Commit Graph

42 Commits

Author SHA1 Message Date
Rachel Baker 25bfff959f REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch().
Use the rest_authorization_required_code() function to return a 401 status code when a permission callback fails due to a user not being logged in.

Merges [42421] to the 4.9 branch.

Props jaswrks.
Fixes #42828.

Built from https://develop.svn.wordpress.org/branches/4.9@42422


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-12-30 20:49:40 +00:00
James Nylen 0ef4d4289f REST API: Exclude numeric parameters from regex parsing
The list of endpoint parameters should only include explicitly named and requested parameters.

Props flixos90, rmccue, jnylen0.
Fixes #40704.

Built from https://develop.svn.wordpress.org/trunk@41223


git-svn-id: http://core.svn.wordpress.org/trunk@41063 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-03 19:55:43 +00:00
Drew Jaynes 0860bb2771 Docs: Remove `@access` notations from method DocBlocks in wp-includes/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41162


git-svn-id: http://core.svn.wordpress.org/trunk@41002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:41:44 +00:00
James Nylen 8f6088ba6e REST API: Add a filter to allow modifying the response *after* embedded data is added.
Fixes #38964.

Built from https://develop.svn.wordpress.org/trunk@40961


git-svn-id: http://core.svn.wordpress.org/trunk@40811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-29 13:17:43 +00:00
James Nylen df5b8dcc82 REST API: Avoid sending blank `Last-Modified` headers with authenticated requests.
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests).  This matches the behavior of the `nocache_headers` function used in other parts of WordPress.

Previously, the REST API would send an empty `Last-Modified` header in this situation.  Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.

Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes #40444.

Built from https://develop.svn.wordpress.org/trunk@40805


git-svn-id: http://core.svn.wordpress.org/trunk@40663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-19 20:27:44 +00:00
James Nylen 27aa0664df REST API: Add `gmt_offset` and `timezone_string` to the base `/wp-json` response.
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates.  It has not been previously available.

Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight savings time) via the "site info" endpoint (the base `/wp-json` response).

Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.

Props sagarkbhatt.
Fixes #39854.

Built from https://develop.svn.wordpress.org/trunk@40238


git-svn-id: http://core.svn.wordpress.org/trunk@40168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-03-07 05:48:41 +00:00
Sergey Biryukov e0e9568e24 REST API: After [38947], improve the wording of the message to clarify that `rest_authentication_errors` is a filter.
See #38446.
Built from https://develop.svn.wordpress.org/trunk@40038


git-svn-id: http://core.svn.wordpress.org/trunk@39975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-01 21:32:47 +00:00
Sergey Biryukov acc30b09d7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.
Built from https://develop.svn.wordpress.org/trunk@39278


git-svn-id: http://core.svn.wordpress.org/trunk@39218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-17 15:53:33 +00:00
Joe Hoyle 901c4ed17a REST API: Support querying for multiple post statuses.
Multiple post statuses can be specified by the usual CSV or array-propper format.

Props jnylen0, kadamwhite, websupporter.
Fixes #38420.

Built from https://develop.svn.wordpress.org/trunk@39104


git-svn-id: http://core.svn.wordpress.org/trunk@39046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 01:46:29 +00:00
Drew Jaynes 5f4497f0af Docs: Fix multiple trivial typos throughout a variety of core files.
Props ottok.
Fixes #38489.

Built from https://develop.svn.wordpress.org/trunk@39051


git-svn-id: http://core.svn.wordpress.org/trunk@38993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 06:28:32 +00:00
Gary Pendergast dbc4b87b7f REST API: Allow Content-Type on CORS requests.
This allows `POST` requests with a wider variety of `Content-Type' headers - `Content-Type: application/json`, for example.

Props jnylen0.
Fixes #37994.


Built from https://develop.svn.wordpress.org/trunk@39044


git-svn-id: http://core.svn.wordpress.org/trunk@38986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 00:34:33 +00:00
Drew Jaynes 2452f69485 REST: Fix some errant `else if` conditions and add a few missing periods on inline comments.
Props mrahmadawais.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39029


git-svn-id: http://core.svn.wordpress.org/trunk@38971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 17:54:30 +00:00
Gary Pendergast 6b4357e14b REST API: Deprecate the `rest_enabled` filter.
As the REST API becomes more integral to WordPress Core, turning it off will cause a... suboptimal experience. If we don't want it to be turned off, the off switch needs to be removed.

Props jorbin, pento.
Fixes #38446.


