WordPress has historically often used code like `preg_split( '/[\s,]+/', $var )` to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.
This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.
Props david.binda, sstoqnov.
Fixes#43977.
git-svn-id: https://develop.svn.wordpress.org/trunk@44546 602fd350-edb4-49c9-b593-d223f7449a82
This solution does not work with custom taxonomies in the current state.
Reverts [42614,42619,42737].
Props danielbachhuber.
See #38922.
git-svn-id: https://develop.svn.wordpress.org/trunk@44537 602fd350-edb4-49c9-b593-d223f7449a82
Defining `WP_TESTS_SKIP_INSTALL=1` when running tests will skip the install step. While this shouldn't be used for full test runs, it's useful for saving time when running small groups of tests.
Props soulseekah.
Fixes#43432.
git-svn-id: https://develop.svn.wordpress.org/trunk@44536 602fd350-edb4-49c9-b593-d223f7449a82
This is a partial recommit of [44509]: it allows running unit tests from `src` (which is useful), but doesn't make it the default (which Travis is having issues with).
See #45863.
git-svn-id: https://develop.svn.wordpress.org/trunk@44534 602fd350-edb4-49c9-b593-d223f7449a82
In [41746], `wp_get_media_creation_timestamp()` was introduced to read the created timestamp for videos from `getID3` in meta whenever possible. This information is useful separately from the dates on the file itself.
This adds the same support audio files by utilizing `wp_get_media_creation_timestamp()` in `wp_read_audio_metadata()`.
Props blob folio, desrosj.
Fixes#42017.
git-svn-id: https://develop.svn.wordpress.org/trunk@44528 602fd350-edb4-49c9-b593-d223f7449a82
This function splits the `get_avatar_comment_types` filter out of `get_avatar_data()`.
Props dshanske, birgire.
Fixes#44033.
git-svn-id: https://develop.svn.wordpress.org/trunk@44499 602fd350-edb4-49c9-b593-d223f7449a82
Returning a non-`null` value on this fillter will cause `wp_unique_post_slug()` to return early with that value, skipping potentially expensive database queries on some sites.
Props coffee2code, javorszky, iCaleb.
Fixes#21112.
git-svn-id: https://develop.svn.wordpress.org/trunk@44454 602fd350-edb4-49c9-b593-d223f7449a82
Ordering by `post__in` was introduced in [21776], but the code assumed that
`post__in` would be a comma-separated string listing post IDs. When an array
of post IDs was passed to the `post__in` query var, 'orderby=post__in' was
not respected. This changeset changes this behavior by handling
'orderby=post__in' in the same way as most other values of 'orderby',
which ensures that arrays as well as strings can be properly parsed.
The same treatment is given to the similar `post_name__in` and
`post_parent__in` options of 'orderby', so that most query generation for
orderby clauses happens in the same place, instead of in special cases.
A slight change in the resulting SQL (related to the whitespace around
parentheses and commas) necessitates a change to an existing REST API test
that does a string comparison against the SQL query.
Props mgibbs189, kelvink.
Fixes#38034.
git-svn-id: https://develop.svn.wordpress.org/trunk@44452 602fd350-edb4-49c9-b593-d223f7449a82
This adds some special case handling in 'wp_check_filetype_and_ext()' that prevents some common file types from being blocked based on mismatched MIME checks, which were made more strict in WordPress 5.0.1.
Props Kloon, birgire, tellyworth, joemcgill.
See #45615.
git-svn-id: https://develop.svn.wordpress.org/trunk@44438 602fd350-edb4-49c9-b593-d223f7449a82
The inline JavaScript added by `WP_Scripts::print_translations()` should check whether `locale_data.$text_domain` exists and fall back to `locale_data.messages` otherwise.
Props swissspidy.
See #45441.
git-svn-id: https://develop.svn.wordpress.org/trunk@44403 602fd350-edb4-49c9-b593-d223f7449a82
A typo when unregistering a test post type for the `WP_Test_REST_Posts_Controller` class was preventing it from being properly removed. `youseeme` now?
Props rahulsprajapati.
Fixes#45124.
git-svn-id: https://develop.svn.wordpress.org/trunk@44394 602fd350-edb4-49c9-b593-d223f7449a82
Add a new filter `users_pre_query` - filters the users array before the query takes place. Return a non-null value to bypass WordPress's default user queries. Similar to the `posts_pre_query` filter for WP_Query added in #36687. This filter lets you short circuit the WP_User_Query MySQL query to return your own results.
Developers should note that filtering functions that require pagination information are encouraged to set the `total_users` property of the WP_User_Query object, passed to the filter by reference. If WP_User_Query does not perform a database query, it will not have enough information to generate these values itself.
Props tlovett1, birgire, boonebgorges, spacedmonkey.
Fixes#44169.
git-svn-id: https://develop.svn.wordpress.org/trunk@44373 602fd350-edb4-49c9-b593-d223f7449a82
Fixes the `load_script_textdomain` function not resolving the md5 hash based on the relative path for WordPress installations in a subdirectory. Also adds a filter to allow sites using CDNs or other alternative asset locations to filter the relative path resolution.
Props akirk, fierevere, swissspidy, mypacecreator, babaevan, tmatsuur, ocean90, herregroen.
Merges [44209] to trunk.
Fixes#45528.
git-svn-id: https://develop.svn.wordpress.org/trunk@44310 602fd350-edb4-49c9-b593-d223f7449a82
`wpdb::get_col()` iterates over `$wpdb->last_result`, which can be a non-countable value, should the preceding query have failed.
Props spacedmonkey, desrosj, pento.
Merges [43934] into trunk.
