Keep bumping the date for the auto-draft to preserve it from garbage-collection via `wp_delete_auto_drafts()` after 7 days.
See #30937.
Fixes#39713.
git-svn-id: https://develop.svn.wordpress.org/trunk@40041 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds tests for `orderby=relevance` combined with a search term in the REST API.
It also improves tests for the `orderby` parameter in `WP_REST_Posts_Controller` by looking at the generated SQL query instead of creating a bunch of carefully arranged test objects. This should be much more robust, and we can use this approach in other places (such as #39055).
Fixes#39079.
git-svn-id: https://develop.svn.wordpress.org/trunk@40037 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bad conditions in `WP_Customize_Setting::get_root_value()` and `WP_Customize_Setting::set_root_value()`.
Props dlh.
Amends [35007].
See #32103.
Fixes#36952.
git-svn-id: https://develop.svn.wordpress.org/trunk@40036 602fd350-edb4-49c9-b593-d223f7449a82
Partial revert of [38929].
This reverts the source code from the commit for #30210 to prevent valid but empty feeds from returning 404 file not found errors for the home and custom feeds.
The tests in the commit that remain applicable are retained.
Props pavelevap for reporting, stevenkword for initial patch.
See #30210.
Fixes#39157.
git-svn-id: https://develop.svn.wordpress.org/trunk@40030 602fd350-edb4-49c9-b593-d223f7449a82
This changeset reverts [38381], which caused inconsistencies in the way the
REST API fetches posts and other objects.
See #38792, #37738.
git-svn-id: https://develop.svn.wordpress.org/trunk@39992 602fd350-edb4-49c9-b593-d223f7449a82
Previously we were assuming pagination headers would be sent when the request for posts is out of bounds. Instead presume it will return an error.
See #39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39991 602fd350-edb4-49c9-b593-d223f7449a82
Return an error from the REST API if a page number larger than the total pages count is requested.
Props morganestes.
Fixes#39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39967 602fd350-edb4-49c9-b593-d223f7449a82
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.
See #38792.
git-svn-id: https://develop.svn.wordpress.org/trunk@39954 602fd350-edb4-49c9-b593-d223f7449a82
Previously the menu items would all be displayed solely based on the `manage_network` capability. This change provides parity with the network admin menu.
Unit tests for the network admin menu functionality of `wp_admin_bar_my_sites_menu()` have been added.
Props chandrapatel.
Fixes#39082.
git-svn-id: https://develop.svn.wordpress.org/trunk@39948 602fd350-edb4-49c9-b593-d223f7449a82
Fire a `menu-item-added` event after a menu item is added to the DOM. Fire a `menu-removing-item` event before a menu item is removed from the DOM. Enables hooking into and responding to menu changes.
Props welcher, adamsilverstein.
Fixes#31218.
git-svn-id: https://develop.svn.wordpress.org/trunk@39928 602fd350-edb4-49c9-b593-d223f7449a82
Changes `WP_Customize_Nav_Menus::insert_auto_draft_post()` so it can be invoked for a `post_type` that is not registered (yet).
See #38615, #38114.
Fixes#39610.
git-svn-id: https://develop.svn.wordpress.org/trunk@39924 602fd350-edb4-49c9-b593-d223f7449a82
rest_pre_insert_{post_type} allows returning a WP_Error from the filter to shortcircuit actually creating the object, so it makes sense to do so for comments too.
Props dspilka.
Fixes#39578.
git-svn-id: https://develop.svn.wordpress.org/trunk@39922 602fd350-edb4-49c9-b593-d223f7449a82
If index lengths change in table definitions, we don't recreate the index - instead, we throw a database error, as `dbDelta()` tries to create a new index with the same name.
It's better to leave the index as is, MySQL doesn't have an efficient process for resizing indices, and dropping/creating is a slow process which we don't want to trigger automatically.
Fixes#34870.
git-svn-id: https://develop.svn.wordpress.org/trunk@39921 602fd350-edb4-49c9-b593-d223f7449a82
The `$user_total` member of `WP_User_Query`, and corresponding `get_total()` method, have always been documented as returning an `int`. `$user_total`, however, is populated by `$wpdb->get_var()`, which returns
a string (containing an integer value). Casting the return value from `get_var()` as an `int` rectifies this discrepency.
Props runciters.
Fixes#39297.
git-svn-id: https://develop.svn.wordpress.org/trunk@39915 602fd350-edb4-49c9-b593-d223f7449a82
Add test coverage for requests of a single user resource for authors of post types registered as:
- public = true, show_in_rest = true: success without auth.
- public = true, show_in_rest = false: fail without auth.
- public = false, show_in_rest = true: success without auth.
- public = false, show_in_rest = false: fail without auth.
See #38878.
