Commit Graph

2394 Commits

Author SHA1 Message Date
Jake Spurlock
1bc66eba08 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 4.7 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@49399 602fd350-edb4-49c9-b593-d223f7449a82
2020-10-29 18:56:04 +00:00
Sergey Biryukov
dcb81721c5 Tests: Temporarily skip PDF tests if they fail due to ImageMagick permission errors.
Merges [48338], [48341] to the 4.7 branch.

See #50573.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@48489 602fd350-edb4-49c9-b593-d223f7449a82
2020-07-14 21:51:43 +00:00
Jake Spurlock
f9be892b76 Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47637], and [47638] to the 4.7 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, westonruter, whyisjake, whyisjake, xknown.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@47650 602fd350-edb4-49c9-b593-d223f7449a82
2020-04-29 16:22:22 +00:00
Sergey Biryukov
154764394d Build/Test Tools: Remove unused ::assertPostHasTerms() method from tests/term.php.
The associated test was removed in [30241].

Merges [47341] to 3.7+ branches.
See #49485.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@47489 602fd350-edb4-49c9-b593-d223f7449a82
2020-03-22 14:29:03 +00:00
Sergey Biryukov
a306848d73 Embeds: Remove the external oEmbed tests for YouTube.
These tests no longer test anything that WordPress core has control over. YouTube now serves everything
over HTTPS by default, so the tests for #23149 will always pass, and the tests for #32714 aren't testing
anything that core has control over.

Tests for the responses from oEmbed providers has been attempted and reverted in #32360.

Props johnbillion.
Merges [41712] to the 4.7 branch.
See #42076, #32714, #23149.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@47480 602fd350-edb4-49c9-b593-d223f7449a82
2020-03-22 13:45:11 +00:00
Sergey Biryukov
ba95a9a719 Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Brings r46893 to the 4.7 branch.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 4.7 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@46916 602fd350-edb4-49c9-b593-d223f7449a82
2019-12-12 18:51:18 +00:00
Jake Spurlock
375d3d8775 Backporting several bug fixes.
- Query: Remove the static query property.
- HTTP API: Protect against hex interpretation.
- Filesystem API: Prevent directory travelersals when creating new folders.
- Administration: Ensure that admin referer nonce is valid.
- REST API: Send a Vary: Origin header on GET requests.

Backports [46474], [46475], [46476], [46477], [46478], [46483], [46485] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@46495 602fd350-edb4-49c9-b593-d223f7449a82
2019-10-14 18:49:56 +00:00
Jonathan Desrosiers
7d32848c55 Fix for URL sanitization in wp_kses_bad_protocol_once().
Merges [45997] to the 4.7 branch.

Props irsdl, sstoqnov, whyisjake.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@46007 602fd350-edb4-49c9-b593-d223f7449a82
2019-09-04 18:19:30 +00:00
Sergey Biryukov
84cf56f966 Improve handling the existing rel attribute in wp_rel_nofollow_callback().
Merges [45990] to the 4.7 branch.
Props xknown, sstoqnov.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@45996 602fd350-edb4-49c9-b593-d223f7449a82
2019-09-04 17:47:51 +00:00
Jake Spurlock
707096e9e0 Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
Merges [45937] to the 4.7 branch.

Props vortfu, whyisjake, peterwilsoncc


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@45954 602fd350-edb4-49c9-b593-d223f7449a82
2019-09-04 16:36:52 +00:00
Jeremy Felt
efd9885803 Media: Improve verification of MIME file types.
Merges [43988] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@43991 602fd350-edb4-49c9-b593-d223f7449a82
2018-12-12 23:04:17 +00:00
John Blackbourn
4e26af05f6 General: Remove the version number from the readme file in the 4.7 branch.
See #42386


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42100 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 18:05:59 +00:00
Gary Pendergast
16a56fae1f Database: Restore numbered placeholders in wpdb::prepare().
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

Merges [41662], [42056] to the 4.7 branch.
See #41925.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42058 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 12:33:25 +00:00
Gary Pendergast
dc63393569 Build/Test Tools: Pass correct $message argument to WP_UnitTestCase::setExpectedException() in Tests_Ajax_CompressionTest::test_logged_out() and Tests_Ajax_TagSearch::test_no_results().
PHPUnit 6.4.1 and earlier versions ignored the `'0'` value, causing the issue to go unnoticed.

Merge of [41870] to the 4.7 branch.

Props SergeyBiryukov.
See #42232.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42052 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-31 06:19:42 +00:00
Aaron D. Campbell
c134dea3b6 Database: Hardening to bring wpdb::prepare() inline with documentation.
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41498 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 18:11:46 +00:00
Aaron D. Campbell
66f675be1c Database: Hardening for wpdb::prepare()
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.

