Add a REST API to export site templates and template part as html files. When the REST API is requested, it responds by downloading a single ZIP file and exits early, without completing full request. To create the exported zip, the ZipArchive class is required. If this class is not present then the export will gracefully fail, returning a `WP_Error` object and 500 status error code.
Props spacedmonkey, youknowriad, Mamaduka, walbo, peterwilsoncc.
Fixes#54448 .
Built from https://develop.svn.wordpress.org/trunk@52286
git-svn-id: http://core.svn.wordpress.org/trunk@51878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the new menu items, global items and template controllers manually call the function `wp_after_insert_post()` to manually fire the action of the same name after all potential data is updated.
This accounts for the use case in which a theme or plugin developer has modified the endpoints use of either taxonomy or meta data.
The new parameter `$fire_after_hooks` is added to `wp_update_nav_menu_item()` to control whether the `wp_after_insert_post` action is fired when it in turn calls `wp_insert_post()`.
Props spacedmonkey, peterwilsoncc, zieladam.
Fixes#54536.
Built from https://develop.svn.wordpress.org/trunk@52276
git-svn-id: http://core.svn.wordpress.org/trunk@51868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update packages to include these bug fixes from Gutenberg:
- Update Pattern block category and add documentation
- Fix non existent menu handling in nav block
- Make Reusable blocks available in the Site Editor
- Add caching to WP_Theme_JSON_Resolver_Gutenberg::get_user_data_from_custom_post_type()
- theme.json: add appearanceTools flag to opt-in into appearance UI controls
- Update the block theme folders to templates and parts
- Remove reference to gutenberg_, swap with wp_
- Use table layout in templates list screen
- Update featured image placeholder graphic.
- [Inserter]: Adjust order of theme blocks and reorder inserter items
- Implement suitable fallback for Nav block on front end of site when no menu selected
- Toggle Group Control: add tooltip
- Use first non-empty Nav post as primary fallback for Nav block
- Change .nvmrc and documentation for Node.js version (LTS to 14.18.1)
- Update: Migrate global styles user database data on the rest endpoint
- Update global styles public API
- Update: Rename user preset origin to custom
- Try always generating navigation post title
- Show all templates and template parts on the site editor list screens
- Highlight "Site" in the navigation panel
- Fix template part slug generation when creating through the block placeholder
- [Block Library - Post Title]: Fix render error when setting Page to homepage
- Add 'Clear customizations' button to template list page
- Gallery v1: Allow clicks within replace media placeholder state
- Site Editor: Set the <title> on the list page to be same as the CPT name
- Gallery: Fix stuck image size options loader
- Cover: Fix undo trap
- Add success and error snackbars to the templates list page
- Fix: theme colors cannot override defaults
- Fix: Color palette is not being stored
- Add elements support to the typography panel in global styles
- Make links plural in global styles
- Add: Gradient palette editor
- Update some small style regressions in the template list
- Add: Transparency support on global styles colors
- Fix: apply by slug on all origins
- Render empty Nav block if no fallback block can be utilised
- Allow filtering of Nav block fallback
- Fix Nav block fallback DB query to match on full block grammar start tag
- Remove unstable max pages attribute from Nav block
- DateTimePicker: set PM hours correctly
- Update delete template button
- Site Editor: Template list add rename action
- Fix Nav block editing wrong entity on creation of new Menu
- [REST] Restore the missing double slash in the ID received by /templates
- Add icons to navigation sidebar items
- Update function names for the public global styles API functions
- Templates Controller: Add missing 'is_custom' prop
- Rename gutenberg_ to wp_ for some functions that land in WordPress 5.9
- [Block Library - Template Part]:Remove support for conversion to Reusable block
- Global Styles: Call "palettes" and not "color palettes" on panel label
- Add button text when no colors found
- Update: Global Styes: Count all color palette origins on the palette counter
- Rename navigationMenuId to ref
- Offset the parent iframe when computing Popover position
- Fix: Failing PHPUnit test
- Show theme, plugin or author in Added By column with appropriate icon or avatar
- Add origin and author to template rest api
See #54487.
Props talldanwp, mamaduka, oandregal.
Built from https://develop.svn.wordpress.org/trunk@52275
git-svn-id: http://core.svn.wordpress.org/trunk@51867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Navigation area were merged as part of full site editing and the new navigation block. This functionality is experimental and not currently used in WordPress core, so should be removed.
Props noisysocks, spacedmonkey, get_dave, zieladam.
Fixes#54506.
