Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts as if the `sticky` argument was not set. In this situation, the query should return an empty array instead.
A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.
Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.
Props ryelle.
Fixes#39947.
git-svn-id: https://develop.svn.wordpress.org/trunk@40122 602fd350-edb4-49c9-b593-d223f7449a82
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information. It's just not used at this point in time. Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.
After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.
Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes#39232.
git-svn-id: https://develop.svn.wordpress.org/trunk@40120 602fd350-edb4-49c9-b593-d223f7449a82
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.
This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.
Props joehoyle.
Fixes#38883.
git-svn-id: https://develop.svn.wordpress.org/trunk@40108 602fd350-edb4-49c9-b593-d223f7449a82
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.
This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.
Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes#39701.
git-svn-id: https://develop.svn.wordpress.org/trunk@40106 602fd350-edb4-49c9-b593-d223f7449a82
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters. Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes `application/x-www-form-urlencoded` parameters as well.
Props mnelson4.
Fixes#39933.
git-svn-id: https://develop.svn.wordpress.org/trunk@40105 602fd350-edb4-49c9-b593-d223f7449a82
Many plugins and themes use the WP core test suite to run their unit tests, so the API tests shouldn't fail if there are extra endpoints registered in non-core namespaces.
Props rachelbaker.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40104 602fd350-edb4-49c9-b593-d223f7449a82
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.
It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.
Overall this commit ensures that post and comment dates can be set and updated as expected.
Fixes#39256.
git-svn-id: https://develop.svn.wordpress.org/trunk@40101 602fd350-edb4-49c9-b593-d223f7449a82
There are a couple of changes to the generated API schemas between single-site and multisite mode - for example, the `url` and `email` settings are not present in the settings endpoint (see #39005).
To avoid unexpected changes to the `wp-api-generated.js` fixture file, skip generating the client test fixtures when running the test suite in multisite mode.
See #39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40077 602fd350-edb4-49c9-b593-d223f7449a82
Follow-up to [40065] - `JSON_*` constants are differently unsupported in PHP 5.2 and 5.3, which caused other, more different failures.
Also bring back `JSON_UNESCAPED_SLASHES` because the generated output looks nicer this way.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40066 602fd350-edb4-49c9-b593-d223f7449a82
Remove `JSON_UNESCAPED_SLASHES` from the `wp_json_encode` call - this constant is not supported in PHP < 5.4, and we don't polyfill it either.
Also make the PHPUnit test suite correctly exit with a non-zero exit code when `wp-tests-config.php` is not present. This was causing `grunt restapi-jsclient` to incorrectly proceed to its second step even when the first step failed with this error.
Props ocean90.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40065 602fd350-edb4-49c9-b593-d223f7449a82
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API. This was already done for posts, but not for revisions. The field is already declared as an integer in both controllers.
Fixes#39871.
git-svn-id: https://develop.svn.wordpress.org/trunk@40063 602fd350-edb4-49c9-b593-d223f7449a82
Add a data normalization pass when generating data fixtures for the REST API endpoints. Ensures that the `wp-api-generated.js` fixture won't change between test runs. Set more default properties and use fixed values for any properties that can't be easily controlled (object IDs and derivatives like link). Generate the fixture file with JSON_PRETTY_PRINT so that future diffs are easier to follow.
Props jnylen0, netweb.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40061 602fd350-edb4-49c9-b593-d223f7449a82
Add QUnit tests: verify that wp-api loads correctly, verify that the expected base models and collections exist and can be instantiated, verify that collections contain the correct models, verify that expected helper functions are in place for each collection.
The QUnit tests rely on two fixture files: `tests/qunit/fixtures/wp-api-generated.js` contains the data response from each core endpoint and is generated by running the PHPUnit `restapi-jsclient` group. `tests/qunit/fixtures/wp-api.js` maps the generated data to endpoint routes, and overrides `Backbone.ajax` to mock the responses for the tests.
Add PHPUnit tests in `tests/phpunit/tests/rest-api/rest-schema-setup.php`. First, verify that the API returns the expected routes via `server->get_routes()`. Then, the `test_build_wp_api_client_fixtures` test goes thru each endpoint and requests it from the API, tests that it returns data, and builds up the data for the mocked QUnit tests, saving the final results to `tests/qunit/fixtures/wp-api-generated.js`.
Add a new grunt task `restapi-jsclient` which runs the phpunit side data generation and the qunit tests together.