Fixes#39546.
git-svn-id: https://develop.svn.wordpress.org/trunk@39913 602fd350-edb4-49c9-b593-d223f7449a82
This also updates the test filename in
`WP_Test_REST_Attachments_Controller::test_create_item_default_filename_title()`
to accurately match the actual file name.
git-svn-id: https://develop.svn.wordpress.org/trunk@39848 602fd350-edb4-49c9-b593-d223f7449a82
Only show users that have authored a post of a post type that has `show_in_rest` set to true.
Props rachelbaker, jnylen0.
See #38878.
git-svn-id: https://develop.svn.wordpress.org/trunk@39843 602fd350-edb4-49c9-b593-d223f7449a82
[38740] incorrectly introduced logic that changed a comment's page when
'comment_order' was set to 'desc'. This is in violation of the design
of the comment pagination system: a comment's page is designed not to
change when 'comment_order' or 'default_comment_page' are changed.
See #31101.
Props rachelbaker.
Fixes#39280.
git-svn-id: https://develop.svn.wordpress.org/trunk@39663 602fd350-edb4-49c9-b593-d223f7449a82
`terms` values are passed through `sanitize_term_field()` with the 'db'
flag, which add slashes. Because `terms` are subsequently run through
`esc_sql()`, these slashes must be removed. See [36348], which added
a similar step to sanitization in `get_terms()`.
Props bcworkz.
Fixes#39315.
git-svn-id: https://develop.svn.wordpress.org/trunk@39662 602fd350-edb4-49c9-b593-d223f7449a82
Adds tests for responses where `context != 'edit'` the following properties are not included in the response data:
- `email`
- `locale`
- `registered_date`
Props thepelkus, jnylen0.
Fixes#39399.
git-svn-id: https://develop.svn.wordpress.org/trunk@39660 602fd350-edb4-49c9-b593-d223f7449a82
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.
Props timmydcrawford, tyxla.
Fixes#39033.
git-svn-id: https://develop.svn.wordpress.org/trunk@39647 602fd350-edb4-49c9-b593-d223f7449a82
Removes the debugging group notation left in the `WP_Test_REST_Users_Controller` and `WP_Test_REST_Posts_Controller` classes pagination headers method. Introduced in [38832].
Props sanket.parmar.
Fixes#39398.
git-svn-id: https://develop.svn.wordpress.org/trunk@39643 602fd350-edb4-49c9-b593-d223f7449a82
When plugins don't disable the `backupGlobals` PHPUnit option in their own tests, `$wpdb` is backed up and restored between classes of tests. The serialisation process used for this broke the database connection. This previously wasn't a problem, as it was reconnecting before each test.
[38398] introduced some changes that required the connection to be available in `setUpBeforeClass()`, earlier than in was previously reconnecting. This didn't cause warnings in Core, but it did cause warnings for plugins that don't disable the `backupGlobals` option.
The database connection now reconnects in `setUpBeforeClass()`. This change also fixes a few Core tests that weren't calling `parent::setUpBeforeClass()` or `parent::tearDown()` correctly.
Fixes#39327.
git-svn-id: https://develop.svn.wordpress.org/trunk@39626 602fd350-edb4-49c9-b593-d223f7449a82
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats. Avoid generating PHP warnings in this
situation.
Props dreamon11, ChopinBach.
Fixes#39293.
git-svn-id: https://develop.svn.wordpress.org/trunk@39620 602fd350-edb4-49c9-b593-d223f7449a82
This fixes an oversight in [39246], which added a hook for filtering
the array of sizes used for PDF thumbnails, but failed to provide a way
for sizes added through `add_image_size()` to be processed.
Props gitlost.
Fixes#39231. See #38594.
git-svn-id: https://develop.svn.wordpress.org/trunk@39617 602fd350-edb4-49c9-b593-d223f7449a82
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function. This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.
Props jblz, tyxla.
Fixes#39092.
git-svn-id: https://develop.svn.wordpress.org/trunk@39598 602fd350-edb4-49c9-b593-d223f7449a82
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.
Fixes#38700.
git-svn-id: https://develop.svn.wordpress.org/trunk@39597 602fd350-edb4-49c9-b593-d223f7449a82
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.
Fixes#38977.
git-svn-id: https://develop.svn.wordpress.org/trunk@39595 602fd350-edb4-49c9-b593-d223f7449a82
It's fairly common for clients to send `Content-Type: application/json` with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.
Props JPry.
Fixes#39150.
git-svn-id: https://develop.svn.wordpress.org/trunk@39594 602fd350-edb4-49c9-b593-d223f7449a82
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.
Fixes#39063. See #37616.
git-svn-id: https://develop.svn.wordpress.org/trunk@39588 602fd350-edb4-49c9-b593-d223f7449a82
Previously an option containing an object would trigger an SQL `UPDATE` on all calls to `update_option`, even if the old and new values were identical. This was due to the old and new values having differing resource IDs.
This change compares the old and new values as serialized data to remove the resource ID from the comparison.
