WordPress.org

Make WordPress Core

Updates from November, 2016 Toggle Comment Threads | Keyboard Shortcuts

  • Nick Halsey 10:14 pm on November 30, 2016 Permalink |
    Tags: , ,   

    Customizer Improvements in 4.7 

    WordPress 4.7 has been the most active release on record for the customize component, with four major feature projects merging and shipping with 4.7 and over 90 tickets closed as fixed. This post summarizes the highlights of the user and developer-facing changes.

    4.7 Customizer Feature Projects

    Create pages within live preview during site setup

    Add new pages while building menus and setting a static front page; outline your site directly in the customizer.

    This project began with the ability to create posts and pages direction from the available menu items panel in the customizer, as originally proposed near the end of the 4.6 cycle:

    Feature Proposal: Content Authorship in Menus, with Live Preview

    Subsequent changes also added the ability to create new pages when assigning the front page and posts page in the Static Front Page section. Because this is now built into the core dropdown-pages customizer control, themes and plugins can also allow users to create new pages for their options instead of relying on existing content. The homepage sections in Twenty Seventeen include this new allow_addition parameter. Here’s how to register a dropdown-pages control supporting new pages:

    $wp_customize->add_control( 'featured_page', array(
    	'label'          => __( 'Featured Page', 'mytextdomain' ),
    	'section'        => 'theme_options',
    	'type'           => 'dropdown-pages',
    	'allow_addition' => true, // This allows users to add new pages from this dropdown-pages control.
    ) );
    

    Additionally, a proposal for term statuses was developed as a first step toward expanding the menus functionality to work for creating and previewing taxonomy terms in a future release (see #37915).

    Improvements to the Sliding Panels UI

    Customizer navigation is now faster, smoother, and more accessible.

    This project tackled a series of tickets focused on improving the usability of the “sliding panels” UI in the customizer controls pane. The first step was to refactor the section and panel markup so that sections and panels are not logically nested. This is the biggest internal change to the UI and has a dedicated post going into the details:

    Changes to Customizer Sliding Panels/Sections in WordPress 4.7

    This primary change resolved numerous problems with sections and panels not opening and closing properly, and eliminated situations where navigation to leave a section could become hidden. The next step was making section and panel headers “sticky” so that navigation is easier to access within long sections (such as for a menu); see #34343.

    Finally, hover and focus styling for navigation in the customizer has been updated to use the blue-border approach found elsewhere in core, including for the device-preview buttons in the customizer, in #29158. This completes a refresh of the customizer controls pane’s UI design that began in WordPress 4.3 with #31336. The core UI now uses the following consistent UI patterns in the customizer:

    • White background colors are used only to indicate navigation and actionable items (such as inputs)
    • The general #eee background color provides visual contrast against the white elements
    • 1px #ddd borders separate navigational elements from background margins and from each other
    • 15px of spacing is provided between elements where visual separation is desired
    • 4px borders are used on one side of a navigation element to show hover or focus, with a color of #0073aa
    • Customizer text uses color: #555d66, with #0073aa for hover and focus states on navigation elements

    Plugins and themes should follow these conventions in any custom customizer UI that they introduce, and inherit core styles wherever possible.

    Any custom sections and panels, as well as customizations to the core objects in plugins and themes, should be tested extensively to ensure that they continue functioning as intended with all of these changes in 4.7. It’s particularly important to ensure that things like the use of color match the core conventions so that the user experience is seamless between functionality added by plugins and core.

    Customize Changesets (formerly Transactions)

    Browse your site and switch themes more seamlessly within the customizer, as your changes automatically persist in the background.

    This project rewrote the internals of the customizer preview mechanism to make changes persistent. Each change made to a setting in the customizer is saved to a changeset (a new customize_changeset post type), facilitating future features such as scheduled changes, revisions, or saving and sharing drafted changes. Changesets also open the door to using the customizer to preview Ajax requests, headless sites, and REST API calls for mobile apps. In 4.7, changesets enable switching themes in the customizer without needing to decide between publishing or losing your customizations, as they’re automatically persisted in the background.

    For more details on changesets, check out the two dedicated posts:

    Customize Changesets (formerly Transactions) Merge Proposal

    Customize Changesets Technical Design Decisions

    Custom CSS

    Fine-tune your site and take your theme customizations to the next level with custom css in the customizer.

