API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 18th, 2019
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 62.23 KB | None | 0 0
raw download clone embed print report
  1. === WordPress REST API (Version 2) ===
  2. Contributors: rmccue, rachelbaker, danielbachhuber, joehoyle
  3. Tags: json, rest, api, rest-api
  4. Requires at least: 4.6
  5. Tested up to: 4.7-alpha
  6. Stable tag: 2.0-beta15
  7. License: GPLv2 or later
  8. License URI: http://www.gnu.org/licenses/gpl-2.0.html
  9.  
  10. Access your site's data through an easy-to-use HTTP REST API. (Version 2)
  11.  
  12. == Description ==
  13. WordPress is moving towards becoming a fully-fledged application framework, and we need new APIs. This project was born to create an easy-to-use, easy-to-understand and well-tested framework for creating these APIs, plus creating APIs for core.
  14.  
  15. This plugin provides an easy to use REST API, available via HTTP. Grab your site's data in simple JSON format, including users, posts, taxonomies and more. Retrieving or updating data is as simple as sending a HTTP request.
  16.  
  17. Want to get your site's posts? Simply send a `GET` request to `/wp-json/wp/v2/posts`. Update user with ID 4? Send a `PUT` request to `/wp-json/wp/v2/users/4`. Get all posts with the search term "awesome"? `GET /wp-json/wp/v2/posts?filter[s]=awesome`. It's that easy.
  18.  
  19. The WordPress REST API exposes a simple yet easy interface to WP Query, the posts API, post meta API, users API, revisions API and many more. Chances are, if you can do it with WordPress, the API will let you do it.
  20.  
  21. The REST API also includes an easy-to-use JavaScript API based on Backbone models, allowing plugin and theme developers to get up and running without needing to know anything about the details of getting connected.
  22.  
  23. Check out [our documentation][docs] for information on what's available in the API and how to use it. We've also got documentation on extending the API with extra data for plugin and theme developers!
  24.  
  25. All tickets for the project are being tracked on [GitHub][]. You can also take a look at the [recent updates][] for the project.
  26.  
  27. [docs]: http://v2.wp-api.org/
  28. [GitHub]: https://github.com/WP-API/WP-API
  29. [recent updates]: http://make.wp-api.org/
  30.  
  31. == Installation ==
  32.  
  33. Install the WP REST API via the plugin directory, or by uploading the files manually to your server.
  34.  
  35. For full-flavoured API support, you'll need to be using pretty permalinks to use the plugin, as it uses custom rewrite rules to power the API.
  36.  
  37. Once you've installed and activated the plugin, [check out the documentation](http://v2.wp-api.org/) for details on your newly available endpoints.
  38.  
  39. == Changelog ==
  40.  
  41. = 2.0 Beta 15.0 (October 07, 2016) =
  42.  
  43. * Introduce support for Post Meta, Term Meta, User Meta, and Comment Meta in
  44. their parent endpoints.
  45.  
  46. For your meta fields to be exposed in the REST API, you need to register
  47. them. WordPress includes a `register_meta()` function which is not usually
  48. required to get/set fields, but is required for API support.
  49.  
  50. To register your field, simply call register_meta and set the show_in_rest
  51. flag to true. Note: register_meta must be called separately for each meta
  52. key.
  53.  
  54. (props @rmccue, @danielbachhuber, @kjbenk, @duncanjbrown, [#2765][gh-2765])
  55.  
  56. * Introduce Settings endpoint.
  57.  
  58. Expose options to the REST API with the `register_setting()` function, by
  59. passing `$args = array( 'show_in_rest' => true )`. Note: WordPress 4.7 is
  60. required. See changeset [38635][https://core.trac.wordpress.org/changeset/38635].
  61.  
  62. (props @joehoyle, @fjarrett, @danielbachhuber, @jonathanbardo,
  63. @greatislander, [#2739][gh-2739])
  64.  
  65. * Attachments controller, change permissions check to match core.
  66.  
  67. Check for the `upload_files` capability when creating an attachment.
  68.  
  69. (props @nullvariable, @adamsilverstein, [#2743][gh-2743])
  70.  
  71. * Add `?{taxonomy}_exclude=` query parameter
  72.  
  73. This mirrors our existing support for ?{taxonomy}= filtering in the posts
  74. controller (which allows querying for only records with are associated with
  75. any of the provided term IDs for the specified taxonomy) by adding an
  76. equivalent `_exclude` variant to list IDs of terms for which associated posts
  77. should NOT be returned.
  78.  
  79. (props @kadamwhite, [#2756][gh-2756])
  80.  
  81. * Use `get_comment_type()` when comparing updating comment status.
  82.  
  83. Comments having a empty `comment_type` within WordPress bites us again.
  84. Fixes a bug where comments could not be updated because of bad comparison
  85. logic.
  86.  
  87. (props @joehoyle, [#2753][gh-2753])
  88.  
  89. [gh-2765]: https://github.com/WP-API/WP-API/issues/2765
  90. [gh-2739]: https://github.com/WP-API/WP-API/issues/2739
  91. [gh-2743]: https://github.com/WP-API/WP-API/issues/2743
  92. [gh-2756]: https://github.com/WP-API/WP-API/issues/2756
  93. [gh-2753]: https://github.com/WP-API/WP-API/issues/2753
  94.  
  95. = 2.0 Beta 13.0 (March 29, 2016) =
  96.  
  97. * BREAKING CHANGE: Fix Content-Disposition header parsing.
  98.  
  99. Allows regular form submissions from HTML forms, as well as properly formatted HTTP requests from clients. Note: this breaks backwards compatibility, as previously, the header parsing was completely wrong.
  100.  
  101. (props @rmccue, [#2239](https://github.com/WP-API/WP-API/pull/2239))
  102.  
  103. * BREAKING CHANGE: Use compact links for embedded responses if they are available.
  104.  
  105. Introduces curies for sites running WordPress 4.5 or greater; no changes for those running WordPress 4.4.
  106.  
  107. (props @joehoyle, [#2412](https://github.com/WP-API/WP-API/pull/2412))
  108.  
  109. * JavaScript client updates:
  110.  
  111. * Support lodash, plus older and newer underscore: add an alias for `_.contains`
  112. * Add args and options on the model/collection prototypes
  113. * Rework category/tag mixins to support new API structure
  114. * Add workaround for the null/empty values returned by the API when creating a new post * these values are not accepted for subsequent updates/saves, so explicitly excluding them. See https://github.com/WP-API/WP-API/pull/2393
  115. * Better handling of the (special) `me` endpoint
  116. * Schema parsing cleanup
  117. * Introduce `wp.api.loadPromise` so developers can ensure api load complete before using
  118.  
  119. (props @adamsilverstein, [#2403](https://github.com/WP-API/WP-API/pull/2403))
  120.  
  121. * Only adds alternate link header for publicly viewable CPTs.
  122.  
  123. (props @bradyvercher, [#2387](https://github.com/WP-API/WP-API/pull/2387))
  124.  
  125. * Adds `roles` param for `GET /wp/v2/users`.
  126.  
  127. (props @BE-Webdesign, [#2372](https://github.com/WP-API/WP-API/pull/2372))
  128.  
  129. * Declares `password` in user schema, but never displays it.
  130.  
  131. (props @danielbachhuber, [#2386](https://github.com/WP-API/WP-API/pull/2386))
  132.  
  133. * Permits `edit` context for requests which can edit the user.
  134.  
  135. (props @danielbachhuber, [#2383](https://github.com/WP-API/WP-API/pull/2383))
  136.  
  137. * Adds `rest_pre_insert_{$taxonomy}` filter for terms.
  138.  
  139. (props @kjbenk, [#2377](https://github.com/WP-API/WP-API/pull/2377))
  140.  
  141. * Supports taxonomy collection args on posts endpoint.
  142.  
  143. (props @joehoyle, [#2287](https://github.com/WP-API/WP-API/pull/2287))
  144.  
  145. * Removes post meta link from post response.
  146.  
  147. (props @joehoyle, [#2288](https://github.com/WP-API/WP-API/pull/2288))
  148.  
  149. * Registers `description` attribute when registering args from schema.
  150.  
  151. (props @danielbachhuber, [#2362](https://github.com/WP-API/WP-API/pull/2362))
  152.  
  153. * Uses `$comment` from the database with `rest_insert_comment` action.
  154.  
  155. (props @danielbachhuber, [#2349](https://github.com/WP-API/WP-API/pull/2349))
  156.  
  157. * Removes unnecessary global variables from users controller.
  158.  
  159. (props @claudiosmweb, [#2335](https://github.com/WP-API/WP-API/pull/2335))
  160.  
  161. * Ensures `GET /wp/v2/categories` with out of bounds offset doesn't return results.
  162.  
  163. (props @danielbachhuber, [#2313](https://github.com/WP-API/WP-API/pull/2313))
  164.  
  165. * Adds top-level support for date queries on posts and comments.
  166.  
  167. (props @BE-Webdesign, [#2266](https://github.com/WP-API/WP-API/pull/2266), [#2291](https://github.com/WP-API/WP-API/pull/2291))
  168.  
  169. * Respects `show_avatars` setting for comments.
  170.  
  171. (props @BE-Webdesign, [#2271](https://github.com/WP-API/WP-API/pull/2271))
  172.  
  173. * Uses cached `get_the_terms()` for terms-for-post for better performance.
  174.  
  175. (props @rmccue, [#2257](https://github.com/WP-API/WP-API/pull/2257))
  176.  
  177. * Ensures comments search is an empty string.
  178.  
  179. (props @rmccue, [#2256](https://github.com/WP-API/WP-API/pull/2256))
  180.  
  181. * If no title is provided in create attachment request or file metadata, falls back to filename.
  182.  
  183. (props @danielbachhuber, [#2254](https://github.com/WP-API/WP-API/pull/2254))
  184.  
  185. * Removes unused `$img_url_basename` variable in attachments controller.
  186.  
  187. (props @danielbachhuber, [#2250](https://github.com/WP-API/WP-API/pull/2250))
  188.  