Merges [41470] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41472 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 14:58:49 +00:00
John Blackbourn
f780dd4734 Build/Test Tools: Remove ancient UT ticket handling for the 4.7 branch.
See #40533

Merges [40523] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41305 602fd350-edb4-49c9-b593-d223f7449a82
2017-08-22 19:58:16 +00:00
John Blackbourn
f58726da4b Build/Test Tools: Fix PHP 5.2 compatibility for grandchild methods which expect exceptions to be raised.
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.

See #39822

Merges [40872] and [40873] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40876 602fd350-edb4-49c9-b593-d223f7449a82
2017-06-05 10:41:02 +00:00
John Blackbourn
a10eba08e9 Build/Test Tools: Add a missing class to the PHPUnit 6 back compat.
See #39822

Merges [40853] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40854 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-30 22:07:59 +00:00
Pascal Birchler
f54b1461ac REST API: JS Client - Enable connecting to multiple endpoints.
Enable connecting to multiple wp-api `endpoints`. Calling `wp.api.init` with a new `apiRoot` will parse the new endpoint's schema and store a new set of models and collections. A collection of 
connected endpoints is stored in `wp.api.endpoints`.

Props lucasstark.
Fixes #39683.

Merges [40364] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40735 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 16:34:22 +00:00
Weston Ruter
76b080defd Customize: Fix phpunit tests after [40704] due to logic inversion error.
Merge of [40716] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40717 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 14:36:53 +00:00
John Blackbourn
8cbc520a94 Build/Test Tools: Backport various recent changes to the 4.7 branch.
* Add support for PHPUnit 6+.
* Add Composer files to the cache on Travis.
* Remove HHVM from the test infrastructure on Travis.

Merges [40536], [40538], [40539], and [40546] to the 4.7 branch.

See #40539
Fixes #39822, #40548


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40547 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-24 00:37:19 +00:00
Boone Gorges
a82fe2b598 Restore support for taxonomy 'args' override when querying object terms.
[7520] introduced an undocumented feature whereby developers could
register a custom taxonomy with an 'args' parameter, consisting of
an array of config params that, when present, override corresponding
params in the `$args` array passed to `wp_get_object_terms()` when
using that function to query for terms in the specified taxonomy.

The `wp_get_object_terms()` refactor in [38667] failed to respect
this secret covenant, and the current changeset atones for the
transgression.

Ports [40513] to the 4.7 branch.

Props danielbachhuber.
Fixes #40496.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40514 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-21 19:18:00 +00:00
Pascal Birchler
6c2132089e REST API: Allow fetching multiple terms at once via the slug parameter.
This matches a similar change previously made for posts (#38579) and an upcoming change for users (#40213).

Props wonderboymusic, MatheusGimenez, curdin.
Fixes #40027.

Merges [40376] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40427 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-14 08:53:11 +00:00
Pascal Birchler
0b17a58481 REST API: Allow fetching multiple users at once via the slug parameter.
This matches similar changes previously made for posts (#38579) and terms (#40027).

Props curdin, MatheusGimenez.
Fixes #40213.

Merges [40378] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40426 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-14 08:46:22 +00:00
Pascal Birchler
9e500a9b06 Media: Improve handling of non-image files in wp_get_image_mime.
This prevents non-image fileypes from returning a mime type of "application/octet-stream" when `exif_imagetype()` returns `false`.

Props blobfolio.
Fixes #40017.

Merges [40397] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40403 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-10 14:27:23 +00:00
Pascal Birchler
4b3c4765dd Build/Test Tools: Add assertNotFalse() method to WP_UnitTestCase and use it where appropriate.
Props peterwilsoncc.
Fixes #39219.

Merges [39919] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40388 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-06 18:19:02 +00:00
Pascal Birchler
d6bf6a5261 Multisite: Handle sites cache invalidation more granularly for option updates.
Previously `update_blog_option()` would trigger an invalidation of that site's entire cache although these changes did not affect the content of 
these caches. Furthermore changes to the special options `blogname`, `siteurl` and `post_count` should not invalidate the entire cache of that site, but only their respective site details cache. The option `home` now has the same behavior as it also belongs to the site details, but did not invalidate the cache at all previously.

Several new unit tests confirm these changes work as expected.

Fixes #40063.

