Releases: WP-API/WP-API
2.0 Beta 15 International Drainage Commission
-
Introduce support for Post Meta, Term Meta, User Meta, and Comment Meta in
their parent endpoints.For your meta fields to be exposed in the REST API, you need to register
them. WordPress includes aregister_meta()
function which is not usually
required to get/set fields, but is required for API support.To register your field, simply call register_meta and set the show_in_rest
flag to true. Note: register_meta must be called separately for each meta
key.(props @rmccue, @danielbachhuber, @kjbenk, @duncanjbrown, #2765)
-
Introduce Settings endpoint.
Expose options to the REST API with the
register_setting()
function, by
passing$args = array( 'show_in_rest' => true )
. Note: WordPress 4.7 is
required. See changeset [38635][https://core.trac.wordpress.org/changeset/38635].(props @joehoyle, @fjarrett, @danielbachhuber, @jonathanbardo,
@greatislander, #2739) -
Attachments controller, change permissions check to match core.
Check for the
upload_files
capability when creating an attachment.(props @nullvariable, @adamsilverstein, #2743)
-
Add
?{taxonomy}_exclude=
query parameterThis mirrors our existing support for ?{taxonomy}= filtering in the posts
controller (which allows querying for only records with are associated with
any of the provided term IDs for the specified taxonomy) by adding an
equivalent_exclude
variant to list IDs of terms for which associated posts
should NOT be returned.(props @kadamwhite, #2756)
-
Use
get_comment_type()
when comparing updating comment status.Comments having a empty
comment_type
within WordPress bites us again.
Fixes a bug where comments could not be updated because of bad comparison
logic.
Version 2.0 Beta 14 Snorkel the Animals
-
Add support for password protected posts
Password protected posts are now fully supported, you can create edit and read password protected posts in the REST API. There is now a
protected
attribute in thecontent
andexcerpt
fields in post response.To view password protected posts via the API, use the
password
query parameter to provide the post's password. -
Allow returning an error from field update callbacks
Fields added via
register_rest_field
can now return an instance ofWP_Error
in theupdate_callback
. -
Update the wp-api.js client from the client-js repo.
-
Add
relevance
orderby
to posts endpoint(props @websupporter, #2579)
-
Ability to order by
slug
,email
andurl
on the users endpoints. -
Add
sticky
parameter to the posts endpoint. -
Add link to comment children, allowing threaded comment querying
(props @BE-Webdesign, #2662, #1612)
-
Avoid unnecessary SQL query by passing
$user_nicename
(props @danielbachhuber, #2435)
-
Don't allow reading / creating of posts with no parent
(props @rachelbaker, #2744)
-
Mark Users'
capabilities
property as readonly(props @danielbachhuber, #2440)
-
Mark some post properties as readonly
(props @danielbachhuber, #2438, #2439)
-
Use WPINC instead of wp-includes/
(props @websupporter, #2461)
-
Return error, if user can't list users & content=edit
(props @websupporter, #2463)
-
Conditionally model the term response based on its schema
(props @danielbachhuber, #2470)
-
Include Post data on the response object when declared
(props @websupporter, #2423, #2416)
-
Add boolean type support to rest_validate_request_arg()
(props @westonruter, #2478)
-
Fix create/update requests not processing data included in the schema
(props @websupporter, #2479)
-
Remove Unused Parameter in lib/endpoints/class-wp-rest-controller.php
(props @hideokamoto, #2500)
-
Update post schema status description to reflect csv support.
(props @coderkevin, #2534)
-
Allow Comments to be created with a passed
author_ip
(props @rachelbaker, #1880)
-
The get_the_excerpt filter expects the post object as of WP 4.5.
-
Introduce WP_REST_Controller::get_post() for allowing plugins to mutate
get_post()'s return value(props @westonruter, #2535)
-
Use
show_in_rest
to determine "public" post types to check(props @danielbachhuber, #2384)
-
#2426 Fix inconsistent type for user caps
(props @BE-Webdesign, #2429, #2426)
-
Define user
type
as a string, not an array(props @danielbachhuber, #2556)
-
Fix failing test: Typecast the user_id in search to a string
(props @rachelbaker, #2617)
-
#2587 Fix registered date schema
(props @BE-Webdesign, #2628, #2587)
-
Fix forum url and installer-name in readme
-
Document options of the "status" parameter for Post collection GETs
(props @kadamwhite, #2645)
-
Improve WP_REST_Controller::filter_response_by_context().
