In order to correctly render parts of its UI, the new editor needs to be aware of the active theme's post-formats and post-thumbnails support. This data is exposed by querying for the active theme on a new /wp/v2/themes endpoint for sufficiently privileged users.
Merges [43734], [43735] to trunk.
props desrosj.
Fixes#45016.
git-svn-id: https://develop.svn.wordpress.org/trunk@43985 602fd350-edb4-49c9-b593-d223f7449a82
An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Moves [43694] from the 5.0 branch to trunk.
Fixes#43701.
git-svn-id: https://develop.svn.wordpress.org/trunk@43979 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
`rest_url()` inconsistent addes slashes to the passed path depending on whether the site has pretty permalinks enabled. Apart from being inconsistent, this also caused the unit tests to fail when pretty permalinks are enabled.
Props frank-klein.
Fixes#42452. See #41451.
git-svn-id: https://develop.svn.wordpress.org/trunk@42250 602fd350-edb4-49c9-b593-d223f7449a82
In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.
See #38583.
git-svn-id: https://develop.svn.wordpress.org/trunk@42000 602fd350-edb4-49c9-b593-d223f7449a82
Allows REST API consumers to specify the specific fields needed in their application code, whitelisting those fields and omitting all others from the returned JSON response object.
This permits applications that only need for example the ID and title of posts to avoid having to transfer the entire rendered post content over the wire alongside the desired fields.
While this whitelisting has no affect on the queries run when preparing the response, it can yield significant reductions in the bandwidth required to transfer a response payload for simple applications.
Props adamsilverstein, TimothyBlynJacobs, svrooij.
Fixes#38131.
git-svn-id: https://develop.svn.wordpress.org/trunk@41744 602fd350-edb4-49c9-b593-d223f7449a82
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.
See #38583.
Props TimothyBlynJacobs5.
git-svn-id: https://develop.svn.wordpress.org/trunk@41727 602fd350-edb4-49c9-b593-d223f7449a82
This is a consistency improvement and also a bug fix for fairly obscure cases involving modified WP load order.
Fixes#41555.
git-svn-id: https://develop.svn.wordpress.org/trunk@41238 602fd350-edb4-49c9-b593-d223f7449a82
When pretty permalinks are disabled, the web server will internally forward requests to `index.php`. Unfortunately, nginx only forwards HTTP/1.0 methods: `PUT`, `PATCH`, and `DELETE` methods will return a 405 error.
To work around this nginx behaviour, including `index.php` in the REST URL skips the internal redirect.
Fixes#40886.
git-svn-id: https://develop.svn.wordpress.org/trunk@41139 602fd350-edb4-49c9-b593-d223f7449a82
In this situation, a site which uses `http` on the front end but `https` in the admin area is more likely to have a working REST API endpoint URL when used in the admin area.
Props mohanjith, westonruter, jnylen0
Fixes#36451
git-svn-id: https://develop.svn.wordpress.org/trunk@40843 602fd350-edb4-49c9-b593-d223f7449a82
Only set these headers if (1) `WP_DEBUG` is enabled and (2) headers have not already been sent.
Previously, this code could generate warnings by trying to set a header after response data has already been sent. This happens when code attached to the `shutdown` filter calls a deprecated function, for example.
Also, these headers are unlikely to be useful in the majority of cases; let's only send them if `WP_DEBUG` is enabled.
Props kraftbj, jnylen0, ocean90, rmccue.
Fixes#40787.
git-svn-id: https://develop.svn.wordpress.org/trunk@40782 602fd350-edb4-49c9-b593-d223f7449a82
Brings the minimum characters expected for a valid email address to six, which matches the expectations in `wp_handle_comment_submission()` and REST API email arguments.
Props rmccue, lukecavanagh, rachelbaker, desrosj, sudar.
Fixes#38708.
git-svn-id: https://develop.svn.wordpress.org/trunk@40667 602fd350-edb4-49c9-b593-d223f7449a82
Browsers send an "Origin: null" header value for file and data URLs, as they can be generated by any document, and their origin is not guaranteed. Since we want to allow any URL to access the API (intentionally disabling the CORS protections), we need to special-case the non-URL "null" value.
Props joehoyle.
Fixes#40011.
git-svn-id: https://develop.svn.wordpress.org/trunk@40600 602fd350-edb4-49c9-b593-d223f7449a82
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.
It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.
Overall this commit ensures that post and comment dates can be set and updated as expected.
Fixes#39256.
git-svn-id: https://develop.svn.wordpress.org/trunk@40101 602fd350-edb4-49c9-b593-d223f7449a82
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.