  189. = 2.0 Beta 12.0 (February 9, 2016) =
  190.  
  191. * BREAKING CHANGE: Removes meta endpoints from primary plugin.
  192.  
  193. If your project depends on post meta endpoints, please install [WP REST API Meta Endpoints](https://wordpress.org/plugins/rest-api-meta-endpoints/). For the gory history of meta, read [#1425](https://github.com/WP-API/WP-API/issues/1425) and linked issues. At this time, we recommend using `register_rest_field()` to expose meta ([docs](http://v2.wp-api.org/extending/modifying/)).
  194.  
  195. (props @danielbachhuber, [#2172](https://github.com/WP-API/WP-API/pull/2172))
  196.  
  197. * BREAKING CHANGE: Returns original resource when deleting PTCU.
  198.  
  199. Now that all resources require the `force` param, we don't need to wrap delete responses with the `trash` state.
  200.  
  201. (props @danielbachhuber, [#2163](https://github.com/WP-API/WP-API/pull/2163))
  202.  
  203. * BREAKING CHANGE: Uses `roles` rather than `role` in the Users controller.
  204.  
  205. Building the REST API gives us the opportunity to standardize on `roles`, instead of having both `roles` and `role`.
  206.  
  207. (props @joehoyle, [#2177](https://github.com/WP-API/WP-API/pull/2177))
  208.  
  209. * BREAKING CHANGES: Moves to consistent use of `context` throughout controllers.
  210.  
  211. Contexts limit the data present in the response. Here's how to think of them: `embed` correlates with sidebar representation, `view` represents the primary public view, and `edit` is the data expected for an editor.
  212.  
  213. (props @danielbachhuber, [#2205](https://github.com/WP-API/WP-API/pull/2205), [#2204](https://github.com/WP-API/WP-API/pull/2204), [#2203](https://github.com/WP-API/WP-API/pull/2203), [#2218](https://github.com/WP-API/WP-API/pull/2218), [#2216](https://github.com/WP-API/WP-API/pull/2216), [#2230](https://github.com/WP-API/WP-API/pull/2230), [#2184](https://github.com/WP-API/WP-API/pull/2184), [#2235](https://github.com/WP-API/WP-API/pull/2235))
  214.  
  215. * BREAKING CHANGE: Removes `post_*` query param support for `GET /wp/v2/comments`.
  216.  
  217. The proper pattern is to use `GET /wp/v2/posts` to fetch the post IDs to limit the request to.
  218.  
  219. (props @danielbachhuber, [#2165](https://github.com/WP-API/WP-API/pull/2165))
  220.  
  221. * BREAKING CHANGE: Introduces `rest_validate_request_arg()`/`rest_sanitize_request_arg()`.
  222.  
  223. Dedicated functions means we can use them for validating / sanitizing query args too. Removes `WP_REST_Controller::validate_schema_property()` and `WP_REST_Controller::sanitize_schema_property()`.
  224.  
  225. (props @danielbachhuber, [#2166](https://github.com/WP-API/WP-API/pull/2166), [#2213](https://github.com/WP-API/WP-API/pull/2213))
  226.  
  227. * Requires minimum value of 1 for `page` param.
  228.  
  229. (props @danielbachhuber, [#2241](https://github.com/WP-API/WP-API/pull/2241))
  230.  
  231. * Introduces `media_type` and `mime_type` params for `GET /wp/v2/media`.
  232.  
  233. (props @danielbachhuber, [#2231](https://github.com/WP-API/WP-API/pull/2231))
  234.  
  235. * Uses the term cache for post data.
  236.  
  237. (props @rmccue, [#2234](https://github.com/WP-API/WP-API/pull/2234))
  238.  
  239. * Supports for querying comments where `post=0`.
  240.  
  241. (props @danielbachhuber, [#1865](https://github.com/WP-API/WP-API/pull/1865))
  242.  
  243. * Exposes taxonomy and post type capabilities in `context=edit`.
  244.  
  245. (props @danielbachhuber, [#2216](https://github.com/WP-API/WP-API/pull/2216))
  246.  
  247. * Errors early when user can't GET types or taxonomies when `context=edit`.
  248.  
  249. (props @danielbachhuber, [#2218](https://github.com/WP-API/WP-API/pull/2218))
  250.  
  251. * Passes original $request context to `prepare_items_query`.
  252.  
  253. (props @danielbachhuber, [#2211](https://github.com/WP-API/WP-API/pull/2211))
  254.  
  255. * Adds `parent` and `parent_exclude` params to GET Comments.
  256.  
  257. (props @danielbachhuber, [#2206](https://github.com/WP-API/WP-API/pull/2206))
  258.  
  259. * Enforces minimum 1 and maximum 100 values for `per_page` parameter.
  260.  
  261. (props @danielbachhuber, [#2209](https://github.com/WP-API/WP-API/pull/2209))
  262.  
  263. * Adds `author` and `author_exclude` params to GET Posts and Comments.
  264.  
  265. (props @danielbachhuber, [#2200](https://github.com/WP-API/WP-API/pull/2202), [#2200](https://github.com/WP-API/WP-API/pull/2202))
  266.  
  267. * Adds `menu_order` param for `GET` Pages; support `menu_order` orderby.
  268.  
  269. (props @danielbachhuber, [#2193](https://github.com/WP-API/WP-API/pull/2193))
  270.  
  271. * Only calls `sanitize_text_field()` when sanitizing `type=string,format=email`.
  272.  
  273. (props @danielbachhuber, [#2185](https://github.com/WP-API/WP-API/pull/2185))
  274.  
  275. * Validates `GET /wp/v2/comments` private query params.
  276.  
  277. Returns an error when user doesn't have permission to use them, instead of silently discarding.
  278.  
  279. (props @danielbachhuber, [#2178](https://github.com/WP-API/WP-API/pull/2178))
  280.  
  281. * Explicitly prevents uploading attachments to other attachments or revisions.
  282.  
  283. (props @danielbachhuber, [#2180](https://github.com/WP-API/WP-API/pull/2180))
  284.  
  285. * Permits user urls to be edited through the API.
  286.  
  287. (props @danielbachhuber, [#2182](https://github.com/WP-API/WP-API/pull/2182))
  288.  
  289. * Marks all Status, Type and Taxonomy fields as `readonly`.
  290.  
  291. (props @danielbachhuber, [#2181](https://github.com/WP-API/WP-API/pull/2181))
  292.  
  293. * Adds validation callbacks to collection query params.
  294.  
  295. (props @danielbachhuber, [#2170](https://github.com/WP-API/WP-API/pull/2170), [#2171](https://github.com/WP-API/WP-API/pull/2171), [#2176](https://github.com/WP-API/WP-API/pull/2176), [#2174](https://github.com/WP-API/WP-API/pull/2174), [#2175](https://github.com/WP-API/WP-API/pull/2175))
  296.  
  297. * Links taxonomy terms to the post type collections they support.
  298.  
  299. (props @danielbachhuber, [#2167](https://github.com/WP-API/WP-API/pull/2167))
  300.  
  301. * Returns error when making a `GET` request with invalid context.
  302.  
  303. (props @danielbachhuber, [#2169](https://github.com/WP-API/WP-API/pull/2169))
  304.  
  305. * Adds `trash` status to `GET /wp/v2/statuses`.
  306.  
  307. (props @danielbachhuber, [#2158](https://github.com/WP-API/WP-API/pull/2158))
  308.  
  309. * Indicates when fields have HTML in schema.
  310.  
  311. (props @joehoyle, [#2159](https://github.com/WP-API/WP-API/pull/2159))
  312.  
  313. * Permits viewing of User who has published any Public posts.
  314.  
  315. (props @danielbachhuber, [#2155](https://github.com/WP-API/WP-API/pull/2155))
  316.  
  317. * Respects `show_avatars` option when adding avatars to Users.
  318.  
  319. (props @nullvariable, [#2151](https://github.com/WP-API/WP-API/pull/2151))
  320.  
  321. * Controllers use `$namespace` and `$rest_base` class variables for easier subclassing.
  322.  
  323. (props @danielbachhuber, [#2119](https://github.com/WP-API/WP-API/pull/2119), [#2130](https://github.com/WP-API/WP-API/pull/2130), [#2131](https://github.com/WP-API/WP-API/pull/2131), [#2132](https://github.com/WP-API/WP-API/pull/2132), [#2133](https://github.com/WP-API/WP-API/pull/2133), [#2134](https://github.com/WP-API/WP-API/pull/2134), [#2139](https://github.com/WP-API/WP-API/pull/2139), [#2141](https://github.com/WP-API/WP-API/pull/2141), [#2142](https://github.com/WP-API/WP-API/pull/2142))
  324.  
  325. = 2.0 Beta 11.0 (January 25, 2016) =
  326.  
  327. * BREAKING CHANGE: Moves Post->Term relations to the Post Resource
  328.  
  329. Previously, a client would fetch a Post's Tags with `GET /wp/v2/posts/<id>/tags`.
  330.  
  331. In Beta 11, an array of term ids is included on the Post resource.
  332.  
  333. The collection of terms for a Post can be fetched with `GET /wp/v2/tags?post=<id>`.
  334.  
  335. The `WP_REST_Posts_Terms_Controller` class no longer exists.
  336.  
  337. (props @joehoyle, [#2063](https://github.com/WP-API/WP-API/pull/2063))
  338.  
  339. * BREAKING CHANGE: Adds latest JS client including a minified version.
  340.  
  341. See pull request for a summarized changelog.
  342.  
  343. (props @adamsilverstein, [#1981](https://github.com/WP-API/WP-API/pull/1981))
  344.  
  345. * BREAKING CHANGE: Changes `featured_image` attribute on Posts to `featured_media`.
  346.  
  347. While featuring other attachment types isn't yet officially supported, this makes it easier for us to introduce the possibility in the future.
  348.  
  349. (props @danielbachhuber, [#2044](https://github.com/WP-API/WP-API/pull/2044))
  350.  
  351. * BREAKING CHANGE: Uses discrete schema title for categories and tags.
