Commit Graph

317 Commits

Author SHA1 Message Date
Sergey Biryukov 2072479adc REST API: Ensure attachments created with `WP_REST_Attachments_Controller::create_item()` on Windows have a relative path.
Props ocean90, SergeyBiryukov, redcastor.
Fixes #40861.
Built from https://develop.svn.wordpress.org/trunk@43529


git-svn-id: http://core.svn.wordpress.org/trunk@43358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-24 16:52:25 +00:00
K. Adam White a7735117b6 Docs: Update @since version to 4.9.8 for meta registration subtype handling.
This feature has been backported to 4.9.8 so 5.0.0 is inaccurate.

See #38323.

Built from https://develop.svn.wordpress.org/trunk@43520


git-svn-id: http://core.svn.wordpress.org/trunk@43349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-23 17:02:25 +00:00
John Blackbourn 49fdd95ac0 Docs: Correct the parameter type for `WP_REST_Post_Types_Controller::prepare_item_for_response()`.
Props subrataemfluence

Fixes #44437

Built from https://develop.svn.wordpress.org/trunk@43519


git-svn-id: http://core.svn.wordpress.org/trunk@43348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-22 12:26:28 +00:00
Gary Pendergast c173331dc4 REST API: Fix some incorrect `@since` tags.
[43437] included some new methods, which were incorrectly tagged as being `@since 4.9.7`. This updates them to `4.9.8`.

Props danielbachhuber.
Fixes 44287.


Built from https://develop.svn.wordpress.org/trunk@43463


git-svn-id: http://core.svn.wordpress.org/trunk@43290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:27:25 +00:00
Gary Pendergast 17899c1932 REST API: Attachments controller should respect upload limits.
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.

Props flixos90, danielbachhuber.
Fixes #43751.


Built from https://develop.svn.wordpress.org/trunk@43462


git-svn-id: http://core.svn.wordpress.org/trunk@43289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-17 07:22:29 +00:00
Gary Pendergast fd6f50e86f REST API: Tweak permission checks for taxonomy and term endpoints
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.

Props danielbachhuber.
Fixes #44096.


Built from https://develop.svn.wordpress.org/trunk@43440


git-svn-id: http://core.svn.wordpress.org/trunk@43267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 04:24:25 +00:00
Gary Pendergast 2f803422fa REST API: Expose revision count and last revision ID on Post response
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.

Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes #44321.


Built from https://develop.svn.wordpress.org/trunk@43439


git-svn-id: http://core.svn.wordpress.org/trunk@43266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-13 04:07:24 +00:00
Gary Pendergast 0ba364411d REST API: Declare user capabilities using JSON Hyper Schema's "targetSchema".
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.

Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.

This change also includes flags on post objects for the following actions:

- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.

Props TimothyBlynJacobs, danielbachhuber.
Fixes #44287.


Built from https://develop.svn.wordpress.org/trunk@43437


git-svn-id: http://core.svn.wordpress.org/trunk@43264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-07-11 06:23:27 +00:00
K. Adam White a89c86c711 REST API: Support meta registration for specific object subtypes.
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).

Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible.

Props flixos90, tharsheblows, spacedmonkey.
Fixes #38323.


Built from https://develop.svn.wordpress.org/trunk@43378


git-svn-id: http://core.svn.wordpress.org/trunk@43206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:43:21 +00:00
Sergey Biryukov 4c43e71478 REST API: When handling `who=authors` query parameter for `GET wp/v2/users`, only check `edit_posts` for post types that support `author`.
Props danielbachhuber.
Fixes #42202.
Built from https://develop.svn.wordpress.org/trunk@43137


git-svn-id: http://core.svn.wordpress.org/trunk@42966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 06:52:21 +00:00
Gary Pendergast 2f792d442b REST API: Filter responses based on the `_fields` parameter, before data is processed.
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.

This change causes `_fields` to be applied earlier, so that only requested fields are processed.

Props danielbachhuber.
See #43874.


Built from https://develop.svn.wordpress.org/trunk@43087


git-svn-id: http://core.svn.wordpress.org/trunk@42916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 01:25:21 +00:00
Gary Pendergast 52d0b2f982 REST API: Include `viewable` attribute on Post Type resource for `edit` context
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.

Props danielbachhuber.
Fixes #43739.


Built from https://develop.svn.wordpress.org/trunk@43007


git-svn-id: http://core.svn.wordpress.org/trunk@42836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-27 03:06:21 +00:00
Gary Pendergast 41968f7ea9 REST API: Add `who=authors` as a query parameter for `GET wp/v2/users`.
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).

