The `is_network_only_plugin` and `is_plugin_active` functions are not available in a front-end context and must be specifically loaded.
Props oakesjosh.
Fixes#52205.
git-svn-id: https://develop.svn.wordpress.org/trunk@49952 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only the active theme was made available. This commit allows for all themes to be queried if the user has the `switch_themes` or `manage_network_themes` capabilities.
This commit also no longer exposes the `page`, `per_page`, `search` and `context` query parameters since they are not supported by this controller.
Props spacedmonkey, lpawlik, TimothyBlynJacobs.
Fixes#50152.
git-svn-id: https://develop.svn.wordpress.org/trunk@49925 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the entire list of `WP_Query` args are filterable in the posts controller.
Props Krstarica, TimothyBlynJacobs.
Fixes#42762.
git-svn-id: https://develop.svn.wordpress.org/trunk@49923 602fd350-edb4-49c9-b593-d223f7449a82
Previously `null` was returned because the server was accessing the incorrect variable.
Props atimmer, technosailor.
Fixes#52106.
git-svn-id: https://develop.svn.wordpress.org/trunk@49918 602fd350-edb4-49c9-b593-d223f7449a82
This enables, for example, the previous post status to be used by this hook without the need to first capture it on an earlier hook.
This also fixes the value of the `$fire_after_hooks` parameter in `get_default_post_to_edit()` so the `wp_after_insert_post` action correctly fires just once on the new post screen.
Props Collizo4sky, peterwilsoncc, hellofromTonya, TimothyBlynJacobs, SergeyBiryukov
Fixes#45114
git-svn-id: https://develop.svn.wordpress.org/trunk@49731 602fd350-edb4-49c9-b593-d223f7449a82
The REST API requests in Site Health and App Passwords now include `_locale=user` in the request URL to ensure the user's locale is used instead of the site locale. Additionally, the `apiRequest` library now sends a JSON `Accept` header which is required by `determine_locale()` to respect the `_locale` query parameter.
The Site Health REST API controllers now manually load the default admin textdomain if not `is_admin()`. This allows for the Site Health tests to be translated even though the translations are part of the administration project and the REST API is not.
Props oglekler, kebbet, Clorith, TimothyBlynJacobs, ocean90, SergeyBiryukov, adamsilverstein.
Fixes#51871.
git-svn-id: https://develop.svn.wordpress.org/trunk@49716 602fd350-edb4-49c9-b593-d223f7449a82
Previously App Passwords used a mix of "enabled" and "available". We've now standardized on using "available".
Additionally, we now use a 501 status code when indicating that App Passwords is not available.
Props SergeyBiryukov, ocean90, TimothyBlynJacobs.
Fixes#51513.
git-svn-id: https://develop.svn.wordpress.org/trunk@49617 602fd350-edb4-49c9-b593-d223f7449a82
App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value.
This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.
Props Clorith, marybaum, TimothyBlynJacobs.
Fixes#51638.
git-svn-id: https://develop.svn.wordpress.org/trunk@49334 602fd350-edb4-49c9-b593-d223f7449a82
Previously, we only supported `application/json` which prevented using subtypes like `application/activity+json`. This allows for the REST API to `json_decode` the body of requests using a JSON subtype `Content-Type`. Additionally, `wp_die()` now properly sends the error as JSON when a JSON subtype is specified in the `Accept` header.
Props pfefferle.
Fixes#49404.
git-svn-id: https://develop.svn.wordpress.org/trunk@49329 602fd350-edb4-49c9-b593-d223f7449a82
This switches to the new `rest_default_additional_properties_to_false()` function which doesn't have this issue and deprecates the `WP_REST_Meta_Fields::default_additional_properties_to_false()` method.
Props austin880625.
Fixes#51389.
git-svn-id: https://develop.svn.wordpress.org/trunk@49308 602fd350-edb4-49c9-b593-d223f7449a82
The REST API and XML-RPC now uses the same detection methodology for empty comment content as `wp_handle_comment_submission()`. Specifically, comments now have their content trimmed and '0' is allowed.
Props jaswrks, rmccue, dd32, rachelbaker, Cawa-93, aduth, TimothyBlynJacobs.
Fixes#43177.
git-svn-id: https://develop.svn.wordpress.org/trunk@49303 602fd350-edb4-49c9-b593-d223f7449a82
In particular, this allows for sending `status=inherit` to an attachment if it's current status is `inherit`. This status would be rejected because it is an "internal" post status which isn't exposed.