  352.  
  353. If you've used `register_rest_field( 'term' )`, you'll need to change `'term'` to `'tag'` and/or `'category'`.
  354.  
  355. (props @danielbachhuber, [#2005](https://github.com/WP-API/WP-API/pull/2005))
  356.  
  357. * BREAKING CHANGE: Makes many filters dynamic based on the controller type.
  358.  
  359. If you were using the `rest_prepare_term` filter, you'll need to change it to `rest_prepare_post_tag` or `rest_prepare_category`.
  360.  
  361. If you were using `rest_post_query` or `rest_terms_query`, you'll need update your use to `rest_page_query`, etc.
  362.  
  363. If you were using `rest_post_trashable`, `rest_insert_post` or `rest_delete_post`, they are now dynamic based on the post type slug.
  364.  
  365. (props @danielbachhuber, [#2008](https://github.com/WP-API/WP-API/pull/2008), [#2010](https://github.com/WP-API/WP-API/pull/2010), [#2057](https://github.com/WP-API/WP-API/pull/2057), [#2058](https://github.com/WP-API/WP-API/pull/2058))
  366.  
  367. * Renames `GET /wp/v2/comments` `user` param to `author` to match resource attribute.
  368.  
  369. Not a breaking change, because it didn't work in the first place.
  370.  
  371. (props @danielbachhuber, [#2105](https://github.com/WP-API/WP-API/pull/2105))
  372.  
  373. * Adds support for `GET /wp/v2/pages parent=1,2,3`.
  374.  
  375. (props @danielbachhuber, [#2101](https://github.com/WP-API/WP-API/pull/2101))
  376.  
  377. * Persists image metadata title and caption when not present in the request.
  378.  
  379. (props @danielbachhuber, [#2079](https://github.com/WP-API/WP-API/pull/2079))
  380.  
  381. * Add `parent_exclude` param to `GET /wp/v2/posts`.
  382.  
  383. (props @danielbachhuber, [#2077](https://github.com/WP-API/WP-API/pull/2077))
  384.  
  385. * Adds `slug` param support for collections of Posts, Users, and Taxonomy Terms.
  386.  
  387. (props @danielbachhuber, [#2071](https://github.com/WP-API/WP-API/pull/2071), [#2072](https://github.com/WP-API/WP-API/pull/2072), [#2103](https://github.com/WP-API/WP-API/pull/2103))
  388.  
  389. * When a comment is already trashed, returns `410:rest_already_trashed`.
  390.  
  391. (props @danielbachhuber, [#2069](https://github.com/WP-API/WP-API/pull/2069))
  392.  
  393. * Filter the responses by context after processing additional fields.
  394.  
  395. (props @danielbachhuber, [#2067](https://github.com/WP-API/WP-API/pull/2067))
  396.  
  397. * Adds `offset` param support for collections of Posts, Users, Comments, and Taxonomy Terms.
  398.  
  399. (props @danielbachhuber, [#2061](https://github.com/WP-API/WP-API/pull/2061), [#2062](https://github.com/WP-API/WP-API/pull/2062), [#2064](https://github.com/WP-API/WP-API/pull/2064), [#2076](https://github.com/WP-API/WP-API/pull/2076))
  400.  
  401. * Adds `rest_insert_{$taxonomy}` and `rest_delete_{$taxonomy}` actions.
  402.  
  403. (props @danielbachhuber, [#2060](https://github.com/WP-API/WP-API/pull/2060))
  404.  
  405. * Provides more helpful error message/code on Post Create/Update fail.
  406.  
  407. (props @danielbachhuber, [#2053](https://github.com/WP-API/WP-API/pull/2053))
  408.  
  409. * Forces `GET /wp/v2/media` to be limited to `'status' => [ inherit, private, trash ]`
  410.  
  411. (props @danielbachhuber, [#2026](https://github.com/WP-API/WP-API/pull/2026))
  412.  
  413. * Uses more correct error code for `Comment::delete` permission check.
  414.  
  415. (props @danielbachhuber, [#2054](https://github.com/WP-API/WP-API/pull/2054))
  416.  
  417. * Calls `prepare_item_for_response()` directly in create and update methods.
  418.  
  419. This lets us pass the original request through, giving the method and its filter genuine context, and avoids an
  420. unnecessary call to `get_item()`.
  421.  
  422. (props @danielbachhuber, [#2038](https://github.com/WP-API/WP-API/pull/2038), [#2040](https://github.com/WP-API/WP-API/pull/2040), [#2041](https://github.com/WP-API/WP-API/pull/2041), [#2043](https://github.com/WP-API/WP-API/pull/2043), [#2042](https://github.com/WP-API/WP-API/pull/2042))
  423.  
  424. * Moves permission check methods across controllers.
  425.  
  426. Placing them above the method they're supposed to check makes the code more readable.
  427.  
  428. (props @danielbachhuber, [#2030](https://github.com/WP-API/WP-API/pull/2030), [#2029](https://github.com/WP-API/WP-API/pull/2029), [#2034](https://github.com/WP-API/WP-API/pull/2034), [#2036](https://github.com/WP-API/WP-API/pull/2036), [#2037](https://github.com/WP-API/WP-API/pull/2037), [#2035](https://github.com/WP-API/WP-API/pull/2035), [#2039](https://github.com/WP-API/WP-API/pull/2039))
  429.  
  430. * Requires `force` argument for `DELETE /wp/v2/<taxonomy>/<id>`.
  431.  
  432. (props @danielbachhuber, [#2028](https://github.com/WP-API/WP-API/pull/2028))
  433.  
  434. * Conditionally requires and defines REST API classes and functions.
  435.  
  436. (props @danielbachhuber, [#2023](https://github.com/WP-API/WP-API/pull/2023), [#2024](https://github.com/WP-API/WP-API/pull/2024))
  437.  
  438. * Avoid a duplicate query for the comment count.
  439.  
  440. (props @rmccue, [#2015](https://github.com/WP-API/WP-API/pull/2015))
  441.  
  442. * Parses `$date` if available in `prepare_date_response()`
  443.  
  444. (props @adamsilverstein, [#1951](https://github.com/WP-API/WP-API/pull/1951))
  445.  
  446. * Abstracts `POST /wp/v2/media` permissions check.
  447.  
  448. (props @danielbachhuber, [#2003](https://github.com/WP-API/WP-API/pull/2003))
  449.  
  450. * Adds `exclude` param to getting collections of Posts, Users, Comments, and Taxonomy Terms.
  451.  
  452. (props @danielbachhuber, [#1998](https://github.com/WP-API/WP-API/pull/1998), [#1999](https://github.com/WP-API/WP-API/pull/1999), [#2000](https://github.com/WP-API/WP-API/pull/2000), [#2002](https://github.com/WP-API/WP-API/pull/2002))
  453.  
  454. * Adds `rest_comment_query` for filtering `GET /wp/v2/comments`.
  455.  
  456. (props @danielbachhuber, [#2007](https://github.com/WP-API/WP-API/pull/2007))
  457.  
  458. * Uses HTTP status code `500` for `db_update_error` when creating an attachment.
  459.  
  460. (props @danielbachhuber, [#1993](https://github.com/WP-API/WP-API/pull/1993))
  461.  
  462. * Adds helpful description to `force` param across all `DELETE` registrations
  463.  
  464. (props @danielbachhuber, [#2004](https://github.com/WP-API/WP-API/pull/2004), [#2027](https://github.com/WP-API/WP-API/pull/2027))
  465.  
  466. * In `GET /wp/v2/<taxonomy>`, drops support for `orderby=>term_id`.
  467.  
  468. Only one `id` is exposed through the REST API.
  469.  
  470. (props @danielbachhuber, [#1990](https://github.com/WP-API/WP-API/pull/1990))
  471.  
  472. = 2.0 Beta 10.0 (January 11, 2016) =
  473.  
  474. * SECURITY: Ensure media of private posts are private too.
  475.  
  476. Reported by @danielbachhuber on 2016-01-08.
  477.  
  478. * BREAKING CHANGE: Removes compatibility repo for WordPress 4.3.
  479.  
  480. WordPress 4.4 is now the minimum supported WordPress version.
  481.  
  482. (props @danielbachhuber, [#1848](https://github.com/WP-API/WP-API/pull/1848))
  483.  
  484. * BREAKING CHANGE: Changes link relation for types and taxonomies.
  485.  
  486. In Beta 9, this link relation was introduced as `item`, which isn't correct. The relation has been changed to `https://api.w.org/items`.
  487.  
  488. (props @danielbachhuber, [#1853](https://github.com/WP-API/WP-API/pull/1853))
  489.  
  490. * BREAKING CHANGE: Introduces `edit` context for `wp/v2/types` and `wp/v2/taxonomies`.
  491.  
  492. Some fields have moved into this context, which require `edit_posts` and `manage_terms`, respectively.
  493.  
  494. (props @danielbachhuber, [#1894](https://github.com/WP-API/WP-API/pull/1894), [#1864](https://github.com/WP-API/WP-API/pull/1864))
  495.  
  496. * BREAKING CHANGE: Removes `post_format` as a term `_link` for Posts.
  497.  
  498. Post formats aren't a custom taxonomy in the eyes of the REST API.
  499.  
  500. (props @danielbachhuber, [#1854](https://github.com/WP-API/WP-API/pull/1854))
  501.  
  502. * Declares `parent` query param for Pages.
  503.  
  504. (props @danielbachhuber, [#1975](https://github.com/WP-API/WP-API/pull/1975))
  505.  
  506. * Permits logged-in users to query for media.
  507.  
  508. (props @danielbachhuber, [#1973](https://github.com/WP-API/WP-API/pull/1973))
  509.  
  510. * Removes duplicated query params from Terms controller.
  511.  
  512. (props @danielbachhuber, [#1963](https://github.com/WP-API/WP-API/pull/1963))
  513.  
  514. * Adds `include` param to `/wp/v2/posts`, `/wp/v2/users`, `/wp/v2/<taxonomy>` and `/wp/v2/comments`.
