Commit Graph

197 Commits

Author SHA1 Message Date
Sergey Biryukov 9dac8e173f REST API: Shim `post_date_gmt` for drafts / empty dates in the REST API.
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.

This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.

Props joehoyle, jnylen0.
Merges [40108] to the 4.7 branch.
Fixes #38883.
Built from https://develop.svn.wordpress.org/branches/4.7@40115


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 22:03:34 +00:00
Sergey Biryukov 68740ca5a1 REST API: Fix multiple issues with setting dates of posts and comments.
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.

It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.

Overall this commit ensures that post and comment dates can be set and updated as expected.

Props jnylen0.
Merges [40101] to the 4.7 branch.
Fixes #39256.
Built from https://develop.svn.wordpress.org/branches/4.7@40114


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 21:59:35 +00:00
Sergey Biryukov f980f4ca90 REST API: Correctly parse body parameters for DELETE requests.
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters. Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes application/x-www-form-urlencoded parameters as well.

Props mnelson4.
Merges [40105] to the 4.7 branch.
Fixes #39933.
Built from https://develop.svn.wordpress.org/branches/4.7@40113


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 20:56:34 +00:00
Sergey Biryukov 3ded99cef7 REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.

This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.

Props jnylen0, jeremyfelt, johnjamesjacoby.
Merges [40106] to the 4.7 branch.
Fixes #39701.
Built from https://develop.svn.wordpress.org/branches/4.7@40111


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-24 20:46:35 +00:00
Rachel Baker 2dda813ae2 REST API: Include the `status` property in `view` context responses from the Posts endpoints.
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.

Props dhanendran, jnylen0, rachelbaker.
Merges [40080] to the 4.7 branch.
Fixes #39466.

Built from https://develop.svn.wordpress.org/branches/4.7@40081


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-19 04:36:32 +00:00
Rachel Baker a51de29064 REST API: Cast revision author ID to int.
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API. This was already done for posts, but not for revisions. The field is already declared as an integer in both controllers.

Props jnylen0.
Merges [40063] to the 4.7 branch.
Fixes #39871.

Built from https://develop.svn.wordpress.org/branches/4.7@40078


git-svn-id: http://core.svn.wordpress.org/branches/4.7@40015 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-19 03:19:37 +00:00
Dominik Schilling 599e703836 REST API: Unify object access handling for simplicity.
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.

Merge of [39954] to the 4.7 branch.

See #38792.
Built from https://develop.svn.wordpress.org/branches/4.7@39957


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39894 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:47:34 +00:00
Aaron Campbell 39b785c7f9 REST API: Change which users are shown in the users endpoint.
Only show users that have authored a post of a post type that has `show_in_rest` set to true.

Props rachelbaker, jnylen0.
Merges [39843] to 4.7 branch.

Built from https://develop.svn.wordpress.org/branches/4.7@39844


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 14:49:33 +00:00
Rachel Baker bd0a38d439 REST API: Allow schema sanitization_callback to be set to null to bypass fallback sanitization functions.
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.

Merges [39563] to the 4.7  branch.

Props kkoppenhaver, rachelbaker, jnylen0.
Fixes #39042.

Built from https://develop.svn.wordpress.org/branches/4.7@39642


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 17:49:36 +00:00
Gary Pendergast 6e8114742f REST API: Improve the `rest_*_collection_params` filter docs and fix the terms filter.
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using single quotes instead of double quotes, which means it is not working correctly as a dynamic filter. This fixes the quotes around the filter name, and also updates the docblocks for the other 3 similar filters for better conformance to the documentation standards.

Merge of [39621] to the 4.7 branch.

Props shazahm1hotmailcom, JPry, jnylen0.
Fixes #39300.


Built from https://develop.svn.wordpress.org/branches/4.7@39631


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 05:34:34 +00:00
Gary Pendergast cf9b1dbc1f REST API: Fix PHP warnings when `get_theme_support( 'post-formats' )` is not an array.
If `add_theme_support( 'post-formats' )` is called with no additional arguments, then `get_theme_support( 'post-formats' )` returns `true` rather than an array of supported formats. Avoid generating PHP warnings in this situation.

Merge of [39620] to the 4.7 branch.