Built from https://develop.svn.wordpress.org/trunk@52272
git-svn-id: http://core.svn.wordpress.org/trunk@51864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The templates controller now respects the `_fields` parameter and filters the response accordingly. The schema has been updated to include all the fields returned. The `content.block_version` field has been added. The controller now returns WP_Error objects for improved error handling.
Add new unit tests.
Props TimothyBlynJacobs, hellofromtonya, zieladam.
Fixes#54422.
Built from https://develop.svn.wordpress.org/trunk@52186
git-svn-id: http://core.svn.wordpress.org/trunk@51778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The menu items REST API controller was added in [52079]. This included functionality to add a "block" menu item type. This functionality is experimental and not currently used in WordPress core, so should be removed.
Props noisysocks.
See #40878.
Built from https://develop.svn.wordpress.org/trunk@52184
git-svn-id: http://core.svn.wordpress.org/trunk@51776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update packages to include these bug fixes from Gutenberg:
- Navigation: Fix click-button size, submenu directions, scrollbars.
- Group - Fix overzealous regex when restoring inner containers
- Babel Preset: Update Babel packages to 7.16 version
- theme.json: adds a setting property that enables some other ones
- Polish metabox container.
- Fix submenu justification and spacer orientation.
- Fix Gutenberg 11.8.2 in WordPress trunk
- Strip meta tags from pasted links in Chromium
- Hide visilibility and status for navigation posts
- Navigation: Refactor and simplify setup state.
- Nav block menu switcher - decode HTML entities and utilise accessible markup pattern
- Rename fse_navigation_area to wp_navigation_area
- theme.json: adds a setting property that enables some other ones
- Revert "theme.json: adds a setting property that enables some other ones"
- Skip flaky image block test
- WordPress/gutenberg@3c935c4
- React to any errors coming up in gutenberg_migrate_menu_to_navigation_post
- Return wp error from wp_insert_post
- Fix not transforming logical assignments for packages
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52161
git-svn-id: http://core.svn.wordpress.org/trunk@51753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Update packages to include these bug fixes from Gutenberg:
- Force remount LinkControl when moving between links within same richtext block
- Site Editor: Change ToolsMoreMenuGroup slot-fill name
- Respect fields param for global styles REST API requests.
- Try ensuring the item after post content clears floats
- Fix submenus not opening on click
- Apply i18n functions to Nav block menu drops when selecting existing Menu
- Gallery: Make sure the mobile warning notice only runs when images are added to a new block
- Prepare navigation php code for core patch
- Address deprecation issues from Buttons flex layout PR.
- Block Library: Fix incorrect attributes definitions
- Fix Navigation accessibility issues
See #54337.
Built from https://develop.svn.wordpress.org/trunk@52103
git-svn-id: http://core.svn.wordpress.org/trunk@51695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit introduces the `/wp/v2/menus`, `/wp/v2/menu-items` and `/wp/v2/menu-locations` REST API endpoints. These endpoints are fully available to users with the `edit_theme_options` capability, but can be read by any user who can edit a REST API available post type.
The `nav_menu` taxonomy and `nav_menu_item` post type now map their capabilities to the `edit_theme_options` primitive capability. This allows developers to provide more fine-grained access control. However, if a developer is currently dynamically removing the `edit_theme_options` capability using `map_meta_cap`, they should use the `user_has_cap` filter instead.
The `wp_update_nav_menu_item()` function has been adjusted to return an error if saving the menu item post or assigning the menu item to a menu generate an error.
Lastly, a new menu item type is introduced, `block`, that can be used to store a Block as a menu item.
Props andraganescu, antonvlasenko, dingo_d, dlh, isabel_brison, kadamwhite, Mamaduka, NateWr, noisysocks, peterwilsoncc, ryelle, schlessera, soean, Spacedmonkey, talldanwp, TimothyBlynJacobs, tobifjellner, westonruter, wpscholar, zieladam.
Fixes#40878.
Built from https://develop.svn.wordpress.org/trunk@52079
git-svn-id: http://core.svn.wordpress.org/trunk@51671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
- First pass at adding the site editor from the Gutenberg plugin to
wp-admin/site-editor.php.
- Adds miscellaneous PHP changes from Gutenberg 10.1 - 11.9.
Follows [52042].
See #54337.
Props youknowriad, aristath, hellofromtonya, gziolo.
