Commit Graph

479 Commits

Author SHA1 Message Date
TimothyBlynJacobs ce34d0ab00 App Passwords: Support an app_id to uniquely identify instances of an app.
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.

Props TimothyBlynJacobs, georgestephanis.
Fixes #51583.

Built from https://develop.svn.wordpress.org/trunk@49276


git-svn-id: http://core.svn.wordpress.org/trunk@49038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-22 15:06:09 +00:00
TimothyBlynJacobs 7fe78e2f18 REST API: Make sure all supported JSON Schema keywords are output in the index.
Previously, only a small subset of keywords were exposed which limited the utility of `OPTIONS` requests.

Props raubvogel, TimothyBlynJacobs.
Fixes #51020.

Built from https://develop.svn.wordpress.org/trunk@49257


git-svn-id: http://core.svn.wordpress.org/trunk@49019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 20:19:09 +00:00
TimothyBlynJacobs 499e4e9053 REST API: Introduce support for batching API requests.
A new route is introduced, `batch/v1`, that accepts a list of API requests to run. Each request runs in sequence, and the responses are returned in the order they've been received.

Optionally, the `require-all-validate` validation mode can be used to first validate each request's parameters and only proceed with processing if each request validates successfully.

By default, the batch size is limited to 25 requests. This can be controlled using the `rest_get_max_batch_size` filter. Clients are strongly encouraged to discover the maximum batch size supported by the server by making an OPTIONS request to the `batch/v1` endpoint and inspecting the described arguments.

Additionally, the two new methods, `match_request_to_handler` and `respond_to_request` introduced in [48947] now have a `protected` visibility as we don't want to expose the inner workings of the `WP_REST_Server::dispatch` API.

Batching is not currently supported for GET requests.

Fixes #50244.
Props andraganescu, zieladam, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@49252


git-svn-id: http://core.svn.wordpress.org/trunk@49014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 19:10:08 +00:00
desrosj d40c365a30 Coding Standards: Correct some minor coding standards issues.
Introduced in [49154], [49212], [49223], and [49224].
Built from https://develop.svn.wordpress.org/trunk@49225


git-svn-id: http://core.svn.wordpress.org/trunk@48987 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 13:29:08 +00:00
youknowriad 8fbbd54c40 Block Editor: Expose api_version in the block type and the REST endpoint.
The new block editor included in 5.6 introduces an api_version property
that indicates which block API version the block is using. 
This commits makes this property available on the block type and the endpoint.

Props TimothyBlynJacobs, gziolo.
Fixes #51529.


Built from https://develop.svn.wordpress.org/trunk@49224


git-svn-id: http://core.svn.wordpress.org/trunk@48986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-20 07:54:10 +00:00
Sergey Biryukov 120291367a Formatting: Deprecate `wp_slash_strings_only()` in favor of `wp_slash()`.
The reason for introducing `wp_slash_strings_only()` in [46454] was to keep non-string values untouched.

Later, `wp_slash()` itself was updated in [48433] to prevent changing non-string values.

To avoid confusion, `wp_slash_strings_only()` is now deprecated.

Props ayeshrajans, ocean90.
Fixes #50635.
Built from https://develop.svn.wordpress.org/trunk@49188


git-svn-id: http://core.svn.wordpress.org/trunk@48950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-18 06:57:04 +00:00
Peter Wilson 32d193f96f REST API, Posts: Add a hook to fire once a post, its terms and meta update.
Introduces the action `wp_after_insert_post` inside a wrapper function of the same name. This hook allows plugin developers to access a posts full data (including its terms and meta data) regardless of the workflow used to save it.

A new parameter is introduced to `wp_insert_post()` to indicate whether the hook should be fired within the function call or will be fired afterward.

Props aristath, Collizo4sky, danielbachhuber, joyously, kadamwhite, kraftbj, markparnell, mikeschroder, noisysocks, peterwilsoncc, SergeyBiryukov, talldanwp, thewebprincess, TimothyBlynJacobs.
Fixes #45114.