Props jnylen0, welcher.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/trunk@40058 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds tests for `orderby=relevance` combined with a search term in the REST API.
It also improves tests for the `orderby` parameter in `WP_REST_Posts_Controller` by looking at the generated SQL query instead of creating a bunch of carefully arranged test objects. This should be much more robust, and we can use this approach in other places (such as #39055).
Fixes#39079.
git-svn-id: https://develop.svn.wordpress.org/trunk@40037 602fd350-edb4-49c9-b593-d223f7449a82
Previously we were assuming pagination headers would be sent when the request for posts is out of bounds. Instead presume it will return an error.
See #39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39991 602fd350-edb4-49c9-b593-d223f7449a82
Return an error from the REST API if a page number larger than the total pages count is requested.
Props morganestes.
Fixes#39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39967 602fd350-edb4-49c9-b593-d223f7449a82
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.
See #38792.
git-svn-id: https://develop.svn.wordpress.org/trunk@39954 602fd350-edb4-49c9-b593-d223f7449a82
rest_pre_insert_{post_type} allows returning a WP_Error from the filter to shortcircuit actually creating the object, so it makes sense to do so for comments too.
Props dspilka.
Fixes#39578.
git-svn-id: https://develop.svn.wordpress.org/trunk@39922 602fd350-edb4-49c9-b593-d223f7449a82
Add test coverage for requests of a single user resource for authors of post types registered as:
- public = true, show_in_rest = true: success without auth.
- public = true, show_in_rest = false: fail without auth.
- public = false, show_in_rest = true: success without auth.
- public = false, show_in_rest = false: fail without auth.
See #38878.
Fixes#39546.
git-svn-id: https://develop.svn.wordpress.org/trunk@39913 602fd350-edb4-49c9-b593-d223f7449a82
This also updates the test filename in
`WP_Test_REST_Attachments_Controller::test_create_item_default_filename_title()`
to accurately match the actual file name.
git-svn-id: https://develop.svn.wordpress.org/trunk@39848 602fd350-edb4-49c9-b593-d223f7449a82
Only show users that have authored a post of a post type that has `show_in_rest` set to true.
Props rachelbaker, jnylen0.
See #38878.
git-svn-id: https://develop.svn.wordpress.org/trunk@39843 602fd350-edb4-49c9-b593-d223f7449a82
Adds tests for responses where `context != 'edit'` the following properties are not included in the response data:
- `email`
- `locale`
- `registered_date`
Props thepelkus, jnylen0.
Fixes#39399.
git-svn-id: https://develop.svn.wordpress.org/trunk@39660 602fd350-edb4-49c9-b593-d223f7449a82
Includes a new `supports` property in the response object and schema for the `/types` endpoints for users with the `edit_posts` capability for the given post type. The `supports` property returns an object of the features the given post type *supports*.
Props timmydcrawford, tyxla.
Fixes#39033.
git-svn-id: https://develop.svn.wordpress.org/trunk@39647 602fd350-edb4-49c9-b593-d223f7449a82
Removes the debugging group notation left in the `WP_Test_REST_Users_Controller` and `WP_Test_REST_Posts_Controller` classes pagination headers method. Introduced in [38832].
Props sanket.parmar.
Fixes#39398.
git-svn-id: https://develop.svn.wordpress.org/trunk@39643 602fd350-edb4-49c9-b593-d223f7449a82
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats. Avoid generating PHP warnings in this
situation.
Props dreamon11, ChopinBach.
Fixes#39293.
git-svn-id: https://develop.svn.wordpress.org/trunk@39620 602fd350-edb4-49c9-b593-d223f7449a82
In [38625], the functionality to search for attachments by filename was added
via the `posts_clauses` filter and the `_filter_query_attachment_filenames()`
function. This moves `_filter_query_attachment_filenames()` from
`wp-admin/includes/post.php` to `wp-includes/post.php` so that it can be
applied in the same manner in the REST API media endpoint.
Props jblz, tyxla.
Fixes#39092.
git-svn-id: https://develop.svn.wordpress.org/trunk@39598 602fd350-edb4-49c9-b593-d223f7449a82
In general, updates that don't actually change anything should succeed.
[39371] added tests for other object types, and this commit fixes empty updates
for comments and adds the missing test.
Fixes#38700.
git-svn-id: https://develop.svn.wordpress.org/trunk@39597 602fd350-edb4-49c9-b593-d223f7449a82
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.
