The edit access in now taken into account for each individual post, term, or user in the response.
Merges [60814] into the 6.8 branch.
Props andraganescu, desrosj, ehti, hurayraiit, iandunn, joehoyle, johnbillion, jorbin, mnelson4, noisysocks, peterwilsoncc, rmccue, timothyblynjacobs, vortfu, whyisjake, zieladam.
Built from https://develop.svn.wordpress.org/branches/6.8@60817
git-svn-id: http://core.svn.wordpress.org/branches/6.8@60153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This restores the 6.7 and below behavior for the posts endpoint which did not include sticky posts by default.
Follow-up to [59801].
Reviewed by desrosj.
Merges [60197] to the 6.8 branch.
Props nikunj8866, SirLouen, ankitmaru, wildworks, karthikeya01, Mamaduka, spacedmonkey, jorbin.
Fixes#63307. See #35907.
Built from https://develop.svn.wordpress.org/branches/6.8@60200
git-svn-id: http://core.svn.wordpress.org/branches/6.8@59536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While having a mime type with an "image" prefix, SVG images are in fact "Scalable Vector Graphics" that can be scaled directly.
Follow-up to [60084].
Reviewed by desrosj.
Backports [60195] to the 6.8 branch.
Props sirlouen, adamsilverstein, audrasjb, pbiron, sainathpoojary, dilipbheda, pratiklondhe.
Fixes#63302. See #61167.
Built from https://develop.svn.wordpress.org/branches/6.8@60196
git-svn-id: http://core.svn.wordpress.org/branches/6.8@59532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Normalize behavior between uploading in the media library and uploading directly to the block editor. Now, when uploading an image with a mime type the server does not support (either in the media library or the block editor), the user will see an error message “This image cannot be processed by the web server. Convert it to JPEG or PNG before uploading”.
Alos, add a new filter `wp_prevent_unsupported_mime_type_uploads` which determines whether the server should prevent uploads for image types it doesn't support. The default value is true and the filter also receives the uploaded image mime type.
Props: joomskys, adamsilverstein, azaozz, swissspidy, joemcgill, flixos90, audrasjb.
Fixes#61167
Built from https://develop.svn.wordpress.org/trunk@60084
git-svn-id: http://core.svn.wordpress.org/trunk@59420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In [59889] the REST API controllers were adjusted to perform less work when responding to HEAD requests. The WP_REST_Response body would now be `null`, which caused issues with filters that expected the response body to be an array.
This commit sets the response body to be an empty array when preparing the response instead. The body will still be discarded, but this provides better backward comppatibility with code that assumes an array will be used.
See #56481.
Props antonvlasenko, timothyblynjacobs, mamaduka, wildworks.
Built from https://develop.svn.wordpress.org/trunk@59970
git-svn-id: http://core.svn.wordpress.org/trunk@59312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The active theme(s) now return two additional properties, `default_template_types` and `default_template_part_areas`, in the REST response.
Props mamaduka, joemcgill, timothyblynjacobs, audrasjb, gigitux, peterwilsoncc, youknowriad, jorbin.
Fixes#62574.
Built from https://develop.svn.wordpress.org/trunk@59965
git-svn-id: http://core.svn.wordpress.org/trunk@59307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset replaces `edit_theme_options` with the `export` capability to determine whether the current user can export themes. That condition determines whether to show the Export Theme button in the Site Editor. Using `export` capability makes it more consistent with general export capabilities across the administration.
Props unsalkorkmaz, rajinsharwar, audrasjb, peterwilsoncc, desrosj, Mamaduka, TimothyBlynJacobs.
Fixes#57379.
Built from https://develop.svn.wordpress.org/trunk@59924
git-svn-id: http://core.svn.wordpress.org/trunk@59266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
By default, the REST API responds to HEAD rqeuests by calling the GET handler and omitting the body from the response. While convenient, this ends up performing needless work that slows down the API response time.
This commit adjusts the Core controllers to specifically handle HEAD requests by not preparing the response body.
Fixes#56481.
Props antonvlasenko, janusdev, ironprogrammer, swissspidy, spacedmonkey, mukesh27, mamaduka, timothyblynjacobs.
Built from https://develop.svn.wordpress.org/trunk@59899
git-svn-id: http://core.svn.wordpress.org/trunk@59241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds support for passing a `search_columns` argument to the user controller so that users with `list_users` caps can specify which field is being searched.