Built from https://develop.svn.wordpress.org/trunk@52069
git-svn-id: http://core.svn.wordpress.org/trunk@51661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, only users with the `edit_theme_options` capability can access the sidebars and widgets REST API endpoints. In this commit, A new `show_in_rest` parameter is added to the `register_sidebar` function. When enabled, all users will be able to access that sidebar and any widgets belonging to that sidebar.
This commit reduces the `context` for a widget's `instance` information to only `edit`. This is to ensure that internal widget data is not inadvertently exposed to the public. A future ticket may expose additional APIs to allow widget authors to indicate that their instance data can be safely exposed. REST API consumers intending to access this `instance` information should take care to explicitly set the `context` parameter to `edit`.
Props spacedmonkey, zieladam.
Fixes#53915.
Built from https://develop.svn.wordpress.org/trunk@52016
git-svn-id: http://core.svn.wordpress.org/trunk@51608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Improvements:
* Removes HTML tags from translatable strings. Uses `sprintf` with placeholder and translators comment.
* Spells out "OG" to "Open Graph" to help translators.
* Adds `@since` param to new filters.
* Improves comments for code standards and consistency.
* Improves readability by making multiple args multiline.
* Micro-optimizations to avoid unnecessary variable assignments.
Follow-up to [51973].
Props hellofromTonya, sergeybiryukov, swissspidy.
Fixes#54358.
Built from https://develop.svn.wordpress.org/trunk@52008
git-svn-id: http://core.svn.wordpress.org/trunk@51599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a new REST API endpoint (`/wp-block-editor/v1/url-details`) for retrieving information from an external URL.
Information retrieved:
* Title: content of the `<title>` element
* Icon: favicon image link
* Description: content of the `description` or `og:description` meta element
* Image: OG image link
This endpoint is used by the block editor for link previews.
Props get_dave, aduth, andraganescu, beaulebens, hellofromTonya, kevin940726, mamaduka, marekhrabe, mnelson4, noisysocks, obenland, ocean90, retrofox, shaunandrews, spacedmonkey, swissspidy, timothyblynjacobs, xknown, youknowriad.
Fixes#54358.
Built from https://develop.svn.wordpress.org/trunk@51973
git-svn-id: http://core.svn.wordpress.org/trunk@51562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use 3-digit, x.x.x-style semantic versioning for `@since` tags of the `$rest_namespace` property in `WP_Post_Type` and `WP_Taxonomy`.
Add a `@since` note to `WP_REST_Taxonomies_Controller::get_item_schema()` for the `visibility` and `rest_namespace` properties.
The `rest_base` property was also added after the method was initially introduced, but that happened during the same release cycle, so it doesn't need a separate `@since` note.
Follow-up to [38832], [39191], [42729], [51959], [51961], [51962], [51964].
See #53399.
Built from https://develop.svn.wordpress.org/trunk@51965
git-svn-id: http://core.svn.wordpress.org/trunk@51554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While a taxonomy can define a custom route by using the rest_base argument, a namespace of wp/v2 was assumed. This commit introduces support for a rest_namespace argument.
A new rest_get_route_for_taxonomy_items function has been introduced and the rest_get_route_for_term function updated to facilitate getting the correct route for taxonomies.
For maximum compatibility sticking with the default wp/v2 namespace is recommended until the API functions see wider use.
Props spacedmonkey.
Fixes#54267.
See [51962].
Built from https://develop.svn.wordpress.org/trunk@51964
git-svn-id: http://core.svn.wordpress.org/trunk@51553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While a custom post type can define a custom route by using the `rest_base` argument, a namespace of `wp/v2` was assumed. This commit introduces support for a `rest_namespace` argument.
A new `rest_get_route_for_post_type_items` function has been introduced and the `rest_get_route_for_post` function updated to facilitate getting the correct route for custom post types.
While the WordPress Core Block Editor bootstrap code has been updated to use these API functions, for maximum compatibility sticking with the default `wp/v2` namespace is recommended until the API functions see wider use.
Props spacedmonkey, swissspidy.
Fixes#53656.
Built from https://develop.svn.wordpress.org/trunk@51962
git-svn-id: http://core.svn.wordpress.org/trunk@51551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `taxonomies` and `rest_base` properties were also added after the method was initially introduced, but that happened during the same release cycle, so they don't need a separate `@since` note.
Follow-up to [38832], [39097], [39191], [39647], [51959].
See #53399.
Built from https://develop.svn.wordpress.org/trunk@51961
git-svn-id: http://core.svn.wordpress.org/trunk@51550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Similar to the existing `role`/`role__in`/`role__not_in` query arguments, this adds support for three new query arguments in `WP_User_Query`:
* `capability`
* `capability__in`
* `capability__not_in`
These can be used to fetch users with (or without) a specific set of capabilities, for example to get all users
with the capability to edit a certain post type.