See #45299.
git-svn-id: https://develop.svn.wordpress.org/trunk@44272 602fd350-edb4-49c9-b593-d223f7449a82
- Skips validation where there is no attribute definition, but keeps the attribute value. Previously, the attribute would be omitted from the attributes passed to `render_callback`. Notably, this resolves an issue where `render_callback` cannot receive a block's `align` and `customClassName` attribute values, since these are defined as a client-side filter.
- Validates `null` as a proper value in its own right. Previously, a client implementation of a block could track `{“attribute":null}` as an explicitly empty value, and the server would wrongly initiate defaulting behavior. The new behavior will now only populate a default value if the attribute is not defined at all, including when unset in its being invalid per the attribute schema.
Props aduth, noisysocks, youknowriad, danielbachhuber.
Merges [43918] to trunk.
See #45145 for the patch, #45098 for the original ticket.
git-svn-id: https://develop.svn.wordpress.org/trunk@44269 602fd350-edb4-49c9-b593-d223f7449a82
Demarcations for reusable blocks are always expected to be accessible by clients.
Props noisysocks, youknowriad.
Merges [43917] to trunk.
See #45145 for the patch, #45098 for the original ticket.
git-svn-id: https://develop.svn.wordpress.org/trunk@44268 602fd350-edb4-49c9-b593-d223f7449a82
Changes of note:
- Includes the new Annotations API package.
- `wp-polyfill-ecmascript.js` is renamed to `wp-polyfill.js`.
- `strip_dynamic_blocks()` has been removed in favor of `excerpt_remove_blocks()`.
- The PHP block parser is now syncing from the `block-serialization-default-parser` package.
- `do_blocks()` uses the new parser.
- The `do_block` filter has been removed from `do_blocks()`, in favor of a `render_block` filter in `render_block()`.
Also, a little cleanup to `render_block()`. Always normalize `$block['attrs’]` to array in `’render_block’` filter.
Props pento, azaozz.
Merges [43884] and [43888] to trunk.
See #45145, #45190, #45264, #45282.
git-svn-id: https://develop.svn.wordpress.org/trunk@44261 602fd350-edb4-49c9-b593-d223f7449a82
In [42724], `$this->server` was replaced with `rest_get_server()` for better memory recycling.
[43908], from the 5.0 branch, was merged into trunk in [44254] and used the now unavailable `$this->server`.
This updates the new test from the 5.0 branch to use the expected `rest_get_server()`.
See #45220, #41641.
git-svn-id: https://develop.svn.wordpress.org/trunk@44256 602fd350-edb4-49c9-b593-d223f7449a82
In [42724], `$this->server` was replaced with `rest_get_server()` for better memory recycling.
[43897], from the 5.0 branch, was merged into trunk in [44250] and used the now unavailable `$this->server`.
This updates the new test from the 5.0 branch to use the expected `rest_get_server()`.
See #43316, #41641.
git-svn-id: https://develop.svn.wordpress.org/trunk@44255 602fd350-edb4-49c9-b593-d223f7449a82
In [43736], we prevented rendering fields when not present in `?_fields=`. However, because `get_fields_for_response()` is dependent on `get_item_schema()`, any custom fields registered with a null schema would be incorrectly excluded from the response. Because the REST API permits a null schema for `register_rest_field()`, those fields should be included in the available fields for a response.
Props danielbachhuber.
Merges [43908] to trunk.
Fixes#45220.
git-svn-id: https://develop.svn.wordpress.org/trunk@44254 602fd350-edb4-49c9-b593-d223f7449a82
When 'parent' is set as the path argument name, it gets passed down through to the `create_item()` method and can erroneously reset the 'parent' value on the post itself. Instead, we rename the argument to 'id' and replicate the revision controller's `get_items_permissions_check()` to instead reference 'id'.
Also ensures revision query params (of which there are many) aren't exposed as the query params for autosaves (of which there are two).
Props TimothyBlynJacobs.
Merges [43897] to trunk.
See #43316.
git-svn-id: https://develop.svn.wordpress.org/trunk@44250 602fd350-edb4-49c9-b593-d223f7449a82
Calls `wp_set_script_translations` for all packages scripts that have translations. Also correctly sets the domain on the translations.
Props omarreiss, pento, ocean90.
Merges [43878] to trunk.
Fixes#45161.
git-svn-id: https://develop.svn.wordpress.org/trunk@44239 602fd350-edb4-49c9-b593-d223f7449a82
In [42724], `$this->server` was replaced with `rest_get_server()` for better memory recycling.
[43862], from the 5.0 branch, was merged into trunk in [44225] and used the now unavailable `$this->server`.
This updates the new tests from the 5.0 branch to use the expected `rest_get_server()`.
See #45269, #41641.
git-svn-id: https://develop.svn.wordpress.org/trunk@44234 602fd350-edb4-49c9-b593-d223f7449a82
As `do_blocks()` is run before `wpautop()` in the_content filter, we can remove in a Just In Time fashion, before that filter is run.
After `wpautop()`s original priority has passed, we can re-add it in a Just Too Late fashion, to ensure it's available if `the_content` filter is run multiple times on a page load.
Merges [43879] and [43881] from the 5.0 branch to trunk.
Props pento, nerrad.
Fixes#45290.
git-svn-id: https://develop.svn.wordpress.org/trunk@44226 602fd350-edb4-49c9-b593-d223f7449a82
I thought I was writing JavaScript. Alas.
Merges [43852] from the 5.0 branch to trunk.
Props danielbachhuber.
See #45196.
git-svn-id: https://develop.svn.wordpress.org/trunk@44218 602fd350-edb4-49c9-b593-d223f7449a82
This fixture schema ensures `wp-api-generated.js` doesn't change when running tests in local dev environments.
