The list of endpoint parameters should only include explicitly named and requested parameters.
Props flixos90, rmccue, jnylen0.
Fixes#40704.
git-svn-id: https://develop.svn.wordpress.org/trunk@41223 602fd350-edb4-49c9-b593-d223f7449a82
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.
See #41452.
git-svn-id: https://develop.svn.wordpress.org/trunk@41162 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests). This matches the behavior of the `nocache_headers` function used in other parts of WordPress.
Previously, the REST API would send an empty `Last-Modified` header in this situation. Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.
Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes#40444.
git-svn-id: https://develop.svn.wordpress.org/trunk@40805 602fd350-edb4-49c9-b593-d223f7449a82
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates. It has not been previously available.
Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight savings time) via the "site info" endpoint (the base `/wp-json` response).
Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.
Props sagarkbhatt.
Fixes#39854.
git-svn-id: https://develop.svn.wordpress.org/trunk@40238 602fd350-edb4-49c9-b593-d223f7449a82
Multiple post statuses can be specified by the usual CSV or array-propper format.
Props jnylen0, kadamwhite, websupporter.
Fixes#38420.
git-svn-id: https://develop.svn.wordpress.org/trunk@39104 602fd350-edb4-49c9-b593-d223f7449a82
This allows `POST` requests with a wider variety of `Content-Type' headers - `Content-Type: application/json`, for example.
Props jnylen0.
Fixes#37994.
git-svn-id: https://develop.svn.wordpress.org/trunk@39044 602fd350-edb4-49c9-b593-d223f7449a82
As the REST API becomes more integral to WordPress Core, turning it off will cause a... suboptimal experience. If we don't want it to be turned off, the off switch needs to be removed.
Props jorbin, pento.
Fixes#38446.
git-svn-id: https://develop.svn.wordpress.org/trunk@38947 602fd350-edb4-49c9-b593-d223f7449a82
Introduce two new filters: `rest_request_before_callbacks` and `rest_request_after_callbacks` to
assist REST API middleware plugins to perform pre-callback and cleanup hooks such as `switch_to_blog()`
or caching implementations.
Props jnylen0.
Fixes#35590.
git-svn-id: https://develop.svn.wordpress.org/trunk@38689 602fd350-edb4-49c9-b593-d223f7449a82
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.
Props websupporter, rmccue.
Fixes#37560.
git-svn-id: https://develop.svn.wordpress.org/trunk@38601 602fd350-edb4-49c9-b593-d223f7449a82
Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.
Props schlessera, rachelbaker.
See #37247.
Fixes#37192.
git-svn-id: https://develop.svn.wordpress.org/trunk@37943 602fd350-edb4-49c9-b593-d223f7449a82
The Link header allows clients to verify if a site has made the REST API available, as well as indicating how to access it.
Props danielbachhuber.
Fixes#35580.
git-svn-id: https://develop.svn.wordpress.org/trunk@37903 602fd350-edb4-49c9-b593-d223f7449a82
Prevent duplicate content issues with search engines and REST API endpoint response data.
Fixes#36390.
Props m_uysl for the initial patch.
git-svn-id: https://develop.svn.wordpress.org/trunk@37726 602fd350-edb4-49c9-b593-d223f7449a82
Replaces unsecure links in documentation and translator comments with their secure versions.
Props johnpgreen, netweb
Fixes#36993
git-svn-id: https://develop.svn.wordpress.org/trunk@37674 602fd350-edb4-49c9-b593-d223f7449a82
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.
Props rmccue.
Fixes#28523.
git-svn-id: https://develop.svn.wordpress.org/trunk@37646 602fd350-edb4-49c9-b593-d223f7449a82
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.
Props joehoyle.
Fixes#36419.
git-svn-id: https://develop.svn.wordpress.org/trunk@37163 602fd350-edb4-49c9-b593-d223f7449a82
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.
This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.
Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.
Fixes#34729.
git-svn-id: https://develop.svn.wordpress.org/trunk@37041 602fd350-edb4-49c9-b593-d223f7449a82
Confusion abound, the API index is the generic term `url` to display the `site_url`. New `home` key will display the `home_url` in the index as well.
Fixes#35647.
git-svn-id: https://develop.svn.wordpress.org/trunk@37031 602fd350-edb4-49c9-b593-d223f7449a82
HEAD callbacks can now be registered independently, with the GET
callback still used as a fallback.
Fixes#34841.
git-svn-id: https://develop.svn.wordpress.org/trunk@36535 602fd350-edb4-49c9-b593-d223f7449a82
CURIEs are Compact URIs, which provide a more usable way to use
custom relations in the API. The `wp` CURIE is registered by default
for `https://api.w.org/` URI relations.
Fixes#34729.
Props joehoyle.
git-svn-id: https://develop.svn.wordpress.org/trunk@36533 602fd350-edb4-49c9-b593-d223f7449a82
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()
Props danielbachhuber.
Fixes#34647.
git-svn-id: https://develop.svn.wordpress.org/trunk@35659 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.
Fixes#34551.
git-svn-id: https://develop.svn.wordpress.org/trunk@35653 602fd350-edb4-49c9-b593-d223f7449a82
Baby API was born at 2.8KLOC on October 8th at 2:30 UTC. API has lots
of growing to do, so wish it the best of luck.
Thanks to everyone who helped along the way:
Props rmccue, rachelbaker, danielbachhuber, joehoyle, drewapicture,
adamsilverstein, netweb, tlovett1, shelob9, kadamwhite, pento,
westonruter, nikv, tobych, redsweater, alecuf, pollyplummer, hurtige,
bpetty, oso96_2000, ericlewis, wonderboymusic, joshkadis, mordauk,
jdgrimes, johnbillion, jeremyfelt, thiago-negri, jdolan, pkevan,
iseulde, thenbrent, maxcutler, kwight, markoheijnen, phh, natewr,
jjeaton, shprink, mattheu, quasel, jmusal, codebykat, hubdotcom,
tapsboy, QWp6t, pushred, jaredcobb, justinsainton, japh, matrixik,
jorbin, frozzare, codfish, michael-arestad, kellbot, ironpaperweight,
simonlampen, alisspers, eliorivero, davidbhayes, JohnDittmar, dimadin,
traversal, cmmarslender, Toddses, kokarn, welcher, and ericpedia.
Fixes#33982.
git-svn-id: https://develop.svn.wordpress.org/trunk@34928 602fd350-edb4-49c9-b593-d223f7449a82