    #35395 introduced a user-oriented custom CSS option in the customizer. Now that the base functionality is in place, it will be further enhanced in #38707 in future releases. Read the feature proposal for details on the implementation and why it’s important for core:

    Feature Proposal: Better theme customizations via custom CSS with live previews

    There’s also a dedicated post that walks through the process of migrating existing custom CSS options in themes and plugins to the core functionality – be sure to follow those steps if your plugin or theme does custom CSS:

    Extending the Custom CSS editor

    Other Changes with Dedicated Posts

    4.7 features several other features deserving special attention. Read the posts for visible edit shortcuts (which expand the functionality of customizer partials), video headers (which extend the custom header feature), and starter content for more information:

    Visible Edit Shortcuts in the Customizer Preview

    Video Headers in 4.7

    Starter content for themes in 4.7

    Additional User-facing Changes

    With over 90 tickets fixed in the customize component in 4.7, we can’t cover everything here. But, here are a few more highlights:

    Improved Custom Background Properties UI

    #22058 introduces a more comprehensive and more usable custom background properties UI when a custom background is set up. There are now presets to control all of the detailed options at once, and the individual options are presented in a more visual way. Background size and vertical position are also now available as standalone options when using a custom preset.

    Theme developers should update their add_theme_support() calls for custom-background to specify the default size, vertical position, and preset to reflect their default background image CSS. Perhaps the most significant improvement here is the ability for users to easily set up fixed full-screen backgrounds – and the ability for themes to make that behavior default if desired.

    And even more…

    4.7 also:

    • Loads the frontend preview iframe more naturally, eliminating a lot of weirdness with JS running in an unexpected location and ensuring that JS-based routing will work (#30028)
    • Allows the search results page to be previewed, and any forms that use the GET method in general can now be submitted whereas previously they would do nothing when submitted (#20714)
    • Hides edit post links in the customizer by default. Plugins, such as Customize Posts, can restore the links if they make post editing available in the customizer (#38648), although the visible edit shortcuts should generally be used instead.
    • Shows a cursor: not-allowed for mouse users when hovering over external links in the preview, as these can’t be previewed
    • Officially removes support for the customizer in Internet Explorer 8, preventing users of this outdated browser from accessing the customizer at all (#38021)

    Additional Developer-oriented Changes

    Hue-only Color Picker

    #38263 adds a hue-only mode to the Iris color picker, wpColorPicker, and WP_Customize_Color_Control. Built for Twenty Seventeen’s custom colors functionality, the hue-only mode allows users to select a hue and saves the hue degree as a number between 0 and 359. To add a hue-color control:

    $wp_customize->add_control( new WP_Customize_Color_Control( $wp_customize, 'colorscheme_hue', array(
    	'mode' => 'hue',
    	'section' => 'colors',
    ) ) );
    

    As demonstrated in Twenty Seventeen’s custom colors strategy, the hue-selection strategy opens up a whole new world of possibilities for custom color options in themes. Rather than introducing numerous text and background color options and requiring users to adjust them to ensure that adequate color contrast is provided, themes can consolidate their color options into one or more hue pickers. Then, the corresponding use of hsl colors in CSS allows themes to define color patterns where users customize color hues without impacting the lightness of a color option, thereby preserving the designer’s use of proper contrast between text and background colors, and any use of color lightness for visual hierarchy. Check out the implementation in Twenty Seventeen for inspiration (including instant live preview).

    Fix Sections that .cannot-expand

    When creating custom customizer sections that, for example, display an external link but don’t actually expand to show section contents, the cannot-expand class can be added to the section title container to prevent JS events and CSS hover/focus styles from being applied. Be sure to also remove the tabindex="0" from the container if you copy the core code since your custom section shouldn’t be focusable if it can’t expand (and any contained links or buttons would be keyboard-focusable automatically). See #37980 for details.

    Allow Plugins to do Comprehensive Late Validation of Settings

    To account for custom subclasses of WP_Customize_Setting that don’t apply the customize_validate_{{$setting_id}} filter, this filter now will be applied when WP_Customize_Manager::validate_setting_values() is called. This ensures that plugins can add custom validation for every setting. For more, see #37638.