Merges [43851] from the 5.0 branch to trunk. `wp-api-generated.js` generated based on current trunk.
Props danielbachhuber.
Fixes#45196.
git-svn-id: https://develop.svn.wordpress.org/trunk@44217 602fd350-edb4-49c9-b593-d223f7449a82
Also introduces a `block_editor_preload_paths` filter for plugins and themes to preload additional data.
Merges [43833] from the 5.0 branch to trunk.
Props imath, mattheu, danielbachhuber.
Fixes#45194.
git-svn-id: https://develop.svn.wordpress.org/trunk@44172 602fd350-edb4-49c9-b593-d223f7449a82
Adds the `wp_set_script_translations()` function which registers translations for a JavaScript file. This function takes a handle, domain and optionally a path and ensures JavaScript translation files are loaded if they exist.
Merges [43825,43828,43859,43898] from the 5.0 branch to trunk.
Props herregroen, atimmer, omarreiss, nerrad, swissspidy, ocean90, georgestephanis.
Fixes#45103, #45256.
git-svn-id: https://develop.svn.wordpress.org/trunk@44169 602fd350-edb4-49c9-b593-d223f7449a82
When switching themes, `wp_map_nav_menu_locations()` is used to ensure nav menus are placed in the relevant menu location. Occasionally, menus are registered to locations with numeric slugs, rather than strings. `wp_map_nav_menu_locations()` assumed it would be the latter, and ran `stripos()` on those numeric slugs. This behavior is deprecated in PHP 7.3.
As this is the last PHP 7.3 error in unit tests, this commit also removes PHP 7.3 from Travis' `allowed_failures` list.
Props pento, desrosj, jorbin.
Merges [43899] to trunk.
See #45018.
git-svn-id: https://develop.svn.wordpress.org/trunk@44167 602fd350-edb4-49c9-b593-d223f7449a82
In PHP 7.3, the `compact()` function has been changed to issue an `E_NOTICE` level error if a passed string refers to an unset variable. In previous versions of PHP, this notice was silently skipped. The full RFC can be viewed here: https://wiki.php.net/rfc/compact.
Props jorbin, desrosj.
Merges [43819] and [43832] to trunk.
Fixes#44416.
git-svn-id: https://develop.svn.wordpress.org/trunk@44166 602fd350-edb4-49c9-b593-d223f7449a82
Blocks are able to register styles that used in the editor and the frontend, or only in the editor. These functions ensure the correct styles are loaded in the correct place.
Props pento.
Merges [43812] to trunk.
See #45065.
git-svn-id: https://develop.svn.wordpress.org/trunk@44157 602fd350-edb4-49c9-b593-d223f7449a82
To avoid this being a vector for bypassing the filetypes that are allowed to be uploaded, this attribute is only allowed to be added without a value.
Merges [43813] from the 5.0 branch to trunk.
Props kalpshit, arshidkv12, welcher, peterwilsoncc, marina_wp, pento.
Fixes#44724.
git-svn-id: https://develop.svn.wordpress.org/trunk@44156 602fd350-edb4-49c9-b593-d223f7449a82
A handful of code formatting issues were introduced in recent commits, runs the auto-fixer on them.
git-svn-id: https://develop.svn.wordpress.org/trunk@44155 602fd350-edb4-49c9-b593-d223f7449a82
Adapts the response from `WP_oEmbed_Controller::get_proxy_item()` so that the response is correctly filtered and embeds work properly in JavaSccript editors. Introduces new `get_oembed_response_data_for_url()` function for preparing internal oEmbed responses.
Merges [43810] from the 5.0 branch to trunk.
Props danielbachhuber, imath, swissspidy.
Fixes#45142.
git-svn-id: https://develop.svn.wordpress.org/trunk@44154 602fd350-edb4-49c9-b593-d223f7449a82
Because the REST API allows meta keys to have empty values, the Custom Fields meta box should permit the same behavior.
Props charlestonsw, soulseekah, danielbachhuber.
Merges [43811] to trunk.
Fixes#43559.
git-svn-id: https://develop.svn.wordpress.org/trunk@44153 602fd350-edb4-49c9-b593-d223f7449a82
After [44149], we can now make twentynineteen the default theme. Twentyseventeen has been a great default, but 5.0 and twentynineteen is guten.
Merges [43809,43954] from the 5.0 branch to trunk.
Fixes#45152.
Props jorbin, SergeyBiryukov, pento, mcsf.
git-svn-id: https://develop.svn.wordpress.org/trunk@44151 602fd350-edb4-49c9-b593-d223f7449a82
Responsive embeds is a way for a theme to opt in to WordPress dynamically scaling the width/height of an embed. When a theme supports responsive embeds, a `wp-embed-responsive` class is added to the `<body>` tag. This information is also presented through the REST API for clients to respect.
Merges [43790] and [43791] from the 5.0 branch to trunk.
Props desrosj, danielbachhuber, ocean90.
Fixes#45125.
git-svn-id: https://develop.svn.wordpress.org/trunk@44138 602fd350-edb4-49c9-b593-d223f7449a82
The cover image block uses the `url()` function in its inline CSS, to show the cover image. KSES didn't allow this, causing the block to not save correctly for Author and Contributor users. As KSES does already check each attribute name against an allowed list, we're able to add an extra check for certain attributes to be able to use the `url()` function, too.
Merges [43781] from the 5.0 branch to core.
Props peterwilsoncc, azaozz, pento, dd32.
Fixes#45067.
git-svn-id: https://develop.svn.wordpress.org/trunk@44136 602fd350-edb4-49c9-b593-d223f7449a82
PHPUnit 3.6.x requires `exclude` and `file` paths to be relative to the checkout root.
