Every block has a different set of attributes. These attributes are specified as a JSON Schema object. Previously, every block registered its own block renderer route using its attributes for the schema. This allowed for the attributes to be validated using the built in endpoint validation rules. It had the unfortunate side effect, however, of creating a large number of nearly identical REST API routes, one for each dynamic block. Each registered route has a performance impact. As the number of server side blocks goes up, this becomes more and more of an issue.
Now, we register a single block renderer route and dynamically validate the attributes based on the selected block.
Fixes#48079.
Props gziolo, TimothyBlynJacobs.
Built from https://develop.svn.wordpress.org/trunk@48069
git-svn-id: http://core.svn.wordpress.org/trunk@47836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the REST API would end up deleting each row of metadata and recreating it unnecessarily. This was caused by a type mismatch where the metadata API would always return a string value, and the REST API operated on a typed value.
The REST API now applies the same sanitization and type casting for "multiple" meta keys and "single" meta keys.
Fixes#49339.
Props renathoc.
Built from https://develop.svn.wordpress.org/trunk@47943
git-svn-id: http://core.svn.wordpress.org/trunk@47716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$HTTP_RAW_POST_DATA` global was deprecated in PHP 5.6 and removed completely in PHP 7.0. In general, `php://input` should be used instead of `$HTTP_RAW_POST_DATA`.
Because WordPress Core still supports PHP 5.6, some plugins or sites may still rely on this variable being present and populated with the expected data. For that reason, occurrences of the variable will remain with updated inline documentation until support for PHP 5.6 is officially dropped in WordPress.
Props skoskie, jrf, desrosj, TimothyBlynJacobs.
See #49922.
Fixes#49810.
Built from https://develop.svn.wordpress.org/trunk@47926
git-svn-id: http://core.svn.wordpress.org/trunk@47700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add new var $valid_schema_properties to match rest_validate_value_from_schema()
* Unit test to ensure all valid properties exists, and non-valid properties are ignored
Fixes: #50301.
Props: pentatonicfunk, TimothyBlynJacobs.
Built from https://develop.svn.wordpress.org/trunk@47911
git-svn-id: http://core.svn.wordpress.org/trunk@47685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the first step to bring support for custom comment types into WordPress.
Add a scheduled upgrade routine to update the type value for existing comments, in batches of 100 at a time.
Props imath, aaroncampbell, jeremyfelt, dshanske.
Fixes#49236.
Built from https://develop.svn.wordpress.org/trunk@47597
git-svn-id: http://core.svn.wordpress.org/trunk@47372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A request has multiple parameter types, including "query" and "json." Updating a parameter could previously modify a key's value in the wrong parameter type, leading to confusing and self-contradictory response objects.
Props mnelson4, TimothyBlynJacobs, vagios, jnylen0.
Fixes#40838.
Built from https://develop.svn.wordpress.org/trunk@47559
git-svn-id: http://core.svn.wordpress.org/trunk@47334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.
Props sorenbronsted, yohannp, TimothyBlynJacobs.
Fixes#49645.
Built from https://develop.svn.wordpress.org/trunk@47547
git-svn-id: http://core.svn.wordpress.org/trunk@47322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a missing DocBlock for `::register_routes()` and parameter descriptions for `::post_process_item()`.
Includes minor documenation fixes in other REST API classes for consistency.
Props dkarfa, mukesh27, SergeyBiryukov.
Fixes#48841.
Built from https://develop.svn.wordpress.org/trunk@47391
git-svn-id: http://core.svn.wordpress.org/trunk@47178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Check a more exhaustive list of post type editing caps beyond "edit_post" to ensure custom user roles with access to to specific post types may still use block editor functionality depending on theme features.
Props miyauchi, TimothyBlynJacobs.
Fixes#46723.
Built from https://develop.svn.wordpress.org/trunk@47361
git-svn-id: http://core.svn.wordpress.org/trunk@47148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Several filters were introduced to the render_block method since the initial implementation of the block-renderer/ endpoints, causing the output of those endpoints to diverge from the rendered content of blocks on the frontend.
Props kadamwhite, TimothyBlynJacobs, miinasikk.
Fixes#49387.
Built from https://develop.svn.wordpress.org/trunk@47360
git-svn-id: http://core.svn.wordpress.org/trunk@47147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following [47260] a namespace such as "test-ns" prevents any namespace such as "test-ns/v1" from being found when matching routes.
While not best practice, this was an unintentional back-compat break; this patch restores the original behavior.
Props david.binda, TimothyBlynJacobs.
Fixes#48530.
Built from https://develop.svn.wordpress.org/trunk@47351
git-svn-id: http://core.svn.wordpress.org/trunk@47138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
All schema types, not just objects, are permitted as the base type of a resource. A future patch could add validation support for those types, but this fix only prevents a PHP warning from being issued.
Props dhavalkasvala, johnwatkins0, birgire.
