Commit Graph

25 Commits

Author SHA1 Message Date
Joe Hoyle 5c90d9ed8e REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.

Built from https://develop.svn.wordpress.org/trunk@39222


git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:36:33 +00:00
Ryan McCue d6a5c68516 REST API: Require 6 characters for comment email addresses.
The regular comments API requires 6 characters rather than 3, so we need to match this.

Props mangeshp, dd32.
Fixes #38506.

Built from https://develop.svn.wordpress.org/trunk@39158


git-svn-id: http://core.svn.wordpress.org/trunk@39098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 06:42:32 +00:00
Joe Hoyle 6ee8f33660 REST API: Sanitize arrays being sent as CSVs.
In #38586 the ability to parse arrays as csv was introduced, however it didn't add any support for validating csv arrays. This adds such sanitization, and also a good amount of unit tests for all sanitization baed off schema.

See #38586.

Built from https://develop.svn.wordpress.org/trunk@39061


git-svn-id: http://core.svn.wordpress.org/trunk@39003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 17:08:31 +00:00
Gary Pendergast 54b378e411 REST API: Allow parameters defined as `array` to be sent as CSVs.
This allows parameters that are often handled as CSVs to be properly parsed.

Fixes #38586.


Built from https://develop.svn.wordpress.org/trunk@39048


git-svn-id: http://core.svn.wordpress.org/trunk@38990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 05:45:32 +00:00
Gary Pendergast 6c1e98d1fb REST API: Add support for arrays in schema validation and sanitization.
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.

This can easily be extended to support new data types, such as CSV fields or objects.

Props joehoyle, rachelbaker, pento.
Fixes #38531.


Built from https://develop.svn.wordpress.org/trunk@39046


git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 01:48:41 +00:00
Gary Pendergast 69539eb2a7 REST API: Add `PATCH` to CORS allowed methods.
Editable resources in the REST API accept the `PATCH` method, but the CORS headers don't mention it.

Props jnylen0.
Fixes #38546.


Built from https://develop.svn.wordpress.org/trunk@39042


git-svn-id: http://core.svn.wordpress.org/trunk@38984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 00:19:30 +00:00
Drew Jaynes 0181e937c5 Docs: Add a slightly less ambiguous list of return types for `rest_ensure_response()`.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39037


git-svn-id: http://core.svn.wordpress.org/trunk@38979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:53:29 +00:00
Rachel Baker e4a7c0a397 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832


git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 02:55:32 +00:00
Aaron Jorbin 969e4255a9 REST API: Include `Vary: Origin` in cors headers
`vary: origin` is a W3 CORS implementation recommendation( https://www.w3.org/TR/cors/#resource-implementation ). It's used by default in frameworks such as hapi and Laravel-cors. Overall, it helps sites siting behind a cache such as varnish.

Fixes #38060.
Props procodewp, pdufour for research.


Built from https://develop.svn.wordpress.org/trunk@38806


git-svn-id: http://core.svn.wordpress.org/trunk@38749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-17 16:11:30 +00:00
Rachel Baker a6f0fb6d2a REST API: Support sites with index-style permalinks in `get_rest_url()`.
Support the index-style permalinks (http://example.com/index.php/postName) when registering the REST API rewrite rules and within the `get_rest_url()` function. This allows sites that do not have mod_rewrite support to have almost pretty urls and have access to their REST API endpoints.

Props kraftbj.
Fixes #38182.
Built from https://develop.svn.wordpress.org/trunk@38790


git-svn-id: http://core.svn.wordpress.org/trunk@38733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-14 19:30:29 +00:00
Scott Taylor 778d794e4f REST API: remove unnecessary variable assignments in `rest_handle_options_request()`.
See #37771.

Built from https://develop.svn.wordpress.org/trunk@38310


git-svn-id: http://core.svn.wordpress.org/trunk@38251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-22 20:56:28 +00:00
Rachel Baker 41369b1ced REST API: Include a refreshed nonce in a `X-WP-Nonce` header when responding to an authenticated request.
Props adamsilverstein, welcher, markjaquith, aidvu.
Fixes #35662.