Built from https://develop.svn.wordpress.org/trunk@49172


git-svn-id: http://core.svn.wordpress.org/trunk@48934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-16 03:34:08 +00:00
TimothyBlynJacobs 039ce3f16f Site Health, REST API: Move async tests to REST API endpoints.
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.

Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.

The existing ajax actions have been maintained for backward compatibility.

Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes #48105.

Built from https://develop.svn.wordpress.org/trunk@49154


git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-15 02:00:08 +00:00
TimothyBlynJacobs 49a399db05 REST API: Introduce search post format handler.
This allows for clients to search the used post formats via the /wp/v2/search endpoint by using a type=post-format query parameter.
Fixes #51459.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@49132


git-svn-id: http://core.svn.wordpress.org/trunk@48894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-12 19:54:05 +00:00
John Blackbourn 905460bd5e Docs: Standardise the type name for booleans and integers.
This brings these docs inline with the documentation standards.

Props ravipatel, justinahinon

Fixes #51426

Built from https://develop.svn.wordpress.org/trunk@49120


git-svn-id: http://core.svn.wordpress.org/trunk@48882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-10 20:02:05 +00:00
TimothyBlynJacobs d5ebe12f11 REST API: Introduce Application Passwords for API authentication.
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.

This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.

Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.

Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes #42790.

Built from https://develop.svn.wordpress.org/trunk@49109


git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 22:14:06 +00:00
Sergey Biryukov 897f004a9c General: Replace older-style PHP type conversion functions with type casts.
This improves performance, readability, and consistency throughout core.

* `intval()` → `(int)`
* `strval()` → `(string)`
* `floatval()` → `(float)`

Props ayeshrajans.
Fixes #42918.
Built from https://develop.svn.wordpress.org/trunk@49108


git-svn-id: http://core.svn.wordpress.org/trunk@48870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 21:15:13 +00:00
TimothyBlynJacobs f5c67c386f REST API: Introduce search term handler.
This allows for clients to search the available terms via the `/wp/v2/search` endpoint by using a `type=term` query parameter.

Fixes #51458.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@49103


git-svn-id: http://core.svn.wordpress.org/trunk@48865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-08 01:32:05 +00:00
Sergey Biryukov 0f13b2c268 Docs: Add `@since` notes for the `$id` parameter of REST API search controller accepting a string.
Follow-up to [49088].

See #51131.
Built from https://develop.svn.wordpress.org/trunk@49089


git-svn-id: http://core.svn.wordpress.org/trunk@48851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-03 01:22:11 +00:00
TimothyBlynJacobs e9b5b1a5bc REST API: Allow for string ids in the search controller.
Previously, the search controller infrastructure required that the id property was an integer. This prevents data models that use a string id from utilizing the search infrastructure.

This commit lifts the restraint that search handlers return integer ids. This will allow for the Post Formats search handler coming in 5.6 to use slugs instead of creating fake ids.

Props stoyangeorgiev.
Fixes #51131.

Built from https://develop.svn.wordpress.org/trunk@49088


git-svn-id: http://core.svn.wordpress.org/trunk@48850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-02 17:47:09 +00:00
Sergey Biryukov 09570be924 Docs: Fix typos in some DocBlocks in `js/_enqueues/wp/api.js`.
Additionally, rename a variable for clarity.

Props mukesh27.
Fixes #51420.
Built from https://develop.svn.wordpress.org/trunk@49075


git-svn-id: http://core.svn.wordpress.org/trunk@48837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-30 13:54:06 +00:00
Helen Hou-Sandí 75262781d9 i18n: Ensure block type strings in the REST API end with a full stop.
Props ramiy, justinahinon.
Fixes #50805.