PHPUnit 4.0.0+ requires the paths to be relative to the configuration file.
Merges [43774] from the 5.0 branch to trunk.
See #45131.
git-svn-id: https://develop.svn.wordpress.org/trunk@44128 602fd350-edb4-49c9-b593-d223f7449a82
The `block_version` denotes which version of Blocks the `post_content` contains. Introduces new `block_version()` function for versioning Blocks.
Merges [43770] from the 5.0 branch to trunk.
Props danielbachhuber, birgire.
Fixes#43887.
git-svn-id: https://develop.svn.wordpress.org/trunk@44127 602fd350-edb4-49c9-b593-d223f7449a82
- Adds `WP_REST_Autosaves_Controller` which extends `WP_REST_Revisions_Controller`.
- Autosaves endpoint is registered for all post types except attachment because even post types without revisions enabled are expected to autosave.
- Because setting the `DOING_AUTOSAVE` constant pollutes the test suite, autosaves tests are run last. We may want to improve upon this later.
Also, use a truly impossibly high number in User Controller tests. The number `100`, (or `7777` in `trunk`), could be valid in certain test run configurations. The `REST_TESTS_IMPOSSIBLY_HIGH_NUMBER` constant is impossibly high for this very reason.
Finally, Skip Autosaves controller test for multisite. There's a PHP 5.2 edge case where paths calculated differently, possibly caused by differing version of PHPUnit.
Props adamsilverstein, aduth, azaozz, danielbachhuber, rmccue, danielbachhuber.
Merges [43767], [43768], [43769] to trunk.
See #45132, #45131.
Fixes#45128, #43316.
git-svn-id: https://develop.svn.wordpress.org/trunk@44126 602fd350-edb4-49c9-b593-d223f7449a82
This function helps perform multiple REST API requests, for the purpose of preloading data into a page.
Props pento.
Merges [43763] to trunk.
See #45110.
git-svn-id: https://develop.svn.wordpress.org/trunk@44123 602fd350-edb4-49c9-b593-d223f7449a82
`use_block_editor_for_post()` and `use_block_editor_for_post_type()` determine if the block editor should be loaded.
`get_block_categories()` and `get_block_editor_server_block_settings()` provide data be included while the block editor is loading.
Props pento.
Merges [43762] to trunk.
See #45110.
git-svn-id: https://develop.svn.wordpress.org/trunk@44122 602fd350-edb4-49c9-b593-d223f7449a82
Posts containing blocks are now correctly handled when displaying on the front end, including dynamic blocks and nested blocks.
Props pento.
Merges [43752] to trunk.
See #45109.
git-svn-id: https://develop.svn.wordpress.org/trunk@44118 602fd350-edb4-49c9-b593-d223f7449a82
The `WP_Block_Parser` class, and the accompanying `parse_blocks()` helper function, can be used to parse an array of blocks out of a content string.
`WP_Block_Parser` is copied from the `@wordpress/block-serialization-default-parser` package. To ensure it stays in sync with the JavaScript parser, changes should be implemented in the package first, then the package version should be upgraded to include the changes.
Props pento.
Merges [43751] to trunk.
See #45109.
git-svn-id: https://develop.svn.wordpress.org/trunk@44116 602fd350-edb4-49c9-b593-d223f7449a82
Adjusts the packages registration after [43723]:
Combine the different registration functions into one `wp_default_packages` function. To reach this goal move the prefix logic into a function so it can be called from different locations. Use a static variable there to prevent duplicate inclusion of `version.php`.
Call this function from the `wp_default_scripts` action by registering it as a default filter.
Combine some of the logic in `_WP_Editors::print_tinymce_scripts` into `wp_register_tinymce_scripts`. The logic to force an uncompressed TinyMCE script file stays in `_WP_Editors::force_uncompressed_tinymce` because that logic is very specific to the classic editor.
The script handle `wp-tinymce` is now a dependency of the editor script handle. In combination with the previous item, this makes the classic editor work.
Adjust the syntax of the script paths to be more consistent with other WordPress code.
Always use "production" mode for the media files to prevent people from inadvertently committing development files.
Props pento, omarreiss, atimmer.
Merges [43738] into trunk.
Fixes#45065.
git-svn-id: https://develop.svn.wordpress.org/trunk@44115 602fd350-edb4-49c9-b593-d223f7449a82
When comparing the old and new values for a meta key being set, ensure both values are sanitized using the same logic so that equal values match.
props boonebgorges, dcavins, MattGeri, pilou69, TimothyBlynJacobs, kadamwhite.
Merges [43740] to trunk.
Fixes#42069.
git-svn-id: https://develop.svn.wordpress.org/trunk@44113 602fd350-edb4-49c9-b593-d223f7449a82
These helper functions allow easy access to the global block registry.
Merges [43743] from the 5.0 branch to trunk.
See #45109.
git-svn-id: https://develop.svn.wordpress.org/trunk@44109 602fd350-edb4-49c9-b593-d223f7449a82
These are the foundational classes allowing blocks to be registered and used throughout WordPress.
This commit also includes the `has_block()` and `has_blocks()` functions, which are required for unit testing these classes.
Merges [43742] from the 5.0 branch to trunk.
Props adamsilverstein, danielbachhuber, desrosj.
Fixes#45097.
See #45109.
git-svn-id: https://develop.svn.wordpress.org/trunk@44108 602fd350-edb4-49c9-b593-d223f7449a82
Introduces a `WP_REST_Search_Controller` class which registers a `/wp/v2/search` endpoint. Search types are handled by extending `WP_REST_Search_Handler`. The default search type is `WP_REST_Post_Search_Handler` but can be filtered by plugins or a theme.
Merges [43739,43741] from the 5.0 branch to trunk.