Props salcode, bradyvercher, peterwilsoncc.
Fixes#38903.
git-svn-id: https://develop.svn.wordpress.org/trunk@39564 602fd350-edb4-49c9-b593-d223f7449a82
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.
Props kkoppenhaver, rachelbaker, jnylen0.
Fixes#39042.
git-svn-id: https://develop.svn.wordpress.org/trunk@39563 602fd350-edb4-49c9-b593-d223f7449a82
This new function is a taxonomy-agnostic version of `get_category_parents()`.
Props keesiemeijer, SergeyBiryukov, rafaehlers.
Fixes#17069.
git-svn-id: https://develop.svn.wordpress.org/trunk@39549 602fd350-edb4-49c9-b593-d223f7449a82
The ultimate `post_name` is stored in postmeta until the post is published. The `get_page_by_path()` function does not exclude `auto-draft` posts. Revert changes to `wp_unique_post_slug()` from [39411] which excluded `auto-draft` posts.
Props westonruter, dlh for testing, helen for testing.
See #38114, #38928.
Fixes#39078.
git-svn-id: https://develop.svn.wordpress.org/trunk@39506 602fd350-edb4-49c9-b593-d223f7449a82
This capability is not relevant on single site installs; it only applies to deleting a site on a multisite installation.
Fixes#38326
git-svn-id: https://develop.svn.wordpress.org/trunk@39494 602fd350-edb4-49c9-b593-d223f7449a82
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).
One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.
Props joehoyle, jnylen0.
Fixes#39010.
git-svn-id: https://develop.svn.wordpress.org/trunk@39487 602fd350-edb4-49c9-b593-d223f7449a82
The `siteurl` setting is registered and made available to the REST API. On a multisite installation, this setting is not configurable from the General Settings screen, but due to the above it is configurable from the REST API.
Props peterwilsoncc.
Fixes#39005.
git-svn-id: https://develop.svn.wordpress.org/trunk@39468 602fd350-edb4-49c9-b593-d223f7449a82
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.
Fixes#38971.
git-svn-id: https://develop.svn.wordpress.org/trunk@39444 602fd350-edb4-49c9-b593-d223f7449a82
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.
Props jnylen0, rachelbaker.
Fixes#38962.
git-svn-id: https://develop.svn.wordpress.org/trunk@39438 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.
Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes#38989.
git-svn-id: https://develop.svn.wordpress.org/trunk@39436 602fd350-edb4-49c9-b593-d223f7449a82
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.
This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.
Props jeremyfelt.
Fixes#39000.
git-svn-id: https://develop.svn.wordpress.org/trunk@39426 602fd350-edb4-49c9-b593-d223f7449a82
* Updates `wp_unique_post_slug()` to ignore `auto-draft` posts. Prevents publishing multiple posts that have the same slugs from starter content.
* Fixes fatal error when attempting to save an header_image setting from a non-admin context.
* Fixes substituting attachment symbols in options and theme mods.
* Fixes applying starter content for header images and background images.
See #38114.
Fixes#38928.
git-svn-id: https://develop.svn.wordpress.org/trunk@39411 602fd350-edb4-49c9-b593-d223f7449a82
* Also moves checks from `customize_save` Ajax handler to the underlying `WP_Customize_Manager::save_changeset_post()` call which plugins may invoke directly.
* Ensures that `customize_save_response` filter is always passed an array, with error code available as `code`.
Props utkarshpatel, westonruter, sayedwp.
See #30937.
Fixes#38943.
git-svn-id: https://develop.svn.wordpress.org/trunk@39409 602fd350-edb4-49c9-b593-d223f7449a82
Fixes a regression in the media library after [38949], which caused
small images (< thumbnail size) to not display within the media library.
Accounts for images that have no intermediate sizes
in `wp_prepare_attachment_for_js()`.
Adds test.
Fixes#38965.
Props joemcgill, clorith, mikeschroder.
git-svn-id: https://develop.svn.wordpress.org/trunk@39396 602fd350-edb4-49c9-b593-d223f7449a82
* Show default labels for nav menu item as placeholders in a control's label field instead of showing blank.
* Store empty string as label instead of copying default labels.
* Prevent labels for post type archive items from being dropped in preview.
* Also ensure that the item type label is displayed on nav menu item controls for settings that are loaded from an existing changeset.
Amends [38618].
See #38015.
Fixes#38955.
git-svn-id: https://develop.svn.wordpress.org/trunk@39393 602fd350-edb4-49c9-b593-d223f7449a82
The API should allow updates that don't actually change anything. This allows
clients to, for example, accidentally send the same request twice without
encountering unexpected errors. This currently works for posts, terms, and
users, so this commit adds test cases accordingly.
See #38700 for issues preventing this from working for comments.
