The `password` property which gets sent as part of a request POST body while setting a post's password should not be checked when calculating post visibility permissions.
That value in the request body is intended to update the post, not to authenticate, and may be malformed or an invalid non-string type which would cause a fatal when checking against the hashed post password value.
Query parameter `?password=` values are the correct interface to check, and are also guaranteed to be strings.
Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes#61837.
Built from https://develop.svn.wordpress.org/trunk@59036
git-svn-id: http://core.svn.wordpress.org/trunk@58432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds support for a new `search_semantics` enum query parameter that can be passed alongside the `search` string parameter. At this point, it only supports "exact" as possible value, but an enum is used for forward compatibility with potential enhancements like "sentence" search support. If `search_semantics=exact` is passed, it will look for an exact match rather than do a full text search, which for some use-cases is more appropriate and more performant.
Props mehulkaklotar, timothyblynjacobs, jimmyh61, ironprogrammer, johnregan3, mukesh27, costdev.
Fixes#56350.
Built from https://develop.svn.wordpress.org/trunk@59034
git-svn-id: http://core.svn.wordpress.org/trunk@58430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the /posts or /pages endpoints, for private posts or pages, you get the following title property: { raw: "Some title", rendered: "Private: Some title" }
this commit removes the prefix from rendered private posts titles (just like what we do for protected posts)
Props youknowriad, swissspidy, timothyblynjacobs, sergeybiryukov, ramonopoly.
Fixes#61639.
Built from https://develop.svn.wordpress.org/trunk@58783
git-svn-id: http://core.svn.wordpress.org/trunk@58185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This can be used by the excerpt block in the editor to change the excerpt length without filtering `excerpt_length` in a conflicting way. This enhancement still needs a corresponding change on the Gutenberg side.
Props swissspidy, antonvlasenko, mukesh27, azaozz, andraganescu, timothyblynjacobs.
Fixes#59043.
Built from https://develop.svn.wordpress.org/trunk@58065
git-svn-id: http://core.svn.wordpress.org/trunk@57530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Audio and video attachments can have a featured image, also known as a poster image. This functionality is now properly exposed by the `wp/v2/media` endpoint.
Props swissspidy, timothyblynjacobs, wonderboymusic, dlh, spacedmonkey.
Fixes#41692.
Built from https://develop.svn.wordpress.org/trunk@57603
git-svn-id: http://core.svn.wordpress.org/trunk@57104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When various methods parameters in child classes were renamed to `$item` to match the parent class for PHP 8 named parameter support, most of the methods restored the more descriptive, specific name at the beginning for better readability, with several exceptions for methods consisting only of a few lines.
To avoid confusion about why some methods do that and some don't, this commit aims to bring more consistency to the code, specifically in list tables' `::column_default()` methods.
Follow-up to [51728], [51737], [51786].
See #58831.
Built from https://develop.svn.wordpress.org/trunk@56586
git-svn-id: http://core.svn.wordpress.org/trunk@56098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the `s` argument of the `WP_Query::parse_query()` method searched the `post_title`, `post_excerpt`, and `post_content` fields, with no way of controlling this apart from using the `posts_search` filter and adjusting the SQL manually. This changeset adds the ability to specify which fields are searched when performing a query, using the `search_columns` argument.
Props johnbillion, birgire, petitphp, audrasjb, costdev, mukesh27.
Fixes#43867.
Built from https://develop.svn.wordpress.org/trunk@55248
git-svn-id: http://core.svn.wordpress.org/trunk@54781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes minor formatting edits for consistency.
Follow-up to [53/tests], [12179], [12946], [35288], [37884], [38810], [38928], [46596], [48131], [52955], [53548], [53813], [53873], [54118], [54316], [54420], [54421], [54803].
See #56792.
Built from https://develop.svn.wordpress.org/trunk@54855
git-svn-id: http://core.svn.wordpress.org/trunk@54407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset fixes a warning where `strip_tags()` expected its first parameter to be a string rather than an array. It contains the following changes:
- Removal of sanitize_callback to allow the REST API to handle the validation natively, this also causes the proper error to be output for `?slug[0][1]=2` that it's an invalid value.
