[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.
This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.
Merges [41662], [42056] to the 4.7 branch.
See #41925.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42058 602fd350-edb4-49c9-b593-d223f7449a82
PHPUnit 6.4.1 and earlier versions ignored the `'0'` value, causing the issue to go unnoticed.
Merge of [41870] to the 4.7 branch.
Props SergeyBiryukov.
See #42232.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@42052 602fd350-edb4-49c9-b593-d223f7449a82
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.
Merges [41496] to 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41498 602fd350-edb4-49c9-b593-d223f7449a82
Previously if you passed an array of values for placeholders, additional values could be passed as well. Now additional values will be ignored.
Merges [41470] to 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@41472 602fd350-edb4-49c9-b593-d223f7449a82
This is due to `is_callable( 'parent::setExpectedException' )` not being supported on PHP 5.2 when the method being checked only exists on the grandparent class.
See #39822
Merges [40872] and [40873] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40876 602fd350-edb4-49c9-b593-d223f7449a82
Enable connecting to multiple wp-api `endpoints`. Calling `wp.api.init` with a new `apiRoot` will parse the new endpoint's schema and store a new set of models and collections. A collection of
connected endpoints is stored in `wp.api.endpoints`.
Props lucasstark.
Fixes#39683.
Merges [40364] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40735 602fd350-edb4-49c9-b593-d223f7449a82
* Add support for PHPUnit 6+.
* Add Composer files to the cache on Travis.
* Remove HHVM from the test infrastructure on Travis.
Merges [40536], [40538], [40539], and [40546] to the 4.7 branch.
See #40539Fixes#39822, #40548
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40547 602fd350-edb4-49c9-b593-d223f7449a82
[7520] introduced an undocumented feature whereby developers could
register a custom taxonomy with an 'args' parameter, consisting of
an array of config params that, when present, override corresponding
params in the `$args` array passed to `wp_get_object_terms()` when
using that function to query for terms in the specified taxonomy.
The `wp_get_object_terms()` refactor in [38667] failed to respect
this secret covenant, and the current changeset atones for the
transgression.
Ports [40513] to the 4.7 branch.
Props danielbachhuber.
Fixes#40496.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40514 602fd350-edb4-49c9-b593-d223f7449a82
This matches a similar change previously made for posts (#38579) and an upcoming change for users (#40213).
Props wonderboymusic, MatheusGimenez, curdin.
Fixes#40027.
Merges [40376] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40427 602fd350-edb4-49c9-b593-d223f7449a82
This prevents non-image fileypes from returning a mime type of "application/octet-stream" when `exif_imagetype()` returns `false`.
Props blobfolio.
Fixes#40017.
Merges [40397] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40403 602fd350-edb4-49c9-b593-d223f7449a82
Previously `update_blog_option()` would trigger an invalidation of that site's entire cache although these changes did not affect the content of
these caches. Furthermore changes to the special options `blogname`, `siteurl` and `post_count` should not invalidate the entire cache of that site, but only their respective site details cache. The option `home` now has the same behavior as it also belongs to the site details, but did not invalidate the cache at all previously.
Several new unit tests confirm these changes work as expected.
Fixes#40063.
Merges [40305] and [40333] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40385 602fd350-edb4-49c9-b593-d223f7449a82
Prior to 4.7, term relationships - as set by `wp_set_object_terms()` or
`wp_remove_object_terms()` - did not affect the term query cache. The
introduction of the 'object_ids' parameter in 4.7 means that the query
cache must be aware of object-term relationships. As such, the
'last_changed' incrementor is now invalidated when term relationships
are modified.
This bug only reared its head when delaying term counting, because term
counting performs its own term query cache invalidation.
Merges [40353] to the 4.7 branch.
Props mboynes.
Fixes#40306.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40354 602fd350-edb4-49c9-b593-d223f7449a82
This prevents an additional 301 redirect when clicking on the nav menu item, and it also prevents a scenario where the auth cookie may not be passed
and cause an authentication error when navigating in the customizer.
Props dlh, swissspidy.
Fixes#40112.
Merges [40300] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40338 602fd350-edb4-49c9-b593-d223f7449a82
Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post
object exists before checking the read permission for the parent post.