Fixes#38975.
git-svn-id: https://develop.svn.wordpress.org/trunk@39371 602fd350-edb4-49c9-b593-d223f7449a82
Fixes typo in args passed to `get_term_link()` which caused a fatal error due to this call returning a `WP_Error` which was set to `url`. Also fixes never-satisfiable condition for obtaining post type archive URL. Also ensures that `WP_Error` never leaks through as `url` by setting it to an empty string. Adds missing unit tests.
Amends [38991].
See #38114.
Fixes#38945.
git-svn-id: https://develop.svn.wordpress.org/trunk@39365 602fd350-edb4-49c9-b593-d223f7449a82
* Moves logic from `WP_Customize_Custom_CSS_Setting::update()` into a re-usable `wp_update_custom_css_post()` function, useful for future REST API endpoint, WP-CLI command, or plugin migrations.
* Renames `customize_update_custom_css_post_content_args` filter to `update_custom_css_data` and improves the naming of the parameters. Instead of passing `post_content` and `post_content_filtered` the filtered array now contains `css` and `preprocessed` respectively.
* The second context param for the `update_custom_css_data` filter is now an array of the original args passed to `wp_update_custom_css_post()` and there is now no more `$setting` arg since it isn't necessarily being called in the customizer context.
Props westonruter, georgestephanis.
See #35395.
Fixes#38672.
git-svn-id: https://develop.svn.wordpress.org/trunk@39350 602fd350-edb4-49c9-b593-d223f7449a82
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.
Props flixos90, jnylen0.
Fixes#38692.
git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
Featured image support means that attachments can now be imported. Media can be sideloaded from within theme or plugin directories. Like other posts, attachments are auto-drafts until customizer changes are published, and are not duplicated when they already exist in the customized state. Attachment IDs can be used for any number of purposes, much like post IDs. Twenty Seventeen now includes 3 images used as featured images to best showcase the multi-section homepage setup.
As featured image IDs are stored in post meta, it also made sense to add support for page templates. Twenty Seventeen does not include any such templates, but the functionality can be quite important for displaying themes to their best effect.
props westonruter, helen, flixos90.
fixes#38615.
git-svn-id: https://develop.svn.wordpress.org/trunk@39346 602fd350-edb4-49c9-b593-d223f7449a82
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.
Props lucasstark, swissspidy.
Fixes#38877.
git-svn-id: https://develop.svn.wordpress.org/trunk@39343 602fd350-edb4-49c9-b593-d223f7449a82
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.
Props jnylen0, rachelbaker.
Fixes#38886.
git-svn-id: https://develop.svn.wordpress.org/trunk@39337 602fd350-edb4-49c9-b593-d223f7449a82
* Strip out `customize_messenger_channel` from preview window URL when not contained in iframe.
* Allow interacting with unpreviewable links and forms when previewing customized state on frontend.
See #30937.
Fixes#38867.
git-svn-id: https://develop.svn.wordpress.org/trunk@39332 602fd350-edb4-49c9-b593-d223f7449a82
Previously, if no translation files exist for a text domain, `_load_textdomain_just_in_time()` went through the entire process each time it was called. This results in an increased call to `get_locale()` and its `locale` filter.
This change splits the logic into `_get_path_to_translation()` and `_get_path_to_translation_from_lang_dir()`. The former, which is used by `_load_textdomain_just_in_time()`, caches the result of the latter. It also removes some non-working code from `WP_Locale_Switcher::load_translations()`.
Props jrf, swissspidy, sharkomatic, ocean90.
Fixes#37997.
git-svn-id: https://develop.svn.wordpress.org/trunk@39330 602fd350-edb4-49c9-b593-d223f7449a82
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.
Props tharsheblows, joehoyle.
Fixes#38786.
git-svn-id: https://develop.svn.wordpress.org/trunk@39328 602fd350-edb4-49c9-b593-d223f7449a82
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.
Props helen, rachelbaker, joehoyle.
Fixes#38855.
git-svn-id: https://develop.svn.wordpress.org/trunk@39327 602fd350-edb4-49c9-b593-d223f7449a82
Check setting existence and authorization via `WP_Customize_Manager::validate_setting_values()` even for `null` values to account for custom params being added to settings, preventing failures from being silently ignored.
See #38705, #30937.
Fixes#38865.
git-svn-id: https://develop.svn.wordpress.org/trunk@39320 602fd350-edb4-49c9-b593-d223f7449a82
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.
Props dd32, rachelbaker, joehoyle.
Fixes#38819.
git-svn-id: https://develop.svn.wordpress.org/trunk@39302 602fd350-edb4-49c9-b593-d223f7449a82
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.
Props dd32, schlessera, danielbachhuber.
Fixes#38818.
git-svn-id: https://develop.svn.wordpress.org/trunk@39296 602fd350-edb4-49c9-b593-d223f7449a82
With a few tests for getting / creating comments to reflect core behaviour.
Props timmyc.
git-svn-id: https://develop.svn.wordpress.org/trunk@39295 602fd350-edb4-49c9-b593-d223f7449a82
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.