Props danielbachhuber, flixos90, pento, rmccue, joehoyle.
Fixes#39965.
git-svn-id: https://develop.svn.wordpress.org/trunk@44107 602fd350-edb4-49c9-b593-d223f7449a82
In [43087], we improved REST API performance by only rendering the fields specified in the request. Similarly, any fields registered with `register_rest_field()` should only be rendered when included in `?_fields=`.
Props dlh, danielbachhuber.
Merges [43736] to trunk.
Fixes#45099.
git-svn-id: https://develop.svn.wordpress.org/trunk@43986 602fd350-edb4-49c9-b593-d223f7449a82
In order to correctly render parts of its UI, the new editor needs to be aware of the active theme's post-formats and post-thumbnails support. This data is exposed by querying for the active theme on a new /wp/v2/themes endpoint for sufficiently privileged users.
Merges [43734], [43735] to trunk.
props desrosj.
Fixes#45016.
git-svn-id: https://develop.svn.wordpress.org/trunk@43985 602fd350-edb4-49c9-b593-d223f7449a82
Object type-specific actions that should happen before or after modification of metadata have so far been part of the respective wrapper functions. By using action and filter hooks, this changeset ensures they are always executed, even when calling the lower-level Meta API functions directly, which the REST API does as a prime example.
Merges [43729] to trunk.
Props flixos90, spacedmonkey.
Fixes#44467.
git-svn-id: https://develop.svn.wordpress.org/trunk@43982 602fd350-edb4-49c9-b593-d223f7449a82
Add global support for HTML attributes prefixed `data-` for authors and contributors, as required by the new editor.
Merges [43727] to trunk.
Props azaozz, peterwilsoncc.
Fixes#33121.
git-svn-id: https://develop.svn.wordpress.org/trunk@43981 602fd350-edb4-49c9-b593-d223f7449a82
In order for clients to present permalink previews, the REST API must share the computed results of get_sample_permalink(). These two values are now exposed as permalink_template and generated_slug for public, viewable post types, but only for context=edit.
Merges [43720] to trunk.
Props danielbachhuber, rahulsprajapati.
Fixes#45017.
git-svn-id: https://develop.svn.wordpress.org/trunk@43980 602fd350-edb4-49c9-b593-d223f7449a82
An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Moves [43694] from the 5.0 branch to trunk.
Fixes#43701.
git-svn-id: https://develop.svn.wordpress.org/trunk@43979 602fd350-edb4-49c9-b593-d223f7449a82
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema targetSchema provides an appropriate paradigm for doing so.
Merges [43682] to trunk.
Props timothyblynjacobs.
Fixes#45014.
git-svn-id: https://develop.svn.wordpress.org/trunk@43974 602fd350-edb4-49c9-b593-d223f7449a82
In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
git-svn-id: https://develop.svn.wordpress.org/trunk@43973 602fd350-edb4-49c9-b593-d223f7449a82
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.
Props westonruter, dlh.
See #44883.
git-svn-id: https://develop.svn.wordpress.org/trunk@43658 602fd350-edb4-49c9-b593-d223f7449a82
This changeset makes the new CRUD API for sites introduced in [43548] usable for real-world sites. A new function `wp_initialize_site()`, which takes care of creating a site's database tables and populating them with initial values, is hooked into the site insertion process that is initiated when calling `wp_insert_site()`. Similarly, a new function `wp_uninitialize_site()`, which takes care of dropping a site's database tables, is hooked into the site deletion process that is initiated when calling `wp_delete_site()`.
A new function `wp_is_site_initialized()` completes the API, allowing to check whether a site is initialized. Since this function always makes a database request in its default behavior, it should be called with caution. Plugins that would like to use site initialization in special ways can leverage a `pre_wp_is_site_initialized` filter to alter that default behavior.
The separate handling of the site's row in the `wp_blogs` database table and the actual site setup allows for more flexibility in controlling whether or how a site's data is set up. For example, a unit test that only checks data from the site's database table row can unhook the site initialization process to improve performance. At the same time, developers consuming the new sites API only need to know about the CRUD functions, since the initialization and uninitialization processes happen internally.
With this changeset, the foundation for a sites REST API endpoint is fully available. The previously recommended functions `wpmu_create_blog()` and `wpmu_delete_blog()` now call the new respective function internally. Further follow-up work to this includes replacing calls to `wpmu_create_blog()` with `wp_insert_site()`, `update_blog_details()` with `wp_update_site()` and `wpmu_delete_blog()` with `wp_delete_blog()` throughout the codebase.
As a side-effect of this work, the `wpmu_new_blog`, `delete_blog`, and `deleted_blog` actions and the `install_blog()` function have been deprecated.
Fixes#41333. See #40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@43654 602fd350-edb4-49c9-b593-d223f7449a82
The way this was implemented in [43630] caused the file to be excluded for all sniffs, since PHPCS does not support file-wide ignores of a specific sniff at this point.
Props jrf.
See #44896.
git-svn-id: https://develop.svn.wordpress.org/trunk@43641 602fd350-edb4-49c9-b593-d223f7449a82
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.
Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes#39667.
git-svn-id: https://develop.svn.wordpress.org/trunk@43633 602fd350-edb4-49c9-b593-d223f7449a82
Previously, UTC context was implied, but could be unreliable due to being affected by plugins.
Props Rarst, rahulsprajapati, marco.marsala.
Fixes#37440.
git-svn-id: https://develop.svn.wordpress.org/trunk@43594 602fd350-edb4-49c9-b593-d223f7449a82
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Fixes#40510.
git-svn-id: https://develop.svn.wordpress.org/trunk@43584 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
Introduce tests to validate that register_meta and register_term_meta work as expected in WP_REST_Terms_Controller.
props timmydcrawford.
