Commit Graph

2308 Commits

Author SHA1 Message Date
Rachel Baker
8c26572c8a REST API: Fix bug where comment author and author email could be an empty string when creating a comment.
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted.  Both values can be an empty string on update.

Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.

Fixes #38971.


git-svn-id: https://develop.svn.wordpress.org/trunk@39444 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 22:43:03 +00:00
Rachel Baker
0de150991c REST API: Fix handling of some orderby parameters for the Posts controller.
- `'orderby' => 'include'` requires an array of post_ids via the `include` collection param.
`'orderby' => 'id'` and `'orderby' => 'slug'` need map the correct WP_Query equivalents. 

Props flixos90, hnle, dd32, rachelbaker, joehoyle, pento.

Fixes #38971.


git-svn-id: https://develop.svn.wordpress.org/trunk@39440 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 22:17:36 +00:00
Jeremy Felt
9232ecc9fc REST API: Disable DELETE requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.


git-svn-id: https://develop.svn.wordpress.org/trunk@39438 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 22:10:01 +00:00
Rachel Baker
a55506974e REST API: Return a WP_Error if meta property is not an array.
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.

Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes #38989.

git-svn-id: https://develop.svn.wordpress.org/trunk@39436 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 21:55:09 +00:00
Weston Ruter
511ba69e52 Customize: Fix posts limit query arg for WP_Query from incorrect number to posts_per_page.
Props dlh.
Fixes #39022.


git-svn-id: https://develop.svn.wordpress.org/trunk@39434 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 16:17:03 +00:00
Gary Pendergast
5ff3f14d78 Plugins: Add a current_priority() method to WP_Hook.
This allows plugins to determine the currently running priority of a filter.

Fixes #39007.



git-svn-id: https://develop.svn.wordpress.org/trunk@39430 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 07:09:33 +00:00
Gary Pendergast
d5bfeae9d8 REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.



git-svn-id: https://develop.svn.wordpress.org/trunk@39426 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 06:53:59 +00:00
Weston Ruter
bdd33e9dff Customize: Reuse existing non-auto-draft posts and existing auto-draft posts in the customized state with matching slugs when applying starter content.
* Updates `wp_unique_post_slug()` to ignore `auto-draft` posts. Prevents publishing multiple posts that have the same slugs from starter content.
* Fixes fatal error when attempting to save an header_image setting from a non-admin context.
* Fixes substituting attachment symbols in options and theme mods.
* Fixes applying starter content for header images and background images.

See #38114.
Fixes #38928.


git-svn-id: https://develop.svn.wordpress.org/trunk@39411 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 00:24:19 +00:00
Weston Ruter
3e9a2d5a5a Customize: Reject a changeset update when a non-future date is provided and also ensure that a published changeset always gets set to the current date/time.
* Also moves checks from `customize_save` Ajax handler to the underlying `WP_Customize_Manager::save_changeset_post()` call which plugins may invoke directly.
* Ensures that `customize_save_response` filter is always passed an array, with error code available as `code`.

Props utkarshpatel, westonruter, sayedwp.
See #30937.
Fixes #38943.


git-svn-id: https://develop.svn.wordpress.org/trunk@39409 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-02 00:01:51 +00:00
Mike Schroder
352e997f92 Media: Fix regression with display of small images in media library.
Fixes a regression in the media library after [38949], which caused
small images (< thumbnail size) to not display within the media library.

Accounts for images that have no intermediate sizes
in `wp_prepare_attachment_for_js()`.

Adds test.

Fixes #38965.
Props joemcgill, clorith, mikeschroder.

git-svn-id: https://develop.svn.wordpress.org/trunk@39396 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-01 00:01:38 +00:00
Weston Ruter
79182c0fe2 Customize: Fix handling of the nav menu item labels (titles) that match defaults (original titles) and fix the display of item type labels.
* Show default labels for nav menu item as placeholders in a control's label field instead of showing blank.
* Store empty string as label instead of copying default labels.
* Prevent labels for post type archive items from being dropped in preview.
* Also ensure that the item type label is displayed on nav menu item controls for settings that are loaded from an existing changeset.