-
#2424 Consistent slashes in rest_url() usage
(props @BE-Webdesign, #2428, #2424)
-
Add filters to allow for relevance search
(props @websupporter, #2665)
-
Alter default comment sort order to be "desc"
(props @kadamwhite, #2684)
-
Add raw and rendered to revisions schema
(props @websupporter, #2693)
-
"WP API" -> "WordPress REST API" in README files
(props @kadamwhite, #2697)
-
Improve boolean validation from schema
(props @BE-Webdesign, #2704, #2616)
-
Fix typo (PUT vs POST) in readme.md
(props @kadamwhite, #2716)
-
Add Codecov configuration
(props @danielbachhuber, #2718)
-
Fix inefficiency in users endpoint using
search => **
-
Ensure the terms list is a list
-
Added @return on handle_featured_media() doc
(props @vishalkakadiya, #2725)
-
#2730 Update attachments fields added with
register_rest_field
(props @BE-Webdesign, #2731, #2730)
-
#2582 Ensure the
roles
property is always an array(props @BE-Webdesign, #2728, #2582)
-
Move post_password_required filtering to preparation
-
Use wrapper for
sanitize_title
to avoid messed up slugs. -
Force per_page to override the filter variable
Version 2.0 Beta 13.1
- SECURITY: Return error when request can't context==edit for users.
Version 2.0 Beta 12.1
- SECURITY: Return error when request can't context==edit for users.
Version 2.0 Beta 13: yoink.adios\losers
-
BREAKING CHANGE: Fix Content-Disposition header parsing.
Allows regular form submissions from HTML forms, as well as properly formatted HTTP requests from clients. Note: this breaks backwards compatibility, as previously, the header parsing was completely wrong.
-
BREAKING CHANGE: Use compact links for embedded responses if they are available.
Introduces curies for sites running WordPress 4.5 or greater; no changes for those running WordPress 4.4.
-
JavaScript client updates:
- Support lodash, plus older and newer underscore: add an alias for
_.contains
- Add args and options on the model/collection prototypes
- Rework category/tag mixins to support new API structure
- Add workaround for the null/empty values returned by the API when creating a new post - these values are not accepted for subsequent updates/saves, so explicitly excluding them. See #2393
- Better handling of the (special)
me
endpoint - Schema parsing cleanup
- Introduce
wp.api.loadPromise
so developers can ensure api load complete before using
(props @adamsilverstein, #2403)
- Support lodash, plus older and newer underscore: add an alias for
-
Only adds alternate link header for publicly viewable CPTs.
(props @bradyvercher, #2387)
-
Adds
roles
param forGET /wp/v2/users
.(props @BE-Webdesign, #2372)
-
Declares
password
in user schema, but never displays it.(props @danielbachhuber, #2386)
-
Permits
edit
context for requests which can edit the user.(props @danielbachhuber, #2383)
-
Adds
rest_pre_insert_{$taxonomy}
filter for terms. -
Supports taxonomy collection args on posts endpoint.
-
Removes post meta link from post response.
-
Registers
description
attribute when registering args from schema.(props @danielbachhuber, #2362)
-
Uses
$comment
from the database withrest_insert_comment
action.(props @danielbachhuber, #2349)
-
Removes unnecessary global variables from users controller.
(props @claudiosmweb, #2335)
-
Ensures
GET /wp/v2/categories
with out of bounds offset doesn't return results.(props @danielbachhuber, #2313)
-
Adds top-level support for date queries on posts and comments.
(props @BE-Webdesign, #2266, #2291)
-
Respects
show_avatars
setting for comments.(props @BE-Webdesign, #2271)
-
Uses cached
get_the_terms()
for terms-for-post for better performance. -
Ensures comments search is an empty string.
-
If no title is provided in create attachment request or file metadata, falls back to filename.
(props @danielbachhuber, #2254)
-
Removes unused
$img_url_basename
variable in attachments controller.(props @danielbachhuber, #2250)
Version 2.0 Beta 12: Canyonero
-
BREAKING CHANGE: Removes meta endpoints from primary plugin.
If your project depends on post meta endpoints, please install WP REST API Meta Endpoints. For the gory history of meta, read #1425 and linked issues. At this time, we recommend using
register_rest_field()
to expose meta (docs).(props @danielbachhuber, #2172)
-
BREAKING CHANGE: Returns original resource when deleting PTCU.