Built from https://develop.svn.wordpress.org/trunk@48982


git-svn-id: http://core.svn.wordpress.org/trunk@48744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-16 19:23:07 +00:00
TimothyBlynJacobs 55c21acc9f REST API: Extract `WP_REST_Controller::get_endpoint_args_for_item_schema()` to a standalone function.
This method is useful whenever a JSON Schema needs to be converted to a format suitable for argument validation with `WP_REST_Request`. Moving the logic into a standalone function allows developers to use it outside of the `WP_REST_Controller` context.

Props pentatonicfunk.
Fixes #50876. 

Built from https://develop.svn.wordpress.org/trunk@48951


git-svn-id: http://core.svn.wordpress.org/trunk@48713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-07 02:37:07 +00:00
TimothyBlynJacobs a63708debf REST API: Refactor `WP_REST_Server::dispatch()` to make internal logic reusable.
#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.

This necessitates splitting `WP_REST_Server::dispatch()` into two methods so the batch controller can determine the request handler to perform pre-validation and then respond to the requests.

The two new methods, `match_request_to_handler` and `respond_to_request`, have a public visibility, but are marked as `@access private`. This is to allow for iteration on the batch controller to happen in the Gutenberg repository. Developers should not rely upon these methods, their visibility may change in the future.

See #50244.
Props andraganescu, zieladam, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@48947


git-svn-id: http://core.svn.wordpress.org/trunk@48709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-05 21:52:07 +00:00
TimothyBlynJacobs f43ca27db9 REST API: Support a route-level validation callback.
Most request data is validated on a per-parameter basis. Often, however, additional validation is needed that operates on the entire request object. Currently, this is done in the route callback and often in the `prepare_item_for_database` method specifically.

#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.

This patch introduces support for calling a `validate_callback` after all parameter validation has succeeded. That allows moving more validation outside of the route callback and into `WP_REST_Request` which will improve "pre-validate" support.

Props TimothyBlynJacobs, zieladam.
Fixes #51255.
See #50244.



Built from https://develop.svn.wordpress.org/trunk@48945


git-svn-id: http://core.svn.wordpress.org/trunk@48707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-09-05 18:09:06 +00:00
Sergey Biryukov ee0943482f REST API: In `WP_REST_Block_Directory_Controller::get_items()`, make sure the blocks data for a plugin is not empty before proceeding.
This avoids a PHP notice if the API returns a plugin with empty data for `blocks` key.

Props khag7, TwentyZeroTwo, justinahinon, TimothyBlynJacobs, dd32, SergeyBiryukov.
Fixes #51018.
Built from https://develop.svn.wordpress.org/trunk@48842


git-svn-id: http://core.svn.wordpress.org/trunk@48604 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-22 01:54:11 +00:00
Felix Arntz 5918f7e11d Taxonomy: Allow for `wp_count_terms( $args )` signature, making passing a taxonomy optional.
This brings `wp_count_terms()` in line with other taxonomy functions such as `get_terms()` which technically no longer require a taxonomy. Similar to the previously modified functions, no deprecation warning is triggered when using the legacy signature.

Fixes #36399.

Built from https://develop.svn.wordpress.org/trunk@48840


git-svn-id: http://core.svn.wordpress.org/trunk@48602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-21 22:32:06 +00:00
TimothyBlynJacobs e1da1ae3e4 REST API: Add uniqueItems as a permitted endpoint argument JSON Schema keyword.
Support for the `uniqueItems` keyword was added in [48357], but wasn't included in the list of permitted keywords for `WP_REST_Controller::get_endpoint_args_for_item_schema()`. This prevented the keyword from being automatically supported if specified in a controller's item schema.

Fixes #51021.