- Ensure that `wp_parse_list()` only returns a single-dimensioned array, even if passed a multi-dimension array, which fits the functions expected use case and resolves warnings in code that expects the function to return a single-dimensioned array.
Props dd32, TimothyBlynJacobs.
Fixes#55838.
Built from https://develop.svn.wordpress.org/trunk@54476
git-svn-id: http://core.svn.wordpress.org/trunk@54035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This updates `wp_get_latest_revision_id_and_total_count()` and its usage to be a bit more descriptive and a bit less repetitive, e.g. `$revisions['latest_id']` instead of `$revision['revision']`.
Includes updating the `@return` tag to explain when the function returns a `WP_Error`.
Follow-up to [53759], [53769], [53778], [53779].
See #55857.
Built from https://develop.svn.wordpress.org/trunk@53841
git-svn-id: http://core.svn.wordpress.org/trunk@53400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a behavior where a draft created with the same slug as an existing post would set the existing post to a 404.
`wp_unique_post_slug()` returns the same slug for 'draft' or 'pending' posts, so to ensure that a unique slug is generated, this changeset adds the post data with the 'publish' status to `wp_unique_post_slug()`.
Props Toro_Unit, h2ham, peterwilsoncc, costdev, antonvlasenko, azaozz, ironprogrammer, audrasjb, hellofromTonya.
Fixes#52422.
Built from https://develop.svn.wordpress.org/trunk@53813
git-svn-id: http://core.svn.wordpress.org/trunk@53372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new name is `wp_get_latest_revision_id_and_total_count()`.
This aims to reduce ambiguity about what exactly is the "first" or "last" revision, and bring more consistency with similar wording elsewhere in core, e.g. latest posts, latest comments, etc.
Follow-up to [53759], [53769].
Props peterwilsoncc.
See #55857.
Built from https://develop.svn.wordpress.org/trunk@53778
git-svn-id: http://core.svn.wordpress.org/trunk@53337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Includes:
* Renaming the function to `wp_get_last_revision_id_and_total_count()`.
* Making the default value for `$post` consistent with `wp_get_post_revisions()`.
* Making `WP_Error` codes more specific and using them in test assertions.
* Adjusting the function description per the documentation standards.
Follow-up to [53759].
Props JustinSainton, SergeyBiryukov.
See #55857.
Built from https://develop.svn.wordpress.org/trunk@53769
git-svn-id: http://core.svn.wordpress.org/trunk@53328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Do not call the `prepare_links` methods in core REST API controllers, unless the `_links` or `_embedded` fields are requested. There is no need to prepare links if they are never returned in the response. This saves resources, as many calls to `prepare_links` methods perform database queries.
Props Spacedmonkey, timothyblynjacobs, rachelbaker, desrosj, dlh, hellofromTonya.
Fixes#52992.
Built from https://develop.svn.wordpress.org/trunk@53760
git-svn-id: http://core.svn.wordpress.org/trunk@53319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add new function called `wp_get_lastest_revision_id_and_total_count`, that performs an optimized query to get the last revision and total and use it in `WP_REST_Posts_Controller` class.
Props Spacedmonkey, timothyblynjacobs, furi3r, peterwilsoncc.
Fixes#55857.
Built from https://develop.svn.wordpress.org/trunk@53759
git-svn-id: http://core.svn.wordpress.org/trunk@53318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prime caches for all post parents in the post REST API controller using the `_prime_post_caches` function. Post parent objects are required as part of the `check_read_permission` method’s permission check in post REST API controller.
Props spacedmonkey, furi3r, peterwilsoncc, mitogh, madpixels.
Fixes#55593.
Built from https://develop.svn.wordpress.org/trunk@53506
git-svn-id: http://core.svn.wordpress.org/trunk@53095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For a call to `WP_Query` or a post REST API request that contains posts from multiple authors, call the `cache_users` function, to ensure that all user data for post authors is primed in
a single database query. This results in far fewer database queries on multiple author sites.
Props spacedmonkey, timothyblynjacobs, peterwilsoncc.
Fixes#55716.
Built from https://develop.svn.wordpress.org/trunk@53482
git-svn-id: http://core.svn.wordpress.org/trunk@53071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [51962] the `rest_get_route_for_post` function was implemented in all places where link to a post's REST API endpoint is needed. However in this commit, the up link, which links to the parent post of the current object, did not use this function.
