Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.
Props schlessera, rachelbaker.
See #37247.
Fixes#37192.
git-svn-id: https://develop.svn.wordpress.org/trunk@37943 602fd350-edb4-49c9-b593-d223f7449a82
The Link header allows clients to verify if a site has made the REST API available, as well as indicating how to access it.
Props danielbachhuber.
Fixes#35580.
git-svn-id: https://develop.svn.wordpress.org/trunk@37903 602fd350-edb4-49c9-b593-d223f7449a82
Prevent duplicate content issues with search engines and REST API endpoint response data.
Fixes#36390.
Props m_uysl for the initial patch.
git-svn-id: https://develop.svn.wordpress.org/trunk@37726 602fd350-edb4-49c9-b593-d223f7449a82
Replaces unsecure links in documentation and translator comments with their secure versions.
Props johnpgreen, netweb
Fixes#36993
git-svn-id: https://develop.svn.wordpress.org/trunk@37674 602fd350-edb4-49c9-b593-d223f7449a82
Move the REST API JSONP callback validation check into a separate function named `wp_check_jsonp_callback()`. This allows plugins to use the built-in validation when handling JSONP callbacks.
Extremely Important Note: If you send JSONP in your custom response, make sure you prefix the response with `/**/`. This will mitigate the Rosetta Flash exploit. You should also send the `X-Content-Type-Options:nosniff` header, or even better, use the REST API infrastructure.
Props rmccue.
Fixes#28523.
git-svn-id: https://develop.svn.wordpress.org/trunk@37646 602fd350-edb4-49c9-b593-d223f7449a82
Also use 'back-compat' in some inline comments where backward compatibility is the subject and shorthand feels more natural.
Note: 'backwards compatibility/compatibile' can also be considered correct, though it's primary seen in regular use in British English.
Props ocean90.
Fixes#36835.
git-svn-id: https://develop.svn.wordpress.org/trunk@37431 602fd350-edb4-49c9-b593-d223f7449a82
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246.
git-svn-id: https://develop.svn.wordpress.org/trunk@37342 602fd350-edb4-49c9-b593-d223f7449a82
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.
Props joehoyle.
Fixes#36419.
git-svn-id: https://develop.svn.wordpress.org/trunk@37163 602fd350-edb4-49c9-b593-d223f7449a82
In [36533] CURIEs were added to the API responses for the link relation URIs, this makes
it a lot easier for clients to look up links by relation. That patch was functional, but
broke on edge cases such as embedded responses and collection items with links in the items.
This patch instead takes a less obtrusive approach by creating a new `get_compact_response_links`
to compliment `get_response_links` making both old and new functionality available.
Also the regex for curie relations has been relaxed to `.+` as rel names can have any uri-valid charector in it.
Fixes#34729.
git-svn-id: https://develop.svn.wordpress.org/trunk@37041 602fd350-edb4-49c9-b593-d223f7449a82
Confusion abound, the API index is the generic term `url` to display the `site_url`. New `home` key will display the `home_url` in the index as well.
Fixes#35647.
git-svn-id: https://develop.svn.wordpress.org/trunk@37031 602fd350-edb4-49c9-b593-d223f7449a82
HEAD callbacks can now be registered independently, with the GET
callback still used as a fallback.
Fixes#34841.
git-svn-id: https://develop.svn.wordpress.org/trunk@36535 602fd350-edb4-49c9-b593-d223f7449a82
CURIEs are Compact URIs, which provide a more usable way to use
custom relations in the API. The `wp` CURIE is registered by default
for `https://api.w.org/` URI relations.
Fixes#34729.
Props joehoyle.
git-svn-id: https://develop.svn.wordpress.org/trunk@36533 602fd350-edb4-49c9-b593-d223f7449a82
If a validation_callback returns a WP_Error it should give the same response format as if it returned `false`. This makes programmatically reading the validation errors better.
Props bradyvercher for initial patch.
Fixes#35028.
git-svn-id: https://develop.svn.wordpress.org/trunk@35890 602fd350-edb4-49c9-b593-d223f7449a82
This is just an artifact of how we parse the URL, and is already available
via $request->get_route()
Props danielbachhuber.
Fixes#34647.
git-svn-id: https://develop.svn.wordpress.org/trunk@35659 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the API returned a list of errors, as WP_Error can hold multiple
error codes internally. This isn't a particularly common use case, and it
makes handling errors on the client side more complex than it needs to be.
Fixes#34551.
git-svn-id: https://develop.svn.wordpress.org/trunk@35653 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35351 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites to use an admin area over HTTPS with the front end over HTTP, and not end up with a cross-protocol problem when using the REST API URL in the admin area.
Fixes#34299
git-svn-id: https://develop.svn.wordpress.org/trunk@35342 602fd350-edb4-49c9-b593-d223f7449a82
It's shorter and is compatible with the default name in `wp_nonce_field()`.
Props danielbachhuber.
Fixes#34375.
git-svn-id: https://develop.svn.wordpress.org/trunk@35323 602fd350-edb4-49c9-b593-d223f7449a82
Also adds 'rest' to the documented list of schemes for `home_url()`, `get_home_url()`, `set_url_scheme()`, and the `home_url` and `set_url_scheme` hooks.
Props rachelbaker.
Fixes#34300.
git-svn-id: https://develop.svn.wordpress.org/trunk@35274 602fd350-edb4-49c9-b593-d223f7449a82