Fixes#38977.
git-svn-id: https://develop.svn.wordpress.org/trunk@39595 602fd350-edb4-49c9-b593-d223f7449a82
It's fairly common for clients to send `Content-Type: application/json` with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.
Props JPry.
Fixes#39150.
git-svn-id: https://develop.svn.wordpress.org/trunk@39594 602fd350-edb4-49c9-b593-d223f7449a82
The logic in WP_REST_Request->sanitize_params() added in [39091] did not account for `null` or `false` being the sanitization_callback preventing overriding `rest_parse_request_arg()`. This fixes that oversight, allowing the built in sanitization function to be bypassed. See #38593.
Props kkoppenhaver, rachelbaker, jnylen0.
Fixes#39042.
git-svn-id: https://develop.svn.wordpress.org/trunk@39563 602fd350-edb4-49c9-b593-d223f7449a82
Extend the check in 'rest_allow_anonymous_comments' to accept any falsy value
(previously this was an explicit check for `false`).
One possible failure case is that a plugin developer forgets to include a
return value for some code path in their callback for this filter, leading to a
value of `null` which is currently treated like `true`.
Props joehoyle, jnylen0.
Fixes#39010.
git-svn-id: https://develop.svn.wordpress.org/trunk@39487 602fd350-edb4-49c9-b593-d223f7449a82
The `siteurl` setting is registered and made available to the REST API. On a multisite installation, this setting is not configurable from the General Settings screen, but due to the above it is configurable from the REST API.
Props peterwilsoncc.
Fixes#39005.
git-svn-id: https://develop.svn.wordpress.org/trunk@39468 602fd350-edb4-49c9-b593-d223f7449a82
If the `require_name_email` option is true, creating a comment with an empty string for the author name or email should not be accepted. Both values can be an empty string on update.
Props flixos90, hnle, dd32, rachelbaker, jnylen0, ChopinBach, joehoyle, pento.
Fixes#38971.
git-svn-id: https://develop.svn.wordpress.org/trunk@39444 602fd350-edb4-49c9-b593-d223f7449a82
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.
Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.
Props jnylen0, rachelbaker.
Fixes#38962.
git-svn-id: https://develop.svn.wordpress.org/trunk@39438 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bug where a PHP Warning is currently thrown if a client sends a request where `meta` is not an array value.
Props timmydcrawford, jnylen0, rachelbaker, pento.
Fixes#38989.
git-svn-id: https://develop.svn.wordpress.org/trunk@39436 602fd350-edb4-49c9-b593-d223f7449a82
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.
This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.
Props jeremyfelt.
Fixes#39000.
git-svn-id: https://develop.svn.wordpress.org/trunk@39426 602fd350-edb4-49c9-b593-d223f7449a82
The API should allow updates that don't actually change anything. This allows
clients to, for example, accidentally send the same request twice without
encountering unexpected errors. This currently works for posts, terms, and
users, so this commit adds test cases accordingly.
See #38700 for issues preventing this from working for comments.
Fixes#38975.
git-svn-id: https://develop.svn.wordpress.org/trunk@39371 602fd350-edb4-49c9-b593-d223f7449a82
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.
Props flixos90, jnylen0.
Fixes#38692.
git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.
Props lucasstark, swissspidy.
Fixes#38877.
git-svn-id: https://develop.svn.wordpress.org/trunk@39343 602fd350-edb4-49c9-b593-d223f7449a82
Document the type property as `readonly` and remove the default value. After #38820 it is no longer possible to set the type property on a comment to anything a custom type.
Props jnylen0, rachelbaker.
Fixes#38886.
git-svn-id: https://develop.svn.wordpress.org/trunk@39337 602fd350-edb4-49c9-b593-d223f7449a82
This accidentally assumed $name was the same as $meta_key, which ruined the whole point of $name.
Props tharsheblows, joehoyle.
Fixes#38786.
git-svn-id: https://develop.svn.wordpress.org/trunk@39328 602fd350-edb4-49c9-b593-d223f7449a82
Adding a brand new anonymous comment method is a potential conduit for spam. Since it's still useful functionality, we're now hiding it behind a filter to allow plugins and themes to turn it on if they do want it.
Props helen, rachelbaker, joehoyle.
Fixes#38855.
git-svn-id: https://develop.svn.wordpress.org/trunk@39327 602fd350-edb4-49c9-b593-d223f7449a82