This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.

Props danielbachhuber.
Fixes #42202.


Built from https://develop.svn.wordpress.org/trunk@43001


git-svn-id: http://core.svn.wordpress.org/trunk@42830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 13:06:21 +00:00
Gary Pendergast e22489f06c REST API: Remove `permalink_structure` from the index.
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.

Reverts [42142].
Fixes #42465.


Built from https://develop.svn.wordpress.org/trunk@42997


git-svn-id: http://core.svn.wordpress.org/trunk@42826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-23 04:12:20 +00:00
Gary Pendergast 7630cc1bad REST API: Fix a typo introduced in [42729].
Props danielbachhuber.
Fixes #42707.


Built from https://develop.svn.wordpress.org/trunk@42973


git-svn-id: http://core.svn.wordpress.org/trunk@42802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-13 00:56:21 +00:00
Sergey Biryukov 0e802a627d General: Introduce `WP_Error::has_errors()` method and use it where appropriate.
Props robdxw, DrewAPicture, SergeyBiryukov.
Fixes #42742.
Built from https://develop.svn.wordpress.org/trunk@42761


git-svn-id: http://core.svn.wordpress.org/trunk@42591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-27 02:31:31 +00:00
Sergey Biryukov 08227812a0 Docs: Remove `@static` notations from method DocBlocks in `wp-includes/*` classes.
This tag has been used in the past, but should no longer be used. Just using the `static` keyword in code is enough for PhpDocumentor on PHP5+ to recognize static variables and methods, and PhpDocumentor will mark them as static.

Props birgire.
See #42803.
Built from https://develop.svn.wordpress.org/trunk@42746


git-svn-id: http://core.svn.wordpress.org/trunk@42576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-25 20:22:30 +00:00
Gary Pendergast cf49eacd62 REST API: Translate the taxonomy visibility description strings.
This was missed in [42729].

Props TimothyBlynJacobs.
Fixes #42707.


Built from https://develop.svn.wordpress.org/trunk@42730


git-svn-id: http://core.svn.wordpress.org/trunk@42560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-22 00:59:30 +00:00
Gary Pendergast d6923d285c REST API: Show taxonomy visibility settings.
For Gutenberg and other admin-type interfaces, it's useful to be able to see the visibility settings for taxonomies.

Props joehoyle, pento.
Fixes #42707.


Built from https://develop.svn.wordpress.org/trunk@42729


git-svn-id: http://core.svn.wordpress.org/trunk@42559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-22 00:24:31 +00:00
John Blackbourn 91464bce65 Docs: Add missing code formatting to various `@since` entries.
See #42505

Built from https://develop.svn.wordpress.org/trunk@42678


git-svn-id: http://core.svn.wordpress.org/trunk@42506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-09 16:55:31 +00:00
Sergey Biryukov 35653f0432 Media: Bring consistency to `getimagesize()` error suppression.
Props chasewg, joemcgill, jeremyfelt.
Fixes #42480.
Built from https://develop.svn.wordpress.org/trunk@42449


git-svn-id: http://core.svn.wordpress.org/trunk@42279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-01-15 19:44:47 +00:00
Rachel Baker a787006298 REST API: Return the proper status code for failed permission callbacks in `WP_REST_Server->dispatch()`.
Use the `rest_authorization_required_code()` function to return a 401 status code when a permission callback fails due to a user not being logged in.

Props jaswrks.
Fixes #42828.
Built from https://develop.svn.wordpress.org/trunk@42421


git-svn-id: http://core.svn.wordpress.org/trunk@42252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-30 20:37:47 +00:00
Joe Hoyle 12c03d7aa8 REST API: Fix permissions error message in post statuses controller.
The permissions error message when a request tries to fetch post statuses unauthenticated is incorrect. It was a copy/paste from elsewhere, as indicated by the use of "in this post type" where this is no post type referenced.

Props schlessera.
Fixes #42303.
Built from https://develop.svn.wordpress.org/trunk@42356


git-svn-id: http://core.svn.wordpress.org/trunk@42185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-03 20:49:47 +00:00
Rachel Baker 0e656c1a10 REST API: Correct HTTP status code in error for requests to create a duplicate term.
The 409 error code is intended for situations where it is expected that the user will resolve the conflict and resubmit the same request. We use 400 error codes for other routes when a duplicate request is made. The 400 status code tells the user they need to modify their request for it to be successful.