Built from https://develop.svn.wordpress.org/trunk@37905


git-svn-id: http://core.svn.wordpress.org/trunk@37846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 03:02:07 +00:00
Drew Jaynes 9193013158 Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.

Built from https://develop.svn.wordpress.org/trunk@37544


git-svn-id: http://core.svn.wordpress.org/trunk@37512 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:02:28 +00:00
Drew Jaynes 9cb5247392 Docs: Standardize filter docs in remaining wp-includes/* files to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37518


git-svn-id: http://core.svn.wordpress.org/trunk@37486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:50:28 +00:00
Drew Jaynes 9c52d28c37 Docs: Improve syntax in the DocBlock for `rest_get_server()`, introduced in [36529].
See #35329. See #35986.

Built from https://develop.svn.wordpress.org/trunk@36947


git-svn-id: http://core.svn.wordpress.org/trunk@36915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-10 18:49:26 +00:00
Joe Hoyle 09024dae88 OPTIONS requests to REST API should return Allow header.
An OPTIONS request was incorrectly returning an "Accept" header which
was a typo of "Allow". This meant Accept was showing "GET, POST" for example,
however it was also not running the permission checks on the endpoints.

Instead, the correct route needs to be set on the request object, which means
the normal handling for the Allow header will kick in. This technically
breaks backwards compatibility, however given the value of Accept was also wrong
then this should not be an issue.

Fixes #35975.

Built from https://develop.svn.wordpress.org/trunk@36829


git-svn-id: http://core.svn.wordpress.org/trunk@36796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-03 09:55:26 +00:00
Ryan McCue 796f0c844c REST API: Add helper function to get server instance.
This allows using rest_do_request() outside of the API itself easily.

Props danielbachhuber, swissspidy.

Built from https://develop.svn.wordpress.org/trunk@36529


git-svn-id: http://core.svn.wordpress.org/trunk@36496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 01:12:26 +00:00
Sergey Biryukov d9d21cf3ff Docs: Correct `@return` type for `rest_parse_date()`.
Props TimothyBlynJacobs.
Fixes #35224.
Built from https://develop.svn.wordpress.org/trunk@36086


git-svn-id: http://core.svn.wordpress.org/trunk@36051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-25 20:41:26 +00:00
Rachel Baker 17061829e4 Docs: Better param descriptions and fix incorrect param name within REST API deprecated functions
`rest_handle_deprecated_function`: you get better parameter descriptions.
`rest_handle_deprecated_argument`: you get a corrected parameter name ($replacement->$message), appropriate i18n translation hints, and better parameter descriptions.

Props ocean90.
Fixes #34908


Built from https://develop.svn.wordpress.org/trunk@35845


git-svn-id: http://core.svn.wordpress.org/trunk@35809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-09 21:26:29 +00:00
Rachel Baker 55bb9a8c01 REST API: Make strings translatable in `register_rest_route`.
Adds i18n to the `doing_it_wrong()` messages for invalid parameters within `register_rest_route()`.

Props Latz,danielbachhuber.
Fixes #34902


Built from https://develop.svn.wordpress.org/trunk@35822


git-svn-id: http://core.svn.wordpress.org/trunk@35786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-07 22:40:27 +00:00
Andrew Nacin 1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Scott Taylor dae5923c1d After [34953], unbreak WordPress.
See [34930], #33982.

Built from https://develop.svn.wordpress.org/trunk@34954


git-svn-id: http://core.svn.wordpress.org/trunk@34919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 19:29:25 +00:00
Ryan McCue a998ea45e2 REST API: Add missing reference to WP_HTTP_Response
See #33982

Built from https://develop.svn.wordpress.org/trunk@34930


git-svn-id: http://core.svn.wordpress.org/trunk@34895 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:40:24 +00:00
Ryan McCue a70d18a10d REST API: Unbreak everything.
Obviously, it wouldn't have been a good commit unless I botched it.

See #33982.

Built from https://develop.svn.wordpress.org/trunk@34929


git-svn-id: http://core.svn.wordpress.org/trunk@34894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:34:24 +00:00
Ryan McCue 94e2352956 REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.

Thanks to everyone who helped along the way:

Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.

Fixes #33982.

Built from https://develop.svn.wordpress.org/trunk@34928


git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:31:25 +00:00