  515.  
  516. (props @danielbachhuber, [#1961](https://github.com/WP-API/WP-API/pull/1961), [#1964](https://github.com/WP-API/WP-API/pull/1964), [#1968](https://github.com/WP-API/WP-API/pull/1968), [#1971](https://github.com/WP-API/WP-API/pull/1971))
  517.  
  518. * Ensures `GET /wp/v2/posts` respects `order` and `orderby` params.
  519.  
  520. (props @danielbachhuber, [#1962](https://github.com/WP-API/WP-API/pull/1962))
  521.  
  522. * Fixes fatal by loading `wp-admin/includes/user.php` to expose `wp_delete_user()`.
  523.  
  524. (props @danielbachhuber, [#1958](https://github.com/WP-API/WP-API/pull/1958))
  525.  
  526. * Permits making a post sticky when also supplying an empty password.
  527.  
  528. (props @westonruter, [#1949](https://github.com/WP-API/WP-API/pull/1949))
  529.  
  530. * Uses `WP_REST_Request` internally across controllers.
  531.  
  532. (props @danielbachhuber, [#1933](https://github.com/WP-API/WP-API/pull/1933), [#1939](https://github.com/WP-API/WP-API/pull/1939), [#1934](https://github.com/WP-API/WP-API/pull/1934), [#1938](https://github.com/WP-API/WP-API/pull/1938))
  533.  
  534. * Cleans up permissions checks in `WP_REST_Terms_Controller`.
  535.  
  536. (props @danielbachhuber, [#1941](https://github.com/WP-API/WP-API/pull/1941))
  537.  
  538. * Uses `show_in_rest` to determine publicness for post types.
  539.  
  540. (props @danielbachhuber, [#1942](https://github.com/WP-API/WP-API/pull/1942))
  541.  
  542. * Makes `description` strings available for translation.
  543.  
  544. (props @danielbachhuber, [#1944](https://github.com/WP-API/WP-API/pull/1944))
  545.  
  546. * Checks `assign_terms` cap for taxonomy when managing post terms.
  547.  
  548. (props @danielbachhuber, [#1940](https://github.com/WP-API/WP-API/pull/1940))
  549.  
  550. * Defer to `edit_posts` of the custom post type when accessing private query vars.
  551.  
  552. (props @danielbachhuber, [#1886](https://github.com/WP-API/WP-API/pull/1886))
  553.  
  554. * Allows Terms collection params to be filtered.
  555.  
  556. (props @rachelbaker, [#1882](https://github.com/WP-API/WP-API/pull/1882))
  557.  
  558. * Renames post terms create/delete permissions callback.
  559.  
  560. (props @wpsmith, [#1923](https://github.com/WP-API/WP-API/pull/1923))
  561.  
  562. * Fixes invalid use of 'uri' as schema `type`.
  563.  
  564. (props @wpsmith, [#1913](https://github.com/WP-API/WP-API/pull/1913))
  565.  
  566. * Casts integer with (int) over intval for speed.
  567.  
  568. (props @wpsmith, [#1907](https://github.com/WP-API/WP-API/pull/1907))
  569.  
  570. * Fixes PHP Doc typo for `validate_schema_property` and `sanitize_schema_property`.
  571.  
  572. (props @wpsmith, @danielbachhuber, [#1909](https://github.com/WP-API/WP-API/pull/1909), [#1910](https://github.com/WP-API/WP-API/pull/1910))
  573.  
  574. * Adds a helpful description to the `filter` argument.
  575.  
  576. (props @danielbachhuber, [#1885](https://github.com/WP-API/WP-API/pull/1885))
  577.  
  578. * Changes order of Users response to match schema order.
  579.  
  580. (props @rachelbaker, [#1879](https://github.com/WP-API/WP-API/pull/1879))
  581.  
  582. * Adjusts Posts pagination headers for `filter` params.
  583.  
  584. (props @rachelbaker, [#1878](https://github.com/WP-API/WP-API/pull/1878))
  585.  
  586. * Uses proper status code when failing to get comments of private post.
  587.  
  588. (props @danielbachhuber, [#1866](https://github.com/WP-API/WP-API/pull/1867))
  589.  
  590. * Fixes invalid capability for comments get items permissions callback.
  591.  
  592. `manage_comments` doesn't exist; `moderate_comments` does.
  593.  
  594. (props @danielbachhuber, [#1866](https://github.com/WP-API/WP-API/pull/1866))
  595.  
  596. * Permits creating comments without an assigned post.
  597.  
  598. (props @danielbachhuber, [#1857](https://github.com/WP-API/WP-API/pull/1857))
  599.  
  600. * Prevents error notice when `show_in_rest` isn't set for a post type.
  601.  
  602. (props @danielbachhuber, [#1852](https://github.com/WP-API/WP-API/pull/1852))
  603.  
  604. = 2.0 Beta 9.0 (December 11, 2015) =
  605.  
  606. * BREAKING CHANGE: Move tags and categories to top-level endpoints.
  607.  
  608. Tags are now accessible at `/wp/v2/tags`, and categories accessible at `/wp/v2/categories`. Post terms reside at `/wp/v2/posts/<id>/tags` and `/wp/v2/<id>/categories`.
  609.  
  610. (props @danielbachhuber, [#1802](https://github.com/WP-API/WP-API/pull/1802))
  611.  
  612. * BREAKING CHANGE: Return object for requests to `/wp/v2/taxonomies`.
  613.  
  614. This is consistent with `/wp/v2/types` and `/wp/v2/statuses`.
  615.  
  616. (props @danielbachhuber, [#1825](https://github.com/WP-API/WP-API/pull/1825))
  617.  
  618. * BREAKING CHANGE: Remove `rest_get_timezone()`.
  619.  
  620. `json_get_timezone()` was only ever used in v1. This function causes fatals, and shouldn't be used.
  621.  
  622. (props @danielbachhuber, [#1823](https://github.com/WP-API/WP-API/pull/1823))
  623.  
  624. * BREAKING CHANGE: Rename `register_api_field()` to `register_rest_field()`.
  625.  
  626. Introduces a `register_api_field()` function for backwards compat, which calls `_doing_it_wrong()`. However, `register_api_field()` won't ever be committed to WordPress core, so you should update your function calls.
  627.  
  628. (props @danielbachhuber, [#1824](https://github.com/WP-API/WP-API/pull/1824))
  629.  
  630. * BREAKING CHANGE: Change taxonomies' `post_type` argument to `type`.
  631.  
  632. It's consistent with how we're exposing post types in the API.
  633.  
  634. (props @danielbachhuber, [#1824](https://github.com/WP-API/WP-API/pull/1824))
  635.  
  636. * Sync infrastructure with shipped in WordPress 4.4.
  637.  
  638. * `wp-includes/rest-api/rest-functions.php` is removed, and its functions moved into `wp-includes/rest-api.php`.
  639. * Send nocache headers for REST requests. [#34832](https://core.trac.wordpress.org/ticket/34832)
  640. * Fix handling of HEAD requests. [#34837](https://core.trac.wordpress.org/ticket/34837)
  641. * Mark `WP_REST_Server::get_raw_data()` as static. [#34768](https://core.trac.wordpress.org/ticket/34768)
  642. * Unabbreviate error string. [#34818](https://core.trac.wordpress.org/ticket/34818)
  643.  
  644. * Change terms endpoints to use `term_id` not `tt_id`.
  645.  
  646. (props @joehoyle, [#1837](https://github.com/WP-API/WP-API/pull/1837))
  647.  
  648. * Standardize declaration of `context` param for `GET` requests across controllers.
  649.  
  650. However, we're still inconsistent in which controllers expose which params. Follow [#1845](https://github.com/WP-API/WP-API/issues/1845) for further discussion.
  651.  
  652. (props @danielbachhuber, [#1795](https://github.com/WP-API/WP-API/pull/1795), [#1835](https://github.com/WP-API/WP-API/pull/1835), [#1838](https://github.com/WP-API/WP-API/pull/1838))
  653.  
  654. * Link types / taxonomies to their collections, and vice versa.
  655.  
  656. Collections link to their type / taxonomy with the `about` relation; types / taxonomies link to their colletion with the `item` relation, which is imperfect and may change in the future.
  657.  
  658. (props @danielbachhuber, [#1814](https://github.com/WP-API/WP-API/pull/1814), [#1817](https://github.com/WP-API/WP-API/pull/1817), [#1829](https://github.com/WP-API/WP-API/pull/1829). [#1846](https://github.com/WP-API/WP-API/pull/1846))
  659.  
  660. * Add missing 'wp/v2' in Location Response header when creating new Post Meta.
  661.  
  662. (props @johanmynhardt, [#1790](https://github.com/WP-API/WP-API/pull/1790))
  663.  
  664. * Expose Post collection query params, including `author`, `order`, `orderby` and `status`.
  665.  
  666. (props @danielbachhuber, [#1793](https://github.com/WP-API/WP-API/pull/1793))
  667.  
  668. * Ignore sticky posts by default.
  669.  
  670. (props @danielbachhuber, [#1801](https://github.com/WP-API/WP-API/pull/1801))
  671.  
  672. * Include `full` image size in attachment `sizes` attribute.
  673.  
  674. (props @danielbachhuber, [#1806](https://github.com/WP-API/WP-API/pull/1806))
  675.  
  676. * In text strings, use `id` instead of `ID`.
  677.  
  678. `ID` is an implementation artifact. Our Resources use `id`.
  679.  
  680. (props @danielbachhuber, [#1803](https://github.com/WP-API/WP-API/pull/1803))
  681.  
  682. * Ensure `attachment.sizes[]` use `mime_type` instead of `mime-type`.
  683.  
  684. (props @danielbachhuber, [#1809](https://github.com/WP-API/WP-API/pull/1809))
  685.  
  686. * Introduce `rest_authorization_required_code()`.
  687.  
  688. Many controllers returned incorrect HTTP codes, which this also fixes.
  689.  
  690. (props @danielbachhuber, [#1808](https://github.com/WP-API/WP-API/pull/1808))
  691.  