Props shooper.
Fixes #42781. See #41370.
Built from https://develop.svn.wordpress.org/trunk@42354


git-svn-id: http://core.svn.wordpress.org/trunk@42183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-03 19:09:49 +00:00
Rachel Baker 01eeeb80fd REST API: Add existing term_id to the error data object when attempting to create a duplicate term.
Props shooper, coleh.
Fixes #42597. See #41370.
Built from https://develop.svn.wordpress.org/trunk@42350


git-svn-id: http://core.svn.wordpress.org/trunk@42179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-03 18:11:53 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast e8229a25d5 REST API: Add `permalink_structure` to the index endpoint.
This allows Gutenberg to implement permalink editing.

Props schlessera.
Fixes #42465.


Built from https://develop.svn.wordpress.org/trunk@42142


git-svn-id: http://core.svn.wordpress.org/trunk@41973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-10 06:11:51 +00:00
Joe Hoyle bebb0b0d82 REST API: Don’t remove unregistered properties from objects in schema.
In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.

See #38583.
Built from https://develop.svn.wordpress.org/trunk@42000


git-svn-id: http://core.svn.wordpress.org/trunk@41834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 21:05:49 +00:00
Weston Ruter 29d213cfbd REST API: Allow passing existing template value for posts even when template no longer exists.
Also remove `enum` for validating allowed templates to allow plugins to dynamically supply their own templates for specific posts, even when they are not in the theme.

Props TimothyBlynJacobs, jnylen0, swissspidy.
Fixes #39996.

Built from https://develop.svn.wordpress.org/trunk@41979


git-svn-id: http://core.svn.wordpress.org/trunk@41813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-23 22:11:46 +00:00
K. Adam White 30827e4a4f REST API: Support ordering response collection by listed slugs.
Adds an "include_slug" orderby value for REST API collections to permit returning a collection filtered by slugs in the same order in which those slugs are specified.
Previously, the order of slugs provided with the ?slug query parameter had no effect on the order of the returned records.

Props wonderboymusic, ocean90, boonebgorges.
Fixes #40826.


Built from https://develop.svn.wordpress.org/trunk@41760


git-svn-id: http://core.svn.wordpress.org/trunk@41594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:37:47 +00:00
K. Adam White 704fb3900b REST API: Support objects in settings schema.
Enables register_setting to accept an object as its schema value, allowing settings to accept non-scalar values through the REST API.
This whitelists the added type in the settings controller, and passes properties from argument registration into the validation functions.

Props joehoyle.
See #38583.


Built from https://develop.svn.wordpress.org/trunk@41758


git-svn-id: http://core.svn.wordpress.org/trunk@41592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-05 00:19:49 +00:00
K. Adam White fe29c9c881 REST API: Return 409 status when attempting to create an existing term.
Fixes an issue where submitting a well-formed request to create a term inappropriately returns a 500 error status if that term already exists.
HTTP 5xx error codes should be reserved for unexpected server errors, so "409 Conflict" is a more appropriate response.

Props alibasheer, guzzilar, shooper.
Fixes #41370.


Built from https://develop.svn.wordpress.org/trunk@41737


git-svn-id: http://core.svn.wordpress.org/trunk@41571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 16:24:46 +00:00
John Blackbourn 090dfae53e REST API: Avoid counting an uncountable type when checking read permissions for comment posts.
This avoids deprecated notices from showing in PHP 7.2 and above.

Props ayeshrajans
Fixes #41457

Built from https://develop.svn.wordpress.org/trunk@41735


git-svn-id: http://core.svn.wordpress.org/trunk@41569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 15:38:49 +00:00
K. Adam White 18d9cc6051 REST API: Specify specific json-schema version.
Explicitly specifies that the REST API uses JSON Schema draft-04,
as JSON Schema has deprecated versionless schema URIs and recommends
the use of a specific draft version.

Props @TimothyBlynJacobs
Fixes #41734


Built from https://develop.svn.wordpress.org/trunk@41731


git-svn-id: http://core.svn.wordpress.org/trunk@41565 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 14:52:46 +00:00
Joe Hoyle f276b4901b REST API: Support for objects in schema validation and sanitization.
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.