Built from https://develop.svn.wordpress.org/trunk@38947


git-svn-id: http://core.svn.wordpress.org/trunk@38890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 06:28:30 +00:00
Dominik Schilling ae2ff33c91 Docs: Improve formatting of filter docs added in [38689].
Fixes #35590.
Built from https://develop.svn.wordpress.org/trunk@38749


git-svn-id: http://core.svn.wordpress.org/trunk@38692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-07 19:24:28 +00:00
Joe Hoyle d72da116be REST API: Add filters to allow creating REST API middleware plugins.
Introduce two new filters: `rest_request_before_callbacks` and `rest_request_after_callbacks` to
assist REST API middleware plugins to perform pre-callback and cleanup hooks such as `switch_to_blog()`
or caching implementations.

Props jnylen0.
Fixes #35590.

Built from https://develop.svn.wordpress.org/trunk@38689


git-svn-id: http://core.svn.wordpress.org/trunk@38632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 20:12:28 +00:00
Joe Hoyle 794dd5d8cb REST API: Enable sanitize_callback to return WP_Error.
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Built from https://develop.svn.wordpress.org/trunk@38601


git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-14 15:50:29 +00:00
Dominik Schilling 97bf32c66a Text Changes: Unify/merge two more permission error messages.
Props ramiy.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@38037


git-svn-id: http://core.svn.wordpress.org/trunk@37978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-12 11:45:29 +00:00
Rachel Baker e5fcbb3514 REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.
Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.

Props schlessera, rachelbaker.
See #37247.
Fixes #37192.



Built from https://develop.svn.wordpress.org/trunk@37943


git-svn-id: http://core.svn.wordpress.org/trunk@37884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-02 23:03:27 +00:00
Rachel Baker a475d0a161 REST API: Include auto-discovery Link header when serving API requests.
The Link header allows clients to verify if a site has made the REST API available, as well as indicating how to access it.

Props danielbachhuber.
Fixes #35580.



Built from https://develop.svn.wordpress.org/trunk@37903


git-svn-id: http://core.svn.wordpress.org/trunk@37844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 01:57:55 +00:00
Rachel Baker 228c60a222 REST API: Include X-Robots-Tag: noindex header in REST API responses to prevent endpoints from being indexed by search engines.
Prevent duplicate content issues with search engines and REST API endpoint response data.

Fixes #36390.
Props m_uysl for the initial patch.
Built from https://develop.svn.wordpress.org/trunk@37726


git-svn-id: http://core.svn.wordpress.org/trunk@37692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-16 14:59:28 +00:00
Peter Wilson 47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Rachel Baker 99cca27041 REST API: Create the general `wp_check_jsonp_callback()` function for validating JSONP callback functions.
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.

Props rmccue.
Fixes #28523.
Built from https://develop.svn.wordpress.org/trunk@37646


git-svn-id: http://core.svn.wordpress.org/trunk@37612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-06 21:34:28 +00:00
Drew Jaynes f03eef071e Docs: Standardize hook docs in wp-includes/rest-api/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37490


git-svn-id: http://core.svn.wordpress.org/trunk@37458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:08:29 +00:00
Mark Jaquith 31152de134 REST API: Deliver parameters unadulterated instead of slashed.
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.

Props joehoyle.
Fixes #36419.
Built from https://develop.svn.wordpress.org/trunk@37163


git-svn-id: http://core.svn.wordpress.org/trunk@37130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-06 21:02:28 +00:00
Joe Hoyle a07988c1c5 REST API: Provide better method for generating CURIEs
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.

This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.

Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.

Fixes #34729.


Built from https://develop.svn.wordpress.org/trunk@37041


git-svn-id: http://core.svn.wordpress.org/trunk@37008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-22 00:16:27 +00:00
Rachel Baker 6edbcc88ff REST API: Add `home_url` to API index to avoid confusion with `site_url`.
Confusion abound, the API index is the generic term `url` to display the `site_url`. New `home` key will display the `home_url` in the index as well.

Fixes #35647.
Built from https://develop.svn.wordpress.org/trunk@37031


git-svn-id: http://core.svn.wordpress.org/trunk@36998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-17 19:16:29 +00:00
Rachel Baker 76d14c1d24 REST API: Remove unused variable `$api_root` from WP_Rest_Server->embed_links() method.
After [r36674] the variable `$api_root` is no longer used in this method and should be removed.

See #35803.
Built from https://develop.svn.wordpress.org/trunk@37021


git-svn-id: http://core.svn.wordpress.org/trunk@36988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-03-16 21:41:28 +00:00
Ryan McCue 937b0c3241 REST API: Use WP_REST_Request::from_url() when embedding.
See #35803.

Built from https://develop.svn.wordpress.org/trunk@36674


git-svn-id: http://core.svn.wordpress.org/trunk@36641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 04:20:25 +00:00
Drew Jaynes e020ccd081 Docs: Add formatting to a changelog entry in the hook doc for the `rest_dispatch_request` filter.
See [36534]. See #32246.

