Commit Graph

179 Commits

Author SHA1 Message Date
Gary Pendergast cc214a219b REST API: Capability check for editing a single term should use the singular form.
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.


Built from https://develop.svn.wordpress.org/trunk@39464


git-svn-id: http://core.svn.wordpress.org/trunk@39404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 05:08:41 +00:00
Gary Pendergast f2a4d010cd REST API: Use the correct error message when editing a single term.
Props ramiy, johnbillion.
Fixes #39017.


Built from https://develop.svn.wordpress.org/trunk@39460


git-svn-id: http://core.svn.wordpress.org/trunk@39400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:42:41 +00:00
Gary Pendergast e8042cfef7 REST API: Merge similar strings in a comments endpoint parameter description.
Props ramiy.
Fixes #39036.


Built from https://develop.svn.wordpress.org/trunk@39457


git-svn-id: http://core.svn.wordpress.org/trunk@39397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:21:39 +00:00
Rachel Baker 179e9f20b6 REST API: Fix bug where comment author and author email could be an empty string when creating a comment.
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted.  Both values can be an empty string on update.

Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971.

Built from https://develop.svn.wordpress.org/trunk@39444


git-svn-id: http://core.svn.wordpress.org/trunk@39384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:44:42 +00:00
Rachel Baker 62129ebe85 REST API: Fix handling of some orderby parameters for the Posts controller.
- `'orderby' => 'include'` requires an array of post_ids via the `include` collection param.
`'orderby' => 'id'` and `'orderby' => 'slug'` need map the correct WP_Query equivalents. 

Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.

Fixes #38971.

Built from https://develop.svn.wordpress.org/trunk@39440


git-svn-id: http://core.svn.wordpress.org/trunk@39380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:18:42 +00:00
Jeremy Felt 1797ea7098 REST API: Disable `DELETE` requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.

Built from https://develop.svn.wordpress.org/trunk@39438


git-svn-id: http://core.svn.wordpress.org/trunk@39378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:10:42 +00:00
Rachel Baker 08b7e8adaf REST API: Return a `WP_Error` if `meta` property is not an array.
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.

Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes #38989.
Built from https://develop.svn.wordpress.org/trunk@39436


git-svn-id: http://core.svn.wordpress.org/trunk@39376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 21:56:42 +00:00
Gary Pendergast 161a41e44c REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.


Built from https://develop.svn.wordpress.org/trunk@39426


git-svn-id: http://core.svn.wordpress.org/trunk@39366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 06:54:42 +00:00
Rachel Baker a1ec867b61 REST API: Fix incorrect capability check on term create.
Change the capability check used in `WP_REST_Terms_Controller` when creating a new term is attempted, from `manage_terms` to `edit_terms`. This matches the behavior within the WordPress admin. See #35614.

Props johnbillion, rmccue, rachelbaker, helen, jorbin, SergeyBiryukov.

Fixes #38958.
Built from https://develop.svn.wordpress.org/trunk@39402


git-svn-id: http://core.svn.wordpress.org/trunk@39342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:31:44 +00:00
Rachel Baker 606c9905ef REST API: Fix incorrect uses of `rest_sanitize_value_from_schema()`.
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.
Built from https://develop.svn.wordpress.org/trunk@39400


git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:12:41 +00:00
Joe Hoyle c662bb84dc REST API: Special case the “standard” post format to always be allowed.
Fixes #38916.
Built from https://develop.svn.wordpress.org/trunk@39353


git-svn-id: http://core.svn.wordpress.org/trunk@39293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-24 00:08:31 +00:00
Joe Hoyle 0a787caec6 REST API: Allow unsetting a post’s password.
Props danielbachhuber, iseulde.
Fixes #38919.
Built from https://develop.svn.wordpress.org/trunk@39352


git-svn-id: http://core.svn.wordpress.org/trunk@39292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 23:13:32 +00:00
Joe Hoyle 6f189ddbc8 REST API: Add support for comments of password-protected posts.
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.

Props flixos90, jnylen0.
Fixes #38692.
Built from https://develop.svn.wordpress.org/trunk@39349


git-svn-id: http://core.svn.wordpress.org/trunk@39289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 16:15:31 +00:00
Rachel Baker a985a4d126 REST API: Always fire the `rest_insert_*` actions after the related object is updated or inserted.
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call. 
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs

Props rachelbaker, joehoyle
Fixes #38905.
Built from https://develop.svn.wordpress.org/trunk@39348


git-svn-id: http://core.svn.wordpress.org/trunk@39288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 15:33:31 +00:00
Joe Hoyle 14654d9539 REST API: Allow unsetting of page templates in update requests.
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.

Props lucasstark, swissspidy.
Fixes #38877.
Built from https://develop.svn.wordpress.org/trunk@39343


git-svn-id: http://core.svn.wordpress.org/trunk@39283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:47:30 +00:00
Joe Hoyle d711f2c18d REST API: Update “resource” strings to use the appropriate nouns.
Props ramiy.
Fixes #38811.
Built from https://develop.svn.wordpress.org/trunk@39342


git-svn-id: http://core.svn.wordpress.org/trunk@39282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:42:30 +00:00
Rachel Baker d87fe366a9 REST API: Set the comment `type` to a readonly property in the schema.
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.