See #38583.
Props TimothyBlynJacobs5.
Built from https://develop.svn.wordpress.org/trunk@41727


git-svn-id: http://core.svn.wordpress.org/trunk@41561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 08:27:47 +00:00
Sergey Biryukov 486ab09a0e I18N: Add translator comments for placeholders in `WP_REST_Controller` strings.
Props ramiy.
Fixes #41667.
Built from https://develop.svn.wordpress.org/trunk@41591


git-svn-id: http://core.svn.wordpress.org/trunk@41424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-25 10:27:43 +00:00
Sergey Biryukov 4a42f4e835 I18N: Replace code fragments in translatable strings for `rest_trash_not_supported` errors with a placeholder.
Props ramiy.
Fixes #41643.
Built from https://develop.svn.wordpress.org/trunk@41588


git-svn-id: http://core.svn.wordpress.org/trunk@41421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-24 22:29:46 +00:00
Sergey Biryukov 982ba72da9 I18N: Replace method name in a translatable string in `WP_REST_Controller::register_routes()` with a placeholder.
Props ramiy.
Fixes #41667.
Built from https://develop.svn.wordpress.org/trunk@41587


git-svn-id: http://core.svn.wordpress.org/trunk@41420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-24 22:04:46 +00:00
Sergey Biryukov deb9b82032 Docs: Remove "to to" dittography from inline comments.
Props birgire.
See #41841.
Built from https://develop.svn.wordpress.org/trunk@41354


git-svn-id: http://core.svn.wordpress.org/trunk@41187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-09-09 13:49:43 +00:00
Felix Arntz 1d0478d4b1 REST API: Allow site administrators to edit user roles in multisite.
While site administrators cannot generally edit users in multisite, they have always been able to change the roles of users on their site. In the REST API however, this has not been possible so far. This changeset brings parity with how it is handled in the administration panel: A REST request to edit only a user's roles succeeds correctly, while a REST request to edit any further details of a user fails.

Props jnylen0.
Fixes #40263.

Built from https://develop.svn.wordpress.org/trunk@41226


git-svn-id: http://core.svn.wordpress.org/trunk@41066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 21:59:44 +00:00
Felix Arntz 7e2ca92e69 Multisite: Introduce a `can_add_user_to_blog` filter to prevent adding a user to a site.
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

Built from https://develop.svn.wordpress.org/trunk@41225


git-svn-id: http://core.svn.wordpress.org/trunk@41065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 21:41:45 +00:00
James Nylen 0ef4d4289f REST API: Exclude numeric parameters from regex parsing
The list of endpoint parameters should only include explicitly named and requested parameters.

Props flixos90, rmccue, jnylen0.
Fixes #40704.

Built from https://develop.svn.wordpress.org/trunk@41223


git-svn-id: http://core.svn.wordpress.org/trunk@41063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 19:55:43 +00:00
John Blackbourn b140e8f574 General: Fix various instances of incorrect filter docs and incorrect filter and action parameters.
Props keesiemeijer for identifying the issues

See #38462

Built from https://develop.svn.wordpress.org/trunk@41219


git-svn-id: http://core.svn.wordpress.org/trunk@41059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 15:43:43 +00:00
Sergey Biryukov e412ea2e6b Docs: Replace HTTP links to stackoverflow.com in DocBlocks with HTTPS.
Update the Nginx "Missing (disappearing) HTTP Headers" link.

Props johnpgreen.
Fixes #41331.
Built from https://develop.svn.wordpress.org/trunk@41189


git-svn-id: http://core.svn.wordpress.org/trunk@41029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-30 14:52:44 +00:00
Drew Jaynes 0860bb2771 Docs: Remove `@access` notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
James Nylen 8f6088ba6e REST API: Add a filter to allow modifying the response *after* embedded data is added.
Fixes #38964.

Built from https://develop.svn.wordpress.org/trunk@40961


git-svn-id: http://core.svn.wordpress.org/trunk@40811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-29 13:17:43 +00:00
James Nylen 252ab08d88 REST API: Fix changing parameters with `set_param()` for some requests.
Prior to this commit, `WP_Rest_Request::get_param()` traversed through the parameter order but `WP_Rest_Request::set_param()` did not. For JSON requests (and likely other situations as well), this meant that changing a parameter with `set_param()` would have no effect on `get_param()`.

Props TimothyBlynJacobs.
Fixes #40344.


Built from https://develop.svn.wordpress.org/trunk@40815


git-svn-id: http://core.svn.wordpress.org/trunk@40673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-22 16:16:42 +00:00
James Nylen df5b8dcc82 REST API: Avoid sending blank `Last-Modified` headers with authenticated requests.
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests).  This matches the behavior of the `nocache_headers` function used in other parts of WordPress.

Previously, the REST API would send an empty `Last-Modified` header in this situation.  Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.

Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes #40444.

Built from https://develop.svn.wordpress.org/trunk@40805


git-svn-id: http://core.svn.wordpress.org/trunk@40663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-19 20:27:44 +00:00
James Nylen 802c923873 REST API: Improve a few more strings added after the 4.7 string freeze.
See #39178.

See also #40720 for potential follow-up steps.