Under the hood, this will check all existing roles on the site and perform a `LIKE` query against the `capabilities` user meta field to find:
* all users with a role that has this capability
* all users with the capability being assigned directly
Note: In WordPress, not all capabilities are stored in the database. Capabilities can also be modified using filters like `map_meta_cap`. These new query arguments do NOT work for such capabilities.
The prime use case for capability queries is to get all "authors", i.e. users with the capability to edit a certain post type.
Until now, `'who' => 'authors'` was used for this, which relies on user levels. However, user levels were deprecated a long time ago and thus never added to custom roles. This led to constant frustration due to users with custom roles missing from places like author dropdowns.
This updates any usage of `'who' => 'authors'` in core to use capability queries instead.
Subsequently, `'who' => 'authors'` queries are being **deprecated** in favor of these new query arguments.
Also adds a new `capabilities` parameter (mapping to `capability__in` in `WP_User_Query`) to the REST API users controller.
Also updates `twentyfourteen_list_authors()` in Twenty Fourteen to make use of this new functionality, adding a new `twentyfourteen_list_authors_query_args` filter to make it easier to override this behavior.
Props scribu, lgladdly, boonebgorges, spacedmonkey, peterwilsoncc, SergeyBiryukov, swissspidy.
Fixes#16841.
Built from https://develop.svn.wordpress.org/trunk@51943
git-svn-id: http://core.svn.wordpress.org/trunk@51532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While the new name is much better, it doesn't fully tell what will happen when invoked nor does it fully solve the root problems.
Why? The function is doing too much. And naming is hard.
Props azaozz, desrosj, andraganescu, zieladam, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51791
git-svn-id: http://core.svn.wordpress.org/trunk@51398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In each child and grandchild class, renames the first parameter to match the parent's method signature.
Why? PHP 8 introduces the ability to pass named arguments to function/method calls. This means the child and parent method signatures (i.e. parameter names) need to match.
Changes for readability:
- `@since` clearly specifies the original parameter name and its new name as well as why the change happened.
- In methods longer than a single line, the generic parameter is reassigned to the original parameter restoring it for context for use within the method. An inline comment is added to explain why this reassignment is made.
Follow-up to [38832], [39011], [39015], [39021], [39024], [39025], [39031], [39036], [43519], [43735], [43739], [43768], [46821], [48173], [48242], [49088], [50995], [51003], [51021].
Props jrf, hellofromTonya, sergeybiryukov, azaozz, desrosj, johnbillion.
See #51553.
Built from https://develop.svn.wordpress.org/trunk@51786
git-svn-id: http://core.svn.wordpress.org/trunk@51393 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The original name `retrieve_widgets()` was unclear as it suggested it was a getter, i.e. getting the widgets. This function does more than get: finds orphaned widgets, assigns them to the inactive sidebar, and updates the database.
The new name is `sync_registered_widgets()` which better represents what happens when this function is invoked.
The original `retrieve_widgets()` function is soft deprecated to avoid unnecessary code churn downstream for developers that support more than the latest version of WordPress.
Follow-up to [18630].
Props zieladam, timothyblynjacobs, andraganescu, hellofromTonya.
See #53811.
Built from https://develop.svn.wordpress.org/trunk@51705
git-svn-id: http://core.svn.wordpress.org/trunk@51311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes the "Deprecated: Return type of `WP_REST_Request::[METHODNAME]($offset)` should be compatible with `ArrayAccess::[METHODNAME](): type`" warnings on PHP 8.1.
PHP native interfaces now have declared return types and methods in classes implementing these interfaces need to either have the return type declared (in a covariant compatible manner with the PHP native interface method declaration), or need to silence the deprecation warning using the `#[ReturnTypeWillChange]` attribute.
Follow-up to [51517], [51529], [51530].
Props jrf.
See #53635.
Built from https://develop.svn.wordpress.org/trunk@51531
git-svn-id: http://core.svn.wordpress.org/trunk@51142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It aligns with the changes proposed added in Gutenberg: https://github.com/WordPress/gutenberg/pull/33293.
The idea here is to split the growing webpack config into two parts: blocks and packages.
We need to add handling for JavaScript files that are going to be used with blocks on the frontend. They didn't work quite well with the current setup for entry points created for packages.