Props dreamon11, ChopinBach.
Fixes #39293.


Built from https://develop.svn.wordpress.org/branches/4.7@39630


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 05:30:34 +00:00
Gary Pendergast bba21b983c REST API: Add support for filename search in media endpoint.
In [38625], the functionality to search for attachments by filename was added via the `posts_clauses` filter and the `_filter_query_attachment_filenames()` function. This moves `_filter_query_attachment_filenames()` from `wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be applied in the same manner in the REST API media endpoint.

Merge of [39598] to the 4.7 branch.

Props jblz, tyxla.
Fixes #39092.


Built from https://develop.svn.wordpress.org/branches/4.7@39629


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 05:19:34 +00:00
Gary Pendergast e6ce714219 REST API: Allow sending an empty or no-op comment update.
In general, updates that don't actually change anything should succeed. [39371] added tests for other object types, and this commit fixes empty updates for comments and adds the missing test.

Merges [39597] to the 4.7 branch.

Props jnylen0.
Fixes #38700.


Built from https://develop.svn.wordpress.org/branches/4.7@39628


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-21 05:13:36 +00:00
Dion Hulse 380cc5d7d6 REST API: Do not include the `password` argument when getting media items
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.

Props jnylen0.
Merges [39595] to the 4.7 branch.
Fixes #38977.

Built from https://develop.svn.wordpress.org/branches/4.7@39610


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-16 05:46:35 +00:00
Dion Hulse 0b813f2544 REST API: Do not error on empty JSON body
It's fairly common for clients to send `Content-Type: application/json` with an
empty body.  While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry, jnylen0.
Merges [39594] to the 4.7 branch.
Fixes #39150.

Built from https://develop.svn.wordpress.org/branches/4.7@39609


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-16 05:43:33 +00:00
Dion Hulse 6738759b0c REST API: Treat any falsy value as `false` in 'rest_allow_anonymous_comments'.
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value (previously this was an explicit check for `false`).

One possible failure case is that a plugin developer forgets to include a return value for some code path in their callback for this filter, leading to a value of null which is currently treated like `true`.

Props joehoyle, jnylen0.
Merges [39487] to the 4.7 branch.
Fixes #39010.

Built from https://develop.svn.wordpress.org/branches/4.7@39566


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 01:40:32 +00:00
Dominik Schilling e58ec083da Comments: Merge a similar string between comments.php, XML-RPC and the REST API comments controller.
Merge of [39508] to the 4.7 branch.

Props ramiy.
See #39013.
Built from https://develop.svn.wordpress.org/branches/4.7@39509


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-05 20:18:33 +00:00
Rachel Baker a1005ad7f9 REST API: Merge similar date strings in the revisions and comments controllers.
Merges [39488] to the 4.7 branch.

Props ramiy.
Fixes #39016 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39489


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 20:27:35 +00:00
Gary Pendergast ea244bef6e REST API: Capability check for editing a single term should use the singular form.
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Merge of [39464] to the 4.7 branch.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.


Built from https://develop.svn.wordpress.org/branches/4.7@39465


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 05:09:32 +00:00
Gary Pendergast 250f92a59e REST API: Use the correct error message when editing a single term.
Merges [39460] to the 4.7 branch.

Props ramiy, johnbillion.
Fixes #39017.


Built from https://develop.svn.wordpress.org/branches/4.7@39461


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:44:33 +00:00
Gary Pendergast 7847fee343 REST API: Merge similar strings in a comments endpoint parameter description.
Merge of [39457] to the 4.7 branch.

Props ramiy.
Fixes #39036.


Built from https://develop.svn.wordpress.org/branches/4.7@39458


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 04:24:34 +00:00
Rachel Baker afa325993e REST API: Fix bug where comment author and author email could be an empty string when creating a comment.
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted.  Both values can be an empty string on update.

Merges [39444] into the 4.7 branch.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39446


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:46:31 +00:00
Rachel Baker 3adc537233 REST API: Fix handling of some orderby parameters for the Posts controller.
- 'orderby' => 'include' requires an array of post_ids via the include collection param.
- 'orderby' => 'id' and 'orderby' => 'slug' need map the correct WP_Query equivalents. 

Merges [39440] to the 4.7 branch.

Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.
Fixes #38971 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39441


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:21:33 +00:00
Jeremy Felt 4726c85ee5 REST API: Disable `DELETE` requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a PUT request that removes a user's site and content associations is available, DELETE requests are disabled to avoid possible issues with lost content.

Merges [34938] onto 4.7 branch.

Props jnylen0, rachelbaker.
Fixes #38962 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39439


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39379 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:16:33 +00:00
Rachel Baker 19ba92e401 REST API: Return a `WP_Error` if `meta` property is not an array.
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.

Merges [39436] onto 4.7 branch.

Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes #38989 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39437


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:05:35 +00:00
Gary Pendergast 43eb2619e9 REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Merges [39426] to the 4.7 branch.

Props jeremyfelt.
Fixes #39000.


Built from https://develop.svn.wordpress.org/branches/4.7@39427


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39367 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 06:59:34 +00:00
Rachel Baker 1d9a15ad4a REST API: Fix incorrect capability check on term create.
Change the capability check used in `WP_REST_Terms_Controller` when creating a new term is attempted, from `manage_terms` to `edit_terms`. This matches the behavior within the WordPress admin. See #35614.

Props johnbillion, rmccue, rachelbaker, helen, jorbin, SergeyBiryukov.

Merges [39402] to the 4.7 branch.
Fixes #38958 for 4.7.

Built from https://develop.svn.wordpress.org/branches/4.7@39403


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:46:43 +00:00
Rachel Baker cb6bdc2d4c REST API: Fix incorrect uses of `rest_sanitize_value_from_schema()`.
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.

Merges [39400] to the 4.7 branch.
Fixes #38984 for 4.7.
Built from https://develop.svn.wordpress.org/branches/4.7@39401


git-svn-id: http://core.svn.wordpress.org/branches/4.7@39341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:19:32 +00:00
Joe Hoyle c662bb84dc REST API: Special case the “standard” post format to always be allowed.
Fixes #38916.
Built from https://develop.svn.wordpress.org/trunk@39353


git-svn-id: http://core.svn.wordpress.org/trunk@39293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-24 00:08:31 +00:00
Joe Hoyle 0a787caec6 REST API: Allow unsetting a post’s password.
Props danielbachhuber, iseulde.
Fixes #38919.
Built from https://develop.svn.wordpress.org/trunk@39352


git-svn-id: http://core.svn.wordpress.org/trunk@39292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 23:13:32 +00:00
Joe Hoyle 6f189ddbc8 REST API: Add support for comments of password-protected posts.
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.

Props flixos90, jnylen0.
Fixes #38692.
Built from https://develop.svn.wordpress.org/trunk@39349


git-svn-id: http://core.svn.wordpress.org/trunk@39289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 16:15:31 +00:00
Rachel Baker a985a4d126 REST API: Always fire the `rest_insert_*` actions after the related object is updated or inserted.
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call. 
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs

Props rachelbaker, joehoyle
Fixes #38905.
Built from https://develop.svn.wordpress.org/trunk@39348


git-svn-id: http://core.svn.wordpress.org/trunk@39288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 15:33:31 +00:00
Joe Hoyle 14654d9539 REST API: Allow unsetting of page templates in update requests.
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.

Props lucasstark, swissspidy.
Fixes #38877.
Built from https://develop.svn.wordpress.org/trunk@39343


git-svn-id: http://core.svn.wordpress.org/trunk@39283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:47:30 +00:00
Joe Hoyle d711f2c18d REST API: Update “resource” strings to use the appropriate nouns.
Props ramiy.
Fixes #38811.
Built from https://develop.svn.wordpress.org/trunk@39342


git-svn-id: http://core.svn.wordpress.org/trunk@39282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:42:30 +00:00
Rachel Baker d87fe366a9 REST API: Set the comment `type` to a readonly property in the schema.
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.

Props jnylen0, rachelbaker.
Fixes #38886.
Built from https://develop.svn.wordpress.org/trunk@39337


git-svn-id: http://core.svn.wordpress.org/trunk@39277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 22:56:30 +00:00
Ryan McCue ca9f71e9b2 REST API: Correctly map meta keys to field names.
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.

Props tharsheblows, joehoyle.
Fixes #38786.