Props Spacedmonkey, SergeyBiryukov.
Fixes#53656.
Built from https://develop.svn.wordpress.org/trunk@52363
git-svn-id: http://core.svn.wordpress.org/trunk@51955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit introduces the `/wp/v2/menus`, `/wp/v2/menu-items` and `/wp/v2/menu-locations` REST API endpoints. These endpoints are fully available to users with the `edit_theme_options` capability, but can be read by any user who can edit a REST API available post type.
The `nav_menu` taxonomy and `nav_menu_item` post type now map their capabilities to the `edit_theme_options` primitive capability. This allows developers to provide more fine-grained access control. However, if a developer is currently dynamically removing the `edit_theme_options` capability using `map_meta_cap`, they should use the `user_has_cap` filter instead.
The `wp_update_nav_menu_item()` function has been adjusted to return an error if saving the menu item post or assigning the menu item to a menu generate an error.
Lastly, a new menu item type is introduced, `block`, that can be used to store a Block as a menu item.
Props andraganescu, antonvlasenko, dingo_d, dlh, isabel_brison, kadamwhite, Mamaduka, NateWr, noisysocks, peterwilsoncc, ryelle, schlessera, soean, Spacedmonkey, talldanwp, TimothyBlynJacobs, tobifjellner, westonruter, wpscholar, zieladam.
Fixes#40878.
Built from https://develop.svn.wordpress.org/trunk@52079
git-svn-id: http://core.svn.wordpress.org/trunk@51671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While a taxonomy can define a custom route by using the rest_base argument, a namespace of wp/v2 was assumed. This commit introduces support for a rest_namespace argument.
A new rest_get_route_for_taxonomy_items function has been introduced and the rest_get_route_for_term function updated to facilitate getting the correct route for taxonomies.
For maximum compatibility sticking with the default wp/v2 namespace is recommended until the API functions see wider use.
Props spacedmonkey.
Fixes#54267.
See [51962].
Built from https://develop.svn.wordpress.org/trunk@51964
git-svn-id: http://core.svn.wordpress.org/trunk@51553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument.
A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.
While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.
Props spacedmonkey, swissspidy.
Fixes#53656.
Built from https://develop.svn.wordpress.org/trunk@51962
git-svn-id: http://core.svn.wordpress.org/trunk@51551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In each child and grandchild class, renames the first parameter to match the parent's method signature.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
- In methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
Follow-up to [38832], [39011], [39015], [39021], [39024], [39025], [39031], [39036], [43519], [43735], [43739], [43768], [46821], [48173], [48242], [49088], [50995], [51003], [51021].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51786
git-svn-id: http://core.svn.wordpress.org/trunk@51393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, a post most contain any of the requested terms to be included in the response. This commit adds a new `operator` property that can be set to `AND` to require a post to contain all of the requested terms.
For example, `/wp/v2/posts?tags[terms]=1,2,3&tags[operator]=AND` will return posts that have tags with the ids of 1, 2, and 3.
Props dlh, earnjam, Clorith, jnylen0, sebbb.
Fixes#41287.
Built from https://develop.svn.wordpress.org/trunk@51026
git-svn-id: http://core.svn.wordpress.org/trunk@50635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow authenticated users to read the contents of password protected posts if they have the `edit_post` meta capability for the post.
Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/trunk@50717
git-svn-id: http://core.svn.wordpress.org/trunk@50326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For example the `categories` or `categories_exclude` parameters can now optionally accept an object with a `terms` property that accepts the list of term ids and a new `include_children` property which controls the Tax Query `include_children` field.
Props jason_the_adams, jnylen0, birgire, dlh.
Fixes#39494.
Built from https://develop.svn.wordpress.org/trunk@50157
git-svn-id: http://core.svn.wordpress.org/trunk@49836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.
This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.
Props Collizo4sky, peterwilsoncc, hellofromTonya, TimothyBlynJacobs, SergeyBiryukov
Fixes#45114
Built from https://develop.svn.wordpress.org/trunk@49731
git-svn-id: http://core.svn.wordpress.org/trunk@49454 1a063a9b-81f0-0310-95a4-ce76da25c4cd