Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
Built from https://develop.svn.wordpress.org/trunk@39179
git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously there was no way to remove the user locale setting again, even though that might be desirable.
This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.
Props ocean90.
See #29783.
Fixes#38632.
Built from https://develop.svn.wordpress.org/trunk@39169
git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.
Props rmccue, rachelbacker, danielbachhuber.
Fixes#38629.
Built from https://develop.svn.wordpress.org/trunk@39162
git-svn-id: http://core.svn.wordpress.org/trunk@39102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property. As a result DELETE responses are now structured like so:
`{ deleted: true, previous: { ... } }`
Also includes helpful information to DELETE requests for resources that are not trashable.
Props timmydcrawford, rmccue, jnylen0.
Fixes#38494.
Built from https://develop.svn.wordpress.org/trunk@39126
git-svn-id: http://core.svn.wordpress.org/trunk@39066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.
Props rachelbaker, mangeshp, salcode, pento.
Fixes#38477.
Built from https://develop.svn.wordpress.org/trunk@39101
git-svn-id: http://core.svn.wordpress.org/trunk@39043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Some parameters (`title`, `content`, etc) are objects in the output, but allow objects or strings to be sent in updates for a more ergonomic interface. This is pretty weird behaviour, so the default sanitisation doesn't handle this. We instead handle this ourselves in the preparation.
Props joehoyle, rachelbaker.
Fixes#38529.
Built from https://develop.svn.wordpress.org/trunk@39089
git-svn-id: http://core.svn.wordpress.org/trunk@39031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously Settings only supported "number" which meant it was possible to push floats to things like posts_per_page. This means now developers can also specify `type => ineger` in meta nad settings resgration.
Props flixos90.
Fixes#38393.
Built from https://develop.svn.wordpress.org/trunk@39058
git-svn-id: http://core.svn.wordpress.org/trunk@39000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
Built from https://develop.svn.wordpress.org/trunk@39046
git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A `null` value is returned in the response for any option that has a non-scalar value.
To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.
Props joehoyle, rachelbaker.
Fixes#38527.
Built from https://develop.svn.wordpress.org/trunk@38982
git-svn-id: http://core.svn.wordpress.org/trunk@38925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.
Fixes#38504.
Built from https://develop.svn.wordpress.org/trunk@38974
git-svn-id: http://core.svn.wordpress.org/trunk@38917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.
Props websupporter, rachelbaker.
Fixes#38378.
Built from https://develop.svn.wordpress.org/trunk@38968
git-svn-id: http://core.svn.wordpress.org/trunk@38911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Joe Hoyle
Ryan McCue
Pascal Birchler
Rachel Baker
Gary Pendergast
Drew Jaynes
Boone Gorges