    Credits

    Huge thanks to the 61 people (and counting) receiving props for the 120+ customize component commits in 4.7 (as of RC2): @westonruter, @celloexpressions, @afercia, @sirbrillig, @ryankienstra, @helen, @ocean90, @melchoyce, @bradyvercher, @folletto, @johnbillion, @delawski, @karmatosed, @georgestephanis, @dlh, @curdin, @valendesigns, @mattwiebe, @michaelarestad, @joemcgill, @sstoqnov, @lgedeon, @mihai2u, @coreymcollins, @stubgo, @utkarshpatel, @desrosj, @odysseygate, @johnregan3, @aaroncampbell, @mapk, @iseulde, @mrahmadawais, @vishalkakadiya, @sayedwp, @hugobaeta, @jonathanbardo, @jorbin, @tristangemus, @deltafactory, @kkoppenhaver, @seancjones, @presskopp, @Mista-Flo, @nikeo, @adamsilverstein, @lukecavanagh, @coffee2code, @peterwilsoncc, @presskopp, @pento, @Kelderic, @sebastian.pisula, @mckernanin, @FolioVision, @MikeHansenMe, @welcher, @cdog, @grapplerulrich, @iamfriendly, @flixos90.

     

     
  • Jeff Paul 9:46 pm on November 17, 2016 Permalink |
    Tags: , ,   

    Dev Chat Summary: November 16 (4.7 week 13) 

    This post summarizes the dev chat meeting from November 16th (agendaSlack archive).

    Reminders

    • Dev Chat timing: Weekly chat has been moved to 21:00 UTC.
    • Schedule: Thursday, November 17th is the target for RC! RC means the list of tickets should be at zero (with the exception of the about page), as a release candidate is supposed to represent software you believe you can release. It is currently at 24.
    • Tickets:For any tickets you’ve moved into the milestone, please get these resolved in the next day.
    • Dev Notes: These should all be published this week, with a collective Field Guide forthcoming from @jorbin.

    Dev Notes / Field Guide for 4.7

    • There are a few outstanding Dev Notes, but it’s getting close. We’re waiting on the Customize summary from @celloexpressions, Media summary from @joemcgill, Starter Content from @helen, and @davidakennedy is finishing up one on Twenty Seventeen.
      • Media summary is ready to publish, was just waiting on the PDF post from Tuesday, November 15th.
      • Video Headers post could be done by @bradyvercher, but @joemcgill own making sure it happens
    • @jorbin started drafting the Field Guide, but he’s going to need to hand off finishing it off since he will be offline starting Thursday, November 17th for a week.
      • @adamsilverstein and @jbpaul17 will work to finish things up
      • @jorbin to coordinate with Adam and Jeff to sure the remaining tasks are sorted out
      • @ipstenu happy to proofread for typos and grammar.
    • @jorbin also started the discussion to ensure the email to plugin devs goes out after the Field Guide is published.  That’s a collaboration with the meta team and the pluginsrepo team.

    Release Candidate

    • @helen (thankfully) was able to move RC back from Tuesday, November 15th to Thursday, November 17th.
    • However, we’ve got 23 tickets hanging out in the report, 22 of which need to be resolved or punted in order to reach RC.
    • [Bug Scrub of remaining 4.7 tickets proceeded]
     
  • Jeff Paul 2:30 am on November 11, 2016 Permalink |
    Tags: , ,   

    Dev Chat Summary: November 9 (4.7 week 12) 

    This post summarizes the dev chat meeting from November 9th (Slack archive).

    Reminders

    • Dev Chat timing: The Chat remains at 20:00 UTC.  Daylight Savings Time means that 20:00 UTC may be a different time for you already, or it may be a different time soon. However, next week we will be at 21:00 UTC.
    • Schedule: Today is the target for Beta 3! That leaves us one week until the Release Candidate, where the list of tickets must be at zero. It is currently at 32, down from 74 last week.
    • Tickets: For any tickets you’ve moved into the milestone, please make sure these are active tickets, with some kind of activity every day.
    • Bug Scrubs: @helen is running regular scrubs this week.
    • Dev Notes:  These will be compiled into the field guide this weekend.