Props youknowriad, joemcgill, ntsekouras, mreishus, mamaduka.
Fixes 62596.
Built from https://develop.svn.wordpress.org/trunk@59892
git-svn-id: http://core.svn.wordpress.org/trunk@59234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduce `ignore_sticky` as a boolean argument for the posts endpoint for requests without the sticky posts being stuck. The new argument defaults to `false` with the value of the argument passed to `WP_Query`'s `ignore_sticky_posts` parameter.
Props audrasjb, danielbachhuber, joemcgill, johnbillion, jorbin, mamaduka, rmccue.
Fixes#35907.
Built from https://develop.svn.wordpress.org/trunk@59801
git-svn-id: http://core.svn.wordpress.org/trunk@59143 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Values passed to parameters with this attribute will be redacted if present in a stack trace when using PHP 8.2 or later. This reduces the chance that passwords and security keys get accidentally exposed in debug logs and bug reports.
Props petitphp, TobiasBg, jrf, johnbillion.
Fixes#57304
Built from https://develop.svn.wordpress.org/trunk@59754
git-svn-id: http://core.svn.wordpress.org/trunk@59096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The menu, menu item, and menu location endpoints were added to the REST API in [52079]. In that commit, menu data was treated as private and restricted to logged-in users with the edit_theme_options capability. However, in many cases, this data can be considered public. Previously, there was no simple way for developers to allow this data to be exposed via the REST API.
This commit introduces the rest_menu_read_access filter, enabling developers to control read access to menus, menu items, and menu locations in the REST API. The same filter is applied across all three REST API classes, simplifying the process of opting into exposing this data.
Each instance of the filter provides the current request and the relevant class instance as context, allowing developers to selectively or globally enable access to the data.
Props spacedmonkey, antonvlasenko, kadamwhite, julianmar, masteradhoc.
Fixes#54304.
Built from https://develop.svn.wordpress.org/trunk@59718
git-svn-id: http://core.svn.wordpress.org/trunk@59060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This bug could occur in `WP_REST_Posts_Controller`, `WP_REST_Global_Styles_Revisions_Controller`, `WP_REST_Revisions_Controller`, and any of their child classes. This changeset fixes it throughout.
Props apermo, pbearne, hemant-ahir, flixos90.
Fixes#62292.
Built from https://develop.svn.wordpress.org/trunk@59630
git-svn-id: http://core.svn.wordpress.org/trunk@58993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Ignore the `format` parameter introduced in WordPress 6.7 for post types that do not support post formats. This protects against a fatal error being thrown in later version of PHP or a warning in earlier versions of PHP.
Follow up to r59115.
Props dd32, sergeybiryukov, yogeshbhutkar.
Fixes#62646.
See #62014.
Built from https://develop.svn.wordpress.org/trunk@59544
git-svn-id: http://core.svn.wordpress.org/trunk@58930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In #34114, just-in-time (JIT) translation loading was implemented for projects hosted on WordPress.org. This is now expanded to all other plugins/themes.
Projects with a custom `Text Domain` and `Domain Path` header no longer need to call `load_plugin_textdomain()` or `load_theme_textdomain()`.
This reduces the risk of calling them too late, after some translation calls already happened, and generally makes it easier to properly internationalize a plugin or theme.
This moves the `get_plugin_data()` from `wp-admin/includes/plugin.php` to `wp-includes/functions.php` so it's available during the plugin loading process.
Props swissspidy.
Fixes#62244.
Built from https://develop.svn.wordpress.org/trunk@59461
git-svn-id: http://core.svn.wordpress.org/trunk@58847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
It is possible to supply a set of default query `args` to `register_taxonomy()` which will be used when querying a list of terms -- for example, `orderby` in order to specify how the resulting list of terms should be sorted.
The Terms REST API controller previously respected these default query args only if the request included a post ID. This changeset makes it so that the default args will also be respected if no post ID is provided.
Props bernhard-reiter, jsnajdr.
Fixes#62500.
Built from https://develop.svn.wordpress.org/trunk@59458
git-svn-id: http://core.svn.wordpress.org/trunk@58844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This addresses two instances where a function that is documented as returning `{someType}|null` doesn't explicitly return `null`.
Affected functions:
* `array_key_first()`
* `WP_REST_Posts_Controller::handle_terms()`
Follow-up to [38832], [52038].
Props justlevine.
See #52217.