Props dd32, danielbachhuber.
Fixes#38821.
git-svn-id: https://develop.svn.wordpress.org/trunk@39292 602fd350-edb4-49c9-b593-d223f7449a82
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.
Props dd32, boonebgorges, rachelbaker.
Fixes#38820.
git-svn-id: https://develop.svn.wordpress.org/trunk@39290 602fd350-edb4-49c9-b593-d223f7449a82
Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.
Props dd32, jnylen0, rachelbaker.
Fixes#38816.
git-svn-id: https://develop.svn.wordpress.org/trunk@39288 602fd350-edb4-49c9-b593-d223f7449a82
If a user-agent is not explicitly provided in the `author_user_agent` parameter, fallback to the `user_agent` value in the request header.
Props dd32, jnylen0, rachelbaker.
Fixes#38817.
git-svn-id: https://develop.svn.wordpress.org/trunk@39287 602fd350-edb4-49c9-b593-d223f7449a82
The `SHOW TABLES LIKE` query can be used to search for tables that match a pattern, `wp\_123\_%`, for example. While this isn't the name of an actual table, the `wp_123_` prefix can be used by database drop-ins to direct the query correctly. This change removes the escaping and `%` modifier, to provide this usable prefix.
Props andy, pento.
Fixes#38751.
git-svn-id: https://develop.svn.wordpress.org/trunk@39275 602fd350-edb4-49c9-b593-d223f7449a82
Descendant queries should not inherit the 'offset' and 'number'
parameters of the parent query, or descendants will be missed.
Previously: [38497].
See #37696.
git-svn-id: https://develop.svn.wordpress.org/trunk@39274 602fd350-edb4-49c9-b593-d223f7449a82
Adds a callback for determining when video headers should be displayed in themes supporting custom headers. By default, video headers are only displayed on the front page of a site.
Theme authors may set a custom callback by passing `'video-active-callback' => 'mytheme_video_active_callback'` as an argument. The default callback is `is_front_page()`.
This introduces the new function `is_header_video_active()` - returns `true` on pages that should display video headers. The return value can be filtered using the new filter of the same name.
Props flixos90, bradyvercher, peterwilsoncc, joemcgill.
Fixes#38738.
git-svn-id: https://develop.svn.wordpress.org/trunk@39240 602fd350-edb4-49c9-b593-d223f7449a82
Prevents post type templates ignoring post types due to invalid characters. Each entry in the `Template Post Type` comment is run through `sanitize_key()` to match the sanitisation used by `register_post_type()`.
Fixes#38766.
git-svn-id: https://develop.svn.wordpress.org/trunk@39236 602fd350-edb4-49c9-b593-d223f7449a82
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.
Fixes#38531.
Props rachelbaker, tharsheblows.
git-svn-id: https://develop.svn.wordpress.org/trunk@39222 602fd350-edb4-49c9-b593-d223f7449a82
* Add `customize_value_custom_css` filter to `WP_Customize_Custom_CSS::value()` method.
* Introduce `customize_update_custom_css_post_content_args` filter in `WP_Customize_Custom_CSS::update()` method.
* Make clear that `wp_get_custom_css()` and `wp_get_custom_css` filter are specifically for obtaining the value to render/display. Eliminate use of `wp_get_custom_css()` when getting the setting value. Use the underlying `post_value` directly when `is_previewed`.
* Move anonymous functions handing JS previewing for `custom_logo`, `custom_css`, and `background` into named functions on the `wp.customize.settingPreviewHandlers` to allow plugins to override/extend preview logic.
* Update `_custom_background_cb` to always print a `style` tag wen in the customizer preview, and update background preview logic to replace existing style element instead of appending a new style to the head so that background changes don't unexpectedly override any Custom CSS in the preview's stylesheet cascade.
Props westonruter, georgestephanis.
See #22058.
Fixes#38672.
git-svn-id: https://develop.svn.wordpress.org/trunk@39209 602fd350-edb4-49c9-b593-d223f7449a82
For all resources in the REST API, sending partial updates is supported. This fixes needing to _always_ specify comment content.
Props jnylen.
Fixes#38720.
git-svn-id: https://develop.svn.wordpress.org/trunk@39196 602fd350-edb4-49c9-b593-d223f7449a82
Though we have the `_links.collection` available, having this value can be useful to know post type / taxonomy urls if you need to build them another way.
Props youknowriad, jnylen0.
Fixes#38607.
git-svn-id: https://develop.svn.wordpress.org/trunk@39191 602fd350-edb4-49c9-b593-d223f7449a82
Restoring the current user context when saving a setting ensures filters apply as expected, such as Kses. When a user is not associated with a given setting change, continue to override `capability` to be `exist` when saving. Skip overwriting setting values in a changeset that have not changed, facilitating concurrent editing and amending a changeset by a user with fewer privileges.