As part of the effort, it adds support for `viewScript` in `block.json` metadata file that is later translated to `$view_script` in `WP_Block_Type` class and exposed as `view_script` from the REST API endpoint for block types.
Props youknowriad, desrosj, aristath.
Fixes#53690.
Built from https://develop.svn.wordpress.org/trunk@51501
git-svn-id: http://core.svn.wordpress.org/trunk@51112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes a bug where widgets are unintentionally moved to the `wp_inactive_widgets` sidebar when batch updates occur through the REST API.
When batch requests are processed, only `$_wp_sidebars_widgets is updated by previous calls to `WP_REST_Widgets_Controller::create_item()`. `$sidebars_widgets` is not aware of the new widget’s intended location, and `retrieve_widgets()` mistakenly flags the widget as inactive.
Calling `wp_get_sidebars_widgets()` before `retrieve_widgets()` ensures both global variables match and is intended as a temporary fix until the root cause of the problem can be fixed.
Props zieladam, htmgarcia, timothyblynjacobs.
Fixes#53657.
Built from https://develop.svn.wordpress.org/trunk@51432
git-svn-id: http://core.svn.wordpress.org/trunk@51043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This switches `WP_REST_Sidebars_Controller` to use `wp_sidebar_description()` for retrieving the `description` of a given sidebar instead of referencing the value in the `$wp_registered_sidebars` global variable directly.
`wp_sidebar_description()` uses `wp_kses()` to only allow the default list of `$allowed_tags` to be present in a sidebar’s `description`.
Props timothyblynjacobs, desrosj.
Fixes#53646.
Built from https://develop.svn.wordpress.org/trunk@51408
git-svn-id: http://core.svn.wordpress.org/trunk@51019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When a widget is removed from a sidebar, if it was removed from the middle of the list, the widgets property would become an object with numeric keys.
The sidebars controller now forces the widgets property to be a list.
Props walbo.
Fixes#53612.
Built from https://develop.svn.wordpress.org/trunk@51377
git-svn-id: http://core.svn.wordpress.org/trunk@50988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds the `$request` parameter to the `permissions_check()` methods within `WP_REST_Widgets_Controller` and adds `$request` as an allowed parameter to the `permissions_check()` method within `WP_REST_Templates_Controller`.
Even when this parameter is not used by default, it should be implemented to support the class being extended and the method overidden.
Props johnbillion, timothyblynjacobs.
Fixes#53593.
Built from https://develop.svn.wordpress.org/trunk@51349
git-svn-id: http://core.svn.wordpress.org/trunk@50958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Registered widgets that do not extend WP_Widget should appear in the
wp_inactive_widgets sidebar by default. Having the widgets REST API call
retrieve_widgets() before serving any request ensures that this will happen.
This is a similar fix to [51235].
Fixes#53534.
Props zieladam, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/trunk@51248
git-svn-id: http://core.svn.wordpress.org/trunk@50857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This fixes issues where sidebars would be unexpectedly missing from the new widgets screen. Running retrieve_widgets syncs sidebars that were registered after the last theme switch.
Props walbo, hellofromTonya, noisysocks.
Fixes#53489.
Built from https://develop.svn.wordpress.org/trunk@51235
git-svn-id: http://core.svn.wordpress.org/trunk@50844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The register_widget function can be called with a class name or a class
instance. Once called with a class instance, the class instance is converted to
hash as used key in array.
Props spacedmonkey, zieladam.
Built from https://develop.svn.wordpress.org/trunk@51216
git-svn-id: http://core.svn.wordpress.org/trunk@50825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The class has been heavily modified from the original source, so the copyright can be modified to simply reference the original author’s work. The carry forward of the copyright and original code is implied.
Follow up to [50993-50995,51007,51020,51029].
Props SergeyBiryukov, cbringmann, chanthaboune, desrosj.
Fixes#41683.
Built from https://develop.svn.wordpress.org/trunk@51210
git-svn-id: http://core.svn.wordpress.org/trunk@50819 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds new hooks (rest_save_sidebar, rest_delete_widget, rest_after_save_widget)
to the widgets REST API and uses them to delete the fresh_site option when
updating widgets via the REST API. This ensures that starter content isn't
loaded in the Customizer after a user makes changes.
Fixes#53317.
Props kevin940726, garrett-eclipse, andraganescu, hellofromtonya.
Built from https://develop.svn.wordpress.org/trunk@51068
git-svn-id: http://core.svn.wordpress.org/trunk@50677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, a post most contain any of the requested terms to be included in the response. This commit adds a new `operator` property that can be set to `AND` to require a post to contain all of the requested terms.