Built from https://develop.svn.wordpress.org/trunk@40606


git-svn-id: http://core.svn.wordpress.org/trunk@40476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 19:41:41 +00:00
James Nylen 7d337c1327 REST API: Add `author`, `modified`, and `parent` sort order options for posts.
These (and a few others that can be revisited later if needed) were present in
beta versions of the WP REST API but were removed during the merge to WP 4.7.

Props ChopinBach, jnylen0.
Fixes #38693.

Built from https://develop.svn.wordpress.org/trunk@40605


git-svn-id: http://core.svn.wordpress.org/trunk@40475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 18:52:44 +00:00
Ryan McCue 131518542e REST API: Include featured_media in embed responses.
Props kadamwhite, jnylen0, westonruter.
Fixes #39805.

Built from https://develop.svn.wordpress.org/trunk@40602


git-svn-id: http://core.svn.wordpress.org/trunk@40472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 04:46:43 +00:00
Ryan McCue ba94bd62a0 REST API: Set global $post when preparing revisions.
For compatibility with filters on hooks on content filters (such as shortcodes), we need to set the global. This mirrors the Posts controller.

Props pdufour, jnylen0.
Fixes #40626.

Built from https://develop.svn.wordpress.org/trunk@40601


git-svn-id: http://core.svn.wordpress.org/trunk@40471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-10 04:32:39 +00:00
Joe Hoyle b0a327cf3c REST API: WP_REST_Request::remove_header() should canonicalize header names.
When headers are stored in WP_REST_Request internally they are canonicalized. This step already happens on setting / getting headers in any way, but was missed when implementing remove_header().

Props TimothyBlynJacobs.
Fixes #40347.

Built from https://develop.svn.wordpress.org/trunk@40577


git-svn-id: http://core.svn.wordpress.org/trunk@40447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-07 04:09:41 +00:00
Adam Silverstein 428afdaa5a REST API: Improve strings added after 4.7 string freeze.
Clarify the `rest_orderby_include_missing_include` error message.

Props PranaliPatel.
Fixes #39178.

Built from https://develop.svn.wordpress.org/trunk@40571


git-svn-id: http://core.svn.wordpress.org/trunk@40441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-05 18:49:47 +00:00
James Nylen 99b13790c2 REST API: Allow fetching multiple users at once via the `slug` parameter.
This matches similar changes previously made for posts (#38579) and terms (#40027).

Props curdin, MatheusGimenez.
Fixes #40213.

Built from https://develop.svn.wordpress.org/trunk@40378


git-svn-id: http://core.svn.wordpress.org/trunk@40285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 22:25:43 +00:00
James Nylen 1979815aef REST API: Update description string of terms endpoint `slug` parameter.
As a follow-up to [40376], and for consistency with the posts endpoint, we should indicate in the description that the `slug` filter parameter can accept multiple values.

See #40027.

Built from https://develop.svn.wordpress.org/trunk@40377


git-svn-id: http://core.svn.wordpress.org/trunk@40284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 21:08:43 +00:00
James Nylen 9f2d94b211 REST API: Allow fetching multiple terms at once via the `slug` parameter.
This matches a similar change previously made for posts (#38579) and an upcoming change for users (#40213).

Props wonderboymusic, MatheusGimenez, curdin.
Fixes #40027.

Built from https://develop.svn.wordpress.org/trunk@40376


git-svn-id: http://core.svn.wordpress.org/trunk@40283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-05 20:25:46 +00:00
Pascal Birchler 0d42f8549c REST API: Use `get_gmt_from_date()` when preparing a draft post for response.
This prevents wrong dates when dealing with DST, see [40115] and [40284].

Props nerrad.
Fixes #40136.
Built from https://develop.svn.wordpress.org/trunk@40324


git-svn-id: http://core.svn.wordpress.org/trunk@40231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-24 17:32:46 +00:00
Rachel Baker f78ceb362e REST API: Confirm the parent post object of an attachment exists in `WP_REST_Posts_Controller::check_read_permission()`.
Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post object exists before checking the read permission for the parent post.

Props GhostToast.
Fixes #39881. 

Built from https://develop.svn.wordpress.org/trunk@40306


git-svn-id: http://core.svn.wordpress.org/trunk@40213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-20 04:30:46 +00:00
James Nylen 27aa0664df REST API: Add `gmt_offset` and `timezone_string` to the base `/wp-json` response.
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates.  It has not been previously available.

Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight savings time) via the "site info" endpoint (the base `/wp-json` response).

Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.

Props sagarkbhatt.
Fixes #39854.