Fixes#48785.
Built from https://develop.svn.wordpress.org/trunk@47328
git-svn-id: http://core.svn.wordpress.org/trunk@47122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Although the file is already included via the `::insert_attachment()` method, this addresses an inconsistency and corrects a misleading comment.
It also reduces the possibility of a future error in case `::insert_attachment()` is no longer called earlier in `::create_item()` at some point.
Follow-up to [43850] and [44206].
Props luisrivera.
Fixes#49449.
Built from https://develop.svn.wordpress.org/trunk@47296
git-svn-id: http://core.svn.wordpress.org/trunk@47096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
register_rest_field can be used to add properties to a schema, but no mechanism existed to alter existing properties like "content".
Running the schema through this filter lets plugins append additional sub-properties to existing schema definitions.
Props luisherranz, TimothyBlynJacobs, swissspidy, westonruter, kadamwhite.
Fixes#47779.
Built from https://develop.svn.wordpress.org/trunk@47265
git-svn-id: http://core.svn.wordpress.org/trunk@47065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Fully list which first-party core theme features are supported in the /themes endpoint response. This brings the REST API themes controller's response more in line with the output of get_theme_support().
Props adamboro, apieschel, koke, spacedmonkey, TimothyBlynJacobs.
See #49037.
Built from https://develop.svn.wordpress.org/trunk@47258
git-svn-id: http://core.svn.wordpress.org/trunk@47058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the REST API did not account for server configurations where the Authorization header must be added using ModRewrite. This caused major DUX issues when trying to use custom authentication mechanisms.
Fixes#47077.
Props dshanske, cklosows.
Built from https://develop.svn.wordpress.org/trunk@47239
git-svn-id: http://core.svn.wordpress.org/trunk@47039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously the _embed flag would embed all embeddable links in a response even if only a subset of the links were necessary. Now, a list of link relations can be passed in the _embed parameter to restrict the list of embedded objects.
Props rheinardkorf, adamsilverstein, jnylen0, cklosows, chrisvanpatten, TimothyBlynJacobs.
Fixes#39696.
Built from https://develop.svn.wordpress.org/trunk@47224
git-svn-id: http://core.svn.wordpress.org/trunk@47024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Store each generated embedded object in a temporary cache when querying for linked resources so that repeated links to the same resource do not trigger repeated queries or processing.
Props TimothyBlynJacobs.
Fixes#48838.
Built from https://develop.svn.wordpress.org/trunk@47138
git-svn-id: http://core.svn.wordpress.org/trunk@46938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Only query post types with `'show_in_rest' => true` instead of looping over all post types and checking the `show_in_rest` property separately.
* Return from the `foreach()` loop as soon as the permission check succeeded.
Props pbiron, TimothyBlynJacobs, SergeyBiryukov.
Fixes#49118.
Built from https://develop.svn.wordpress.org/trunk@47034
git-svn-id: http://core.svn.wordpress.org/trunk@46834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Slashing non-string data caused PUT requests containing unmodified meta arrays of integers to fail the check against the existing stored meta value, causing a 500 when posting an unmodified response body back to the server.
Props TimothyBlynJacobs, augustuswm.
Fixes#48264.
Built from https://develop.svn.wordpress.org/trunk@46454
git-svn-id: http://core.svn.wordpress.org/trunk@46252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ensures that the ::get_rest_controller() method will always return an instanceof the expected controller class, or null.
Removes unused private static property $post_type_controllers.
Props dlh, TimothyBlynJacobs.
Fixes#45677.
Built from https://develop.svn.wordpress.org/trunk@46435
git-svn-id: http://core.svn.wordpress.org/trunk@46233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
1. `POST /wp/v2/media`.
2. If the upload failed (HTTP 500 error), look for a response header with `X-WP-Upload-Attachment-ID` header that contains the newly created attachment ID.
3. `POST /wp/v2/media/{id}/post-process` with `{ "action": "create-image-subsizes" }`. This request may still fail, but it will save its progress.
4. On continued failure, `DELETE /wp/v2/media/{id}` to give up on the upload and instruct the user to resize their image before uploading.
Props TimothyBlynJacobs.
Fixes#47987.
Built from https://develop.svn.wordpress.org/trunk@46422
git-svn-id: http://core.svn.wordpress.org/trunk@46220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Cache REST controller references on their associated post type object to prevent unnecessary controller re-instantiation, which previously caused "rest_prepare_{$post_type}" and "rest_{$post_type}_query" to run twice per request.
Props TimothyBlynJacobs, patrelentlesstechnologycom.
Fixes#45677.
Built from https://develop.svn.wordpress.org/trunk@46272
git-svn-id: http://core.svn.wordpress.org/trunk@46084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Expose a date_floating property on all status objects to permit clients (including the block editor) to make correct decisions about date handling for posts of varying status.
Props mnelson4, earnjam, kadamwhite, jnylen0, nerrad, pento.