Merges [40305] and [40333] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40385 602fd350-edb4-49c9-b593-d223f7449a82
2017-04-06 17:26:04 +00:00
Boone Gorges
52e1c3eff0 Invalidate term query caches when setting or deleting term relationships.
Prior to 4.7, term relationships - as set by `wp_set_object_terms()` or
`wp_remove_object_terms()` - did not affect the term query cache. The
introduction of the 'object_ids' parameter in 4.7 means that the query
cache must be aware of object-term relationships. As such, the
'last_changed' incrementor is now invalidated when term relationships
are modified.

This bug only reared its head when delaying term counting, because term
counting performs its own term query cache invalidation.

Merges [40353] to the 4.7 branch.

Props mboynes.
Fixes #40306.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40354 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-30 16:55:32 +00:00
Pascal Birchler
16c518a2b0 Customize: Trailingslash the home nav menu item URL in starter content.
This prevents an additional 301 redirect when clicking on the nav menu item, and it also prevents a scenario where the auth cookie may not be passed 
and cause an authentication error when navigating in the customizer.

Props dlh, swissspidy.
Fixes #40112.

Merges [40300] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40338 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-27 09:28:36 +00:00
Pascal Birchler
3f200a7c35 REST API: Confirm the parent post object of an attachment exists in WP_REST_Posts_Controller::check_read_permission().
Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post 
object exists before checking the read permission for the parent post.

Props GhostToast.
Fixes #39881. 

Merges [40306] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40337 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-27 09:23:05 +00:00
Pascal Birchler
8e68bdace3 REST API: Add gmt_offset and timezone_string to the base /wp-json response.
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates.  It has not been 
previously available.

Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight 
savings time) via the "site info" endpoint (the base `/wp-json` response).

Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.

Props sagarkbhatt.
Fixes #39854.

Merges [40238] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40336 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-27 07:08:54 +00:00
Pascal Birchler
8b0f76c917 List Tables: After [38703], [38706], and [40118], adjust the jQuery selector to make the selection of a range of checkboxes work again.
Unprop afercia.
Fixes #40056.

Merges [40268] to the 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40327 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-24 18:49:07 +00:00
Boone Gorges
4eb0dcc64d Fix the formatting of $taxonomies parameter of 'wp_get_object_terms' filter.
[38667]  changed the way that the filter parameters are built. That
changeset didn't fully account for the pre-4.7 format of `$taxonomies`.

Merge of [40290] to the 4.7 branch.

Props ig_communitysites.
Fixes #40154.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40291 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-14 18:42:57 +00:00
John Blackbourn
ec70d962ca Build/Test tools: Don't override the wp_set_auth_cookie() and wp_clear_auth_cookie() functions.
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.

This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.

Fixes #39367

Merges [40263] and [40264]  to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40265 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-10 15:05:36 +00:00
John Blackbourn
ddf26b95ac Build/Test tools: In Travis, skip some tests when not on trunk.
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.

Props netweb, jorbin

Fixes #39486

Merges [40241] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40250 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-08 00:51:22 +00:00
John Blackbourn
e220469859 Build/Test Tools: Call wp_head() and wp_footer() in the theme used during tests.
See #31550
Fixes #39988

Merges [40235] to the 4.7 branch.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40236 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-07 01:34:43 +00:00
Aaron D. Campbell
742d7e6663 Strip control characters before validating redirect.
Merges [40183] to 4.7 branch.



git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40184 602fd350-edb4-49c9-b593-d223f7449a82
2017-03-06 13:39:33 +00:00
Dominik Schilling (ocean90)
a2c633fdc7 REST API: Allow setting post formats even if they are not supported by the theme.
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information. It's just not used at this point in time. Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.

After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.

Merge of [40120] and [40121] to the 4.7 branch.

Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes #39232.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40137 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-27 20:02:43 +00:00
Dominik Schilling (ocean90)
6bfb976577 REST API: Fix behavior of sticky posts filter when no posts are sticky.
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts  as if the `sticky` argument was not set.  In this situation, the query should return an empty array instead.

A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.

Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.

Merge of [40037] and [40122] to the 4.7 branch.

Props ryelle, jnylen0.
See #39079.
Fixes #39947.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40136 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-27 19:53:43 +00:00
Joe McGill
260f39ea0f Media: Reset Exif orientation after rotate in WP_Image_Editor_Imagick.
Due to inconsistencies in the way browsers handle Exif orientation data,
if a user manually rotates an image within WordPress, set the Exif orientation to
the default (1) so that the image displays with the same rotation/flip in every browser.

Props sanchothefat, triplejumper12, joemcgill, azaozz, markoheijnen, mikeschroder.
Merges [40123] and [40129] to the 4.7 branch.
Fixes #37140. See #14459.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40135 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-27 19:32:45 +00:00
Joe McGill
f055694b32 Media: Reduce failing uploads following 4.7.1.
[39831] introduced more strict MIME type checking for uploads, which
resulted in unintetionally blocking several filetypes that were
previously valid. This change uses a more targeted approach to MIME
validation to restore previous behavior for most types.