Fixes#39122.
git-svn-id: https://develop.svn.wordpress.org/trunk@43567 602fd350-edb4-49c9-b593-d223f7449a82
New functions `wp_insert_site( $data )`, `wp_update_site( $id, $data )` and `wp_delete_site( $id )` are introduced to manage site rows in the `wp_blogs` table, forming the new CRUD API together with the existing `get_site()` / `get_sites()`. The new API provides various benefits over the previously existing API, fixing several cache invalidation issues and being hook-driven so that normalization and validation of the passed data can be fully customized.
New hooks introduced as part of this are the actions `wp_insert_site`, `wp_update_site`, `wp_delete_site`, `wp_validate_site_data` and the filter `wp_normalize_site_data`.
At this point, `wp_insert_site()` does not handle setting up the site's database tables, and `wp_delete_site()` does not handle dropping the site's database tables, so the two can not yet be used directly as full replacements of `wpmu_create_blog()` and `wpmu_delete_blog()`. Managing the site's database tables will be added via hooks as part of the follow-up ticket #41333.
The existing functions `wpmu_create_blog()`, `update_blog_details()`, and `wpmu_delete_blog()` make use of the respective new counterpart and will be obsolete once #41333 has been completed.
Props flixos90, jeremyfelt, spacedmonkey.
Fixes#40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@43548 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites with a large cron option or a custom cron implementation to hijack the cron option to store cron data using custom functionality.
`wp_get_scheduled_event()` is new function to retrieve the event object for a given event based on the hook name, arguments and timestamp. If no timestamp is specified the next occurence is returned.
Preflight filters are added to all functions that read from or modify the cron option: `pre_schedule_event`, `pre_reschedule_event`, `pre_unschedule_event`, `pre_clear_scheduled_hook`, `pre_unschedule_hook`, `pre_get_scheduled_event` and `pre_next_scheduled`.
Additionally, the post scheduling hooks `next_scheduled` and `get_schedule` to allow plugins to modify an event after retrieving it from WordPress.
Props rmccue, DavidAnderson, ethitter, peterwilsoncc.
Fixes#32656.
git-svn-id: https://develop.svn.wordpress.org/trunk@43540 602fd350-edb4-49c9-b593-d223f7449a82
The `comment_form_default_fields` filter can be used to remove the checkbox.
Props pross, SergeyBiryukov.
Fixes#44126.
git-svn-id: https://develop.svn.wordpress.org/trunk@43518 602fd350-edb4-49c9-b593-d223f7449a82
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.
Props flixos90, danielbachhuber.
Fixes#43751.
git-svn-id: https://develop.svn.wordpress.org/trunk@43462 602fd350-edb4-49c9-b593-d223f7449a82
As [43439] added data that contains object IDs, it can cause `wp-api-generated.js` to be unnecessarily regenerated.
Regenerating our list of fixtures that need normalising rectifies this.
See #44321.
git-svn-id: https://develop.svn.wordpress.org/trunk@43441 602fd350-edb4-49c9-b593-d223f7449a82
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.
Props danielbachhuber.
Fixes#44096.
git-svn-id: https://develop.svn.wordpress.org/trunk@43440 602fd350-edb4-49c9-b593-d223f7449a82
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes#44321.
git-svn-id: https://develop.svn.wordpress.org/trunk@43439 602fd350-edb4-49c9-b593-d223f7449a82
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
git-svn-id: https://develop.svn.wordpress.org/trunk@43437 602fd350-edb4-49c9-b593-d223f7449a82
The docs for `date_i18n()` and its filter now correctly state that the `$gmt` parameter is only taken into account if no timestamp is provided. Furthermore, a bug with that parameter is fixed, as it is now ensured that the timezone used with it is `UTC`.
Props Rarst.
Fixes#38771.
git-svn-id: https://develop.svn.wordpress.org/trunk@43389 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, `date_i18n()` only supported the `timezone_string` option, causing incorrect timezones to appear in formatted dates on sites that still rely on the `gmt_offset` option.
Props Rarst.
Fixes#34835.
git-svn-id: https://develop.svn.wordpress.org/trunk@43387 602fd350-edb4-49c9-b593-d223f7449a82
This utility function allows for easy detection whether terms for a taxonomy are considered publicly viewable.
Props andizer.
Fixes#44466.
git-svn-id: https://develop.svn.wordpress.org/trunk@43386 602fd350-edb4-49c9-b593-d223f7449a82
This brings the name in line with user-facing language and similar names of existing related capabilities. Since the capability has not been part of any WordPress release, it can be renamed without any backward-compatibility implications.
Also missing props benhuberman for [43006].
Fixes#44457.
git-svn-id: https://develop.svn.wordpress.org/trunk@43381 602fd350-edb4-49c9-b593-d223f7449a82
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).
Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible.
Props flixos90, tharsheblows, spacedmonkey.
Fixes#38323.
git-svn-id: https://develop.svn.wordpress.org/trunk@43378 602fd350-edb4-49c9-b593-d223f7449a82
This can be used in phpunit.xml:
{{{
<php>
<const name="WP_TESTS_CONFIG_FILE_PATH" value="/path/to/wp-tests-config.php" />
</php>
}}}
Props clarinetlord
Fixes#39734
git-svn-id: https://develop.svn.wordpress.org/trunk@43369 602fd350-edb4-49c9-b593-d223f7449a82
When a term query using `fields=all_with_object_id` hits the cache, the
cached `stdClass` objects must be converted to `WP_Term` objects. This
was overlooked when `WP_Term_Query` was refactored to support object
queries in [38667].
Props dlh.