Amends [38618].
See #38015.
Fixes #38955.


git-svn-id: https://develop.svn.wordpress.org/trunk@39393 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 23:35:34 +00:00
Dominik Schilling (ocean90)
13fd32cc20 Options: Pass the $passed_default parameter to the 'default_option_{$option} filter in add_option().
This was missed in [38910].

Props joehoyle, lucasstark.
See #38176.
Fixes #38930.

git-svn-id: https://develop.svn.wordpress.org/trunk@39382 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 21:21:21 +00:00
James Nylen
74efb754fd REST API: Add test for creating a comment with an invalid post ID.
#38816 fixed creating a comment with an invalid post ID (this should not be
allowed), but we need a test for this.

Fixes #38991.


git-svn-id: https://develop.svn.wordpress.org/trunk@39375 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 16:21:38 +00:00
jnylen0
c716e604c5 REST API: Add tests for empty or "no-op" updates.
The API should allow updates that don't actually change anything.  This allows
clients to, for example, accidentally send the same request twice without
encountering unexpected errors.  This currently works for posts, terms, and
users, so this commit adds test cases accordingly.

See #38700 for issues preventing this from working for comments.

Fixes #38975.


git-svn-id: https://develop.svn.wordpress.org/trunk@39371 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-30 03:02:01 +00:00
Weston Ruter
9c39b16119 Customize: Fix logic for previewing the URL for nav_menu_item settings for terms and post type archives.
Fixes typo in args passed to `get_term_link()` which caused a fatal error due to this call returning a `WP_Error` which was set to `url`. Also fixes never-satisfiable condition for obtaining post type archive URL. Also ensures that `WP_Error` never leaks through as `url` by setting it to an empty string. Adds missing unit tests.

Amends [38991].
See #38114.
Fixes #38945.


git-svn-id: https://develop.svn.wordpress.org/trunk@39365 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-27 03:04:35 +00:00
John Blackbourn
8b1afc4743 Build/Test Tools: Add an extra WP_Error assertion when testing a valid user activation key. This provides a better failure message if the assertion does fail.
See #38716


git-svn-id: https://develop.svn.wordpress.org/trunk@39364 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-27 01:24:58 +00:00
John Blackbourn
25ede80cab Build/Test Tools: When testing the output of wp_list_pages(), use a known and fixed date for each post so the tests don't fail when the date changes between the beginning and end of a test.
Props xrmx
Fixes #38688


git-svn-id: https://develop.svn.wordpress.org/trunk@39363 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-27 00:07:49 +00:00
Joe Hoyle
a1c2caa4e3 REST API: Special case the “standard” post format to always be allowed.
Fixes #38916.

git-svn-id: https://develop.svn.wordpress.org/trunk@39353 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-24 00:07:50 +00:00
joehoyle
7dc75c29f6 REST API: Allow unsetting a post’s password.
Props danielbachhuber, iseulde.
Fixes #38919.

git-svn-id: https://develop.svn.wordpress.org/trunk@39352 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 23:12:05 +00:00
Weston Ruter
8bcbe1a35c Customize: Refactor logic for updating custom_css posts by introducing wp_update_custom_css_post() function and renaming update filter.
* Moves logic from `WP_Customize_Custom_CSS_Setting::update()` into a re-usable `wp_update_custom_css_post()` function, useful for future REST API endpoint, WP-CLI command, or plugin migrations.
* Renames `customize_update_custom_css_post_content_args` filter to `update_custom_css_data` and improves the naming of the parameters. Instead of passing `post_content` and `post_content_filtered` the filtered array now contains `css` and `preprocessed` respectively. 
* The second context param for the `update_custom_css_data` filter is now an array of the original args passed to `wp_update_custom_css_post()` and there is now no more `$setting` arg since it isn't necessarily being called in the customizer context.