  692. * Respect core's `comment_registration` setting.
  693.  
  694. If it's enabled, require users to be logged in to comment.
  695.  
  696. (props @danielbachhuber, [#1826](https://github.com/WP-API/WP-API/pull/1826))
  697.  
  698. * Default to wildcard when searching users.
  699.  
  700. (props @danielbachhuber, [#1827](https://github.com/WP-API/WP-API/pull/1827))
  701.  
  702. * Bring the wp-api.js library up to date for v2 of the REST API.
  703.  
  704. (props @adamsilverstein, [#1828](https://github.com/WP-API/WP-API/pull/1828))
  705.  
  706. * Add `rest_prepare_status` filter.
  707.  
  708. (props @danielbachhuber, [#1830](https://github.com/WP-API/WP-API/pull/1830))
  709.  
  710. * Make `prepare_*` filters more consistent.
  711.  
  712. (props @danielbachhuber, [#1831](https://github.com/WP-API/WP-API/pull/1831))
  713.  
  714. * Add `rest_prepare_post_type` filter for post types.
  715.  
  716. (props @danielbachhuber, [#1833](https://github.com/WP-API/WP-API/pull/1833))
  717.  
  718. = 2.0 Beta 8.0 (December 1, 2015) =
  719.  
  720. * Prevent fatals when uploading attachment by including admin utilities.
  721.  
  722. (props @danielbachhuber, [#1756](https://github.com/WP-API/WP-API/pull/1756))
  723.  
  724. * Return 201 status code when creating a term.
  725.  
  726. (props @danielbachhuber, [#1753](https://github.com/WP-API/WP-API/pull/1753))
  727.  
  728. * Don't permit requesting terms cross routes.
  729.  
  730. Clients should only be able to request categories from the category route, and tags from the tag route.
  731.  
  732. (props @danielbachhuber, [#1764](https://github.com/WP-API/WP-API/pull/1764))
  733.  
  734. * Set `fields=>id` when using `WP_User_Query` to fix large memory usage
  735.  
  736. (props @joehoyle, [#1770](https://github.com/WP-API/WP-API/pull/1770))
  737.  
  738. * Fix Post `_link` to attached attachments.
  739.  
  740. (props @danielbachhuber, [#1777](https://github.com/WP-API/WP-API/pull/1777))
  741.  
  742. * Add support for getting a post with a custom public status.
  743.  
  744. (props @danielbachhuber, [#1765](https://github.com/WP-API/WP-API/pull/1765))
  745.  
  746. * Ensure post content doesn't get double-slashed on update.
  747.  
  748. (props @joehoyle, [#1772](https://github.com/WP-API/WP-API/pull/1772))
  749.  
  750. * Change 'int' to 'integer' for `WP_REST_Controller::validate_schema_property()`
  751.  
  752. (props @wpsmith, [#1759](https://github.com/WP-API/WP-API/pull/1759))
  753.  
  754. = 2.0 Beta 7.0 (November 17, 2015) =
  755.  
  756. * Sync infrastructure from WordPress core as of r35691.
  757.  
  758. * Remove `register_api_field()` because it's conceptually tied to `WP_REST_Controller` [#34730](https://core.trac.wordpress.org/ticket/34730)
  759. * Update the REST API header links to use api.w.org [#34303](https://core.trac.wordpress.org/ticket/34303)
  760. * Require the `$namespace` argument in `register_rest_route()` [#34416](https://core.trac.wordpress.org/ticket/34416)
  761. * Include `enum` and `description` in help data [#34543](https://core.trac.wordpress.org/ticket/34543)
  762. * Save `preg_match` iterations in `WP_REST_Server` [#34488](https://core.trac.wordpress.org/ticket/34488)
  763. * Don't return route URL in `WP_REST_Request:get_params()` [#34647](https://core.trac.wordpress.org/ticket/34647)
  764.  
  765. * Restore `register_api_field()` within the plugin.
  766.  
  767. (props @danielbachhuber, [#1748](https://github.com/WP-API/WP-API/pull/1748))
  768.  
  769. * Require admin functions for use of `wp_handle_upload()`, fixing fatal.
  770.  
  771. (props @joehoyle, [#1746](https://github.com/WP-API/WP-API/pull/1746))
  772.  
  773. * Properly handle requesting terms where `parent=0` and `0` is a string.
  774.  
  775. (props @danielbachhuber, [#1739](https://github.com/WP-API/WP-API/pull/1739))
  776.  
  777. * Prevent PHP error notice when `&filter` isn't an array.
  778.  
  779. (props @danielbachhuber, [#1734](https://github.com/WP-API/WP-API/pull/1734))
  780.  
  781. * Change link relations to use api.w.org.
  782.  
  783. (props @danielbachhuber, [#1726](https://github.com/WP-API/WP-API/pull/1726))
  784.  
  785. = 2.0 Beta 6.0 (November 12, 2015) =
  786.  
  787. * Remove global inclusion of wp-admin/includes/admin.php
  788.  
  789. For a long time, the REST API loaded wp-admin/includes/admin.php to make use of specific admin utilities. Now, it only loads those admin utilities when it needs them.
  790.  
  791. If your custom endpoints make use of admin utilities, you'll need to make sure to load wp-admin/includes/admin.php before you use them.
  792.  
  793. (props @joehoyle, [#1696](https://github.com/WP-API/WP-API/pull/1696))
  794.  
  795. * Link directly to the featured image in a Post's links.
  796.  
  797. (props @rmccue, [#1563](https://github.com/WP-API/WP-API/pull/1563), [#1711](https://github.com/WP-API/WP-API/pull/1711))
  798.  
  799. * Provide object type as callback argument for custom API fields.
  800.  
  801. (props @jtsternberg, [#1714](https://github.com/WP-API/WP-API/pull/1714))
  802.  
  803. * Change users schema order to be order of importance instead of alpha.
  804.  
  805. (props @rachelbaker, [#1708](https://github.com/WP-API/WP-API/pull/1708))
  806.  
  807. * Clarify documentation for `date` and `modified` attributes.
  808.  
  809. (props @danielbachhuber, [#1715](https://github.com/WP-API/WP-API/pull/1715))
  810.  
  811. * Update the wp-api.js client from the client-js repo.
  812.  
  813. (props @rachelbaker, [#1709](https://github.com/WP-API/WP-API/pull/1709))
  814.  
  815. * Fix the `format` enum to be an array of strings.
  816.  
  817. (props @joehoyle, [#1707](https://github.com/WP-API/WP-API/pull/1707))
  818.  
  819. * Run revisions for collection through `prepare_response_for_collection()`.
  820.  
  821. (props @danielbachhuber, @rachelbaker, [#1671](https://github.com/WP-API/WP-API/pull/1671))
  822.  
  823. * Expose `date_gmt` for `view` context of Posts and Comments.
  824.  
  825. (props @danielbachhuber, [#1690](https://github.com/WP-API/WP-API/pull/1690))
  826.  
  827. * Fix PHP and JS docblock formatting.
  828.  
  829. (props @ahmadawais, [#1699](https://github.com/WP-API/WP-API/pull/1698), [#1699](https://github.com/WP-API/WP-API/pull/1699), [#1701](https://github.com/WP-API/WP-API/pull/1701), [#1700](https://github.com/WP-API/WP-API/pull/1700), [#1702](https://github.com/WP-API/WP-API/pull/1702), [#1703](https://github.com/WP-API/WP-API/pull/1703))
  830.  
  831. * Include `media_details` attribute for attachments in embed context.
  832.  
  833. For image attachments, media_details includes a sizes array of image sizes, which is useful for templating.
  834.  
  835. (props @danielbachhuber, [#1667](https://github.com/WP-API/WP-API/pull/1667))
  836.  
  837. * Make `WP_REST_Controller` error messages more helpful by specifying method to subclass.
  838.  
  839. (props @danielbachhuber, [#1670](https://github.com/WP-API/WP-API/pull/1670))
  840.  
  841. * Expose `slug` in `embed` context for Users.
  842.  
  843. `user_nicename` is a public attribute, used in user URLs, so this is safe data to present.
  844.  
  845. (props @danielbachhuber, [#1666](https://github.com/WP-API/WP-API/pull/1666))
  846.  
  847. * Handle falsy value from `wp_count_terms()`, fixing fatal.
  848.  
  849. (props @joehoyle, [#1641](https://github.com/WP-API/WP-API/pull/1641))
  850.  
  851. * Correct methods in `WP_REST_SERVER::EDITABLE` description.
  852.  
  853. (props @rachelbaker, [#1601](https://github.com/WP-API/WP-API/pull/1601))
  854.  
  855. * Add the embed context to Users collection query params.
  856.  
  857. (props @rachelbaker, [#1591](https://github.com/WP-API/WP-API/pull/1591))
  858.  
  859. * Add Terms Controller collection args details.
  860.  
  861. (props @rachelbaker, [#1603](https://github.com/WP-API/WP-API/pull/1603))
  862.  
  863. * Set comment author details from current user.
  864.  
  865. (props @rmccue, [#1580](https://github.com/WP-API/WP-API/pull/1580))
  866.  
  867. * More hook documentation.
  868.  
  869. (props @adamsilverstein, [#1556](https://github.com/WP-API/WP-API/pull/1556), [#1560](https://github.com/WP-API/WP-API/pull/1560))
  870.  
  871. * Return the trashed status of deleted posts/comments.
  872.  
  873. When a post or a comment is deleted, returns a flag to say whether it's been trashed or properly deleted.
  874.  
  875. (props @pento, [#1499](https://github.com/WP-API/WP-API/pull/1499))
  876.  
  877. * In `WP_REST_Posts_Controller::update_item()`, check the post ID based on the proper post type.
  878.  
  879. (props @rachelbaker, [#1497](https://github.com/WP-API/WP-API/pull/1497))
  880.  
  881. = 2.0 Beta 5.0 (October 23, 2015) =
  882.  
  883. * Load api-core as a compatibility library
  884.  