See #39953.
Built from https://develop.svn.wordpress.org/trunk@46252
git-svn-id: http://core.svn.wordpress.org/trunk@46064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The PHP native JSON extension has been bundled and compiled with PHP by default since version 5.2.0. Because the minimum version of PHP required by WordPress is now 5.6.20 (see #46594 and [45058]), JSON extension related polyfills and backwards compatibility code can now be removed.
This change removes code that supported JSON related functionality on older versions of PHP. This includes (but is not limited to) checks that `json_last_error()` exists, checking and setting the `JSON_UNESCAPED_SLASHES` and `JSON_PRETTY_PRINT` constants if not previously defined, and deprecating the `_wp_json_prepare_data()` function (which was 100% workaround code).
Follow up of [46205].
See #47699.
Props jrf, Clorith, pento.
Built from https://develop.svn.wordpress.org/trunk@46206
git-svn-id: http://core.svn.wordpress.org/trunk@46018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Enable clients to opt-in to receipt of one or more specific sub-properties within a response, and not other sub-properties.
Skip potentially expensive filtering and processing for post resources which were explicitly not requested.
Props kadamwhite, TimothyBlynJacobs, dlh.
Fixes#42094.
Built from https://develop.svn.wordpress.org/trunk@46184
git-svn-id: http://core.svn.wordpress.org/trunk@45996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version.
For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes.
Props ayeshrajans, jrf, jorbin.
See #47783.
Fixes#18322.
Built from https://develop.svn.wordpress.org/trunk@46105
git-svn-id: http://core.svn.wordpress.org/trunk@45917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Hook documentation should be on the line directly above the line containing the `do_action()` or `apply_filters()` call. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of duplicate hook references.
Includes minor code layout fixes.
See #47110.
Built from https://develop.svn.wordpress.org/trunk@46088
git-svn-id: http://core.svn.wordpress.org/trunk@45900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.
Includes minor code layout fixes.
Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!
Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes#44360.
Built from https://develop.svn.wordpress.org/trunk@45926
git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents a non-sequential post type array such as [ 0 => 'post', 2 => 'page' ] from being improperly converted to an object in the taxonomy endpoint's response JSON.
Props TimothyBlynJacobs, birgire, spectacula.
Fixes#42209.
Built from https://develop.svn.wordpress.org/trunk@45813
git-svn-id: http://core.svn.wordpress.org/trunk@45624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allowing the client to delete revisions breaks the "audit trail" functionality. This is not allowed in WordPress and shouldn't be allowed through the API.
While not recommended, a plugin may opt-in to the previous behavior by setting a custom 'delete_post' capability for the revisions post type.
Props dlh, danielbachhuber, TimothyBlynJacobs, azaozz, kadamwhite.
Fixes#43709.
Built from https://develop.svn.wordpress.org/trunk@45812
git-svn-id: http://core.svn.wordpress.org/trunk@45623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Caches the output of get_item_schema() to avoid redundant recomputation of translatable strings and other computed values. This method is called many times per item in each REST request, and the results of the method should not vary between calls.
Additional schema fields are not cached.
Props kadamwhite, joehoyle, TimothyBlynJacobs.
Fixes#47871.
Built from https://develop.svn.wordpress.org/trunk@45811
git-svn-id: http://core.svn.wordpress.org/trunk@45622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Status code 204 should indicate no response body is sent. Previously, a "null" string was sent, which MacOS Safari would try to parse as JSON and thereby fail to complete the request.
Props TimothyBlynJacobs, andizer, matthias.thiel.
Fixes#43691.
Built from https://develop.svn.wordpress.org/trunk@45809
git-svn-id: http://core.svn.wordpress.org/trunk@45620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Extends meta registration to support complex schema values, mirroring the functionality in the settings controller.
Error when trying to modify a meta key containing schema-nonconformant data.
Props @TimothyBlynJacobs, @birgire, @mnelson4, @flixos90.
Fixes#43392.
Built from https://develop.svn.wordpress.org/trunk@45807
git-svn-id: http://core.svn.wordpress.org/trunk@45618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In `WP_REST_Controller::get_fields_for_response()`, exclude fields which are not registered to appear in the request's context.
In conjunction with r45705 this prevents the unnecessary computation of the sample permalink when making a request that is not context=edit.
Props dlh.
Fixes#45605.
Built from https://develop.svn.wordpress.org/trunk@45706
git-svn-id: http://core.svn.wordpress.org/trunk@45517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The sample permalink will now only be generated if the derivative `permalink_template` or `generated_slug` fields are to be included in the response, preventing an unnecessary database request for each post (via `wp_unique_post_slug()`) when those fields are not requested.
Props dlh.
See #45605.
Built from https://develop.svn.wordpress.org/trunk@45705
git-svn-id: http://core.svn.wordpress.org/trunk@45516 1a063a9b-81f0-0310-95a4-ce76da25c4cd