Built from https://develop.svn.wordpress.org/trunk@36576


git-svn-id: http://core.svn.wordpress.org/trunk@36543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-18 18:18:25 +00:00
Ryan McCue 3e65236aa7 REST API: Apply rest_post_dispatch to embedded responses.
Fixes #35628.
Props @danielbachhuber.

Built from https://develop.svn.wordpress.org/trunk@36536


git-svn-id: http://core.svn.wordpress.org/trunk@36503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 06:06:27 +00:00
Ryan McCue 03ba67a0b7 REST API: Allow explicit HEAD callbacks.
HEAD callbacks can now be registered independently, with the GET
callback still used as a fallback.

Fixes #34841.

Built from https://develop.svn.wordpress.org/trunk@36535


git-svn-id: http://core.svn.wordpress.org/trunk@36502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 05:51:26 +00:00
Ryan McCue 0438795671 REST API: Add routing args to rest_dispatch_request filter.
This allows requests to be hijacked via the filter more easily.

Fixes #35507.

Built from https://develop.svn.wordpress.org/trunk@36534


git-svn-id: http://core.svn.wordpress.org/trunk@36501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 04:40:26 +00:00
Ryan McCue 47bee5157b REST API: Add support for CURIEs.
CURIEs are Compact URIs, which provide a more usable way to use
custom relations in the API. The `wp` CURIE is registered by default
for `https://api.w.org/` URI relations.

Fixes #34729.
Props joehoyle.

Built from https://develop.svn.wordpress.org/trunk@36533


git-svn-id: http://core.svn.wordpress.org/trunk@36500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-16 02:19:27 +00:00
Scott Taylor 4ae83ec7ec REST API: Core typically sends nocache headers on all auth'ed responses, as in `wp`, `admin-ajax`, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.
Adds unit tests.

Props joehoyle.
Fixes #34832.

Built from https://develop.svn.wordpress.org/trunk@35773


git-svn-id: http://core.svn.wordpress.org/trunk@35737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-04 23:36:25 +00:00
Mark Jaquith 6cc98e6fcd Route HEAD API requests through the GET callback method
fixes #34837
props danielbachhuber
Built from https://develop.svn.wordpress.org/trunk@35758


git-svn-id: http://core.svn.wordpress.org/trunk@35722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-03 16:34:25 +00:00
Ryan McCue 7ce9772866 REST API: Mark WP_REST_Server::get_raw_data as static.
This is just a utility function for getting the request body, not
tied to the server class.

Fixes #34768.

Built from https://develop.svn.wordpress.org/trunk@35741


git-svn-id: http://core.svn.wordpress.org/trunk@35705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-25 22:22:25 +00:00
Ryan McCue 0801acbdd8 REST API: Remove redundant "0" parameter.
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()

Props danielbachhuber.
Fixes #34647.

Built from https://develop.svn.wordpress.org/trunk@35659


git-svn-id: http://core.svn.wordpress.org/trunk@35623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 07:24:28 +00:00
Ryan McCue 81ffd2492c REST API: Optimise for singular error instances.
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.

Fixes #34551.

Built from https://develop.svn.wordpress.org/trunk@35653


git-svn-id: http://core.svn.wordpress.org/trunk@35617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 04:12:26 +00:00
Ryan McCue 9524ebb38e REST API: Include enum and description in help data.
Props lcherpit.
Fixes #34543.

Built from https://develop.svn.wordpress.org/trunk@35652


git-svn-id: http://core.svn.wordpress.org/trunk@35616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-17 02:49:28 +00:00
Scott Taylor 16637eeee4 REST API: in `WP_REST_Server::dispatch()`, move `preg_match()` out of it's current loop, which doesn't affect the context passed to it.
Props TobiasBg.
Fixes #34488.

Built from https://develop.svn.wordpress.org/trunk@35514


git-svn-id: http://core.svn.wordpress.org/trunk@35478 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-04 21:23:25 +00:00
Scott Taylor 31e0b06125 REST API: don't load `wp-admin/includes/admin.php` on every request.
Props swissspidy.
Fixes #34395.

Built from https://develop.svn.wordpress.org/trunk@35353


git-svn-id: http://core.svn.wordpress.org/trunk@35319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 16:29:28 +00:00
Ryan McCue 94e2352956 REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.

Thanks to everyone who helped along the way:

Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.

Fixes #33982.

Built from https://develop.svn.wordpress.org/trunk@34928


git-svn-id: http://core.svn.wordpress.org/trunk@34893 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 02:31:25 +00:00