  885. Now api-core has been merged into WordPress trunk (for 4.4) we should no longer load the infrastructure code when it's already available. This also fixes a fatal error for users who were on trunk.
  886.  
  887. (props @rmccue)
  888.  
  889. * Switch to new mysql_to_rfc3339
  890.  
  891. (props @rmccue)
  892.  
  893. * Double-check term taxonomy
  894.  
  895. (props @rmccue)
  896.  
  897. * Load admin functions
  898.  
  899. This was removed from the latest beta of WordPress in the REST API infrastructure, a more long term fix is planned.
  900.  
  901. (props @joehoyle)
  902.  
  903. * Add Add compat shim for renamed `rest_mysql_to_rfc3339()`
  904.  
  905. (props @danielbachhuber)
  906.  
  907. * Compat shim for `wp_is_numeric_array()`
  908.  
  909. (props @danielbachhuber)
  910.  
  911. * Revert Switch to register_post_type_args filter
  912.  
  913. (props @joehoyle)
  914.  
  915. = 2.0 Beta 4.0 (August 14, 2015) =
  916.  
  917. * Show public user information through the user controller.
  918.  
  919. In WordPress as of [r32683](https://core.trac.wordpress.org/changeset/32683) (scheduled for 4.3), `WP_User_Query` now has support for getting users with published posts.
  920.  
  921. To match current behaviour in WordPress themes and feeds, we now expose this public user information. This includes the avatar, description, user ID, custom URL, display name, and URL, for users who have published at least one post on the site. This information is available to all clients; other fields and data for all users are still only available when authenticated.
  922.  
  923. (props @joehoyle, @rmccue, @Shelob9, [#1397][gh-1397], [#839][gh-839], [#1435][gh-1435])
  924.  
  925. * Send schema in OPTIONS requests and index.
  926.  
  927. Rather than using separate `/schema` endpoints, the schema for items is now available through an OPTIONS request to the route. This means that full documentation is now available for endpoints through an OPTIONS request; this includes available methods, what data you can pass to the endpoint, and the data you'll get back.
  928.  
  929. This data is now also available in the main index and namespace indexes. Simply request the index with `context=help` to get full schema data. Warning: this response will be huge. The schema for single endpoints is also available in the collection's OPTIONS response.
  930.  
  931. **⚠️ This breaks backwards compatibility** for clients relying on schemas being at their own routes. These clients should instead send `OPTIONS` requests.
  932.  
  933. Custom endpoints can register their own schema via the `schema` option on the route. This option should live side-by-side with the endpoints (similar to `relation` in WP's meta queries), so your registration call will look something like:
  934.  
  935. ```php
  936. register_rest_route( 'test-ns', '/test', array(
  937. array(
  938. 'methods' => 'GET',
  939. 'callback' => 'my_test_callback',
  940. ),
  941.  
  942. 'schema' => 'my_schema_callback',
  943. ) );
  944. ```
  945.  
  946. (props @rmccue, [#1415][gh-1415], [#1222][gh-1222], [#1305][gh-1305])
  947.  
  948. * Update JavaScript API for version 2.
  949.  
  950. Our fantastic JavaScript API from version 1 is now available for version 2, refreshed with the latest and greatest changes.
  951.  
  952. As a refresher: if you want to use it, simply make your script depend on `wp-api` when you enqueue it. If you want to enqueue the script manually, add `wp_enqueue_script( 'wp-api' )` to a callback on `wp_enqueue_scripts`.
  953.  
  954. (props @tlovett1, @kadamwhite, @nathanrice, [#1374][gh-1374], [#1320][gh-1320])
  955.  
  956. * Embed links inside items in a collection.
  957.  
  958. Previously when fetching a collection of items, you only received the items themselves. To fetch the links as well via embedding, you needed to make a request to the single item with `_embed` set.
  959.  
  960. No longer! You can now request a collection with embeds enabled (try `/wp/v2/posts?_embed`). This will embed links inside each item, allowing you to build interface items much easier (for example, post archive pages can get featured image data at the same time).
  961.  
  962. This also applies to custom endpoints. Any endpoint that returns a list of objects will automatically have the embedding applied to objects inside the list.
  963.  
  964. (props @rmccue, [#1459][gh-1459], [#865][gh-865])
  965.  
  966. * Fix potential XSS vulnerability.
  967.  
  968. Requests from other origins could potentially run code on the API domain, allowing cross-origin access to authentication cookies or similar.
  969.  
  970. Reported by @xknown on 2015-07-23.
  971.  
  972. * Move `/posts` `WP_Query` vars back to `filter` param.
  973.  
  974. In version 1, we had internal `WP_Query` vars available via `filter` (e.g. `filter[s]=search+term`). For our first betas of version 2, we tried something different and exposed these directly on the endpoint. The experiment has now concluded; we didn't like this that much, so `filter` is back.
  975.  
  976. We plan on adding nicer looking arguments to collections in future releases, with a view towards being consistent across different collections. We also plan on opening up the underlying query vars via `filter` for users, comments, and terms as well.
  977.  
  978. **⚠️ This breaks backwards compatibility** for users using WP Query vars. Simply change your `x=y` parameter to `filter[x]=y`.
  979.  
  980. (props @WP-API, [#1420][gh-1420])
  981.  
  982. * Respect `rest_base` for taxonomies.
  983.  
  984. **⚠️ This breaks backwards compatibility** by changing the `/wp/v2/posts/{id}/terms/post_tag` endpoint to `/wp/v2/posts/{id}/tag`.
  985.  
  986. (props @joehoyle, [#1466][gh-1466])
  987.  
  988. * Add permission check for retrieving the posts collection in edit context.
  989.  
  990. By extension of the fact that getting any individual post yields a forbidden context error when the `context=edit` and the user is not authorized, the user should also not be permitted to list any post items when unauthorized.
  991.  
  992. (props @danielpunkass, [#1412][gh-1412])
  993.  
  994. * Ensure the REST API URL always has a trailing slash.
  995.  
  996. Previously, when pretty permalinks were enabled, the API URL during autodiscovery looked like `/wp-json`, whereas the non-pretty permalink URL looked like `?rest_route=/`. These are now consistent, and always end with a slash character to simplify client URL building.
  997.  
  998. (props @danielpunkass, @rmccue, [#1426][gh-1426], [#1442][gh-1442], [#1455][gh-1455], [#1467][gh-1467])
  999.  
  1000. * Use `wp_json_encode` instead of `json_encode`
  1001.  
  1002. Since WordPress 4.1, `wp_json_encode` has been available to ensure encoded values are sane, and that non-UTF8 encodings are supported. We now use this function rather than doing the encode ourselves.
  1003.  
  1004. (props @rmccue, @pento, [#1417][gh-1417])
  1005.  
  1006. * Add `role` to schema for users.
  1007.  
  1008. The available roles you can assign to a user are now available in the schema as an `enum`.
  1009.  
  1010. (props @joehoyle, [#1400][gh-1400])
  1011.  
  1012. * Use the schema for validation inside the comments controller.
  1013.  
  1014. Previously, the schema was merely a decorative element for documentation inside the comments controller. To bring it inline with our other controllers, the schema is now used internally for validation.
  1015.  
  1016. (props @joehoyle, [#1422][gh-1422])
  1017.  
  1018. * Don't set the Location header in update responses.
  1019.  
  1020. Previously, the Location header was sent when updating resources due to some inadvertent copypasta. This header should only be sent when creating to direct clients to the new resource, and isn't required when you're already on the correct resource.
  1021.  
  1022. (props @rachelbaker, [#1441][gh-1441])
  1023.  
  1024. * Re-enable the `rest_insert_post` action hook for `WP_REST_Posts_Controller`
  1025.  
  1026. This was disabled during 2.0 development to avoid breaking lots of plugins on the `json_insert_post` action. Now that we've changed namespaces and are Mostly Stable (tm), we can re-enable the action.
  1027.  
  1028. (props @jaredcobb, [#1427][gh-1427], [#1424][gh-1424])
  1029.  
  1030. * Fix post taxonomy terms link URLs.
  1031.  
  1032. When moving the routes in a previous beta, we forgot to correct the links on post objects to the new correct route. Sorry!
  1033.  
  1034. (props @rachelbaker, @joehoyle, [#1447][gh-1447], [#1383][gh-1383])
  1035.  
  1036. * Use `wp_get_attachment_image_src()` on the image sizes in attachments.
  1037.  
  1038. Since the first versions of the API, we've been building attachment URLs via `str_replace`. Who knows why we were doing this, but it caused problems with custom attachment URLs (such as CDN-hosted images). This now correctly uses the internal functions and filters.
  1039.  
  1040. (props @joehoyle, [#1462][gh-1462])
  1041.  
  1042. * Make the embed context a default, not forced.
  1043.  
  1044. If you want embeds to bring in full data rather than with `context=edit`, you can now change the link to specify `context=view` explicitly.
  1045.  
  1046. (props @rmccue, [#1464][gh-1464])
  1047.  
  1048. * Ensure we always use the `term_taxonomy_id` and never expose `term_id` publicly.
  1049.  
  1050. Previously, `term_id` was inadvertently exposed in some error responses.
  1051.  
  1052. (props @jdolan, [#1430][gh-1430])
  1053.  
  1054. * Fix adding alt text to attachments on creation.
  1055.  
  1056. Previously, this could only be set when updating an attachment, not when creating one.
  1057.  
  1058. (props @joehoyle, [#1398][gh-1398])
  1059.  
  1060. * Throw an error when registering routes without a namespace.
  1061.  
  1062. Namespaces should **always** be provided when registering routes. We now throw a `doing_it_wrong` error when attempting to register one. (Previously, this caused a warning, or an invalid internal route.)
  1063.  
  1064. If you *really* need to register namespaceless routes (e.g. to replicate an existing API), call `WP_REST_Server::register_route` directly rather than using the convenience function.
  1065.  
  1066. (props @joehoyle, @rmccue, [#1355][gh-1355])
  1067.  
  1068. * Show links on embeds.
  1069.  
  1070. Previously, links were accidentally stripped from embedded response data.
  1071.  