Built from https://develop.svn.wordpress.org/trunk@48796


git-svn-id: http://core.svn.wordpress.org/trunk@48558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-15 16:11:07 +00:00
Sergey Biryukov 1f85e7484f Docs: Consistently use third-person singular verbs for various filter descriptions, per the documentation standards.
See #50768.
Built from https://develop.svn.wordpress.org/trunk@48782


git-svn-id: http://core.svn.wordpress.org/trunk@48544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-11 00:34:08 +00:00
Sergey Biryukov 350ad6141e Coding Standards: Use consistent formatting for translator comments in `wp-includes/rest-api.php`.
See #50767.
Built from https://develop.svn.wordpress.org/trunk@48765


git-svn-id: http://core.svn.wordpress.org/trunk@48527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-08-09 01:46:07 +00:00
Sergey Biryukov bb0630caa9 I18N: Use a placeholder instead of the `\` character in a translatable string in `WP_REST_Users_Controller::check_user_password()`.
Props ramiy.
Fixes #50812.
Built from https://develop.svn.wordpress.org/trunk@48692


git-svn-id: http://core.svn.wordpress.org/trunk@48454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-30 12:28:06 +00:00
TimothyBlynJacobs c461697c31 REST API: Remove assets field from block directory controller.
Gutenberg no longer uses the assets field to fetch the assets for the installed block so this field can be dropped from the endpoint. This allows us to reintroduce it at a later point without needing to worry about backward compatibility.

See #50732.

Built from https://develop.svn.wordpress.org/trunk@48656


git-svn-id: http://core.svn.wordpress.org/trunk@48418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-28 04:10:10 +00:00
TimothyBlynJacobs 86ea4f0838 REST API: Fix warning when using `set_param()` on a JSON request with no body.
In [47559] the `WP_REST_Request::set_param()` method was adjusted to try and overwrite an existing parameter definition before forcing the value in the first parameter slot. If `set_param()` was called on a request with an `application/json` content type and an empty body, a PHP warning would be issued. This was due to the JSON parameter type not being set to an array when the body is empty.

This commit avoids the warning by adding an `is_array()` check before calling `array_key_exists`. Ideally, `WP_REST_Reuest::parse_json_params()` would set the JSON parameter type to an empty array in this case, but that is too large of a change at this point in the cycle.

Props manooweb.
Fixes #50786.

Built from https://develop.svn.wordpress.org/trunk@48642


git-svn-id: http://core.svn.wordpress.org/trunk@48404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-27 18:46:05 +00:00
whyisjake de5533e56b REST API: Install plugin translations after the plugin install. This only installs for the plugin in question, not all plugins.
Support for retrieving the langauge pack alongside the install API request was added in https://meta.trac.wordpress.org/changeset/10091 to avoid having to make a plugin update check during the REST API check.

Fixes #50732.
Props dd32, ocean90, ryelle, swissspidy, tellyworth, whyisjake, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@48641


git-svn-id: http://core.svn.wordpress.org/trunk@48403 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-27 18:31:06 +00:00
Sergey Biryukov aa22457754 REST API: Use a consistent description for the `textdomain` schema property between plugins and themes controllers.
Follow-up to [48242], [48627].

Props audrasjb.
Fixes #50776. See #50321.
Built from https://develop.svn.wordpress.org/trunk@48628


git-svn-id: http://core.svn.wordpress.org/trunk@48390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-26 21:54:03 +00:00
Sergey Biryukov e7eaaa97b1 REST API: Use a consistent name for the `textdomain` schema property between plugins, themes, and block directory controllers.
Follow-up to [48242].

See #50321, #50776.
Built from https://develop.svn.wordpress.org/trunk@48627


git-svn-id: http://core.svn.wordpress.org/trunk@48389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-26 21:49:03 +00:00
Sergey Biryukov 61b2cb7761 Docs: Correct `@since` version for `WP_REST_Plugins_Controller::get_item_schema()`.
Follow-up to [48242].

See #50321.
Built from https://develop.svn.wordpress.org/trunk@48626


git-svn-id: http://core.svn.wordpress.org/trunk@48388 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-26 21:42:03 +00:00
Sergey Biryukov ebfe7ca39a I18N: Remove `<code>` tags in an error message in `WP_REST_Posts_Controller::get_item_schema()` for consistency with other strings.
Follow-up to [48610].

