Commit Graph

31 Commits

Author SHA1 Message Date
Rachel Baker
6ab5804df1 REST API: Fix incorrect uses of rest_sanitize_value_from_schema().
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.

git-svn-id: https://develop.svn.wordpress.org/trunk@39400 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-01 02:11:56 +00:00
Ryan McCue
0cbea5855e REST API: Trim trailing slashes from routes.
WordPress' rewrites do this usually, but the behaviour was inconsistent when using non-pretty permalinks.

Props joehoyle.
Fixes #38873.


git-svn-id: https://develop.svn.wordpress.org/trunk@39329 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 05:45:31 +00:00
Joe Hoyle
ba5a196d9e REST API: Change “ipv4” types to “ip” to support ipv6.
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.

Props dd32, schlessera, danielbachhuber.
Fixes #38818.

git-svn-id: https://develop.svn.wordpress.org/trunk@39296 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 19:32:03 +00:00
Sergey Biryukov
eb26b2a6a7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.

git-svn-id: https://develop.svn.wordpress.org/trunk@39278 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-17 15:52:18 +00:00
Ryan McCue
2d0cd4493c REST API: Move translator comments to preceding line.
Inline translator comments break POT file generation.

Props dd32.
See #38791.


git-svn-id: https://develop.svn.wordpress.org/trunk@39239 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-15 05:38:21 +00:00
Ryan McCue
6fee13fda7 REST API: Add translator comments to text with placeholders.
Props dimadin.
Fixes #38791.


git-svn-id: https://develop.svn.wordpress.org/trunk@39238 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-15 04:27:49 +00:00
Joe Hoyle
58169b04fa REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.


git-svn-id: https://develop.svn.wordpress.org/trunk@39222 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-14 16:35:35 +00:00
Ryan McCue
08efd7b636 REST API: Require 6 characters for comment email addresses.
The regular comments API requires 6 characters rather than 3, so we need to match this.

Props mangeshp, dd32.
Fixes #38506.


git-svn-id: https://develop.svn.wordpress.org/trunk@39158 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-08 06:41:57 +00:00
Joe Hoyle
0e609fa717 REST API: Sanitize arrays being sent as CSVs.
In #38586 the ability to parse arrays as csv was introduced, however it didn't add any support for validating csv arrays. This adds such sanitization, and also a good amount of unit tests for all sanitization baed off schema.

See #38586.


git-svn-id: https://develop.svn.wordpress.org/trunk@39061 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-31 17:07:14 +00:00
Gary Pendergast
c9618c09ad REST API: Allow parameters defined as array to be sent as CSVs.
This allows parameters that are often handled as CSVs to be properly parsed.

Fixes #38586.



git-svn-id: https://develop.svn.wordpress.org/trunk@39048 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-31 05:44:56 +00:00
Gary Pendergast
a86bc6f565 REST API: Add support for arrays in schema validation and sanitization.
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.

This can easily be extended to support new data types, such as CSV fields or objects.

Props joehoyle, rachelbaker, pento.
Fixes #38531.



git-svn-id: https://develop.svn.wordpress.org/trunk@39046 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-31 01:47:36 +00:00
Gary Pendergast
67044fe410 REST API: Add PATCH to CORS allowed methods.
Editable resources in the REST API accept the `PATCH` method, but the CORS headers don't mention it.

Props jnylen0.
Fixes #38546.



git-svn-id: https://develop.svn.wordpress.org/trunk@39042 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-31 00:18:14 +00:00
Drew Jaynes
32c7696700 Docs: Add a slightly less ambiguous list of return types for rest_ensure_response().
See #38398.


git-svn-id: https://develop.svn.wordpress.org/trunk@39037 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-30 18:52:58 +00:00
Rachel Baker
ede099a704 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.

git-svn-id: https://develop.svn.wordpress.org/trunk@38832 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-20 02:54:12 +00:00
Aaron Jorbin
246aa65a19 REST API: Include Vary: Origin in cors headers
`vary: origin` is a W3 CORS implementation recommendation( https://www.w3.org/TR/cors/#resource-implementation ). It's used by default in frameworks such as hapi and Laravel-cors. Overall, it helps sites siting behind a cache such as varnish.

Fixes #38060.
Props procodewp, pdufour for research.



git-svn-id: https://develop.svn.wordpress.org/trunk@38806 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-17 16:10:37 +00:00
Rachel Baker
a94f468051 REST API: Support sites with index-style permalinks in get_rest_url().
Support the index-style permalinks (http://example.com/index.php/postName) when registering the REST API rewrite rules and within the `get_rest_url()` function. This allows sites that do not have mod_rewrite support to have almost pretty urls and have access to their REST API endpoints.