  1072. (props @rmccue, [#1472][gh-1472])
  1073.  
  1074. * Clarify insufficient permisssion error when editing posts.
  1075.  
  1076. (props @danielpunkass, [#1411][gh-1411])
  1077.  
  1078. * Improve @return inline docs for rest_ensure_response()
  1079.  
  1080. (props @Shelob9, [#1328][gh-1328])
  1081.  
  1082. * Check taxonomies exist before trying to set properties.
  1083.  
  1084. (props @joehoyle, @rachelbaker, [#1354][gh-1354])
  1085.  
  1086. * Update controllers to ensure we use `sanitize_callback` wherever possible.
  1087.  
  1088. (props @joehoyle, [#1399][gh-1399])
  1089.  
  1090. * Add more phpDoc documentation, and correct existing documentation.
  1091.  
  1092. (props @Shelob9, @rmccue, [#1432][gh-1432], [#1433][gh-1433], [#1465][gh-1465])
  1093.  
  1094. * Update testing infrastructure.
  1095.  
  1096. Travis now runs our coding standards tests in parallel, and now uses the new, faster container-based testing infrastructure.
  1097.  
  1098. (props @ntwb, @frozzare, [#1449][gh-1449], [#1457][gh-1457])
  1099.  
  1100. [View all changes](https://github.com/WP-API/WP-API/compare/2.0-beta3...2.0-beta4)
  1101.  
  1102. [gh-839]: https://github.com/WP-API/WP-API/issues/839
  1103. [gh-865]: https://github.com/WP-API/WP-API/issues/865
  1104. [gh-1222]: https://github.com/WP-API/WP-API/issues/1222
  1105. [gh-1305]: https://github.com/WP-API/WP-API/issues/1305
  1106. [gh-1310]: https://github.com/WP-API/WP-API/issues/1310
  1107. [gh-1320]: https://github.com/WP-API/WP-API/issues/1320
  1108. [gh-1328]: https://github.com/WP-API/WP-API/issues/1328
  1109. [gh-1354]: https://github.com/WP-API/WP-API/issues/1354
  1110. [gh-1355]: https://github.com/WP-API/WP-API/issues/1355
  1111. [gh-1372]: https://github.com/WP-API/WP-API/issues/1372
  1112. [gh-1374]: https://github.com/WP-API/WP-API/issues/1374
  1113. [gh-1383]: https://github.com/WP-API/WP-API/issues/1383
  1114. [gh-1397]: https://github.com/WP-API/WP-API/issues/1397
  1115. [gh-1398]: https://github.com/WP-API/WP-API/issues/1398
  1116. [gh-1399]: https://github.com/WP-API/WP-API/issues/1399
  1117. [gh-1400]: https://github.com/WP-API/WP-API/issues/1400
  1118. [gh-1402]: https://github.com/WP-API/WP-API/issues/1402
  1119. [gh-1411]: https://github.com/WP-API/WP-API/issues/1411
  1120. [gh-1412]: https://github.com/WP-API/WP-API/issues/1412
  1121. [gh-1413]: https://github.com/WP-API/WP-API/issues/1413
  1122. [gh-1415]: https://github.com/WP-API/WP-API/issues/1415
  1123. [gh-1417]: https://github.com/WP-API/WP-API/issues/1417
  1124. [gh-1420]: https://github.com/WP-API/WP-API/issues/1420
  1125. [gh-1422]: https://github.com/WP-API/WP-API/issues/1422
  1126. [gh-1424]: https://github.com/WP-API/WP-API/issues/1424
  1127. [gh-1426]: https://github.com/WP-API/WP-API/issues/1426
  1128. [gh-1427]: https://github.com/WP-API/WP-API/issues/1427
  1129. [gh-1430]: https://github.com/WP-API/WP-API/issues/1430
  1130. [gh-1432]: https://github.com/WP-API/WP-API/issues/1432
  1131. [gh-1433]: https://github.com/WP-API/WP-API/issues/1433
  1132. [gh-1435]: https://github.com/WP-API/WP-API/issues/1435
  1133. [gh-1441]: https://github.com/WP-API/WP-API/issues/1441
  1134. [gh-1442]: https://github.com/WP-API/WP-API/issues/1442
  1135. [gh-1447]: https://github.com/WP-API/WP-API/issues/1447
  1136. [gh-1449]: https://github.com/WP-API/WP-API/issues/1449
  1137. [gh-1455]: https://github.com/WP-API/WP-API/issues/1455
  1138. [gh-1455]: https://github.com/WP-API/WP-API/issues/1455
  1139. [gh-1457]: https://github.com/WP-API/WP-API/issues/1457
  1140. [gh-1459]: https://github.com/WP-API/WP-API/issues/1459
  1141. [gh-1462]: https://github.com/WP-API/WP-API/issues/1462
  1142. [gh-1464]: https://github.com/WP-API/WP-API/issues/1464
  1143. [gh-1465]: https://github.com/WP-API/WP-API/issues/1465
  1144. [gh-1466]: https://github.com/WP-API/WP-API/issues/1466
  1145. [gh-1467]: https://github.com/WP-API/WP-API/issues/1467
  1146. [gh-1472]: https://github.com/WP-API/WP-API/issues/1472
  1147.  
  1148. = 2.0 Beta 3.0 (July 1, 2015) =
  1149.  
  1150. * Add ability to declare sanitization and default options for schema fields.
  1151.  
  1152. The `arg_options` array can be used to declare the sanitization callback,
  1153. default value, or requirement of a field.
  1154.  
  1155. (props @joehoyle, [#1345][gh-1345])
  1156. (props @joehoyle, [#1346][gh-1346])
  1157.  
  1158. * Expand supported parameters for creating and updating Comments.
  1159.  
  1160. (props @rachelbaker, [#1245][gh-1245])
  1161.  
  1162. * Declare collection parameters for Terms of a Post.
  1163.  
  1164. Define the available collection parameters in `get_collection_params()` and
  1165. allow Terms of a Post to be queried by term order.
  1166.  
  1167. (props @danielbachhuber, [#1332][gh-1332])
  1168.  
  1169. * Improve the Attachment error message for an invalid Content-Disposition
  1170.  
  1171. (props @danielbachhuber, [#1317][gh-1317])
  1172.  
  1173. * Return 200 status when updating Attachments, Comments, and Users.
  1174.  
  1175. (props @rachelbaker, [#1348][gh-1348])
  1176.  
  1177. * Remove unnecessary `handle_format_param()` method.
  1178.  
  1179. (props @danielbachhuber, [#1331][gh-1331])
  1180.  
  1181. * Add `author_avatar_url` field to the Comment response and schema.
  1182.  
  1183. (props @rachelbaker [#1327][gh-1327])
  1184.  
  1185. * Introduce `rest_do_request()` for making REST requests internally.
  1186.  
  1187. (props @danielbachhuber, [#1333][gh-1333])
  1188.  
  1189. * Remove unused DateTime class.
  1190.  
  1191. (props @rmccue, [#1314][gh-1314])
  1192.  
  1193. * Add inline documentation for `$wp_rest_server` global.
  1194.  
  1195. (props @Shelob9, [#1324][gh-1324])
  1196.  
  1197. [View all changes](https://github.com/WP-API/WP-API/compare/2.0-beta2...2.0-beta3)
  1198. [gh-1245]: https://github.com/WP-API/WP-API/issues/1245
  1199. [gh-1314]: https://github.com/WP-API/WP-API/issues/1314
  1200. [gh-1317]: https://github.com/WP-API/WP-API/issues/1317
  1201. [gh-1318]: https://github.com/WP-API/WP-API/issues/1318
  1202. [gh-1324]: https://github.com/WP-API/WP-API/issues/1324
  1203. [gh-1326]: https://github.com/WP-API/WP-API/issues/1326
  1204. [gh-1327]: https://github.com/WP-API/WP-API/issues/1327
  1205. [gh-1331]: https://github.com/WP-API/WP-API/issues/1331
  1206. [gh-1332]: https://github.com/WP-API/WP-API/issues/1332
  1207. [gh-1333]: https://github.com/WP-API/WP-API/issues/1333
  1208. [gh-1345]: https://github.com/WP-API/WP-API/issues/1345
  1209. [gh-1346]: https://github.com/WP-API/WP-API/issues/1346
  1210. [gh-1347]: https://github.com/WP-API/WP-API/issues/1347
  1211. [gh-1348]: https://github.com/WP-API/WP-API/issues/1348
  1212.  
  1213. = 2.0 Beta 2.0 (May 28, 2015) =
  1214.  
  1215. * Load the WP REST API before the main query runs.
  1216.  
  1217. The `rest_api_loaded` function now hooks into the `parse_request` action.
  1218. This change prevents the main query from being run on every request and
  1219. allows sites to set `WP_USE_THEMES` to `false`. Previously, the main query
  1220. was always being run (`SELECT * FROM wp_posts LIMIT 10`), even though the
  1221. result was never used and couldn't be cached.
  1222.  
  1223. (props @rmccue, [#1270][gh-1270])
  1224.  
  1225. * Register a new field on an existing WordPress object type.
  1226.  
  1227. Introduces `register_api_field()` to add a field to an object and
  1228. its schema.
  1229.  
  1230. (props @joehoyle, @rachelbaker, [#927][gh-927])
  1231. (props @joehoyle, [#1207][gh-1207])
  1232. (props @joehoyle, [#1243][gh-1243])
  1233.  
  1234. * Add endpoints for viewing, creating, updating, and deleting Terms for a Post.
  1235.  
  1236. The new `WP_REST_Posts_Terms_Controller` class controller supports routes for
  1237. Terms that belong to a Post.
  1238.  
  1239. (props @joehoyle, @danielbachhuber, [#1216][gh-1216])
  1240.  
  1241. * Add pagination headers for collection queries.
  1242.  
  1243. The `X-WP-Total` and `X-WP-TotalPages` are now present in terms, comments,
  1244. and users collection responses.
  1245.  