Now that all resources require the
force
param, we don't need to wrap delete responses with thetrash
state.(props @danielbachhuber, #2163)
-
BREAKING CHANGE: Uses
roles
rather thanrole
in the Users controller.Building the REST API gives us the opportunity to standardize on
roles
, instead of having bothroles
androle
. -
BREAKING CHANGES: Moves to consistent use of
context
throughout controllers.Contexts limit the data present in the response. Here's how to think of them:
embed
correlates with sidebar representation,view
represents the primary public view, andedit
is the data expected for an editor.(props @danielbachhuber, #2205, #2204, #2203, #2218, #2216, #2230, #2184, #2235)
-
BREAKING CHANGE: Removes
post_*
query param support forGET /wp/v2/comments
.The proper pattern is to use
GET /wp/v2/posts
to fetch the post IDs to limit the request to.(props @danielbachhuber, #2165)
-
BREAKING CHANGE: Introduces
rest_validate_request_arg()
/rest_sanitize_request_arg()
.Dedicated functions means we can use them for validating / sanitizing query args too. Removes
WP_REST_Controller::validate_schema_property()
andWP_REST_Controller::sanitize_schema_property()
.(props @danielbachhuber, #2166, #2213)
-
Requires minimum value of 1 for
page
param.(props @danielbachhuber, #2241)
-
Introduces
media_type
andmime_type
params forGET /wp/v2/media
.(props @danielbachhuber, #2231)
-
Uses the term cache for post data.
-
Supports for querying comments where
post=0
.(props @danielbachhuber, #1865)
-
Exposes taxonomy and post type capabilities in
context=edit
.(props @danielbachhuber, #2216)
-
Errors early when user can't GET types or taxonomies when
context=edit
.(props @danielbachhuber, #2218)
-
Passes original $request context to
prepare_items_query
.(props @danielbachhuber, #2211)
-
Adds
parent
andparent_exclude
params to GET Comments.(props @danielbachhuber, #2206)
-
Enforces minimum 1 and maximum 100 values for
per_page
parameter.(props @danielbachhuber, #2209)
-
Adds
author
andauthor_exclude
params to GET Posts and Comments.(props @danielbachhuber, #2200, #2200)
-
Adds
menu_order
param forGET
Pages; supportmenu_order
orderby.(props @danielbachhuber, #2193)
-
Only calls
sanitize_text_field()
when sanitizingtype=string,format=email
.(props @danielbachhuber, #2185)
-
Validates
GET /wp/v2/comments
private query params.Returns an error when user doesn't have permission to use them, instead of silently discarding.
(props @danielbachhuber, #2178)
-
Explicitly prevents uploading attachments to other attachments or revisions.
(props @danielbachhuber, #2180)
-
Permits user urls to be edited through the API.
(props @danielbachhuber, #2182)
-
Marks all Status, Type and Taxonomy fields as
readonly
.(props @danielbachhuber, #2181)
-
Adds validation callbacks to collection query params.
-
Links taxonomy terms to the post type collections they support.
(props @danielbachhuber, #2167)
-
Returns error when making a
GET
request with invalid context.(props @danielbachhuber, #2169)
-
Adds
trash
status toGET /wp/v2/statuses
.(props @danielbachhuber, #2158)
-
Indicates when fields have HTML in schema.
-
Permits viewing of User who has published any Public posts.
(props @danielbachhuber, #2155)
-
Respects
show_avatars
option when adding avatars to Users.(props @nullvariable, #2151)
-
Controllers use
$namespace
and$rest_base
class variables for easier subclassing.(props @danielbachhuber, #2119, #2130, #2131, #2132, #2133, #2134, #2139, #2141, #2142)
Version 2.0 Beta 11: Give me a white wine spritzer!
-
BREAKING CHANGE: Moves Post->Term relations to the Post Resource
Previously, a client would fetch a Post's Tags with
GET /wp/v2/posts/<id>/tags
.In Beta 11, an array of term ids is included on the Post resource.
The collection of terms for a Post can be fetched with
GET /wp/v2/tags?post=<id>
.The
WP_REST_Posts_Terms_Controller
class no longer exists. -
BREAKING CHANGE: Adds latest JS client including a minified version.
See pull request for a summarized changelog.