Built from https://develop.svn.wordpress.org/trunk@39328


git-svn-id: http://core.svn.wordpress.org/trunk@39268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 05:41:30 +00:00
Ryan McCue 4e05ff6a11 REST API: Disable anonymous commenting by default.
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.

Props helen, rachelbaker, joehoyle.
Fixes #38855.

Built from https://develop.svn.wordpress.org/trunk@39327


git-svn-id: http://core.svn.wordpress.org/trunk@39267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-21 05:32:33 +00:00
Joe Hoyle 5b97952cab REST API: Merge two error messages for edit / update.
Props ramiy.
Fixes #38879.
Built from https://develop.svn.wordpress.org/trunk@39322


git-svn-id: http://core.svn.wordpress.org/trunk@39262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-20 22:36:31 +00:00
Sergey Biryukov 9b23ccfc29 REST API: Update error messages in `WP_REST_Comments_Controller` to use the common text for permission errors.
Props ramiy.
Fixes #38875.
Built from https://develop.svn.wordpress.org/trunk@39321


git-svn-id: http://core.svn.wordpress.org/trunk@39261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-20 11:46:34 +00:00
Sergey Biryukov 4811484433 REST API: Merge some more permission error strings missed in [39309].
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39313


git-svn-id: http://core.svn.wordpress.org/trunk@39253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:21:31 +00:00
Sergey Biryukov dca7d8d0ea Text Changes: Merge strings referring to `list_users` capability.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39312


git-svn-id: http://core.svn.wordpress.org/trunk@39252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:16:30 +00:00
Sergey Biryukov a1f285641f REST API: After [39306], move `author_ip` argument to the correct place.
See #38822.
Built from https://develop.svn.wordpress.org/trunk@39310


git-svn-id: http://core.svn.wordpress.org/trunk@39250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:51:30 +00:00
Sergey Biryukov 5ded4db04c REST API: Merge and clarify some permission error strings.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39309


git-svn-id: http://core.svn.wordpress.org/trunk@39249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:46:32 +00:00
Sergey Biryukov 4afa19184a REST API: After [39302], clarify `author_ip` parameter in error message.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ramiy.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39306


git-svn-id: http://core.svn.wordpress.org/trunk@39246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:06:30 +00:00
Sergey Biryukov 0f31b1da72 REST API: Merge two similar permission error strings in `class-wp-rest-comments-controller.php`.
We're checking if `current_user_can( 'moderate_comments' )` here, not the specific comment permissions.

See #38857.
Built from https://develop.svn.wordpress.org/trunk@39305


git-svn-id: http://core.svn.wordpress.org/trunk@39245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 00:10:31 +00:00
Sergey Biryukov 9cb0a09d1f REST API: Merge two similar permission error strings.
Props ramiy.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39304


git-svn-id: http://core.svn.wordpress.org/trunk@39244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 23:53:30 +00:00
Rachel Baker 0fdb955ce8 REST API: On Comment create, limit the ability to set the `author_ip` value directly.
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.

Props dd32, rachelbaker, joehoyle.
Fixes #38819.
Built from https://develop.svn.wordpress.org/trunk@39302


git-svn-id: http://core.svn.wordpress.org/trunk@39242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 21:13:32 +00:00
Joe Hoyle 0c14c16ced REST API: Clarify parameters when used in error strings.
Properties of objects should not be translated, and therefore are pulled out of the translation strings.

Props ocean90, ramiy, danielbachhuber.
Fixes #38822.
Built from https://develop.svn.wordpress.org/trunk@39298


git-svn-id: http://core.svn.wordpress.org/trunk@39238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 20:20:32 +00:00
Joe Hoyle a38b863ae4 REST API: Change “ipv4” types to “ip” to support ipv6.
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.

Props dd32, schlessera, danielbachhuber.
Fixes #38818.
Built from https://develop.svn.wordpress.org/trunk@39296


git-svn-id: http://core.svn.wordpress.org/trunk@39236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:33:31 +00:00
Joe Hoyle 81c5b03029 REST API: Check read permissions on posts when viewing comments.
With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.
Built from https://develop.svn.wordpress.org/trunk@39295


git-svn-id: http://core.svn.wordpress.org/trunk@39235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 19:07:30 +00:00