  1246. (props @danielbachhuber, [#1182][gh-1182])
  1247. (props @danielbachhuber, [#1191][gh-1191])
  1248. (props @danielbachhuber, @joehoyle, [#1197][gh-1197])
  1249.  
  1250. * List registered namespaces in the index for feature detection.
  1251.  
  1252. The index (`/wp-json` by default) now contains a list of the available
  1253. namespaces. This allows for simple feature detection. You can grab the index
  1254. and check namespaces for `wp/v3` or `pluginname/v2`, which indicate the
  1255. supported endpoints on the site.
  1256.  
  1257. (props @rmccue,, [#1283][gh-1283])
  1258.  
  1259. * Standardize link property relations and support embedding for all resources.
  1260.  
  1261. Change link properties to use IANA-registered relations. Also adds embedding
  1262. support to Attachments, Comments and Terms.
  1263.  
  1264. (props @rmccue, @rachelbaker, [#1284][gh-1284])
  1265.  
  1266. * Add support for Composer dependency management.
  1267.  
  1268. Allows you to recursively install/update the WP REST API inside of WordPress
  1269. plugins or themes.
  1270.  
  1271. (props @QWp6t, [#1157][gh-1157])
  1272.  
  1273. * Return full objects in the delete response.
  1274.  
  1275. Instead of returning a random message when deleting a Post, Comment, Term, or
  1276. User provide the original resource data.
  1277.  
  1278. (props @danielbachhuber, [#1253][gh-1253])
  1279. (props @danielbachhuber, [#1254][gh-1254])
  1280. (props @danielbachhuber, [#1255][gh-1255])
  1281. (props @danielbachhuber, [#1256][gh-1256])
  1282.  
  1283. * Return programmatically readable error messages for invalid or missing
  1284. required parameters.
  1285.  
  1286. (props @joehoyle, [#1175][gh-1175])
  1287.  
  1288. * Declare supported arguments for Comment and User collection queries.
  1289.  
  1290. (props @danielbachhuber, [#1211][gh-1211])
  1291. (props @danielbachhuber, [#1217][gh-1217])
  1292.  
  1293. * Automatically validate parameters based on Schema data.
  1294.  
  1295. (props @joehoyle, [#1128][gh-1128])
  1296.  
  1297. * Use the `show_in_rest` attributes for exposing Taxonomies.
  1298.  
  1299. (props @joehoyle, [#1279][gh-1279])
  1300.  
  1301. * Handle `parent` when creating or updating a Term.
  1302.  
  1303. (props @joehoyle, [#1221][gh-1221])
  1304.  
  1305. * Limit fields returned in `embed` context User responses.
  1306.  
  1307. (props @rachelbaker, [#1251][gh-1251])
  1308.  
  1309. * Only include `parent` in term response when tax is hierarchical.
  1310.  
  1311. (props @danielbachhuber, [#1189][gh-1189])
  1312.  
  1313. * Fix bug in creating comments if `type` was not set.
  1314.  
  1315. (props @rachelbaker, [#1244][gh-1244])
  1316.  
  1317. * Rename `post_name` field to `post_slug`.
  1318.  
  1319. (props @danielbachhuber, [#1235][gh-1235])
  1320.  
  1321. * Add check when creating a user to verify the provided role is valid.
  1322.  
  1323. (props @rachelbaker, [#1267][gh-1267])
  1324.  
  1325. * Add link properties to the Post Status response.
  1326.  
  1327. (props @joehoyle, [#1243][gh-1243])
  1328.  
  1329. * Return `0` for `parent` in Post response instead of `null`.
  1330.  
  1331. (props @danielbachhuber, [#1269][gh-1269])
  1332.  
  1333. * Only link `author` when there's a valid author
  1334.  
  1335. (props @danielbachhuber, [#1203][gh-1203])
  1336.  
  1337. * Only permit querying by parent term when tax is hierarchical.
  1338.  
  1339. (props @danielbachhuber, [#1219][gh-1219])
  1340.  
  1341. * Only permit deleting posts of the proper type
  1342.  
  1343. (props @danielbachhuber, [#1257][gh-1257])
  1344.  
  1345. * Set pagination headers even when no found posts.
  1346.  
  1347. (props @danielbachhuber, [#1209][gh-1209])
  1348.  
  1349. * Correct prefix in `rest_request_parameter_order` filter.
  1350.  
  1351. (props @quasel, [#1158][gh-1158])
  1352.  
  1353. * Retool `WP_REST_Terms_Controller` to follow Posts controller pattern.
  1354.  
  1355. (props @danielbachhuber, [#1170][gh-1170])
  1356.  
  1357. * Remove unused `accept_json argument` from the `register_routes` method.
  1358.  
  1359. (props @quasel, [#1160][gh-1160])
  1360.  
  1361. * Fix typo in `sanitize_params` inline documentation.
  1362.  
  1363. (props @Shelob9, [#1226][gh-1226])
  1364.  
  1365. * Remove commented out code in dispatch method.
  1366.  
  1367. (props @rachelbaker, [#1162][gh-1162])
  1368.  
  1369.  
  1370. [View all changes](https://github.com/WP-API/WP-API/compare/2.0-beta1.1...2.0-beta2)
  1371. [gh-927]: https://github.com/WP-API/WP-API/issues/927
  1372. [gh-1128]: https://github.com/WP-API/WP-API/issues/1128
  1373. [gh-1157]: https://github.com/WP-API/WP-API/issues/1157
  1374. [gh-1158]: https://github.com/WP-API/WP-API/issues/1158
  1375. [gh-1160]: https://github.com/WP-API/WP-API/issues/1160
  1376. [gh-1162]: https://github.com/WP-API/WP-API/issues/1162
  1377. [gh-1168]: https://github.com/WP-API/WP-API/issues/1168
  1378. [gh-1170]: https://github.com/WP-API/WP-API/issues/1170
  1379. [gh-1171]: https://github.com/WP-API/WP-API/issues/1171
  1380. [gh-1175]: https://github.com/WP-API/WP-API/issues/1175
  1381. [gh-1176]: https://github.com/WP-API/WP-API/issues/1176
  1382. [gh-1177]: https://github.com/WP-API/WP-API/issues/1177
  1383. [gh-1181]: https://github.com/WP-API/WP-API/issues/1181
  1384. [gh-1182]: https://github.com/WP-API/WP-API/issues/1182
  1385. [gh-1188]: https://github.com/WP-API/WP-API/issues/1188
  1386. [gh-1189]: https://github.com/WP-API/WP-API/issues/1189
  1387. [gh-1191]: https://github.com/WP-API/WP-API/issues/1191
  1388. [gh-1197]: https://github.com/WP-API/WP-API/issues/1197
  1389. [gh-1200]: https://github.com/WP-API/WP-API/issues/1200
  1390. [gh-1203]: https://github.com/WP-API/WP-API/issues/1203
  1391. [gh-1207]: https://github.com/WP-API/WP-API/issues/1207
  1392. [gh-1209]: https://github.com/WP-API/WP-API/issues/1209
  1393. [gh-1210]: https://github.com/WP-API/WP-API/issues/1210
  1394. [gh-1211]: https://github.com/WP-API/WP-API/issues/1211
  1395. [gh-1216]: https://github.com/WP-API/WP-API/issues/1216
  1396. [gh-1217]: https://github.com/WP-API/WP-API/issues/1217
  1397. [gh-1219]: https://github.com/WP-API/WP-API/issues/1219
  1398. [gh-1221]: https://github.com/WP-API/WP-API/issues/1221
  1399. [gh-1226]: https://github.com/WP-API/WP-API/issues/1226
  1400. [gh-1235]: https://github.com/WP-API/WP-API/issues/1235
  1401. [gh-1243]: https://github.com/WP-API/WP-API/issues/1243
  1402. [gh-1244]: https://github.com/WP-API/WP-API/issues/1244
  1403. [gh-1249]: https://github.com/WP-API/WP-API/issues/1249
  1404. [gh-1251]: https://github.com/WP-API/WP-API/issues/1251
  1405. [gh-1253]: https://github.com/WP-API/WP-API/issues/1253
  1406. [gh-1254]: https://github.com/WP-API/WP-API/issues/1254
  1407. [gh-1255]: https://github.com/WP-API/WP-API/issues/1255
  1408. [gh-1256]: https://github.com/WP-API/WP-API/issues/1256
  1409. [gh-1257]: https://github.com/WP-API/WP-API/issues/1257
  1410. [gh-1259]: https://github.com/WP-API/WP-API/issues/1259
  1411. [gh-1267]: https://github.com/WP-API/WP-API/issues/1267
  1412. [gh-1268]: https://github.com/WP-API/WP-API/issues/1268
  1413. [gh-1269]: https://github.com/WP-API/WP-API/issues/1269
  1414. [gh-1270]: https://github.com/WP-API/WP-API/issues/1270
  1415. [gh-1276]: https://github.com/WP-API/WP-API/issues/1276
  1416. [gh-1277]: https://github.com/WP-API/WP-API/issues/1277
  1417. [gh-1279]: https://github.com/WP-API/WP-API/issues/1279
  1418. [gh-1283]: https://github.com/WP-API/WP-API/issues/1283
  1419. [gh-1284]: https://github.com/WP-API/WP-API/issues/1284
  1420. [gh-1295]: https://github.com/WP-API/WP-API/issues/1295
  1421. [gh-1301]: https://github.com/WP-API/WP-API/issues/1301
  1422.  
  1423.  
  1424. = 2.0 Beta 1.1 =
  1425.  
  1426. * Fix user access security vulnerability.
  1427.  
  1428. Authenticated users were able to escalate their privileges bypassing the
  1429. expected capabilities check.
  1430.  
  1431. Reported by @kacperszurek on 2015-05-16.
  1432.  
  1433. = 2.0 Beta 1 (April 28, 2015) =
  1434.  
  1435. Partial rewrite and evolution of the REST API to prepare for core integration.
  1436.  
  1437. For versions 0.x through 1.x, see the [legacy plugin changelog](https://wordpress.org/plugins/json-rest-api/changelog/).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!