For example, `/wp/v2/posts?tags[terms]=1,2,3&tags[operator]=AND` will return posts that have tags with the ids of 1, 2, and 3.
Props dlh, earnjam, Clorith, jnylen0, sebbb.
Fixes#41287.
Built from https://develop.svn.wordpress.org/trunk@51026
git-svn-id: http://core.svn.wordpress.org/trunk@50635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add an endpoint for fetching block patterns from WordPress.org, and load the block patterns from this new API. Remove the block patterns that have already been moved to WordPress.org/patterns.
Props ryelle, iandunn, youknowriad, timothyblynjacobs.
Fixes#53246.
Built from https://develop.svn.wordpress.org/trunk@51021
git-svn-id: http://core.svn.wordpress.org/trunk@50630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add support for uploading, editing and saving WebP images when supported by the server.
Add 'image/webp' to supported mime types. Correctly identify WebP images and sizes even when PHP doesn't support WebP. Resize uploaded WebP files (when supported) and use for front end markup.
Props markoheijne, blobfolio, Clorith, joemcgill, atjn, desrosj, spacedmonkey, marylauc, mikeschroder, hellofromtonya, flixos90.
Fixes#35725.
Built from https://develop.svn.wordpress.org/trunk@50810
git-svn-id: http://core.svn.wordpress.org/trunk@50419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Allow authenticated users to read the contents of password protected posts if they have the `edit_post` meta capability for the post.
Props xknown, zieladam, peterwilsoncc, swissspidy, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/trunk@50717
git-svn-id: http://core.svn.wordpress.org/trunk@50326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a check to `WP_REST_Meta_Fields::delete_meta_value()` ensuring meta data is set before attempting to delete it from the database. If the data does not exist, the delete is considered successful as the data matches the desired state.
Props BrechtVds, goaroundagain, TimothyBlynJacobs.
Fixes#52787.
Built from https://develop.svn.wordpress.org/trunk@50567
git-svn-id: http://core.svn.wordpress.org/trunk@50180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
For example the `categories` or `categories_exclude` parameters can now optionally accept an object with a `terms` property that accepts the list of term ids and a new `include_children` property which controls the Tax Query `include_children` field.
Props jason_the_adams, jnylen0, birgire, dlh.
Fixes#39494.
Built from https://develop.svn.wordpress.org/trunk@50157
git-svn-id: http://core.svn.wordpress.org/trunk@49836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the first error message for each parameter was made available. Now, all error messages for a parameter are concatenated. Additionally, the detailed error for each parameter is made available in a new `details` section of the validation error. Each error is formatted following the standard REST API error formatting.
The `WP_REST_Server::error_to_response` method has been abstracted out into a standalone function `rest_convert_error_to_response` to allow for reuse by `WP_REST_Request`. The formatted errors now also contain an `additional_data` property which contains the additional error data provided by `WP_Error::get_all_error_data`.
Props dlh, xkon, TimothyBlynJacobs.
Fixes#46191.
Built from https://develop.svn.wordpress.org/trunk@50150
git-svn-id: http://core.svn.wordpress.org/trunk@49829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces new endpoints to allow for batch image editing using the REST API.
The new endpoints can take an array of modifiers that will be applied in the order they appear.
Props ajlende, TimothyBlynJacobs, hellofromTonya, Mista-Flo.
Fixes#52192.
Built from https://develop.svn.wordpress.org/trunk@50124
git-svn-id: http://core.svn.wordpress.org/trunk@49803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, all permission checks for using app passwords were implemented using `edit_user`. This commit introduces a series of more fine grained meta capabilities that should be used instead: `create_app_password`, `list_app_passwords`, `read_app_password`, `edit_app_password`, `delete_app_password` and `delete_app_passwords`. These capabilities all map to `edit_user` by default, but may now be customized by developers.
Props johnbillion, TimothyBlynJacobs.
Fixes#51703.
Built from https://develop.svn.wordpress.org/trunk@50114
git-svn-id: http://core.svn.wordpress.org/trunk@49793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Following up on [49904], this changeset focuses mainly on improving the guidance about the current state of HTTPS in Site Health.
* Correct the existing copy to indicate that both the Site Address and the WordPress Address need to be changed to fully switch to HTTPS.
* Link to the respective input fields via anchor links rather than to the overall General Settings screen.
* Show different copy if the site is using HTTPS for the WordPress Address (for example to have only the administration panel in HTTPS), but not for the Site Address.