Props westonruter, georgestephanis.
See #35395.
Fixes #38672.


git-svn-id: https://develop.svn.wordpress.org/trunk@39350 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 17:33:21 +00:00
Joe Hoyle
5d7118d63e REST API: Add support for comments of password-protected posts.
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.

Props flixos90, jnylen0.
Fixes #38692.

git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 16:14:08 +00:00
Helen Hou-Sandi
f3a59f8632 Theme starter content: Add support for featured images and page templates.
Featured image support means that attachments can now be imported. Media can be sideloaded from within theme or plugin directories. Like other posts, attachments are auto-drafts until customizer changes are published, and are not duplicated when they already exist in the customized state. Attachment IDs can be used for any number of purposes, much like post IDs. Twenty Seventeen now includes 3 images used as featured images to best showcase the multi-section homepage setup.

As featured image IDs are stored in post meta, it also made sense to add support for page templates. Twenty Seventeen does not include any such templates, but the functionality can be quite important for displaying themes to their best effect.

props westonruter, helen, flixos90.
fixes #38615.


git-svn-id: https://develop.svn.wordpress.org/trunk@39346 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 09:52:27 +00:00
Joe Hoyle
e606bc36c1 REST API: Allow unsetting of page templates in update requests.
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.

Props lucasstark, swissspidy.
Fixes #38877.

git-svn-id: https://develop.svn.wordpress.org/trunk@39343 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-23 02:46:42 +00:00
Rachel Baker
6028062ade REST API: Set the comment type to a readonly property in the schema.
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.

Props jnylen0, rachelbaker.
Fixes #38886.

git-svn-id: https://develop.svn.wordpress.org/trunk@39337 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 22:55:33 +00:00
Weston Ruter
f21e17dbf0 Customize: Remove iframe-specific behaviors from customize preview when previewing on frontend and not contained inside iframe.
* Strip out `customize_messenger_channel` from preview window URL when not contained in iframe.
* Allow interacting with unpreviewable links and forms when previewing customized state on frontend.

See #30937.
Fixes #38867.


git-svn-id: https://develop.svn.wordpress.org/trunk@39332 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 16:55:20 +00:00
Dominik Schilling (ocean90)
257026f7a3 I18N: In wp_dropdown_languages() rename the new show_site_locale_default argument to show_option_site_default.
This makes it consistent with arguments of other `wp_dropdown_*()` functions.

Props SergeyBiryukov.
See #38632.
Fixes #38871.

git-svn-id: https://develop.svn.wordpress.org/trunk@39331 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 16:14:01 +00:00
Dominik Schilling (ocean90)
e2f67203bb I18N: Add an additional caching layer for _load_textdomain_just_in_time().
Previously, if no translation files exist for a text domain, `_load_textdomain_just_in_time()` went through the entire process each time it was called. This results in an increased call to `get_locale()` and its `locale` filter.
This change splits the logic into `_get_path_to_translation()` and `_get_path_to_translation_from_lang_dir()`. The former, which is used by `_load_textdomain_just_in_time()`, caches the result of the latter. It also removes some non-working code from `WP_Locale_Switcher::load_translations()`.

Props jrf, swissspidy, sharkomatic, ocean90.
Fixes #37997.

git-svn-id: https://develop.svn.wordpress.org/trunk@39330 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 16:06:38 +00:00
Ryan McCue
096f23db65 REST API: Correctly map meta keys to field names.
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.

Props tharsheblows, joehoyle.
Fixes #38786.


git-svn-id: https://develop.svn.wordpress.org/trunk@39328 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 05:40:46 +00:00
Ryan McCue
4b275bf861 REST API: Disable anonymous commenting by default.
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.

