Commit Graph

15 Commits

Author SHA1 Message Date
whyisjake 51d665a4a5 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@46496


git-svn-id: http://core.svn.wordpress.org/branches/4.6@46293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 19:02:25 +00:00
Rachel Baker 41369b1ced REST API: Include a refreshed nonce in a `X-WP-Nonce` header when responding to an authenticated request.
Props adamsilverstein, welcher, markjaquith, aidvu.
Fixes #35662.



Built from https://develop.svn.wordpress.org/trunk@37905


git-svn-id: http://core.svn.wordpress.org/trunk@37846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 03:02:07 +00:00
Drew Jaynes 9193013158 Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.

Built from https://develop.svn.wordpress.org/trunk@37544


git-svn-id: http://core.svn.wordpress.org/trunk@37512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:02:28 +00:00
Drew Jaynes 9cb5247392 Docs: Standardize filter docs in remaining wp-includes/* files to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37518


git-svn-id: http://core.svn.wordpress.org/trunk@37486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:50:28 +00:00
Drew Jaynes 9c52d28c37 Docs: Improve syntax in the DocBlock for `rest_get_server()`, introduced in [36529].
See #35329. See #35986.

Built from https://develop.svn.wordpress.org/trunk@36947


git-svn-id: http://core.svn.wordpress.org/trunk@36915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-10 18:49:26 +00:00
Joe Hoyle 09024dae88 OPTIONS requests to REST API should return Allow header.
An OPTIONS request was incorrectly returning an "Accept" header which
was a typo of "Allow". This meant Accept was showing "GET, POST" for example,
however it was also not running the permission checks on the endpoints.

Instead, the correct route needs to be set on the request object, which means
the normal handling for the Allow header will kick in. This technically
breaks backwards compatibility, however given the value of Accept was also wrong
then this should not be an issue.

Fixes #35975.

Built from https://develop.svn.wordpress.org/trunk@36829


git-svn-id: http://core.svn.wordpress.org/trunk@36796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-03 09:55:26 +00:00
Ryan McCue 796f0c844c REST API: Add helper function to get server instance.
This allows using rest_do_request() outside of the API itself easily.

Props danielbachhuber, swissspidy.

Built from https://develop.svn.wordpress.org/trunk@36529


git-svn-id: http://core.svn.wordpress.org/trunk@36496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 01:12:26 +00:00
Sergey Biryukov d9d21cf3ff Docs: Correct `@return` type for `rest_parse_date()`.
Props TimothyBlynJacobs.
Fixes #35224.
Built from https://develop.svn.wordpress.org/trunk@36086


git-svn-id: http://core.svn.wordpress.org/trunk@36051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-25 20:41:26 +00:00
Rachel Baker 17061829e4 Docs: Better param descriptions and fix incorrect param name within REST API deprecated functions
`rest_handle_deprecated_function`: you get better parameter descriptions.
`rest_handle_deprecated_argument`: you get a corrected parameter name ($replacement->$message), appropriate i18n translation hints, and better parameter descriptions.

Props ocean90.
Fixes #34908


Built from https://develop.svn.wordpress.org/trunk@35845


git-svn-id: http://core.svn.wordpress.org/trunk@35809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-09 21:26:29 +00:00
Rachel Baker 55bb9a8c01 REST API: Make strings translatable in `register_rest_route`.
Adds i18n to the `doing_it_wrong()` messages for invalid parameters within `register_rest_route()`.

Props Latz,danielbachhuber.
Fixes #34902


Built from https://develop.svn.wordpress.org/trunk@35822


git-svn-id: http://core.svn.wordpress.org/trunk@35786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 22:40:27 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Scott Taylor dae5923c1d After [34953], unbreak WordPress.
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34954


git-svn-id: http://core.svn.wordpress.org/trunk@34919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 19:29:25 +00:00
Ryan McCue a998ea45e2 REST API: Add missing reference to WP_HTTP_Response
See #33982

Built from https://develop.svn.wordpress.org/trunk@34930


git-svn-id: http://core.svn.wordpress.org/trunk@34895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:40:24 +00:00
Ryan McCue a70d18a10d REST API: Unbreak everything.
Obviously, it wouldn't have been a good commit unless I botched it.

See #33982.

Built from https://develop.svn.wordpress.org/trunk@34929


git-svn-id: http://core.svn.wordpress.org/trunk@34894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:34:24 +00:00
Ryan McCue 94e2352956 REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.

Thanks to everyone who helped along the way:

Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.

Fixes #33982.

Built from https://develop.svn.wordpress.org/trunk@34928


git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:31:25 +00:00