* Inform the user about potential problems even when the site is already using HTTPS, for example if the SSL certificate was no longer valid.
* Always rely on fresh information for determining HTTPS support issues in Site Health, and therefore change the `https_status` test to become asynchronous.
* Rename the new private `wp_is_owned_html_output()` function to a more appropriate `wp_is_local_html_output()`.
Props adamsilverstein, flixos90, johnjamesjacoby, timothyblynjacobs.
See #47577.
Built from https://develop.svn.wordpress.org/trunk@50072
git-svn-id: http://core.svn.wordpress.org/trunk@49773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This introduces a new endpoint, `wp/v2/users/me/application-passwords/introspect`, that will return details about the App Password being used to authenticate the current request. This allows for an application to disambiguate between multiple installations of their application which would all share the same `app_id`.
Props xkon, peterwilsoncc, TimothyBlynJacobs.
Fixes#52275.
Built from https://develop.svn.wordpress.org/trunk@50065
git-svn-id: http://core.svn.wordpress.org/trunk@49766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Application names are now required to be unique and cannot contain solely whitespace characters. Additionally, invalid characters are now stripped from the application name using `sanitize_text_field()`.
Props Boniu91, hellofromTonya, engahmeds3ed, xkon, francina.
Fixes#51941.
Built from https://develop.svn.wordpress.org/trunk@50030
git-svn-id: http://core.svn.wordpress.org/trunk@49731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, only the active theme was made available. This commit allows for all themes to be queried if the user has the `switch_themes` or `manage_network_themes` capabilities.
This commit also no longer exposes the `page`, `per_page`, `search` and `context` query parameters since they are not supported by this controller.
Props spacedmonkey, lpawlik, TimothyBlynJacobs.
Fixes#50152.
Built from https://develop.svn.wordpress.org/trunk@49925
git-svn-id: http://core.svn.wordpress.org/trunk@49624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.
This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.
Props Collizo4sky, peterwilsoncc, hellofromTonya, TimothyBlynJacobs, SergeyBiryukov
Fixes#45114
Built from https://develop.svn.wordpress.org/trunk@49731
git-svn-id: http://core.svn.wordpress.org/trunk@49454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The REST API requests in Site Health and App Passwords now include `_locale=user` in the request URL to ensure the user's locale is used instead of the site locale. Additionally, the `apiRequest` library now sends a JSON `Accept` header which is required by `determine_locale()` to respect the `_locale` query parameter.
The Site Health REST API controllers now manually load the default admin textdomain if not `is_admin()`. This allows for the Site Health tests to be translated even though the translations are part of the administration project and the REST API is not.
Props oglekler, kebbet, Clorith, TimothyBlynJacobs, ocean90, SergeyBiryukov, adamsilverstein.
Fixes#51871.
Built from https://develop.svn.wordpress.org/trunk@49716
git-svn-id: http://core.svn.wordpress.org/trunk@49439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
Built from https://develop.svn.wordpress.org/trunk@49617
git-svn-id: http://core.svn.wordpress.org/trunk@49355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value.
This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.
Props Clorith, marybaum, TimothyBlynJacobs.
Fixes#51638.
Built from https://develop.svn.wordpress.org/trunk@49334
git-svn-id: http://core.svn.wordpress.org/trunk@49095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, we only supported `application/json` which prevented using subtypes like `application/activity+json`. This allows for the REST API to `json_decode` the body of requests using a JSON subtype `Content-Type`. Additionally, `wp_die()` now properly sends the error as JSON when a JSON subtype is specified in the `Accept` header.
Props pfefferle.
Fixes#49404.
Built from https://develop.svn.wordpress.org/trunk@49329
git-svn-id: http://core.svn.wordpress.org/trunk@49090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This switches to the new `rest_default_additional_properties_to_false()` function which doesn't have this issue and deprecates the `WP_REST_Meta_Fields::default_additional_properties_to_false()` method.
Props austin880625.
Fixes#51389.
Built from https://develop.svn.wordpress.org/trunk@49308
git-svn-id: http://core.svn.wordpress.org/trunk@49070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The REST API and XML-RPC now uses the same detection methodology for empty comment content as `wp_handle_comment_submission()`. Specifically, comments now have their content trimmed and '0' is allowed.
Props jaswrks, rmccue, dd32, rachelbaker, Cawa-93, aduth, TimothyBlynJacobs.
Fixes#43177.