Props kraftbj.
Fixes #38182.

git-svn-id: https://develop.svn.wordpress.org/trunk@38790 602fd350-edb4-49c9-b593-d223f7449a82
2016-10-14 19:29:08 +00:00
Scott Taylor
368e28243f REST API: remove unnecessary variable assignments in rest_handle_options_request().
See #37771.


git-svn-id: https://develop.svn.wordpress.org/trunk@38310 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-22 20:55:29 +00:00
Rachel Baker
0e6a328782 REST API: Include a refreshed nonce in a X-WP-Nonce header when responding to an authenticated request.
Props adamsilverstein, welcher, markjaquith, aidvu.
Fixes #35662.




git-svn-id: https://develop.svn.wordpress.org/trunk@37905 602fd350-edb4-49c9-b593-d223f7449a82
2016-06-29 03:00:54 +00:00
Drew Jaynes
9531107084 Docs: Apply inline @see tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

Fixes #36921.


git-svn-id: https://develop.svn.wordpress.org/trunk@37544 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-23 19:01:40 +00:00
Drew Jaynes
d11f7ed391 Docs: Standardize filter docs in remaining wp-includes/* files to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.


git-svn-id: https://develop.svn.wordpress.org/trunk@37518 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-22 18:49:05 +00:00
Drew Jaynes
8ff9728013 Docs: Improve syntax in the DocBlock for rest_get_server(), introduced in [36529].
See #35329. See #35986.


git-svn-id: https://develop.svn.wordpress.org/trunk@36947 602fd350-edb4-49c9-b593-d223f7449a82
2016-03-10 18:48:34 +00:00
Joe Hoyle
b38ea44e9a OPTIONS requests to REST API should return Allow header.
An OPTIONS request was incorrectly returning an "Accept" header which
was a typo of "Allow". This meant Accept was showing "GET, POST" for example,
however it was also not running the permission checks on the endpoints.

Instead, the correct route needs to be set on the request object, which means
the normal handling for the Allow header will kick in. This technically
breaks backwards compatibility, however given the value of Accept was also wrong
then this should not be an issue.

Fixes #35975.


git-svn-id: https://develop.svn.wordpress.org/trunk@36829 602fd350-edb4-49c9-b593-d223f7449a82
2016-03-03 09:54:32 +00:00
Ryan McCue
b32aaf603e REST API: Add helper function to get server instance.
This allows using rest_do_request() outside of the API itself easily.

Props danielbachhuber, swissspidy.


git-svn-id: https://develop.svn.wordpress.org/trunk@36529 602fd350-edb4-49c9-b593-d223f7449a82
2016-02-16 01:11:31 +00:00
Sergey Biryukov
b51d90ee72 Docs: Correct @return type for rest_parse_date().
Props TimothyBlynJacobs.
Fixes #35224.

git-svn-id: https://develop.svn.wordpress.org/trunk@36086 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-25 20:40:43 +00:00
Rachel Baker
7d1436ffb7 Docs: Better param descriptions and fix incorrect param name within REST API deprecated functions
`rest_handle_deprecated_function`: you get better parameter descriptions.
`rest_handle_deprecated_argument`: you get a corrected parameter name ($replacement->$message), appropriate i18n translation hints, and better parameter descriptions.

Props ocean90.
Fixes #34908



git-svn-id: https://develop.svn.wordpress.org/trunk@35845 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-09 21:25:15 +00:00
Rachel Baker
5ddbe89dc8 REST API: Make strings translatable in register_rest_route.
Adds i18n to the `doing_it_wrong()` messages for invalid parameters within `register_rest_route()`.

Props Latz,danielbachhuber.
Fixes #34902



git-svn-id: https://develop.svn.wordpress.org/trunk@35822 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-07 22:39:25 +00:00
Andrew Nacin
8220d04e6d Simplify the include graph after work to split out classes.
see #33413. More details there.


git-svn-id: https://develop.svn.wordpress.org/trunk@35718 602fd350-edb4-49c9-b593-d223f7449a82
2015-11-20 07:23:04 +00:00
Scott Taylor
26aeb0f9bc After [34953], unbreak WordPress.
See [34930], #33982.


git-svn-id: https://develop.svn.wordpress.org/trunk@34954 602fd350-edb4-49c9-b593-d223f7449a82
2015-10-08 19:28:14 +00:00
Ryan McCue
1e223ff16b REST API: Add missing reference to WP_HTTP_Response
See #33982


git-svn-id: https://develop.svn.wordpress.org/trunk@34930 602fd350-edb4-49c9-b593-d223f7449a82
2015-10-08 02:39:06 +00:00
Ryan McCue
007e7b8cd4 REST API: Unbreak everything.
Obviously, it wouldn't have been a good commit unless I botched it.

See #33982.


git-svn-id: https://develop.svn.wordpress.org/trunk@34929 602fd350-edb4-49c9-b593-d223f7449a82
2015-10-08 02:33:51 +00:00
Ryan McCue
b39211475d REST API: Introduce baby API to the world.
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.

Thanks to everyone who helped along the way:

Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.

Fixes #33982.


git-svn-id: https://develop.svn.wordpress.org/trunk@34928 602fd350-edb4-49c9-b593-d223f7449a82
2015-10-08 02:30:18 +00:00