See #30937.
Fixes#38705.
git-svn-id: https://develop.svn.wordpress.org/trunk@39181 602fd350-edb4-49c9-b593-d223f7449a82
Additionally, use these meta-caps in the REST API endpoints.
Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.
Props tharsheblows, boonebgorges.
Fixes#38303, fixes#38412.
git-svn-id: https://develop.svn.wordpress.org/trunk@39179 602fd350-edb4-49c9-b593-d223f7449a82
`add_user_to_blog()` is now called, ensuring the correct hooks are called, along with setting the primary blog and clearing relevant caches.
Props jeremyfelt.
Fixes#38526.
git-svn-id: https://develop.svn.wordpress.org/trunk@39177 602fd350-edb4-49c9-b593-d223f7449a82
[39168] introduced a new theme to the tests, but it wasn't taken into account in Tests_Theme_ThemeDir::test_theme_list.
See #38696.
git-svn-id: https://develop.svn.wordpress.org/trunk@39170 602fd350-edb4-49c9-b593-d223f7449a82
Previously there was no way to remove the user locale setting again, even though that might be desirable.
This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.
Props ocean90.
See #29783.
Fixes#38632.
git-svn-id: https://develop.svn.wordpress.org/trunk@39169 602fd350-edb4-49c9-b593-d223f7449a82
After [38951] added support for post type templates beyond pages, this fixes an issue where an empty meta box would be shown when using child themes.
Fixes#38696.
git-svn-id: https://develop.svn.wordpress.org/trunk@39168 602fd350-edb4-49c9-b593-d223f7449a82
This filter was originally introduced in https://github.com/WP-API/WP-API/pull/2535 to support Customizer Changesets (née Transactions). This is a super broad filter and doesn't really fit with the design of the API, nor is it (arguably) the right level to do this.
Props rmccue.
Fixes#38701.
git-svn-id: https://develop.svn.wordpress.org/trunk@39161 602fd350-edb4-49c9-b593-d223f7449a82
The regular comments API requires 6 characters rather than 3, so we need to match this.
Props mangeshp, dd32.
Fixes#38506.
git-svn-id: https://develop.svn.wordpress.org/trunk@39158 602fd350-edb4-49c9-b593-d223f7449a82
Introduced in [39155], but not necessary for the slashing tests. These fail on 5.3, which encodes the emoji as HTML entities.
Props dd32.
See #38609.
git-svn-id: https://develop.svn.wordpress.org/trunk@39156 602fd350-edb4-49c9-b593-d223f7449a82
This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.
Props jnylen0.
Fixes#38609.
git-svn-id: https://develop.svn.wordpress.org/trunk@39155 602fd350-edb4-49c9-b593-d223f7449a82
Just like excerpt and content for regular posts, these have transformations applied that can make the content significantly different from the raw value.
Props jnylen0.
Fixes#38679.
git-svn-id: https://develop.svn.wordpress.org/trunk@39154 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_Customize_Custom_CSS_Setting::value()` method now returns the `default` if `wp_get_custom_css()` returns empty.
Props westonruter, afercia, helen.
See #35395.
Fixes#38685.
git-svn-id: https://develop.svn.wordpress.org/trunk@39151 602fd350-edb4-49c9-b593-d223f7449a82
This is a great goal for core, and is close, but it is not in shape to be shipped for 4.7 and there is not enough time left in the development cycle to alter and polish sufficiently. There are bugs, but more than that, there are more fundamental questions around the use of existing UI, general UX, and how findable themes are (not) on the .org side.
see #37661.
git-svn-id: https://develop.svn.wordpress.org/trunk@39140 602fd350-edb4-49c9-b593-d223f7449a82
When there are many post types registered, prevent Ajax requests from piling up and slamming WordPress with concurrent requests.
Props curdin, westonruter.
Fixes#36697.
git-svn-id: https://develop.svn.wordpress.org/trunk@39137 602fd350-edb4-49c9-b593-d223f7449a82
Leverages `get_user_locale()` in `load_*_textdomain()` and `_load_textdomain_just_in_time()` to always load translations in the user's language when in the admin.
This re-introduces [39069], but now with additional tests and a `function_exists( 'wp_get_current_user' )` check in `get_user_locale()` in case it gets used early.
Props swissspidy, ocean90.
Fixes#38485.
git-svn-id: https://develop.svn.wordpress.org/trunk@39127 602fd350-edb4-49c9-b593-d223f7449a82
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property. As a result DELETE responses are now structured like so:
`{ deleted: true, previous: { ... } }`
Also includes helpful information to DELETE requests for resources that are not trashable.
Props timmydcrawford, rmccue, jnylen0.
Fixes#38494.
git-svn-id: https://develop.svn.wordpress.org/trunk@39126 602fd350-edb4-49c9-b593-d223f7449a82
If you send a request to the REST API with invalid JSON in body than it will now return a error. This assists developers if they accidentally send invalid JSON and wonder why their data appears to be ignored.