Built from https://develop.svn.wordpress.org/trunk@49303
git-svn-id: http://core.svn.wordpress.org/trunk@49065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In particular, this allows for sending `status=inherit` to an attachment if it's current status is `inherit`. This status would be rejected because it is an "internal" post status which isn't exposed.
As a general rule, a developer should always be able to PUT back a GET response without error.
Props dfenton, pputzer, TimothyBlynJacobs.
Fixes#40399.
Built from https://develop.svn.wordpress.org/trunk@49302
git-svn-id: http://core.svn.wordpress.org/trunk@49064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The comments controller now uses the `rest_get_route_for_post` function introduced in WordPress 5.5 to generate the link. This function is filterable to allow for custom controllers to properly define their REST API route.
Props dsifford, TimothyBlynJacobs.
Fixes#44152.
Built from https://develop.svn.wordpress.org/trunk@49299
git-svn-id: http://core.svn.wordpress.org/trunk@49061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.
Props TimothyBlynJacobs, georgestephanis.
Fixes#51583.
Built from https://develop.svn.wordpress.org/trunk@49276
git-svn-id: http://core.svn.wordpress.org/trunk@49038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
A new route is introduced, `batch/v1`, that accepts a list of API requests to run. Each request runs in sequence, and the responses are returned in the order they've been received.
Optionally, the `require-all-validate` validation mode can be used to first validate each request's parameters and only proceed with processing if each request validates successfully.
By default, the batch size is limited to 25 requests. This can be controlled using the `rest_get_max_batch_size` filter. Clients are strongly encouraged to discover the maximum batch size supported by the server by making an OPTIONS request to the `batch/v1` endpoint and inspecting the described arguments.
Additionally, the two new methods, `match_request_to_handler` and `respond_to_request` introduced in [48947] now have a `protected` visibility as we don't want to expose the inner workings of the `WP_REST_Server::dispatch` API.
Batching is not currently supported for GET requests.
Fixes#50244.
Props andraganescu, zieladam, TimothyBlynJacobs.
Built from https://develop.svn.wordpress.org/trunk@49252
git-svn-id: http://core.svn.wordpress.org/trunk@49014 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The new block editor included in 5.6 introduces an api_version property
that indicates which block API version the block is using.
This commits makes this property available on the block type and the endpoint.
Props TimothyBlynJacobs, gziolo.
Fixes#51529.
Built from https://develop.svn.wordpress.org/trunk@49224
git-svn-id: http://core.svn.wordpress.org/trunk@48986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The reason for introducing `wp_slash_strings_only()` in [46454] was to keep non-string values untouched.
Later, `wp_slash()` itself was updated in [48433] to prevent changing non-string values.
To avoid confusion, `wp_slash_strings_only()` is now deprecated.
Props ayeshrajans, ocean90.
Fixes#50635.
Built from https://develop.svn.wordpress.org/trunk@49188
git-svn-id: http://core.svn.wordpress.org/trunk@48950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces the action `wp_after_insert_post` inside a wrapper function of the same name. This hook allows plugin developers to access a posts full data (including its terms and meta data) regardless of the workflow used to save it.
A new parameter is introduced to `wp_insert_post()` to indicate whether the hook should be fired within the function call or will be fired afterward.
Props aristath, Collizo4sky, danielbachhuber, joyously, kadamwhite, kraftbj, markparnell, mikeschroder, noisysocks, peterwilsoncc, SergeyBiryukov, talldanwp, thewebprincess, TimothyBlynJacobs.
Fixes#45114.
Built from https://develop.svn.wordpress.org/trunk@49172
git-svn-id: http://core.svn.wordpress.org/trunk@48934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.
Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.
The existing ajax actions have been maintained for backward compatibility.
Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes#48105.
Built from https://develop.svn.wordpress.org/trunk@49154
git-svn-id: http://core.svn.wordpress.org/trunk@48916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
Built from https://develop.svn.wordpress.org/trunk@49109
git-svn-id: http://core.svn.wordpress.org/trunk@48871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Previously, the search controller infrastructure required that the id property was an integer. This prevents data models that use a string id from utilizing the search infrastructure.
This commit lifts the restraint that search handlers return integer ids. This will allow for the Post Formats search handler coming in 5.6 to use slugs instead of creating fake ids.
Props stoyangeorgiev.
Fixes#51131.
Built from https://develop.svn.wordpress.org/trunk@49088
git-svn-id: http://core.svn.wordpress.org/trunk@48850 1a063a9b-81f0-0310-95a4-ce76da25c4cd