Built from https://develop.svn.wordpress.org/trunk@40238


git-svn-id: http://core.svn.wordpress.org/trunk@40168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-07 05:48:41 +00:00
James Nylen 0c005fdb0e REST API: Fix behavior of `sticky` posts filter when no posts are sticky.
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts  as if the `sticky` argument was not set.  In this situation, the query should return an empty array instead.

A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.

Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.

Props ryelle.
Fixes #39947.

Built from https://develop.svn.wordpress.org/trunk@40122


git-svn-id: http://core.svn.wordpress.org/trunk@40059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-25 05:03:42 +00:00
James Nylen 889c790eb6 REST API: Allow setting post formats even if they are not supported by the theme.
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information.  It's just not used at this point in time.  Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.

After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.

Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes #39232.

Built from https://develop.svn.wordpress.org/trunk@40120


git-svn-id: http://core.svn.wordpress.org/trunk@40057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 23:30:44 +00:00
James Nylen 78b298f0f3 REST API: Shim `post_date_gmt` for drafts / empty dates in the REST API.
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved.  This makes it much more difficult for API clients to know the correct date of a draft post.

This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.

Props joehoyle.
Fixes #38883.

Built from https://develop.svn.wordpress.org/trunk@40108


git-svn-id: http://core.svn.wordpress.org/trunk@40045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 18:15:44 +00:00
Felix Arntz eb8457d3f4 REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.

This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.

Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes #39701.

Built from https://develop.svn.wordpress.org/trunk@40106


git-svn-id: http://core.svn.wordpress.org/trunk@40043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 22:37:44 +00:00
James Nylen 7d421b2042 REST API: Correctly parse body parameters for DELETE requests.
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters.  Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes `application/x-www-form-urlencoded` parameters as well.

Props mnelson4.
Fixes #39933.

Built from https://develop.svn.wordpress.org/trunk@40105


git-svn-id: http://core.svn.wordpress.org/trunk@40042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 20:10:44 +00:00
James Nylen b6ce4e2830 REST API: Fix multiple issues with setting dates of posts and comments.
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.

It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.

Overall this commit ensures that post and comment dates can be set and updated as expected.

Fixes #39256.

Built from https://develop.svn.wordpress.org/trunk@40101


git-svn-id: http://core.svn.wordpress.org/trunk@40038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-21 18:18:45 +00:00
Rachel Baker da8ae2facd REST API: Include the `status` property in `view` context responses from the Posts endpoints.
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.

Props dhanendran, jnylen0, rachelbaker.
Fixes #39466.

Built from https://develop.svn.wordpress.org/trunk@40080


git-svn-id: http://core.svn.wordpress.org/trunk@40017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-19 04:32:41 +00:00
James Nylen cb7a9a731d REST API: Cast revision author ID to int.
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API.  This was already done for posts, but not for revisions.  The field is already declared as an integer in both controllers.

Fixes #39871.

Built from https://develop.svn.wordpress.org/trunk@40063


git-svn-id: http://core.svn.wordpress.org/trunk@40000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-16 20:09:45 +00:00
Sergey Biryukov e0e9568e24 REST API: After [38947], improve the wording of the message to clarify that `rest_authentication_errors` is a filter.
See #38446.
Built from https://develop.svn.wordpress.org/trunk@40038


git-svn-id: http://core.svn.wordpress.org/trunk@39975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-01 21:32:47 +00:00
Joe Hoyle 99cf07d882 REST API: Return an error if the page number is out of bounds.
Return an error from the REST API if a page number larger than the total pages count is requested.

Props morganestes.
Fixes #39061.
Built from https://develop.svn.wordpress.org/trunk@39967


git-svn-id: http://core.svn.wordpress.org/trunk@39904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:54:41 +00:00
Joe Hoyle e357195ce3 REST API: Unify object access handling for simplicity.
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.

See #38792.
Built from https://develop.svn.wordpress.org/trunk@39954


git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:39:41 +00:00
Ryan McCue dc133c3f2d REST API: Allow shortcircuiting rest_pre_insert_comment
rest_pre_insert_{post_type} allows returning a WP_Error from the filter to shortcircuit actually creating the object, so it makes sense to do so for comments too.

Props dspilka.
Fixes #39578.

Built from https://develop.svn.wordpress.org/trunk@39922


git-svn-id: http://core.svn.wordpress.org/trunk@39859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-17 05:18:41 +00:00
Aaron Campbell daf358983c REST API: Change which users are shown in the users endpoint.
Only show users that have authored a post of a post type that has `show_in_rest` set to true.

Props rachelbaker, jnylen0.
See #38878.