Built from https://develop.svn.wordpress.org/trunk@59453
git-svn-id: http://core.svn.wordpress.org/trunk@58839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves an issue where the private property `WP_User_Query::$results` is accessed directly in `WP_REST_Users_Controller::get_items()` instead of via the `::get_results()` method.
Follow-up to [38832].
Props justlevine.
See #52217.
Built from https://develop.svn.wordpress.org/trunk@59357
git-svn-id: http://core.svn.wordpress.org/trunk@58743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces post format support for both the Query Block with the new parameter `format`. In the `build_query_vars_from_query_block()` function, this is converted to a `post_format` taxonomy query passed to `WP_Query`.
Also introduces the `format` parameter to the REST API's Posts controller to support the feature in the Query block. The parameter type is an enumerated string accepted the post formats supported by each post type.
Props poena, mukesh27, mamaduka, noisysocks, TimothyBlynJacobs.
Fixes#62014.
Built from https://develop.svn.wordpress.org/trunk@59115
git-svn-id: http://core.svn.wordpress.org/trunk@58511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Prevents a potential type errors when making use of the `gmt_offset` option by casting the value to a float prior to performing calculations with the value.
This mainly accounts for incorrect storage of values, such as an empty string or city name.
Follow up to [58923].
Props chaion07, hellofromtonya, kirasong, mhshohel, mukesh27, nicolefurlan, nihar007, nurielmeni, oglekler, peterwilsoncc, prionkor, rajinsharwar, rarst, rleeson, sabernhardt, SergeyBiryukov, swissspidy, toastercookie, verygoode.
Fixes#56358, #58986, #60629.
Built from https://develop.svn.wordpress.org/trunk@59064
git-svn-id: http://core.svn.wordpress.org/trunk@58460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included.
Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs.
Fixes#62042.
Built from https://develop.svn.wordpress.org/trunk@59048
git-svn-id: http://core.svn.wordpress.org/trunk@58444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `password` property which gets sent as part of a request POST body while setting a post's password should not be checked when calculating post visibility permissions.
That value in the request body is intended to update the post, not to authenticate, and may be malformed or an invalid non-string type which would cause a fatal when checking against the hashed post password value.
Query parameter `?password=` values are the correct interface to check, and are also guaranteed to be strings.
Props mlf20, devansh016, antonvlasenko, TimothyBlynJacobs, kadamwhite.
Fixes#61837.
Built from https://develop.svn.wordpress.org/trunk@59036
git-svn-id: http://core.svn.wordpress.org/trunk@58432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset adds support for a new `search_semantics` enum query parameter that can be passed alongside the `search` string parameter. At this point, it only supports "exact" as possible value, but an enum is used for forward compatibility with potential enhancements like "sentence" search support. If `search_semantics=exact` is passed, it will look for an exact match rather than do a full text search, which for some use-cases is more appropriate and more performant.
Props mehulkaklotar, timothyblynjacobs, jimmyh61, ironprogrammer, johnregan3, mukesh27, costdev.
Fixes#56350.
Built from https://develop.svn.wordpress.org/trunk@59034
git-svn-id: http://core.svn.wordpress.org/trunk@58430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Automatically create a JPEG version of uploaded HEIC images if the server has
a version of Imagick that supports HEIC. Conversion is done silently through
the existing `WP_Image_Editor` infrastructure that creates multiple sizes of
uploaded images.
This allows users to view HEIC images in WP Admin and use them in their posts
and pages regardless of whether their browser supports HEIC. Browser support
for HEIC is relatively low (only Safari) while the occurrence of HEIC images is
relatively common. The original HEIC image can be downloaded via a link on
the attachment page.
Props adamsilverstein, noisysocks, swissspidy, spacedmonkey, peterwilsoncc.
Fixes#53645.
Built from https://develop.svn.wordpress.org/trunk@58849
git-svn-id: http://core.svn.wordpress.org/trunk@58245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Introduces `wp_get_wp_version()` to get an unmodified value of `$wp_version` from `wp-includes/version.php`. Some plugins modify the global in an attempt to improve security through obscurity. This practice can cause errors in WordPress so the ability to get an unmodified version is needed.
Replaces instances within the code base in which `version.php` was required in order to get an unmodified value. `script-loader.php` is intentionally excluded from the replacements as the function is not always available to the file.
Props debarghyabanerjee, afragen, costdev.
See #61627.