Props GhostToast.
Fixes#39881.
Merges [40306] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40337 602fd350-edb4-49c9-b593-d223f7449a82
The site's current timezone offset is an important piece of information for any REST API client that needs to manipulate dates. It has not been
previously available.
Expose both the `gmt_offset` (the site's current offset from UTC in hours) and `timezone_string` (which also provides information about daylight
savings time) via the "site info" endpoint (the base `/wp-json` response).
Also update the `wp-api-generated.js` fixture file with the changes to the default API responses.
Props sagarkbhatt.
Fixes#39854.
Merges [40238] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40336 602fd350-edb4-49c9-b593-d223f7449a82
[38667] changed the way that the filter parameters are built. That
changeset didn't fully account for the pre-4.7 format of `$taxonomies`.
Merge of [40290] to the 4.7 branch.
Props ig_communitysites.
Fixes#40154.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40291 602fd350-edb4-49c9-b593-d223f7449a82
Overriding pluggable functions in the test suite is asking for trouble in the future. In addition, it means the test suite can't be guaranteed to behave the same as core.
This instead introduces a `send_auth_cookies` filter which can be hooked in during the test suite to prevent these functions from attempting to send cookie headers to the client.
Fixes#39367
Merges [40263] and [40264] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40265 602fd350-edb4-49c9-b593-d223f7449a82
This skips time sensitive tests (copyright year and PHP/MySQL version requirements) when tests are run on branches on Travis.
Props netweb, jorbin
Fixes#39486
Merges [40241] to the 4.7 branch.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40250 602fd350-edb4-49c9-b593-d223f7449a82
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information. It's just not used at this point in time. Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.
After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.
Merge of [40120] and [40121] to the 4.7 branch.
Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes#39232.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40137 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts as if the `sticky` argument was not set. In this situation, the query should return an empty array instead.
A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.
Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.
Merge of [40037] and [40122] to the 4.7 branch.
Props ryelle, jnylen0.
See #39079.
Fixes#39947.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40136 602fd350-edb4-49c9-b593-d223f7449a82
Due to inconsistencies in the way browsers handle Exif orientation data,
if a user manually rotates an image within WordPress, set the Exif orientation to
the default (1) so that the image displays with the same rotation/flip in every browser.
Props sanchothefat, triplejumper12, joemcgill, azaozz, markoheijnen, mikeschroder.
Merges [40123] and [40129] to the 4.7 branch.
Fixes#37140. See #14459.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40135 602fd350-edb4-49c9-b593-d223f7449a82
[39831] introduced more strict MIME type checking for uploads, which
resulted in unintetionally blocking several filetypes that were
previously valid. This change uses a more targeted approach to MIME
validation to restore previous behavior for most types.
Props blobfolio, iandunn, ipstenu, markoheijnen, xknown, joemcgill.
Merges [40124] and [40125] to the 4.7 branch.
Fixes#39550, #39552.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40134 602fd350-edb4-49c9-b593-d223f7449a82
Since support for PDF previews were added in [38949], it's possible
that the generated image file could overwrite an existing image file
with the same name. This uses wp_unique_filename() to avoid this
issue and adds a '-pdf' identifier on the end of filenames.
Props gitlost, desrosj, mikeschroder, joemcgill.
Merges [40130] and [40131] to the 4.7 branch.
Fixes#39875. See #31050.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40133 602fd350-edb4-49c9-b593-d223f7449a82
Fix parsing of custom namespace routes. Transform class names, removing dashes and capitalizing each word/route part so a route path of `widgets/recent-posts` becomes a collection with the name `WidgetsRecentPosts`. Correct parent route part when routes are longer than expected, reversing parse direction.
Props westonruter, jazbek, adamsilverstein, jnylen0.
Merges [40074] and [40109] to the 4.7 branch.
Fixes#39561.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40117 602fd350-edb4-49c9-b593-d223f7449a82
Add QUnit tests: verify that wp-api loads correctly, verify that the expected base models and collections exist and can be instantiated, verify that collections contain the correct models, verify that expected helper functions are in place for each collection.