Props blobfolio, iandunn, ipstenu, markoheijnen, xknown, joemcgill.
Merges [40124] and [40125] to the 4.7 branch.
Fixes #39550, #39552.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40134 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-27 19:27:58 +00:00
Joe McGill
9cf5b91e9c Media: Keep PDF previews from overwriting files.
Since support for PDF previews were added in [38949], it's possible
that the generated image file could overwrite an existing image file
with the same name. This uses wp_unique_filename() to avoid this
issue and adds a '-pdf' identifier on the end of filenames.

Props gitlost, desrosj, mikeschroder, joemcgill.
Merges [40130] and [40131] to the 4.7 branch.
Fixes #39875. See #31050.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40133 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-27 19:24:50 +00:00
Sergey Biryukov
44c58d1a12 REST API: JavaScript client - improve route discovery for custom namespaces.
Fix parsing of custom namespace routes. Transform class names, removing dashes and capitalizing each word/route part so a route path of `widgets/recent-posts` becomes a collection with the name `WidgetsRecentPosts`. Correct parent route part when routes are longer than expected, reversing parse direction.

Props westonruter, jazbek, adamsilverstein, jnylen0.
Merges [40074] and [40109] to the 4.7 branch.
Fixes #39561.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40117 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-24 22:47:47 +00:00
Sergey Biryukov
dbf739bbaa REST API: Add QUnit tests for wp-api.js and PHPUnit fixture generation.
Add QUnit tests: verify that wp-api loads correctly, verify that the expected base models and collections exist and can be instantiated, verify that collections contain the correct models, verify that expected helper functions are in place for each collection.

The QUnit tests rely on two fixture files: `tests/qunit/fixtures/wp-api-generated.js` contains the data response from each core endpoint and is generated by running the PHPUnit `restapi-jsclient` group. `tests/qunit/fixtures/wp-api.js` maps the generated data to endpoint routes, and overrides `Backbone.ajax` to mock the responses for the tests.

Add PHPUnit tests in `tests/phpunit/tests/rest-api/rest-schema-setup.php`. First, verify that the API returns the expected routes via `server->get_routes()`. Then, the `test_build_wp_api_client_fixtures` test goes thru each endpoint and requests it from the API, tests that it returns data, and builds up the data for the mocked QUnit tests, saving the final results to `tests/qunit/fixtures/wp-api-generated.js`.

Add a new grunt task `restapi-jsclient` which runs the phpunit side data generation and the qunit tests together.

Props jnylen0, welcher, adamsilverstein, netweb, ocean90, rachelbaker.
Merges [40058], [40061], [40065], [40066], [40077], and [40104] to the 4.7 branch.
Fixes #39264.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40116 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-24 22:33:05 +00:00
Sergey Biryukov
9afe01b087 REST API: Shim post_date_gmt for drafts / empty dates in the REST API.
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.

This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.

Props joehoyle, jnylen0.
Merges [40108] to the 4.7 branch.
Fixes #38883.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40115 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-24 22:02:48 +00:00
Sergey Biryukov
9c7ef6a3ad REST API: Fix multiple issues with setting dates of posts and comments.
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.

It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.

Overall this commit ensures that post and comment dates can be set and updated as expected.

Props jnylen0.
Merges [40101] to the 4.7 branch.
Fixes #39256.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40114 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-24 21:58:07 +00:00
Sergey Biryukov
32ccf017de REST API: Correctly parse body parameters for DELETE requests.
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters. Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes application/x-www-form-urlencoded parameters as well.

Props mnelson4.
Merges [40105] to the 4.7 branch.
Fixes #39933.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40113 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-24 20:56:00 +00:00
Sergey Biryukov
caebbb456e REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.

This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.

Props jnylen0, jeremyfelt, johnjamesjacoby.
Merges [40106] to the 4.7 branch.
Fixes #39701.

git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40111 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-24 20:45:52 +00:00
Dion Hulse
809c9d5b7a Customize: Extend auto-draft life of a customize_changeset post whenever modified.
Keep bumping the date for the auto-draft to preserve it from garbage-collection via `wp_delete_auto_drafts()` after 7 days.

Props westonruter.
Merges [40041] to the 4.7 branch.
See #30937.
Fixes #39713.


git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40099 602fd350-edb4-49c9-b593-d223f7449a82
2017-02-21 07:02:14 +00:00