Built from https://develop.svn.wordpress.org/trunk@58813
git-svn-id: http://core.svn.wordpress.org/trunk@58209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the /posts or /pages endpoints, for private posts or pages, you get the following title property: { raw: "Some title", rendered: "Private: Some title" }
this commit removes the prefix from rendered private posts titles (just like what we do for protected posts)
Props youknowriad, swissspidy, timothyblynjacobs, sergeybiryukov, ramonopoly.
Fixes#61639.
Built from https://develop.svn.wordpress.org/trunk@58783
git-svn-id: http://core.svn.wordpress.org/trunk@58185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds a fail-safe to return an empty string should the `switch` ever fall through without returning.
Currently, `WP_REST_Templates_Controller::get_wp_templates_author_text_field()` is tightly coupled to `WP_REST_Templates_Controller::get_wp_templates_original_source_field()`. However, if the `$original_source` values change in either method, but not both, it is possible a `void` or `null` will be returned, rather than a `string`.
Follow-up to [57366].
Props antonvlasenko, hellofromTonya, debarghyabanerjee.
Fixes#61580.
Built from https://develop.svn.wordpress.org/trunk@58705
git-svn-id: http://core.svn.wordpress.org/trunk@58107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As of [58457], the width and height cropping values are cast to an integer before the comparison to see if the target width and height differ from the original width and height.
Since they are now integers, it exposes a bug where the `&&` of the `if` conditional meant that if you were only cropping in one dimension, the check wouldn't pass, and cropping would not occur.
In the block editor, the cropping tools are aspect ratio based, so one of the dimensions will always match that of the source image. Therefore, now that the values are cast as integers, the condition that allows a cropping to occur needs to be updated. If either width or height is different from the source image, then a crop should be allowed.
Follow-up to [50124], [58457].
Props andrewserong, jrf, kevin940726.
Fixes#61514. See #59782.
Built from https://develop.svn.wordpress.org/trunk@58612
git-svn-id: http://core.svn.wordpress.org/trunk@58045 1a063a9b-81f0-0310-95a4-ce76da25c4cd
These changes involve:
- Move shared variation definitions from styles.blocks.variations to styles.variations
- Remove blockTypes from styles.variations.
- Do not register shared variations from theme style variation or primary theme.json files.
- Move the merging of theme.json data into the WP_Theme_JSON_Resolver and WP_Theme_JSON classes.
These changes improve performance and are more future-proof API wise.
See conversation at https://github.com/WordPress/gutenberg/issues/62686
Props aaronrobertshaw, oandregal, andrewserong, joemcgill, talldanwp, andrewserong, ramonopoly, richtabor, youknowriad.
See #61312, #61451.
Built from https://develop.svn.wordpress.org/trunk@58466
git-svn-id: http://core.svn.wordpress.org/trunk@57915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Cast crop values to integers to prevent PHP error caused by implicit conversion from `float` to `int` values when cropping images using ImageMagick.
Props skithund, mai21, nicomollet, amanias1977, joedolson.
Fixes#59782.
Built from https://develop.svn.wordpress.org/trunk@58457
git-svn-id: http://core.svn.wordpress.org/trunk@57906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds template and template_lock property of the post type to post types REST API endpoint.
This change allows us to fix a bug where the template of a page is not respected when creating a new page on the site editor.
Props jorgefilipecosta, oandregal, timothyblynjacobs, mukesh27.
Fixes#61477.
Built from https://develop.svn.wordpress.org/trunk@58452
git-svn-id: http://core.svn.wordpress.org/trunk@57901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Match the naming behavior for uploaded media in the REST API to the way media is named when uploading in the media library. Fix an issue where dashes were replacing spaces unnecessarily.
Props abitofmind, kadamwhite, spacedmonkey, adamsilverstein, audrasjb, hellofromTonya.
Fixes#57957.
Built from https://develop.svn.wordpress.org/trunk@58447
git-svn-id: http://core.svn.wordpress.org/trunk@57896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Stores the font file sub-directory in the `wp_font_face` post meta. Similar to attachments, only the portion of the path relative to the base directory is stored.
This ensures the files can be deleted alongside their post on sites using a plugin to store font files in sub-directories. Previously running such a plugin would result in the files remaining on the file system post delete.
Props costdev, grantmkin, peterwilsoncc.
Fixes#61297.
Built from https://develop.svn.wordpress.org/trunk@58353
git-svn-id: http://core.svn.wordpress.org/trunk@57805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