See #38792.
git-svn-id: https://develop.svn.wordpress.org/trunk@39954 602fd350-edb4-49c9-b593-d223f7449a82
When hitting the index, untrailingslashit() would make the REST route empty, which would then use the fallback inside WP_REST_Server. This isn't a problem most of the time, but WP_REST_Server contains a fallback to PATH_INFO. Combined with PATH_INFO permalinks, this would give a 404 on the API index, as it attempts to look up a route for "/wp-json/".
Props ccprog.
Fixes#39432.
git-svn-id: https://develop.svn.wordpress.org/trunk@39923 602fd350-edb4-49c9-b593-d223f7449a82
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing.
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.
Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes#38984.
git-svn-id: https://develop.svn.wordpress.org/trunk@39400 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' rewrites do this usually, but the behaviour was inconsistent when using non-pretty permalinks.
Props joehoyle.
Fixes#38873.
git-svn-id: https://develop.svn.wordpress.org/trunk@39329 602fd350-edb4-49c9-b593-d223f7449a82
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.
Props dd32, schlessera, danielbachhuber.
Fixes#38818.
git-svn-id: https://develop.svn.wordpress.org/trunk@39296 602fd350-edb4-49c9-b593-d223f7449a82
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.
Fixes#38531.
Props rachelbaker, tharsheblows.
git-svn-id: https://develop.svn.wordpress.org/trunk@39222 602fd350-edb4-49c9-b593-d223f7449a82
The regular comments API requires 6 characters rather than 3, so we need to match this.
Props mangeshp, dd32.
Fixes#38506.
git-svn-id: https://develop.svn.wordpress.org/trunk@39158 602fd350-edb4-49c9-b593-d223f7449a82
In #38586 the ability to parse arrays as csv was introduced, however it didn't add any support for validating csv arrays. This adds such sanitization, and also a good amount of unit tests for all sanitization baed off schema.
See #38586.
git-svn-id: https://develop.svn.wordpress.org/trunk@39061 602fd350-edb4-49c9-b593-d223f7449a82
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
git-svn-id: https://develop.svn.wordpress.org/trunk@39046 602fd350-edb4-49c9-b593-d223f7449a82
Editable resources in the REST API accept the `PATCH` method, but the CORS headers don't mention it.
Props jnylen0.
Fixes#38546.
git-svn-id: https://develop.svn.wordpress.org/trunk@39042 602fd350-edb4-49c9-b593-d223f7449a82
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.
Love your REST API, WordPress! The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"
Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes#38373.
git-svn-id: https://develop.svn.wordpress.org/trunk@38832 602fd350-edb4-49c9-b593-d223f7449a82
Support the index-style permalinks (http://example.com/index.php/postName) when registering the REST API rewrite rules and within the `get_rest_url()` function. This allows sites that do not have mod_rewrite support to have almost pretty urls and have access to their REST API endpoints.
Props kraftbj.
Fixes#38182.
git-svn-id: https://develop.svn.wordpress.org/trunk@38790 602fd350-edb4-49c9-b593-d223f7449a82
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.
Fixes#36921.
git-svn-id: https://develop.svn.wordpress.org/trunk@37544 602fd350-edb4-49c9-b593-d223f7449a82
An OPTIONS request was incorrectly returning an "Accept" header which
was a typo of "Allow". This meant Accept was showing "GET, POST" for example,
however it was also not running the permission checks on the endpoints.
Instead, the correct route needs to be set on the request object, which means
the normal handling for the Allow header will kick in. This technically
breaks backwards compatibility, however given the value of Accept was also wrong
then this should not be an issue.
Fixes#35975.
git-svn-id: https://develop.svn.wordpress.org/trunk@36829 602fd350-edb4-49c9-b593-d223f7449a82
This allows using rest_do_request() outside of the API itself easily.
Props danielbachhuber, swissspidy.
git-svn-id: https://develop.svn.wordpress.org/trunk@36529 602fd350-edb4-49c9-b593-d223f7449a82
`rest_handle_deprecated_function`: you get better parameter descriptions.
`rest_handle_deprecated_argument`: you get a corrected parameter name ($replacement->$message), appropriate i18n translation hints, and better parameter descriptions.
Props ocean90.
Fixes#34908
git-svn-id: https://develop.svn.wordpress.org/trunk@35845 602fd350-edb4-49c9-b593-d223f7449a82
Adds i18n to the `doing_it_wrong()` messages for invalid parameters within `register_rest_route()`.
Props Latz,danielbachhuber.
Fixes#34902
git-svn-id: https://develop.svn.wordpress.org/trunk@35822 602fd350-edb4-49c9-b593-d223f7449a82
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes#33982.
git-svn-id: https://develop.svn.wordpress.org/trunk@34928 602fd350-edb4-49c9-b593-d223f7449a82