Props rmccue.
Fixes#38547.
git-svn-id: https://develop.svn.wordpress.org/trunk@39109 602fd350-edb4-49c9-b593-d223f7449a82
Multiple post statuses can be specified by the usual CSV or array-propper format.
Props jnylen0, kadamwhite, websupporter.
Fixes#38420.
git-svn-id: https://develop.svn.wordpress.org/trunk@39104 602fd350-edb4-49c9-b593-d223f7449a82
Introduces `wp_check_comment_data_max_lengths()` which allows both the REST API comments endpoints and `wp_handle_comment_submission()` to check the length of the comment content, author name, author url, and author email fields against their respective database columns.
Props rachelbaker, mangeshp, salcode, pento.
Fixes#38477.
git-svn-id: https://develop.svn.wordpress.org/trunk@39101 602fd350-edb4-49c9-b593-d223f7449a82
Add the taxonomies for a post type to the `/wp/v2/types` endpoint, so clients know which taxonomies are available for which post types.
Props danielbachhuber.
Fixes#38438, #38631.
git-svn-id: https://develop.svn.wordpress.org/trunk@39097 602fd350-edb4-49c9-b593-d223f7449a82
Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.
Props pento.
Fixes#38521 (hopefully).
git-svn-id: https://develop.svn.wordpress.org/trunk@39092 602fd350-edb4-49c9-b593-d223f7449a82
The now deprecated `WP_Roles::reinit()` method was trying to call `__deprecated_function()`, instead of `_deprecated_function()`.
See 23016.
git-svn-id: https://develop.svn.wordpress.org/trunk@39088 602fd350-edb4-49c9-b593-d223f7449a82
`array_merge()` incorrectly reindexes numeric parameters, causing things like `{"123": true}` to be "dropped".
Props sswells, joehoyle.
Fixes#38306.
git-svn-id: https://develop.svn.wordpress.org/trunk@39087 602fd350-edb4-49c9-b593-d223f7449a82
This error code is now... wait for it... `wp_mail_failed`. Previously, this would have been the originating PHPMailer error code, which could be `0`, which would then fail (pass?) the `empty()` check in the `WP_Error` constructor, thereby rendering the error object fairly useless. The PHPMailer error code is now located within the `WP_Error` data.
props Kau-Boy, stephenharris.
fixes#35598.
git-svn-id: https://develop.svn.wordpress.org/trunk@39086 602fd350-edb4-49c9-b593-d223f7449a82
This is a re-commit of [38980], which was reverted in [38990].
Props youknowriad, jnylen0, pento.
Fixes#38521.
git-svn-id: https://develop.svn.wordpress.org/trunk@39085 602fd350-edb4-49c9-b593-d223f7449a82
While it's valid to save any format to the database, and WordPress is totally fine with that, we should only include the formats specified by the theme in the schema.
Props danielbachhuber.
Fixes#38610.
git-svn-id: https://develop.svn.wordpress.org/trunk@39084 602fd350-edb4-49c9-b593-d223f7449a82
Historically, it's been difficult to extend user roles, but reasonable to work around by waiting until after `init` has fired, to add custom roles and capabilities. With the addition of Locale Switching, Core now potentially loads roles before `init` has fired, leaving a window where custom roles and capabilities are not handled.
The new filter allows plugins to add their own custom roles whenever they're initialised (on page load, or when switching sites, for example), so that they can always be obeyed.
`WP_Roles` has also been tidied up a little bit, to remove duplicate code.
Props johnjamesjacoby, pento.
Fixes#23016.
git-svn-id: https://develop.svn.wordpress.org/trunk@39082 602fd350-edb4-49c9-b593-d223f7449a82
Make sure the right text is matched when it already contains characters of the pattern.
Adds two more unit tests.
Fixes#37693.
git-svn-id: https://develop.svn.wordpress.org/trunk@39075 602fd350-edb4-49c9-b593-d223f7449a82
`test_default_theme_in_default_theme_list()` was always being skipped after #31550, this causes it to once again check that the unit tests are up to date and include the latest default theme.
`test_default_themes_have_textdomain()` didn't play happy when a default theme wasn't installed on a site.
See #31550, #29925, #38551.
git-svn-id: https://develop.svn.wordpress.org/trunk@39065 602fd350-edb4-49c9-b593-d223f7449a82
This partially reverts [35738], which has shown to provide a bad user experience for users seeking to experiment with TwentySeventeen.
This will result in TwentySixteen being installed in addition to TwentySeventeen.
See #38551.
git-svn-id: https://develop.svn.wordpress.org/trunk@39064 602fd350-edb4-49c9-b593-d223f7449a82
Previously a user could remove a protected meta field by using their browser developer tools to alter the form field properties in the Custom Fields meta box, given that they know the ID of the protected meta field. This change prevents this by preventing any change to a protected meta field, including changing its key.