Props helen, rachelbaker, joehoyle.
Fixes #38855.


git-svn-id: https://develop.svn.wordpress.org/trunk@39327 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-21 05:31:07 +00:00
Weston Ruter
bf07e57e4b Customize: Ensure that WP_Customize_Manager::save_changeset_post() returns setting_validities even for supplied values that are unchanged from values in changeset.
Check setting existence and authorization via `WP_Customize_Manager::validate_setting_values()` even for `null` values to account for custom params being added to settings, preventing failures from being silently ignored.

See #38705, #30937.
Fixes #38865.


git-svn-id: https://develop.svn.wordpress.org/trunk@39320 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-19 22:38:40 +00:00
Weston Ruter
68b9b45548 Customize: Ensure WP_Customize_Setting::value() returns previewed value for custom types utilizing the customize_value_{$id_base} filter.
Fixes #38864.


git-svn-id: https://develop.svn.wordpress.org/trunk@39318 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-19 05:59:12 +00:00
Rachel Baker
aa4af7839e REST API: On Comment create, limit the ability to set the author_ip value directly.
Users without the moderate_comments capability can no longer set the `author_ip` property directly, and instead receive a `WP_Error` if they attempt to do so. Otherwise, the `author_ip property` is populated from `$_SERVER['REMOTE_ADDR']` if present and a valid IP value. Finally, fallback to 127.0.0.1 as a last resort.

Props dd32, rachelbaker, joehoyle.
Fixes #38819.

git-svn-id: https://develop.svn.wordpress.org/trunk@39302 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 21:12:03 +00:00
Joe Hoyle
ba5a196d9e REST API: Change “ipv4” types to “ip” to support ipv6.
Stop presuming IP address are IPv4, instead make the type “ip” to be agnostic of IP version. This fixes requests with ipv6 addresses for comments in core.

Props dd32, schlessera, danielbachhuber.
Fixes #38818.

git-svn-id: https://develop.svn.wordpress.org/trunk@39296 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 19:32:03 +00:00
Joe Hoyle
db07183b6f REST API: Check read permissions on posts when viewing comments.
With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.

git-svn-id: https://develop.svn.wordpress.org/trunk@39295 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 19:06:26 +00:00
Rachel Baker
2916ca534c REST API: Add test case for users/me endpoint that the context param defaults to view.
Props danielbachhuber.
See #38842.

git-svn-id: https://develop.svn.wordpress.org/trunk@39293 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 18:58:25 +00:00
Rachel Baker
7552367e7a REST API: Remove the karma property and query parameter from the Comments endpoints.
WordPress has not used the `karma` property internally for the past 8 years. There is no need to expose it in the REST API endpoints. Sites that use `karma` can include it using the `register_rest_field()` function.

Props dd32, danielbachhuber.
Fixes #38821.

git-svn-id: https://develop.svn.wordpress.org/trunk@39292 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 18:52:19 +00:00
Rachel Baker
f553ad6277 REST API: On comment create, return an error if the type property is set to anything other than comment.
Of the default comment_types, only comments are expected to be created via the REST API endpoint. Comments do not have registered types the way that Posts do, so we do not have a method to accurately check permissions for arbitrary comment types.

Props dd32, boonebgorges, rachelbaker.
Fixes #38820.

git-svn-id: https://develop.svn.wordpress.org/trunk@39290 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 18:36:10 +00:00
Rachel Baker
659822098a REST API: Allow parent property to be explicitly set to 0 when creating or updating a Post.
Props lucasstark, danielbachhuber.
Fixes #38852.

git-svn-id: https://develop.svn.wordpress.org/trunk@39289 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 18:11:49 +00:00
Rachel Baker
ff38fc46e4 REST API: On comment create, return an error if the post parameter does not relate to a valid WP_Post object.
Return a `WP_Error` object for attempts to create a comment without an empty or invalid `post` ID.

Props dd32, jnylen0, rachelbaker.
Fixes #38816.

git-svn-id: https://develop.svn.wordpress.org/trunk@39288 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 16:55:03 +00:00
Rachel Baker
cceb9a6053 REST API: On comment create, fallback to the user_agent header value.
If a user-agent is not explicitly provided in the `author_user_agent` parameter, fallback to the `user_agent` value in the request header.