Props jnylen0, rachelbaker.
Fixes #38886.
Built from https://develop.svn.wordpress.org/trunk@39337


git-svn-id: http://core.svn.wordpress.org/trunk@39277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 22:56:30 +00:00
Ryan McCue ca9f71e9b2 REST API: Correctly map meta keys to field names.
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.

Props tharsheblows, joehoyle.
Fixes #38786.

Built from https://develop.svn.wordpress.org/trunk@39328


git-svn-id: http://core.svn.wordpress.org/trunk@39268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 05:41:30 +00:00
Ryan McCue 4e05ff6a11 REST API: Disable anonymous commenting by default.
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.

Props helen, rachelbaker, joehoyle.
Fixes #38855.

Built from https://develop.svn.wordpress.org/trunk@39327


git-svn-id: http://core.svn.wordpress.org/trunk@39267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 05:32:33 +00:00
Joe Hoyle 5b97952cab REST API: Merge two error messages for edit / update.
Props ramiy.
Fixes #38879.
Built from https://develop.svn.wordpress.org/trunk@39322


git-svn-id: http://core.svn.wordpress.org/trunk@39262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-20 22:36:31 +00:00
Sergey Biryukov 9b23ccfc29 REST API: Update error messages in `WP_REST_Comments_Controller` to use the common text for permission errors.
Props ramiy.
Fixes #38875.
Built from https://develop.svn.wordpress.org/trunk@39321


git-svn-id: http://core.svn.wordpress.org/trunk@39261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-20 11:46:34 +00:00
Sergey Biryukov 4811484433 REST API: Merge some more permission error strings missed in [39309].
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39313


git-svn-id: http://core.svn.wordpress.org/trunk@39253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:21:31 +00:00
Sergey Biryukov dca7d8d0ea Text Changes: Merge strings referring to `list_users` capability.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39312


git-svn-id: http://core.svn.wordpress.org/trunk@39252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:16:30 +00:00
Sergey Biryukov a1f285641f REST API: After [39306], move `author_ip` argument to the correct place.
See #38822.
Built from https://develop.svn.wordpress.org/trunk@39310


git-svn-id: http://core.svn.wordpress.org/trunk@39250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:51:30 +00:00
Sergey Biryukov 5ded4db04c REST API: Merge and clarify some permission error strings.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39309


git-svn-id: http://core.svn.wordpress.org/trunk@39249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:46:32 +00:00
Sergey Biryukov 4afa19184a REST API: After [39302], clarify `author_ip` parameter in error message.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ramiy.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39306


git-svn-id: http://core.svn.wordpress.org/trunk@39246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:06:30 +00:00
Sergey Biryukov 0f31b1da72 REST API: Merge two similar permission error strings in `class-wp-rest-comments-controller.php`.
We're checking if `current_user_can( 'moderate_comments' )` here, not the specific comment permissions.

See #38857.
Built from https://develop.svn.wordpress.org/trunk@39305


git-svn-id: http://core.svn.wordpress.org/trunk@39245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 00:10:31 +00:00
Sergey Biryukov 9cb0a09d1f REST API: Merge two similar permission error strings.
Props ramiy.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39304


git-svn-id: http://core.svn.wordpress.org/trunk@39244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 23:53:30 +00:00
Rachel Baker 0fdb955ce8 REST API: On Comment create, limit the ability to set the `author_ip` value directly.
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.

Props dd32, rachelbaker, joehoyle.
Fixes #38819.
Built from https://develop.svn.wordpress.org/trunk@39302


git-svn-id: http://core.svn.wordpress.org/trunk@39242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 21:13:32 +00:00
Joe Hoyle 0c14c16ced REST API: Clarify parameters when used in error strings.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ocean90, ramiy, danielbachhuber.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39298


git-svn-id: http://core.svn.wordpress.org/trunk@39238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 20:20:32 +00:00
Joe Hoyle a38b863ae4 REST API: Change “ipv4” types to “ip” to support ipv6.
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.

Props dd32, schlessera, danielbachhuber.
Fixes #38818.
Built from https://develop.svn.wordpress.org/trunk@39296


git-svn-id: http://core.svn.wordpress.org/trunk@39236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:33:31 +00:00
Joe Hoyle 81c5b03029 REST API: Check read permissions on posts when viewing comments.
With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.
Built from https://develop.svn.wordpress.org/trunk@39295


git-svn-id: http://core.svn.wordpress.org/trunk@39235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:07:30 +00:00
Rachel Baker 3f6131c2e6 REST API: Remove the `karma` property and query parameter from the Comments endpoints.
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.