Props ajoah, johnbillion, peterwilsoncc
Fixes#38293
git-svn-id: https://develop.svn.wordpress.org/trunk@39062 602fd350-edb4-49c9-b593-d223f7449a82
In #38586 the ability to parse arrays as csv was introduced, however it didn't add any support for validating csv arrays. This adds such sanitization, and also a good amount of unit tests for all sanitization baed off schema.
See #38586.
git-svn-id: https://develop.svn.wordpress.org/trunk@39061 602fd350-edb4-49c9-b593-d223f7449a82
Previously Settings only supported "number" which meant it was possible to push floats to things like posts_per_page. This means now developers can also specify `type => ineger` in meta nad settings resgration.
Props flixos90.
Fixes#38393.
git-svn-id: https://develop.svn.wordpress.org/trunk@39058 602fd350-edb4-49c9-b593-d223f7449a82
After [39048], this changes explicitly parses the list of user roles as slugs, and adds tests.
Props jnylen0.
Fixes#38557.
git-svn-id: https://develop.svn.wordpress.org/trunk@39056 602fd350-edb4-49c9-b593-d223f7449a82
[39048] added CSV support to array types, this change explicitly parses term lists as IDs, and adds tests.
Props timmydcrawford, pento.
Fixes#38553.
git-svn-id: https://develop.svn.wordpress.org/trunk@39055 602fd350-edb4-49c9-b593-d223f7449a82
The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI.
Props jnylen0.
Fixes#38582.
git-svn-id: https://develop.svn.wordpress.org/trunk@39047 602fd350-edb4-49c9-b593-d223f7449a82
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
git-svn-id: https://develop.svn.wordpress.org/trunk@39046 602fd350-edb4-49c9-b593-d223f7449a82
This prevents `wp_die()` being sent in response to an XML-RPC call that attempts to submit a duplicate comment, and correctly returns an error in response to an attempt to submit an empty comment.
Props markoheijnen, websupporter.
Fixes#14452, #38466.
See #36901
git-svn-id: https://develop.svn.wordpress.org/trunk@39045 602fd350-edb4-49c9-b593-d223f7449a82
* Allow `WP_Customize_Nav_Menus::insert_auto_draft_post()` to take full post array to pass to `wp_insert_post()`, except for `post_status`. Require `post_title`.
* Ensure empty `post_name` gets explicitly set to slugified `post_title`.
* Explicitly allow only `post_type` and `post_title` params in `WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()`.
* Use `wp_update_post()` instead of `wp_publish_post()` to ensure unique slugs are assigned to published auto-draft posts.
* Re-use `WP_Customize_Nav_Menus::insert_auto_draft_post()` when inserting stubs from starter content.
See #38114, #38013, #34923.
Fixes#38539.
git-svn-id: https://develop.svn.wordpress.org/trunk@39038 602fd350-edb4-49c9-b593-d223f7449a82
`wp_load_translations_early()` is used when WordPress isn't fully initialized. Therefore using the `WP_Locale_Switcher` with `get_locale()`/`get_user_locale()` can cause PHP fatal errors.
This reverts [38976] and [38977], and instead removes `WP_Locale_Switcher` from `wp_load_translations_early()`.
See #29783.
Fixes#38535.
git-svn-id: https://develop.svn.wordpress.org/trunk@39005 602fd350-edb4-49c9-b593-d223f7449a82
A `null` value is returned in the response for any option that has a non-scalar value.
To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.
Props joehoyle, rachelbaker.
Fixes#38527.
git-svn-id: https://develop.svn.wordpress.org/trunk@38982 602fd350-edb4-49c9-b593-d223f7449a82
If WPDB needs to bail early, it loads the translations, which need to load the locale. Without WPDB, we can't get any database options, so can only rely on what's been loaded so far.
Fixes#29783.
git-svn-id: https://develop.svn.wordpress.org/trunk@38976 602fd350-edb4-49c9-b593-d223f7449a82
As sparrows' tears shed steadily
Make widest rivers filled,
`setUp()` routines run prodig'ly
Add minutes to a build.
So cull ye fixtures profligate!
Direct thine frugal gaze!
Our savings here - a half-minute -
When multiplied: Amaze!
See #30017.
git-svn-id: https://develop.svn.wordpress.org/trunk@38975 602fd350-edb4-49c9-b593-d223f7449a82
The WP-API plugin originally used a custom method for fetching object
terms in a way that supported the object cache and also accepted all
parameters for `get_terms()`. In [38667], the internals of
`wp_get_object_terms()` were modified to use `WP_Term_Query`, thus
delivering in a native fashion the features that the API had
previously achieved bespokely.
Fixes#38504.
git-svn-id: https://develop.svn.wordpress.org/trunk@38974 602fd350-edb4-49c9-b593-d223f7449a82