See #50759.
Built from https://develop.svn.wordpress.org/trunk@48613


git-svn-id: http://core.svn.wordpress.org/trunk@48375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-25 16:41:02 +00:00
Sergey Biryukov 29b0a259df I18N: Move code out of a translatable string in `WP_REST_Posts_Controller::get_item_schema()`.
Props ramiy.
Fixes #50759.
Built from https://develop.svn.wordpress.org/trunk@48610


git-svn-id: http://core.svn.wordpress.org/trunk@48372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-25 16:28:04 +00:00
John Blackbourn 124972f2c6 Docs: Further corrections and improvements to various inline docblocks.
See #49572
Built from https://develop.svn.wordpress.org/trunk@48576


git-svn-id: http://core.svn.wordpress.org/trunk@48338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-23 07:39:02 +00:00
Sergey Biryukov 5323fa05e5 REST API: Use consistent error messages when managing network plugins.
Props ramiy.
Fixes #50729.
Built from https://develop.svn.wordpress.org/trunk@48556


git-svn-id: http://core.svn.wordpress.org/trunk@48318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 22:01:03 +00:00
Sergey Biryukov 3061a680a9 Media: Pass the attachment ID to the `wp_image_file_matches_image_meta` filter.
Props spacedmonkey.
Fixes #50722.
Built from https://develop.svn.wordpress.org/trunk@48547


git-svn-id: http://core.svn.wordpress.org/trunk@48309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 16:55:08 +00:00
TimothyBlynJacobs b8d5e161eb REST API: Issue a _doing_it_wrong when registering a route without a permission callback.
The REST API treats routes without a permission_callback as public. Because this happens without any warning to the user, if the permission callback is unintentionally omitted or misspelled, the endpoint can end up being available to the public. Such a scenario has happened multiple times in the wild, and the results can be catostrophic when it occurs.

For REST API routes that are intended to be public, it is recommended to set the permission callback to the `__return_true` built in function.

Fixes #50075.
Props rmccue, sorenbronsted, whyisjake, SergeyBiryukov, TimothyBlynJacobs.

Built from https://develop.svn.wordpress.org/trunk@48526


git-svn-id: http://core.svn.wordpress.org/trunk@48288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 12:03:05 +00:00
Andrew Ozz 562a59f553 REST API, Media: Add `X-WP-Upload-Attachment-ID` HTTP header to enable retrying of post-processing of edited images if the server runs out of resources. This is the same as after uploading a new image, will do up to five additional requests to let the server create all image sub-sizes.
Fixes #50711.
Built from https://develop.svn.wordpress.org/trunk@48525


git-svn-id: http://core.svn.wordpress.org/trunk@48287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-21 03:00:04 +00:00
Andrew Ozz c2639c74ff REST API, Media: Fix/improve the inline docs and name of the new `wp_edited_image_metadata` filter.
Props desrosj, azaozz.

See #44405.
Built from https://develop.svn.wordpress.org/trunk@48518


git-svn-id: http://core.svn.wordpress.org/trunk@48280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-20 21:04:03 +00:00
Andrew Ozz 689c224476 Media: Migrate the data from the attachment post of the parent image when saving an edited image. Copy:
- `post_title`,
- `post_content` (image description),
- `post_excerpt` (image caption as saved in the DB),
- `_wp_attachment_image_alt` meta (alt text for the img tag as saved in the DB).

Props spacedmonkey, joedolson, TimothyBlynJacobs, azaozz.
Fixes #50675.
Built from https://develop.svn.wordpress.org/trunk@48510


git-svn-id: http://core.svn.wordpress.org/trunk@48272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-19 21:19:04 +00:00
Andrew Ozz 2d728713ac REST API: Prevent attachment ID/image source mismatch when editing an image.
Fixes #50565.
Built from https://develop.svn.wordpress.org/trunk@48498


git-svn-id: http://core.svn.wordpress.org/trunk@48260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-16 21:56:08 +00:00
TimothyBlynJacobs df2b9b1689 REST API: Add Content-Disposition, Content-MD5 and X-WP-Nonce as allowed cors headers.
The Content-Disposition and Content-MD5 headers allow for easier file uploading across domains by using a File/Blob object directly. The X-WP-Nonce header is allowed for making cross-origin and same-origin authenticated requests consistent.