Built from https://develop.svn.wordpress.org/trunk@39843


git-svn-id: http://core.svn.wordpress.org/trunk@39781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 14:14:42 +00:00
Sergey Biryukov fd78085a92 Docs: Correct `rest_insert_*` duplicate hook references in REST API.
Props keesiemeijer.
Fixes #39371.
Built from https://develop.svn.wordpress.org/trunk@39671


git-svn-id: http://core.svn.wordpress.org/trunk@39611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-04 13:23:40 +00:00
Rachel Baker c6f8182eb0 REST API: Merge similiar error message strings in the Terms Controller.
Replaces the "doesn't" contraction with "does not" to be consistent with similar strings in `WP_Error` messages when a specified term or parent term is missing in `WP_REST_Terms_Controller`.

Props ramiy, ocean90.
Fixes #39176.

Built from https://develop.svn.wordpress.org/trunk@39648


git-svn-id: http://core.svn.wordpress.org/trunk@39588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-29 18:45:40 +00:00
Rachel Baker 158f302112 REST API: Add the `supports` property to the Post Type response object.
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.

Props timmydcrawford, tyxla.
Fixes #39033.

Built from https://develop.svn.wordpress.org/trunk@39647


git-svn-id: http://core.svn.wordpress.org/trunk@39587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-29 17:28:45 +00:00
John Blackbourn 80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
John Blackbourn d327c92e4b Docs: Add and correct `@since` docs for a variety of functions and methods.
Props keesiemeijer, chris_dev
Fixes #39343, #39357, #39344
See #39130

Built from https://develop.svn.wordpress.org/trunk@39638


git-svn-id: http://core.svn.wordpress.org/trunk@39578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:21:44 +00:00
James Nylen 5b39869860 REST API: Improve the `rest_*_collection_params` filter docs and fix the terms filter.
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using
single quotes instead of double quotes, which means it is not working correctly
as a dynamic filter.  This fixes the quotes around the filter name, and also
updates the docblocks for the other 3 similar filters for better conformance to
the documentation standards.

Props shazahm1hotmailcom, JPry, jnylen0.
Fixes #39300.

Built from https://develop.svn.wordpress.org/trunk@39621


git-svn-id: http://core.svn.wordpress.org/trunk@39561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-20 01:37:40 +00:00
James Nylen d515e20a1a REST API: Fix PHP warnings when `get_theme_support( 'post-formats' )` is not an array.
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats.  Avoid generating PHP warnings in this
situation.

Props dreamon11, ChopinBach.
Fixes #39293.

Built from https://develop.svn.wordpress.org/trunk@39620


git-svn-id: http://core.svn.wordpress.org/trunk@39560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-20 00:56:44 +00:00
James Nylen 505e135f4c REST API: Add support for filename search in media endpoint.
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function.  This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.

Props jblz, tyxla.
Fixes #39092.

Built from https://develop.svn.wordpress.org/trunk@39598


git-svn-id: http://core.svn.wordpress.org/trunk@39538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 14:09:42 +00:00
James Nylen 7cc41e47ac REST API: Allow sending an empty or no-op comment update.
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.

Fixes #38700.

Built from https://develop.svn.wordpress.org/trunk@39597


git-svn-id: http://core.svn.wordpress.org/trunk@39537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 13:53:45 +00:00
James Nylen d7ab7fdf5a REST API: Do not include the `password` argument when getting media items
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.

Fixes #38977.

Built from https://develop.svn.wordpress.org/trunk@39595


git-svn-id: http://core.svn.wordpress.org/trunk@39535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 03:51:44 +00:00
James Nylen 0b599cce41 REST API: Do not error on empty JSON body
It's fairly common for clients to send `Content-Type: application/json` with an
empty body.  While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry.
Fixes #39150.

Built from https://develop.svn.wordpress.org/trunk@39594


git-svn-id: http://core.svn.wordpress.org/trunk@39534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-13 03:34:41 +00:00
Rachel Baker d054b9afba REST API: Allow schema sanitization_callback to be set to null to bypass fallback sanitization functions.
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.

Props kkoppenhaver, rachelbaker, jnylen0.
Fixes #39042.

Built from https://develop.svn.wordpress.org/trunk@39563


git-svn-id: http://core.svn.wordpress.org/trunk@39503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-11 21:26:43 +00:00
Dominik Schilling a5dbd53a46 Comments: Merge a similar string between comments.php, XML-RPC and the REST API comments controller.
Props ramiy.
Fixes #39013.
Built from https://develop.svn.wordpress.org/trunk@39508


git-svn-id: http://core.svn.wordpress.org/trunk@39448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-05 20:16:41 +00:00
Rachel Baker f3b71b49d0 REST API: Merge similar date strings in the revisions and comments controllers.
Props ramiy.
Fixes #39016.