Fixes#44221.
git-svn-id: https://develop.svn.wordpress.org/trunk@43313 602fd350-edb4-49c9-b593-d223f7449a82
Update the test infrastructure so that third party plugins, themes, and projects that use the core testing framework continue to operate from the `src` directory and do not require a build step.
Props mboynes, danielbachhuber, schlessera
See #43055
git-svn-id: https://develop.svn.wordpress.org/trunk@43311 602fd350-edb4-49c9-b593-d223f7449a82
In many a strange and curious file of forgotten lore—
While I pondered, blaming Nacin, my notifications suddenly awakened,
As of someone quietly DMing;—DMing me, I can’t ignore.
“’Tis some contributor,” I muttered, “DMing me an idea or four—
Only this and nothing more.”
Ah, distinctly I remember, at WordCamp US, last December;
A mad proposal nearly laid me—down out cold—upon the floor.
Curious, I listened closely;—to a plan I agreed with, mostly—
A way to make our JavaScript—JavaScript which was a chore—
Maintainable, extendable, for the future, is what I saw.
Guten-ready for evermore.
Open here I switch to Slack, when, with many a patch and hack,
In there stepped Omar, a JavaScript developer hardcore;
Pronouncing all the changes fit; ready now to be commit;
“There’s nothing else for us to do,” DMing me, “It’s done!” he swore—
“No longer random guessing at which file need next be explored—
Let’s move on, we’re all aboard.”
Moved all together, grouped and managed, in folders all is packaged,
The code had all been cleaned and tidied, important parts moved to the fore,
“Though this change be useful here,” I said, “it is too large, I fear,
We couldn’t manage such a patch, we’ve done nothing like this before—
Tell me where doth go this change, change to make our codebase soar!”
Quoth Omar, “In WordPress Core.”
Props omarreis for shepherding this significant change.
Props adamsilverstein, aduth, atimmer, dingo_bastard, frank-klein, gziolo, herregroen, jaswrks, jeremyfelt, jipmoors, jorbin, netweb, ocean90, pento, tjnowell, and youknowriad for testing, feedback, discussion, encouragement, commiserations, etc.
I make no apologies for this commit message.
Fixes#43055.
git-svn-id: https://develop.svn.wordpress.org/trunk@43309 602fd350-edb4-49c9-b593-d223f7449a82
`ResourceBundle` is only countable in PHP 5.4+, which can be considered an acceptable edge case for WordPress core purposes.
Props jrf, ayeshrajans.
Fixes#43583.
git-svn-id: https://develop.svn.wordpress.org/trunk@43226 602fd350-edb4-49c9-b593-d223f7449a82
r43008 refactored the request flow to make several improvements, but accidentally marked `completed` requests as `confirmed`. This commit restores the intended statuses, so that the data and corresponding UI reflect reality.
Props allendav, birgire.
Fixes#43913.
git-svn-id: https://develop.svn.wordpress.org/trunk@43183 602fd350-edb4-49c9-b593-d223f7449a82
In many common Multisite use cases, the network administrator will want to set a network-wide privacy policy -- via the `privacy_policy_url` filter -- for consistency and convenience. When that's done, the Privacy Settings screen on individual sites becomes unnecessary, and may confuse administrators of those sites when they see that their changes don't have any effect on the policy link in the footer.
Since we can't programatically determine which behavior the network admins would like, the safest default setting is to restrict the ability to super admins, and let them delegate it to individual site owners via a plugin, if they'd like to.
Fixes#43935.
git-svn-id: https://develop.svn.wordpress.org/trunk@43147 602fd350-edb4-49c9-b593-d223f7449a82
`user_status` is not considered personal data, so the total number of exported user properties is 11.
See #43547.
git-svn-id: https://develop.svn.wordpress.org/trunk@43116 602fd350-edb4-49c9-b593-d223f7449a82
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Props danielbachhuber.
See #43874.
git-svn-id: https://develop.svn.wordpress.org/trunk@43087 602fd350-edb4-49c9-b593-d223f7449a82
Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.
Props allendav, jeremyfelt, iandunn.
Fixes#43919.
git-svn-id: https://develop.svn.wordpress.org/trunk@43085 602fd350-edb4-49c9-b593-d223f7449a82
Return values added to Cron API functions to indicate outcome:
* `wp_schedule_single_event()`, `wp_schedule_event()`, `wp_reschedule_event()` and `wp_unschedule_event()`: boolean indicating success or failure,
* `wp_clear_scheduled_hook()`: integer indicating number of jobs cleared (zero or more), `false` if one or more jobs fail to clear,
* `wp_unschedule_hook()`: integer indicating number of jobs cleared (zero or more), `false` if the jobs fail to clear,
* `spawn_cron()`: boolean indicating whether job spawned,
* `wp_cron()`: integer indicating number of jobs spawned (zero or more), `false` if one or more jobs fail to spawned,
* `_set_cron_array()`: boolean outcome of `update_option()`.
Props evansolomon, jrf, peterwilsoncc, pento for code review.
Fixes#21072.
git-svn-id: https://develop.svn.wordpress.org/trunk@43050 602fd350-edb4-49c9-b593-d223f7449a82
The `get_term()` mapping may result in term objects that are `null` or
`WP_Error` when plugins use `get_term` or a related filter. Since `null`
and error objects are not valid results for a term query, we discard
them.
Props GM_Alex.
See #42691.
git-svn-id: https://develop.svn.wordpress.org/trunk@43049 602fd350-edb4-49c9-b593-d223f7449a82
After the introduction of site metadata in [42836], it should be possible to query sites by that data.
Fixes#40229.
git-svn-id: https://develop.svn.wordpress.org/trunk@43010 602fd350-edb4-49c9-b593-d223f7449a82
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.