(props @adamsilverstein, #1981)
-
BREAKING CHANGE: Changes
featured_image
attribute on Posts tofeatured_media
.While featuring other attachment types isn't yet officially supported, this makes it easier for us to introduce the possibility in the future.
(props @danielbachhuber, #2044)
-
BREAKING CHANGE: Uses discrete schema title for categories and tags.
If you've used
register_rest_field( 'term' )
, you'll need to change'term'
to'tag'
and/or'category'
.(props @danielbachhuber, #2005)
-
BREAKING CHANGE: Makes many filters dynamic based on the controller type.
If you were using the
rest_prepare_term
filter, you'll need to change it torest_prepare_post_tag
orrest_prepare_category
.If you were using
rest_post_query
orrest_terms_query
, you'll need update your use torest_page_query
, etc.If you were using
rest_post_trashable
,rest_insert_post
orrest_delete_post
, they are now dynamic based on the post type slug.(props @danielbachhuber, #2008, #2010, #2057, #2058)
-
Renames
GET /wp/v2/comments
user
param toauthor
to match resource attribute.Not a breaking change, because it didn't work in the first place.
(props @danielbachhuber, #2105)
-
Adds support for
GET /wp/v2/pages parent=1,2,3
.(props @danielbachhuber, #2101)
-
Persists image metadata title and caption when not present in the request.
(props @danielbachhuber, #2079)
-
Add
parent_exclude
param toGET /wp/v2/posts
.(props @danielbachhuber, #2077)
-
Adds
slug
param support for collections of Posts, Users, and Taxonomy Terms.(props @danielbachhuber, #2071, #2072, #2103)
-
When a comment is already trashed, returns
410:rest_already_trashed
.(props @danielbachhuber, #2069)
-
Filter the responses by context after processing additional fields.
(props @danielbachhuber, #2067)
-
Adds
offset
param support for collections of Posts, Users, Comments, and Taxonomy Terms.(props @danielbachhuber, #2061, #2062, #2064, #2076)
-
Adds
rest_insert_{$taxonomy}
andrest_delete_{$taxonomy}
actions.(props @danielbachhuber, #2060)
-
Provides more helpful error message/code on Post Create/Update fail.
(props @danielbachhuber, #2053)
-
Forces
GET /wp/v2/media
to be limited to'status' => [ inherit, private, trash ]
(props @danielbachhuber, #2026)
-
Uses more correct error code for
Comment::delete
permission check.(props @danielbachhuber, #2054)
-
Calls
prepare_item_for_response()
directly in create and update methods.This lets us pass the original request through, giving the method and its filter genuine context, and avoids an
unnecessary call toget_item()
. -
Moves permission check methods across controllers.
Placing them above the method they're supposed to check makes the code more readable.
(props @danielbachhuber, #2030, #2029, #2034, #2036, #2037, #2035, #2039)
-
Requires
force
argument forDELETE /wp/v2/<taxonomy>/<id>
.(props @danielbachhuber, #2028)
-
Conditionally requires and defines REST API classes and functions.
(props @danielbachhuber, #2023, #2024)
-
Avoid a duplicate query for the comment count.
-
Parses
$date
if available inprepare_date_response()
(props @adamsilverstein, #1951)
-
Abstracts
POST /wp/v2/media
permissions check.(props @danielbachhuber, #2003)
-
Adds
exclude
param to getting collections of Posts, Users, Comments, and Taxonomy Terms.(props @danielbachhuber, #1998, #1999, #2000, #2002)
-
Adds
rest_comment_query
for filteringGET /wp/v2/comments
.(props @danielbachhuber, #2007)
-
Uses HTTP status code
500
fordb_update_error
when creating an attachment.(props @danielbachhuber, #1993)
-
Adds helpful description to
force
param across allDELETE
registrations(props @danielbachhuber, #2004, #2027)
-
In
GET /wp/v2/<taxonomy>
, drops support fororderby=>term_id
.Only one
id
is exposed through the REST API.(props @danielbachhuber, #1990)
Version 2.0 Beta 9.1 (Security Release)
-
Ensure media of private posts are private too.
Reported by @danielbachhuber on 2016-01-08.
Version 2.0 Beta 8.1 (Security Release)
-
Ensure media of private posts are private too.
Reported by @danielbachhuber on 2016-01-08.
Version 2.0 Beta 7.1 (Security Release)
-
Ensure media of private posts are private too.
Reported by @danielbachhuber on 2016-01-08.