The QUnit tests rely on two fixture files: `tests/qunit/fixtures/wp-api-generated.js` contains the data response from each core endpoint and is generated by running the PHPUnit `restapi-jsclient` group. `tests/qunit/fixtures/wp-api.js` maps the generated data to endpoint routes, and overrides `Backbone.ajax` to mock the responses for the tests.
Add PHPUnit tests in `tests/phpunit/tests/rest-api/rest-schema-setup.php`. First, verify that the API returns the expected routes via `server->get_routes()`. Then, the `test_build_wp_api_client_fixtures` test goes thru each endpoint and requests it from the API, tests that it returns data, and builds up the data for the mocked QUnit tests, saving the final results to `tests/qunit/fixtures/wp-api-generated.js`.
Add a new grunt task `restapi-jsclient` which runs the phpunit side data generation and the qunit tests together.
Props jnylen0, welcher, adamsilverstein, netweb, ocean90, rachelbaker.
Merges [40058], [40061], [40065], [40066], [40077], and [40104] to the 4.7 branch.
Fixes#39264.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40116 602fd350-edb4-49c9-b593-d223f7449a82
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.
This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.
Props joehoyle, jnylen0.
Merges [40108] to the 4.7 branch.
Fixes#38883.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40115 602fd350-edb4-49c9-b593-d223f7449a82
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.
It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.
Overall this commit ensures that post and comment dates can be set and updated as expected.
Props jnylen0.
Merges [40101] to the 4.7 branch.
Fixes#39256.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40114 602fd350-edb4-49c9-b593-d223f7449a82
DELETE was inadvertently omitted from the list of non-POST HTTP methods that should be able to accept body parameters. Parameters passed to DELETE requests as JSON are already parsed correctly; this commit fixes application/x-www-form-urlencoded parameters as well.
Props mnelson4.
Merges [40105] to the 4.7 branch.
Fixes#39933.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40113 602fd350-edb4-49c9-b593-d223f7449a82
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.
This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.
Props jnylen0, jeremyfelt, johnjamesjacoby.
Merges [40106] to the 4.7 branch.
Fixes#39701.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40111 602fd350-edb4-49c9-b593-d223f7449a82
Keep bumping the date for the auto-draft to preserve it from garbage-collection via `wp_delete_auto_drafts()` after 7 days.
Props westonruter.
Merges [40041] to the 4.7 branch.
See #30937.
Fixes#39713.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40099 602fd350-edb4-49c9-b593-d223f7449a82
Changes `WP_Customize_Nav_Menus::insert_auto_draft_post()` so it can be invoked for a `post_type` that is not registered (yet).
Props westonruter.
Merges [39924] to the 4.7 branch.
See #38615, #38114.
Fixes#39610.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40098 602fd350-edb4-49c9-b593-d223f7449a82
Fixes bad conditions in `WP_Customize_Setting::get_root_value()` and `WP_Customize_Setting::set_root_value()`.
Props dlh, westonruter.
Amends [35007].
Merges [40036] to the 4.7 branch.
See #32103.
Fixes#36952.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40088 602fd350-edb4-49c9-b593-d223f7449a82
Partial revert of [38929].
This reverts the source code from the commit for #30210 to prevent valid but empty feeds from returning 404 file not found errors for the home and custom feeds.
The tests in the commit that remain applicable are retained.
Props pavelevap for reporting, stevenkword for initial patch, peterwilsoncc.
See #30210.
Merges [40030] to the 4.7 branch.
Fixes#39157.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40085 602fd350-edb4-49c9-b593-d223f7449a82
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.
Props dhanendran, jnylen0, rachelbaker.
Merges [40080] to the 4.7 branch.
Fixes#39466.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40081 602fd350-edb4-49c9-b593-d223f7449a82
The `post_author` field is a string internally, but we need to cast it to an integer in the REST API. This was already done for posts, but not for revisions. The field is already declared as an integer in both controllers.
Props jnylen0.
Merges [40063] to the 4.7 branch.
Fixes#39871.
git-svn-id: https://develop.svn.wordpress.org/branches/4.7@40078 602fd350-edb4-49c9-b593-d223f7449a82