Props dd32, jnylen0, rachelbaker.
Fixes #38817.

git-svn-id: https://develop.svn.wordpress.org/trunk@39287 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-18 16:21:27 +00:00
Sergey Biryukov
f493ebb369 Taxonomy: Prevent wp_list_categories() from producing not well-nested output if hide_title_if_empty is true.
Props chesio.
Fixes #38839. See #33460.

git-svn-id: https://develop.svn.wordpress.org/trunk@39280 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-17 18:01:13 +00:00
Weston Ruter
a3b66814a7 Customize: Add unit tests for importing theme starter content.
Props welcher, westonruter.
See #38114, #38533, #38615.
Fixes #38540.


git-svn-id: https://develop.svn.wordpress.org/trunk@39276 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-17 08:17:57 +00:00
Gary Pendergast
365241878f Database: Add support for LIKE-escaped tables in ::get_table_from_query().
The `SHOW TABLES LIKE` query can be used to search for tables that match a pattern, `wp\_123\_%`, for example. While this isn't the name of an actual table, the `wp_123_` prefix can be used by database drop-ins to direct the query correctly. This change removes the escaping and `%` modifier, to provide this usable prefix.

Props andy, pento.
Fixes #38751.



git-svn-id: https://develop.svn.wordpress.org/trunk@39275 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-17 04:20:22 +00:00
Boone Gorges
206a330d72 Comments: Query used to fill comment descendants should reset 'offset' and 'number' params.
Descendant queries should not inherit the 'offset' and 'number'
parameters of the parent query, or descendants will be missed.

Previously: [38497].

See #37696.

git-svn-id: https://develop.svn.wordpress.org/trunk@39274 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-17 03:02:40 +00:00
Sergey Biryukov
a9b4305084 Tests: Add a missing $message argument for assertEquals() in [39265].
See #23626.

git-svn-id: https://develop.svn.wordpress.org/trunk@39267 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-16 13:42:03 +00:00
Sergey Biryukov
701b2d23f2 Tests: Use assertEquals()' native functionality for delta comparison in test_wp_convert_bytes_to_hr().
See #23626.

git-svn-id: https://develop.svn.wordpress.org/trunk@39265 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-16 13:14:44 +00:00
Peter Wilson
55fd899391 Themes: Remove front page restriction from video header functions.
Adds a callback for determining when video headers should be displayed in themes supporting custom headers. By default, video headers are only displayed on the front page of a site.

Theme authors may set a custom callback by passing `'video-active-callback' => 'mytheme_video_active_callback'` as an argument. The default callback is `is_front_page()`.

This introduces the new function `is_header_video_active()` - returns `true` on pages that should display video headers. The return value can be filtered using the new filter of the same name.

Props flixos90, bradyvercher, peterwilsoncc, joemcgill.
Fixes #38738.


git-svn-id: https://develop.svn.wordpress.org/trunk@39240 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-15 07:15:20 +00:00
Peter Wilson
f62112fa16 Posts, Post Types: Improve sanitisation of templates' post types.
Prevents post type templates ignoring post types due to invalid characters. Each entry in the `Template Post Type` comment is run through `sanitize_key()` to match the sanitisation used by `register_post_type()`.

Fixes #38766.


git-svn-id: https://develop.svn.wordpress.org/trunk@39236 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-15 03:36:13 +00:00
Joe Hoyle
58169b04fa REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.


git-svn-id: https://develop.svn.wordpress.org/trunk@39222 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-14 16:35:35 +00:00
Ryan McCue
ecb1e33d0d REST API: Improve validation for usernames and passwords.
Also improves the slashing of user data in the REST API to avoid data loss.

Props jnylen0.
Fixes #38739.


git-svn-id: https://develop.svn.wordpress.org/trunk@39219 602fd350-edb4-49c9-b593-d223f7449a82
2016-11-14 07:12:31 +00:00