Additionally a filter is introduced, "rest_allowed_cors_headers", to simplify the process of allowing additional request headers.

Props rmccue, TimothyBlynJacobs.
Fixes #41696.

Built from https://develop.svn.wordpress.org/trunk@48452


git-svn-id: http://core.svn.wordpress.org/trunk@48221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-12 19:37:12 +00:00
TimothyBlynJacobs a59fb4e50f REST API: Sanitize block renderer attributes.
In [48069] the Block Renderer was changed to register a single route for all dynamic blocks. Validation was dynamically applied based on the requested block, but sanitization was not. This commit adds the same sanitization back to the block attributes.

Props manooweb.
Fixes #50620. See #48079.

Built from https://develop.svn.wordpress.org/trunk@48437


git-svn-id: http://core.svn.wordpress.org/trunk@48206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-11 20:34:05 +00:00
Sergey Biryukov d322fb66de Docs: Synchronize and correct documentation for various metadata functions and filters.
Follow-up to [47390], [47611], [48192], [48402].

See #49572, #43941, #45464.
Built from https://develop.svn.wordpress.org/trunk@48411


git-svn-id: http://core.svn.wordpress.org/trunk@48180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-09 11:26:07 +00:00
Sergey Biryukov 6bf6bc451f Docs: Miscellaneous DocBlock corrections.
See #49572.
Built from https://develop.svn.wordpress.org/trunk@48408


git-svn-id: http://core.svn.wordpress.org/trunk@48177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-08 13:15:03 +00:00
TimothyBlynJacobs 13b10697bf REST API, Meta: Introduce support for default metadata values.
The `register_meta()` API now officially supports specifying a default metadata value. When `get_metadata()` is called for a meta key that does not yet exist for the object, this default value will be returned instead of an empty string.

A new function is introduced `get_metadata_raw` to retrieve the raw metadata value from the database, without applying the registered default.

Props spacedmonkey, flixos90, rmccue, kadamwhite, mnelson4, johnbillion, chrisvanpatten, TimothyBlynJacobs.
Fixes #43941.


Built from https://develop.svn.wordpress.org/trunk@48402


git-svn-id: http://core.svn.wordpress.org/trunk@48171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-07 20:47:05 +00:00
Andrew Ozz d1dc207128 Media, REST API: Allow media edit endpoint to find remote files.
Props jonsurrell.
Fixes #50595.
Built from https://develop.svn.wordpress.org/trunk@48386


git-svn-id: http://core.svn.wordpress.org/trunk@48155 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-07 16:51:04 +00:00
TimothyBlynJacobs 0615a9ab37 REST API: Use new `rest_get_route_for_post()` in the post search handler.
In [48273] the rest_get_route_for_post function was introduced. This simplifies determining the REST API route for any given post object and adds a filter for custom controllers.

Props ravatparmar.
Fixes #50529.

Built from https://develop.svn.wordpress.org/trunk@48381


git-svn-id: http://core.svn.wordpress.org/trunk@48150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-07 15:31:02 +00:00
TimothyBlynJacobs 0386c0ae6c REST API: Remove specific multi-type schema handling from the themes controller.
Multi-type schema handling was improved in [48306]. In particular, it now allows for sanitizing a multi-typed value that wouldn't validate. Removing this handling will make 3rd party registered theme features more robust.

Fixes #50562.

Built from https://develop.svn.wordpress.org/trunk@48308


git-svn-id: http://core.svn.wordpress.org/trunk@48077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-05 01:06:02 +00:00