Props danielbachhuber.
Fixes#43739.
git-svn-id: https://develop.svn.wordpress.org/trunk@43007 602fd350-edb4-49c9-b593-d223f7449a82
Without the `ms-required` and `ms-excluded` groups being marked as excluded in the PHPUnit configurations for the project, those groups were still executed, causing fatal errors. Checking against the groups in the correct structure of the array returned from PHPUnit's `Testcase::getAnnotations()` ensures that those tests are skipped properly.
Fixes#43863.
git-svn-id: https://develop.svn.wordpress.org/trunk@43005 602fd350-edb4-49c9-b593-d223f7449a82
This introduces the `get_the_privacy_policy_link()` and `the_privacy_policy_link()` functions, as well as the `privacy_policy_url` filter.
A new `tests/url/` folder was added to better organize tests related to `get_*_url()` functions. Previously, those tests were placed in `tests/url.php` and `tests/link/`, but neither of those locations are optimal. Placing tests in `tests/url.php` violates the guideline of creating separate files/classes for each function under test, and using `tests/link/` conflates two distinct -- albeit related -- groups of functions. Over time, URL-related tests can be migrated to the new folder.
Props birgire, xkon, azaozz, iandunn.
See #43850.
git-svn-id: https://develop.svn.wordpress.org/trunk@43002 602fd350-edb4-49c9-b593-d223f7449a82
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).
This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.
Props danielbachhuber.
Fixes#42202.
git-svn-id: https://develop.svn.wordpress.org/trunk@43001 602fd350-edb4-49c9-b593-d223f7449a82
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.
Reverts [42142].
Fixes#42465.
git-svn-id: https://develop.svn.wordpress.org/trunk@42997 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, the nonce passed from `wp-signup.php` was verified with a simple comparison. Furthermore in case of failures, `wp_die()` would be called right during the HTML markup being already printed. Now the error message is returned properly, modifying the `WP_Error` object in the passed `$result`.
Props herregroen.
Fixes#43667.
git-svn-id: https://develop.svn.wordpress.org/trunk@42976 602fd350-edb4-49c9-b593-d223f7449a82
This iterates on earlier versions of the code, in order to handle more edge cases. An arbitrary string like `or=\"` will now be stripped, as well as reachability scopes like `%eth0`.
Props eamax, soulseekah, iandunn.
Fixes#41083.
git-svn-id: https://develop.svn.wordpress.org/trunk@42968 602fd350-edb4-49c9-b593-d223f7449a82
`edit_user()` can also update user roles but was still using the `edit_users` capability instead of the newer `promote_users` capability introduced in [14176].
This makes the role handling consistent with the bulk dropdown menu for role changes.
Props flixos90, johnjamesjacoby, ocean90.
Fixes#42564.
git-svn-id: https://develop.svn.wordpress.org/trunk@42855 602fd350-edb4-49c9-b593-d223f7449a82
This updates the expected version number for Hello Dolly in `Tests_Ajax_Update_Plugin::test_update_plugin` following [42839].
See #43555.
git-svn-id: https://develop.svn.wordpress.org/trunk@42841 602fd350-edb4-49c9-b593-d223f7449a82
This is a partial revert of [41724], so image captions include an
inline `width` style instead of `max-width`.
This returns the caption shortcode to the pre-4.9.0 behavior, while
retaining the extra unit test coverage added in [41724].
Fixes#43123. See #33981.
git-svn-id: https://develop.svn.wordpress.org/trunk@42837 602fd350-edb4-49c9-b593-d223f7449a82
A new global multisite table `wp_blogmeta` is added to the database schema, and a set of `*_site_meta()` API functions are introduced.
The implementation fails gracefully when the new table is not yet available, which may happen especially shortly after the core update, before the network has been upgraded to the new database schema. The presence of the table is detected once and stored as a global setting on the main network.
Core does not yet use site metadata, but there are several use-cases to be implemented or explored in the near future, and it allows plugins to extend sites with arbitrary data, which will come in particularly handy with the upcoming REST API endpoint for sites.
Props spacedmonkey, johnjamesjacoby, jeremyfelt, flixos90.
Fixes#37923.
git-svn-id: https://develop.svn.wordpress.org/trunk@42836 602fd350-edb4-49c9-b593-d223f7449a82
Prior to this change, the `{$network_id}:notoptions` cache would only be fetched, but not set, unless the actual database lookup would be unsuccessful. This enhancement slightly improves performance by preventing unnecessary external object cache lookups if one is used.
Fixes#43506.
git-svn-id: https://develop.svn.wordpress.org/trunk@42833 602fd350-edb4-49c9-b593-d223f7449a82
This new dashboard widget is shown on WordPress sites which are powered by a PHP version which WordPress considers outdated, in order to inform site owners about the resulting problems and to explain how to upgrade to a supported version. An education page for that purpose has been previously created that the widget links to. The link is translatable so that localized versions of the page can be referred to as they become available.
The nag follows the example of the Browse Happy dashboard widget and is only visible for administrators, or network administrators when using multisite. To determine whether it needs to be displayed, a new wordpress.org API introduced prior is called that handles the version logic in a centralized location.
Props flixos90, hedgefield, schlessera.
Fixes#41191.
git-svn-id: https://develop.svn.wordpress.org/trunk@42832 602fd350-edb4-49c9-b593-d223f7449a82
The error response body size is limited to 1 KB by default to avoid taking up too much memory. The size can be increased using `download_url_error_max_body_size` filter.
Props soulseekah, campusboy1987, mihdan, SergeyBiryukov.
Fixes#43329.
git-svn-id: https://develop.svn.wordpress.org/trunk@42773 602fd350-edb4-49c9-b593-d223f7449a82