Props dd32, danielbachhuber.
Fixes #38821.
Built from https://develop.svn.wordpress.org/trunk@39292


git-svn-id: http://core.svn.wordpress.org/trunk@39232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:53:29 +00:00
Rachel Baker 191e085fa3 REST API: On comment create, return an error if the `type` property is set to anything other than `comment`.
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.

Props dd32, boonebgorges, rachelbaker.
Fixes #38820.
Built from https://develop.svn.wordpress.org/trunk@39290


git-svn-id: http://core.svn.wordpress.org/trunk@39230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:37:30 +00:00
Rachel Baker ccb4c7c8b9 REST API: Allow `parent` property to be explicitly set to `0` when creating or updating a Post.
Props lucasstark, danielbachhuber.
Fixes #38852.
Built from https://develop.svn.wordpress.org/trunk@39289


git-svn-id: http://core.svn.wordpress.org/trunk@39229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 18:12:31 +00:00
Rachel Baker 735fa34d42 REST API: On comment create, return an error if the `post` parameter does not relate to a valid WP_Post object.
Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.

Props dd32, jnylen0, rachelbaker.
Fixes #38816.
Built from https://develop.svn.wordpress.org/trunk@39288


git-svn-id: http://core.svn.wordpress.org/trunk@39228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 16:56:30 +00:00
Rachel Baker 10bddfac39 REST API: On comment create, fallback to the `user_agent` header value.
If a user-agent is not explicitly provided in the `author_user_agent` parameter, fallback to the `user_agent` value in the request header.

Props dd32, jnylen0, rachelbaker.
Fixes #38817.
Built from https://develop.svn.wordpress.org/trunk@39287


git-svn-id: http://core.svn.wordpress.org/trunk@39227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 16:22:33 +00:00
Sergey Biryukov acc30b09d7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.
Built from https://develop.svn.wordpress.org/trunk@39278


git-svn-id: http://core.svn.wordpress.org/trunk@39218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-17 15:53:33 +00:00
Sergey Biryukov b92266a72b REST API: After [39252] and [39264], uppercase some more 'ID' references in translatable strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39266


git-svn-id: http://core.svn.wordpress.org/trunk@39206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 13:28:37 +00:00
Sergey Biryukov ce74afdae2 REST API: Uppercase 'ID' in endpoint descriptions and error messages for consistency with other strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39264


git-svn-id: http://core.svn.wordpress.org/trunk@39204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 12:18:33 +00:00
Sergey Biryukov 74c9f82ef2 REST API: Unify some more permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39259


git-svn-id: http://core.svn.wordpress.org/trunk@39199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 23:36:31 +00:00
Sergey Biryukov 07cf16f7ba REST API: Unify permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39257


git-svn-id: http://core.svn.wordpress.org/trunk@39197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 22:23:30 +00:00
Sergey Biryukov 9c2ea0b8c7 REST API: Remove two duplicate strings, use the ones we already have.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39252


git-svn-id: http://core.svn.wordpress.org/trunk@39192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 20:40:29 +00:00
Sergey Biryukov cc14606094 REST API: Unify permission error messages.
Props ramiy.
See #38791, #34521.
Built from https://develop.svn.wordpress.org/trunk@39251


git-svn-id: http://core.svn.wordpress.org/trunk@39191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 20:37:32 +00:00
Joe Hoyle d049f72459 REST API: Clean up argument and property types.
There's a couple of places where we were missing type notes for arguments, which mainly affects documentation.

Props jnylen0.
Fixes #38792.

Built from https://develop.svn.wordpress.org/trunk@39250


git-svn-id: http://core.svn.wordpress.org/trunk@39190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 18:16:30 +00:00
Sergey Biryukov 65fb74561b REST API: After [39238] and [39239], move the remaining translator comments to preceding line.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39245


git-svn-id: http://core.svn.wordpress.org/trunk@39185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 13:07:33 +00:00
Ryan McCue 0f5a44e093 REST API: Move translator comments to preceding line.
Inline translator comments break POT file generation.

Props dd32.
See #38791.

Built from https://develop.svn.wordpress.org/trunk@39239


git-svn-id: http://core.svn.wordpress.org/trunk@39179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 05:39:32 +00:00
Ryan McCue 705f17cea2 REST API: Add translator comments to text with placeholders.
Props dimadin.
Fixes #38791.

Built from https://develop.svn.wordpress.org/trunk@39238


git-svn-id: http://core.svn.wordpress.org/trunk@39178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 04:28:31 +00:00
Joe Hoyle a4fa8c528f REST API: Make all collection params filterable.
For developers wanting to add their own registered collection parameters, they can now use the `rest_$type_collection_params` filter. This brings consistency with the already existing `rest_$post_type_collection_params`.

Fixes #38710.
Props jnylen0.

Built from https://develop.svn.wordpress.org/trunk@39223


git-svn-id: http://core.svn.wordpress.org/trunk@39163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:42:31 +00:00
Joe Hoyle 5c90d9ed8e REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.

Built from https://develop.svn.wordpress.org/trunk@39222


git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:36:33 +00:00