunk@44113
git-svn-id: http://core.svn.wordpress.org/trunk@43943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces a `WP_REST_Search_Controller` class which registers a `/wp/v2/search` endpoint. Search types are handled by extending `WP_REST_Search_Handler`. The default search type is `WP_REST_Post_Search_Handler` but can be filtered by plugins or a theme.
Merges [43739,43741] from the 5.0 branch to trunk.
Props danielbachhuber, flixos90, pento, rmccue, joehoyle.
Fixes#39965.
Built from https://develop.svn.wordpress.org/trunk@44107
git-svn-id: http://core.svn.wordpress.org/trunk@43937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The existing `rest_insert_*` actions are fired before meta and additional fields are updated. These new `rest_after_*` actions fire after all write operations have completed.
Props timothyblynjacobs, danielbachhuber.
Merges [43737] to trunk.
Fixes#42864.
Built from https://develop.svn.wordpress.org/trunk@43987
git-svn-id: http://core.svn.wordpress.org/trunk@43819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43087], we improved REST API performance by only rendering the fields specified in the request. Similarly, any fields registered with `register_rest_field()` should only be rendered when included in `?_fields=`.
Props dlh, danielbachhuber.
Merges [43736] to trunk.
Fixes#45099.
Built from https://develop.svn.wordpress.org/trunk@43986
git-svn-id: http://core.svn.wordpress.org/trunk@43818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order to correctly render parts of its UI, the new editor needs to be aware of the active theme's post-formats and post-thumbnails support. This data is exposed by querying for the active theme on a new /wp/v2/themes endpoint for sufficiently privileged users.
Merges [43734], [43735] to trunk.
props desrosj.
Fixes#45016.
Built from https://develop.svn.wordpress.org/trunk@43985
git-svn-id: http://core.svn.wordpress.org/trunk@43817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In order for clients to present permalink previews, the REST API must share the computed results of get_sample_permalink(). These two values are now exposed as permalink_template and generated_slug for public, viewable post types, but only for context=edit.
Merges [43720] to trunk.
Props danielbachhuber, rahulsprajapati.
Fixes#45017.
Built from https://develop.svn.wordpress.org/trunk@43980
git-svn-id: http://core.svn.wordpress.org/trunk@43812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Moves [43694] from the 5.0 branch to trunk.
Fixes#43701.
Built from https://develop.svn.wordpress.org/trunk@43979
git-svn-id: http://core.svn.wordpress.org/trunk@43811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema targetSchema provides an appropriate paradigm for doing so.
Merges [43682] to trunk.
Props timothyblynjacobs.
Fixes#45014.
Built from https://develop.svn.wordpress.org/trunk@43974
git-svn-id: http://core.svn.wordpress.org/trunk@43806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
Built from https://develop.svn.wordpress.org/trunk@43973
git-svn-id: http://core.svn.wordpress.org/trunk@43805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Narrow the scope of the included wp-admin files loaded for `wp_generate_attachment_metadata()`, `wp_handle_upload()`, `wp_tempnam()`, and `wp_handle_sideload()`. Requires only wp-admin/includes/file.php and wp-admin/includes/image.php instead of wp-admin/includes/admin.php.
Props lonelyvegan, soulseekah, pratikthink.
Fixes#43757.
Built from https://develop.svn.wordpress.org/trunk@43589
git-svn-id: http://core.svn.wordpress.org/trunk@43418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Fixes#40510.
Built from https://develop.svn.wordpress.org/trunk@43584
git-svn-id: http://core.svn.wordpress.org/trunk@43413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.
Props danielbachhuber.
Fixes#44096.
Built from https://develop.svn.wordpress.org/trunk@43440
git-svn-id: http://core.svn.wordpress.org/trunk@43267 1a063a9b-81f0-0310-95a4-ce76da25c4cd