    Bug Scrubs

    • Would like to see near daily scrubs for now until RC of report 6 and of the “Defects Awaiting Review, reported against trunk” section of report 40
    • @helen, @jorbin, and @jbpaul17 are all trying to run scrubs just about everyday, but everyone should also be scrubbing
    • Media, REST API, and Customizer component teams are all actively running scrubs as well

    Dev Notes / Field Guide for 4.7

    Beta 3

    • Likely to go out on Thursday morning instead of today, although given time zones and such we should operate on “it’s happening today” anyway
    • We are at 32 open tickets. Would love to see us get down to 20.
    • Work/tickets that folks would ideally like to resolve for Beta 3:
      • #38522: HTTP Errors on Upload with Certain PDFs
      • #38726: REST API: `unfiltered_html` and slashing: terms
      • #38672: Custom CSS should work with existing Jetpack custom CSS
      • #38541: Allow starter content to apply in a new theme when switching from another theme containing changes
      • #38660: Customizer: Edit shortcuts buttons: consider to don’t use flexbox
      • #38700: REST API: Cannot send an empty or no-op comment update
      • #38720: REST API: Updating a comment without sending content is valid, but unsupported
      • Starter content
      • Video headers

    Release Candidate

    • Please remember that with RC comes string freeze, so if you have any strings you think need to freeze, now is the time to get them in
    • We should be closing 4-5 tickets a day in order to hit RC on Tuesday.
    • Please keep testing, and working on patches.
     
  • Jeff Paul 7:53 pm on November 7, 2016 Permalink |
    Tags: , ,   

    Dev Chat Summary: November 2 (4.7 week 11) 

    This post summarizes the dev chat meeting from November 2nd (agendaSlack archive).

    Reminders

    • Dev Chat timing: The Chat remains at 20:00 UTC.  Daylight Savings Time means that 20:00 UTC may be a different time for you already, or it may be a different time soon.
    • Schedule: Today is the target for Beta 2! That leaves us one week until the final scheduled beta, where the list of tickets should be at zero. It is currently at 74.
    • Tickets: For any tickets you’ve moved into the milestone, please make sure these are active tickets, with some kind of activity in the last 7 days.
    • Bug Scrubs: Can you run a scrub to help ensure tickets move forward? If you have interest in helping run a scrub and ensure tickets land in 4.7, then please reach out to @jbpaul17 or @jorbin and we’ll find a time that works best for you.

    Beta 1 Testing Updates

    • Forums-wise, an unresolved Twenty Seventeen issue that may be user error, the rest were either confirmed user error or filed in Trac
    • A couple customizer defects reported, one regarding infinite refresh and another one that relates to content security policy and Firefox which needs more reporter feedback since it is not reproducible by me. Also the edit shortcuts still have unresolved issues and maybe even need some UI changes to improve discoverability.

    Remaining 4.7 Schedule

    • Beta 2 later today. Beta 3 in a week.
    • RC comes 6 days after that – the reason for RC being on a Tuesday instead of Wednesday is because of php[world] for @helen (will be keynoting).
    • The goal is for RC to be much closer to a traditional RC (i.e. something finished and polished).  This means the final Beta should be where we are at zero open tickets besides possibly the About page.
    • An RC really should represent the state in which we believe the software could be shipped
    • The week after that is US Thanksgiving – we have the option of another RC if needed, but there may be lower activity volume as people travel and have obligations, etc.
    • Note that to ship an RC we have to be at zero tickets, though, which is less than 2 weeks away.
    • Would very much like to be able to have a video ready before WCUS (@helen has vague outline, looking for help outside of the usual WP suspects)
    • Then the week after that is WCUS – again, have the option of another RC if needed, and we should hit string freeze at that time at the latest, as many people will be traveling for WCUS.
    • Then, release on December 6.

    Dev Posts / Field Guide for 4.7

    Bug Scrubs

    • Would like to see near daily scrubs for now until RC of report 6 and of the “Defects Awaiting Review, reported against trunk” section of report 40
    • It looks like 11AM and 2PM Eastern should work each day
    • Would love to see a European and/or Australian also do some during non-USA centric times
    • We should have some scheduled stuff for people to show up if they need to schedule their time, but if you’re around and going through the report, throw up a here or another bat signal and just do one ad hoc.