As a general rule, a developer should always be able to PUT back a GET response without error.
Props dfenton, pputzer, TimothyBlynJacobs.
Fixes#40399.
git-svn-id: https://develop.svn.wordpress.org/trunk@49302 602fd350-edb4-49c9-b593-d223f7449a82
Plugins shouldn't be setting the global post object during a REST API request, but if they did this could cause unexpected errors when creating a post with a template.
Props Kipperlenny, TimothyBlynJacobs.
Fixes#49695.
git-svn-id: https://develop.svn.wordpress.org/trunk@49301 602fd350-edb4-49c9-b593-d223f7449a82
The comments controller now uses the `rest_get_route_for_post` function introduced in WordPress 5.5 to generate the link. This function is filterable to allow for custom controllers to properly define their REST API route.
Props dsifford, TimothyBlynJacobs.
Fixes#44152.
git-svn-id: https://develop.svn.wordpress.org/trunk@49299 602fd350-edb4-49c9-b593-d223f7449a82
This method never worked properly and cannot be fixed due to incompatible method signatures.
Props flixos90, kadamwhite, jnylen0, TimothyBlynJacobs.
Fixes#39959.
git-svn-id: https://develop.svn.wordpress.org/trunk@49295 602fd350-edb4-49c9-b593-d223f7449a82
Apps may now optionally include an `app_id` parameter when directing the user to the Authorize Application screen. This allows for instances of an application to be identified and potentially revoked or blocked.
Props TimothyBlynJacobs, georgestephanis.
Fixes#51583.
git-svn-id: https://develop.svn.wordpress.org/trunk@49276 602fd350-edb4-49c9-b593-d223f7449a82
Previously, only a small subset of keywords were exposed which limited the utility of `OPTIONS` requests.
Props raubvogel, TimothyBlynJacobs.
Fixes#51020.
git-svn-id: https://develop.svn.wordpress.org/trunk@49257 602fd350-edb4-49c9-b593-d223f7449a82
A new route is introduced, `batch/v1`, that accepts a list of API requests to run. Each request runs in sequence, and the responses are returned in the order they've been received.
Optionally, the `require-all-validate` validation mode can be used to first validate each request's parameters and only proceed with processing if each request validates successfully.
By default, the batch size is limited to 25 requests. This can be controlled using the `rest_get_max_batch_size` filter. Clients are strongly encouraged to discover the maximum batch size supported by the server by making an OPTIONS request to the `batch/v1` endpoint and inspecting the described arguments.
Additionally, the two new methods, `match_request_to_handler` and `respond_to_request` introduced in [48947] now have a `protected` visibility as we don't want to expose the inner workings of the `WP_REST_Server::dispatch` API.
Batching is not currently supported for GET requests.
Fixes#50244.
Props andraganescu, zieladam, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@49252 602fd350-edb4-49c9-b593-d223f7449a82
The new block editor included in 5.6 introduces an api_version property
that indicates which block API version the block is using.
This commits makes this property available on the block type and the endpoint.
Props TimothyBlynJacobs, gziolo.
Fixes#51529.
git-svn-id: https://develop.svn.wordpress.org/trunk@49224 602fd350-edb4-49c9-b593-d223f7449a82
The reason for introducing `wp_slash_strings_only()` in [46454] was to keep non-string values untouched.
Later, `wp_slash()` itself was updated in [48433] to prevent changing non-string values.
To avoid confusion, `wp_slash_strings_only()` is now deprecated.
Props ayeshrajans, ocean90.
Fixes#50635.
git-svn-id: https://develop.svn.wordpress.org/trunk@49188 602fd350-edb4-49c9-b593-d223f7449a82
Introduces the action `wp_after_insert_post` inside a wrapper function of the same name. This hook allows plugin developers to access a posts full data (including its terms and meta data) regardless of the workflow used to save it.
A new parameter is introduced to `wp_insert_post()` to indicate whether the hook should be fired within the function call or will be fired afterward.
Props aristath, Collizo4sky, danielbachhuber, joyously, kadamwhite, kraftbj, markparnell, mikeschroder, noisysocks, peterwilsoncc, SergeyBiryukov, talldanwp, thewebprincess, TimothyBlynJacobs.