Built from https://develop.svn.wordpress.org/trunk@39488


git-svn-id: http://core.svn.wordpress.org/trunk@39428 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 20:25:43 +00:00
James Nylen 87eedbd2f7 REST API: Treat any falsy value as `false` in 'rest_allow_anonymous_comments'.
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).

One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.

Props joehoyle, jnylen0.

Fixes #39010.

Built from https://develop.svn.wordpress.org/trunk@39487


git-svn-id: http://core.svn.wordpress.org/trunk@39427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 19:30:41 +00:00
Gary Pendergast cc214a219b REST API: Capability check for editing a single term should use the singular form.
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.


Built from https://develop.svn.wordpress.org/trunk@39464


git-svn-id: http://core.svn.wordpress.org/trunk@39404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 05:08:41 +00:00
Gary Pendergast f2a4d010cd REST API: Use the correct error message when editing a single term.
Props ramiy, johnbillion.
Fixes #39017.


Built from https://develop.svn.wordpress.org/trunk@39460


git-svn-id: http://core.svn.wordpress.org/trunk@39400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:42:41 +00:00
Gary Pendergast e8042cfef7 REST API: Merge similar strings in a comments endpoint parameter description.
Props ramiy.
Fixes #39036.


Built from https://develop.svn.wordpress.org/trunk@39457


git-svn-id: http://core.svn.wordpress.org/trunk@39397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:21:39 +00:00
Rachel Baker 179e9f20b6 REST API: Fix bug where comment author and author email could be an empty string when creating a comment.
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted.  Both values can be an empty string on update.

Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971.

Built from https://develop.svn.wordpress.org/trunk@39444


git-svn-id: http://core.svn.wordpress.org/trunk@39384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:44:42 +00:00
Rachel Baker 62129ebe85 REST API: Fix handling of some orderby parameters for the Posts controller.
- `'orderby' => 'include'` requires an array of post_ids via the `include` collection param.
`'orderby' => 'id'` and `'orderby' => 'slug'` need map the correct WP_Query equivalents. 

Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.

Fixes #38971.

Built from https://develop.svn.wordpress.org/trunk@39440


git-svn-id: http://core.svn.wordpress.org/trunk@39380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:18:42 +00:00
Jeremy Felt 1797ea7098 REST API: Disable `DELETE` requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.

Built from https://develop.svn.wordpress.org/trunk@39438


git-svn-id: http://core.svn.wordpress.org/trunk@39378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:10:42 +00:00
Rachel Baker 08b7e8adaf REST API: Return a `WP_Error` if `meta` property is not an array.
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.

Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes #38989.
Built from https://develop.svn.wordpress.org/trunk@39436


git-svn-id: http://core.svn.wordpress.org/trunk@39376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 21:56:42 +00:00
Gary Pendergast 161a41e44c REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.


Built from https://develop.svn.wordpress.org/trunk@39426


git-svn-id: http://core.svn.wordpress.org/trunk@39366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 06:54:42 +00:00
Rachel Baker a1ec867b61 REST API: Fix incorrect capability check on term create.
Change the capability check used in `WP_REST_Terms_Controller` when creating a new term is attempted, from `manage_terms` to `edit_terms`. This matches the behavior within the WordPress admin. See #35614.

Props johnbillion, rmccue, rachelbaker, helen, jorbin, SergeyBiryukov.

Fixes #38958.
Built from https://develop.svn.wordpress.org/trunk@39402


git-svn-id: http://core.svn.wordpress.org/trunk@39342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:31:44 +00:00
Rachel Baker 606c9905ef REST API: Fix incorrect uses of `rest_sanitize_value_from_schema()`.
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.
Built from https://develop.svn.wordpress.org/trunk@39400


git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:12:41 +00:00
Joe Hoyle c662bb84dc REST API: Special case the “standard” post format to always be allowed.
Fixes #38916.
Built from https://develop.svn.wordpress.org/trunk@39353


git-svn-id: http://core.svn.wordpress.org/trunk@39293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-24 00:08:31 +00:00
Joe Hoyle 0a787caec6 REST API: Allow unsetting a post’s password.
Props danielbachhuber, iseulde.
Fixes #38919.
Built from https://develop.svn.wordpress.org/trunk@39352


git-svn-id: http://core.svn.wordpress.org/trunk@39292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 23:13:32 +00:00