    Beta 2

    • What needs to be done to get this out the door?
    • Likely to go out on Thursday instead of today
    • We are at 71 open tickets. Would love to see us get down to at least 40.
    • generally there are still enhancements (polish) going in for new features.
    • Since a lot about the REST API is about developer experiences, polishing the developer experience seems like a perfectly good thing to be doing during beta.
    • Whether it’s a bug or an enhancement in your eyes is not the important criterion – it’s about whether it’s a part of what you believe a polished set of REST API endpoints should be when you ship them.
    • Tickets to folks would ideally like to resolve for Beta 2:
      • #37032: Guard against infinite reload when setting change causes premature selective refresh
      • #38543: Twenty Seventeen: Firefox 49 renders site name & description off screen.
      • #38532: Customizer: Edit shortcuts buttons: clicking does not work in Firefox
      • #29158: Customizer UI Design lacks contrast for visual hierarchy and does not match wp-admin
      • #38420: API Post status parameter does not accept multiple values
      • #38609: REST API should honor the `unfiltered_html` capability
      • GitHub Issue #2848: Avoid use of wp_filter_post_kses to prevent lossy slash handling
    • Additional items needed for Beta 2 are a news post for .org and a haiku
     
  • Jeff Paul 6:47 pm on November 2, 2016 Permalink |
    Tags: , ,   

    Dev Chat Summary: October 26 (4.7 week 10) 

    This post summarizes the dev chat meeting from October 26th (Slack archive).

    Reminders

    • Schedule: Today is/tomorrow will be beta 1 day. This means: no more enhancements and feature requests open for 4.7 (this sometimes means things with initial commits become “tasks”), and then from here on out we only work on bug fixes. It should be noted that bug fixes in this context are a little broader than what you’d call a bug fix in a bug tracker – it includes polish for new features. Typically that means UI and UX polish, but of course UX includes dev UX.
    • Tickets: There are currently 83 tickets in the 4.7 milestone. This is 27 fewer than last week. 🎉However, in just 3 short weeks, this needs to be zero. For any tickets you’ve moved into the milestone, please make sure these are active tickets with some kind of activity in the last 7 days.
    • Bug Scrubs: Several scrubs have been / are planned for this week. Scrubs remaining this week are planned for Thursday, October 27th 9:30am CDT for 2.5 hours and Friday, October 28th 9:30am CDT for 2.5 hours. If you have interest in helping run a scrub and ensure tickets land in 4.7, then please reach out to @jbpaul17 or @jorbin and we’ll find a time & scrub focus that works best for you.

    Remaining Feature Requests and Enhancements

    • #27159: Removing TinyMCE buttons to improve user experience
      • Closing this as fixed. Bugs can go in new tickets.
    • #36211: TinyMCE: allow pasting in image captions
      • This is something that needs testing attention but doesn’t actually need to be open. Closing that too.
    • #38488: Twenty Seventeen: Replace remaining Genericons with Font Awesome icons
    • #38502: TwentySeventeen: unnecessary l10n variables
      • Both of these Twenty Seventeen are likely bugs, will re-classify them.
    • #38490: Add settings to the /wp/v2/settings endpoint that are in the WordPress.com api
    • #38504: Term query endpoints should use WP_Term_Query
    • #38342: Quick Draft: Leverage REST API endpoints
      • Another lingering thing around beta 1 is the request that something in core leverage the REST API – there’s some discussion around this going on in #core-restapi.
      • REST API team will put feedback on the Quick Draft ticket with our thoughts on these questions.