Fixes#45114.
git-svn-id: https://develop.svn.wordpress.org/trunk@49172 602fd350-edb4-49c9-b593-d223f7449a82
This provides more flexibility when writing tests and benefits from running in a front-end context which is necessary for some tests like checking that updates are supported. Additionally, this provides a more robust interface for developers who want to integrate with Site Health tests.
Because the `wp/v2` endpoint is reserved for modeling core entities, site health is registered in its own `wp-site-health/v1` namespace.
The existing ajax actions have been maintained for backward compatibility.
Props Clorith, chrisvanpatten, afragen, pokhriyal, TimothyBlynJacobs.
Fixes#48105.
git-svn-id: https://develop.svn.wordpress.org/trunk@49154 602fd350-edb4-49c9-b593-d223f7449a82
This allows for clients to search the used post formats via the /wp/v2/search endpoint by using a type=post-format query parameter.
Fixes#51459.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@49132 602fd350-edb4-49c9-b593-d223f7449a82
In WordPress 4.4 the REST API was first introduced. A few releases later in WordPress 4.7, the Content API endpoints were added, paving the way for Gutenberg and countless in-site experiences. In the intervening years, numerous plugins have built on top of the REST API. Many developers shared a common frustration, the lack of external authentication to the REST API.
This commit introduces Application Passwords to allow users to connect to external applications to their WordPress website. Users can generate individual passwords for each application, allowing for easy revocation and activity monitoring. An authorization flow is introduced to make the connection flow simple for users and application developers.
Application Passwords uses Basic Authentication, and by default is only available over an SSL connection.
Props georgestephanis, kasparsd, timothyblynjacobs, afercia, akkspro, andraganescu, arippberger, aristath, austyfrosty, ayesh, batmoo, bradyvercher, brianhenryie, helen, ipstenu, jeffmatson, jeffpaul, joostdevalk, joshlevinson, kadamwhite, kjbenk, koke, michael-arestad, Otto42, pekz0r, salzano, spacedmonkey, valendesigns.
Fixes#42790.
git-svn-id: https://develop.svn.wordpress.org/trunk@49109 602fd350-edb4-49c9-b593-d223f7449a82
This allows for clients to search the available terms via the `/wp/v2/search` endpoint by using a `type=term` query parameter.
Fixes#51458.
Props andraganescu, zieladam, noisysocks, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@49103 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the search controller infrastructure required that the id property was an integer. This prevents data models that use a string id from utilizing the search infrastructure.
This commit lifts the restraint that search handlers return integer ids. This will allow for the Post Formats search handler coming in 5.6 to use slugs instead of creating fake ids.
Props stoyangeorgiev.
Fixes#51131.
git-svn-id: https://develop.svn.wordpress.org/trunk@49088 602fd350-edb4-49c9-b593-d223f7449a82
This method is useful whenever a JSON Schema needs to be converted to a format suitable for argument validation with `WP_REST_Request`. Moving the logic into a standalone function allows developers to use it outside of the `WP_REST_Controller` context.
Props pentatonicfunk.
Fixes#50876.
git-svn-id: https://develop.svn.wordpress.org/trunk@48951 602fd350-edb4-49c9-b593-d223f7449a82
#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.
This necessitates splitting `WP_REST_Server::dispatch()` into two methods so the batch controller can determine the request handler to perform pre-validation and then respond to the requests.
The two new methods, `match_request_to_handler` and `respond_to_request`, have a public visibility, but are marked as `@access private`. This is to allow for iteration on the batch controller to happen in the Gutenberg repository. Developers should not rely upon these methods, their visibility may change in the future.
See #50244.
Props andraganescu, zieladam, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@48947 602fd350-edb4-49c9-b593-d223f7449a82
Most request data is validated on a per-parameter basis. Often, however, additional validation is needed that operates on the entire request object. Currently, this is done in the route callback and often in the `prepare_item_for_database` method specifically.
#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.
This patch introduces support for calling a `validate_callback` after all parameter validation has succeeded. That allows moving more validation outside of the route callback and into `WP_REST_Request` which will improve "pre-validate" support.
Props TimothyBlynJacobs, zieladam.
Fixes#51255.
See #50244.
git-svn-id: https://develop.svn.wordpress.org/trunk@48945 602fd350-edb4-49c9-b593-d223f7449a82