    Defects and Tasks

    • #26601: Inappropriate content in headings on admin screens
      • The main H1 headings in the admin screens contain stuff that shouldn’t be there (“Add New” button, search string text, in some cases even the search input field). Headings should be just headings and all that stuff should be moved out from them.
      • The latest patch a proof of concept on just 2 screens, trying to find a way to proceed step by step and (hopefully) avoid any breakage.
      • “Being able to do it one instance at a time will make it much more manageable, so that we could hopefully get it started in 4.7 and completed in 4.8.” — @joedolson
      • We need some eyes on the patch, to see if the new approach is good enough and check for any potential layout breakage.
      • We’d like to hear if there’s consensus to merge it in core now, thinking that beta is maybe the best way to test it (it can be reverted at any time). If/when merged, some testing and comments on the ticket would be very appreciated too.
    • #38378: Remove the `filter` parameter in the Post Controller
      • Exposing filter as a shim for WP_Query provided useful functionality that’s still unsupported by the “first-party” API query parameters (complex date queries for example), at the expense of a very broad back-compat surface we then need to maintain.
      • We long ago decided not to extend filter-like shims on other endpoints; for consistency we had proposed removing it everywhere. But it’s been around since < v1, and removing it will be a more breaking change for integrating developers than anything else in the 4.7 REST API.
      • So the question is: remove, or keep in and live with it?
      • This is really about supporting people who have built stuff on v2. If people were not already using it, we’d remove it and just recommend the use of the top level args like `?per_page=x`, so for me, it’s a question of supporting those existing users.
      • Agreed approach will be 1: remove filter from core; 2: make sure it’s in the plugin, and make sure the versions play well together; and 3: throw doing_it_wrong.
    • #38494: WP REST API: Stale Post Status on DELETE of Post
      • What happens when you DELETE something is pretty inconsistent. When you delete a revision, you just get true. When you delete a category or tag, you have to specify force=true or you get an error.
      • Agreement: this something we’re comfortable discussing & addressing later.
    • #38114: Make it easier to visualize where to put your content in a given theme (aka “dummy content”)
      • This is marked as a task, but really needs a first commit before beta 1.
      • No existing code yet and getting a commit before beta 1 seems like a stretch.
    • #38172: Enable Video Headers in Custom Headers
      • This is marked as a task, but really needs a first commit before beta 1.
      • Video headers is close to being ready for an initial commit, with adjustments to come in beta.
      • There are a couple of quick tweaks we can make like making them only show on the front page in the core output functions, for example.
      • The late push on video headers has been fantastic, but it needs more eyes and testing.
      • The biggest concern is file size, and increasing page file size for a large amount of users.
      • Not loading video on screens narrower than X, only showing video on the frontpage, adding classes to the output markup for themes would be quick fixes we can make right away.
      • By having it in Core, it encourages themes to do it in a preferred way. And more importantly, provides consistent UX in the Customizer for users from theme to theme.
      • @celloexpressions to work on revised patch, @joemcgill to review for commit
    • #38387: Twenty Seventeen: Keyboard navigation on Safari 10
      • We would appreciate some other testing this patch; its been tested, but could use some more eyes on it.
     
  • Nick Halsey 2:49 am on October 24, 2016 Permalink |
    Tags: ,   

    Customize Update 2016-10-23 

    This is the weekly update post for the customize component. It includes a summary of this week’s meeting, recent commits, and next week’s meeting agenda.

    4.7 Feature Proposals & Merges

    Three proposal posts have been published and approved since our last update:

    Customize Changesets (formerly Transactions) Merge Proposal

    Customize Changesets Technical Design Decisions

    Feature Proposal: Better theme customizations via custom CSS with live previews

    All five of the major customize feature projects proposed for WordPress 4.7 have been successfully merged (in order):

    Work continues on follow up tickets for many of these projects. Please test everything in the customizer and report any bugs to trac. We still have a few pending enhancements that need to be completed by this Wednesday, 10/26, 4.7 beta 1, sorted by priority:

    1. #27403 Improve UI for linking areas of Customizer preview to corresponding controls (desktop and mobile) – has-patch, needs testing and adjustments
    2. #38263 Color picker: add a hue-only mode – has-patch, needed for Twenty Seventeen
    3. #28536 Add browser history and deep linking for navigation in Customizer preview – needs-patch punted
    4. #38164 Customize: assign static front page and posts page to new pages – has-patch
    5. #37964 Allow customizer controls to be encapsulated by accepting pre-instantiated settings – has-patch, needs adjustments
    6. #22058 Improve custom background properties UI – has-patch
    7. #29158 Customizer UI Design lacks contrast for visual hierarchy and does not match wp-admin – has-commit, has-patch for revisions

    Weekly Customize Meetings

    Our past two weekly meetings have focused on preparing our projects for commit. We’ll continue our weekly 4.7 meetings into beta and RC pending the volume of customize tickets remaining in the milestone. For this week’s meeting, our priority will be ensuring that the 7 remaining customize enhancements for 4.7, listed above, are committed before beta 1.

    Our weekly update posts will continue on a reduced schedule now that the bulk of 4.7 development is complete, and we’ll also continue posting dev notes for changes in 4.7.

    Recent Customize Commits

    Here are the customize-related commits for the past two weeks:

    • [38765]: Customize: Ensure `customize_validate_{$setting->id}` filters apply on input post_values for WP_Customize_Setting subclasses that neglect to apply the filter themselves.
    • [38766]: Customize: Improve message displayed in widgets panel when there are no widget areas currently displayed in the preview.
    • [38767]: Customize: Show Pages section first and pre-expanded in list of available menu items.
    • [38794]: Customize: Move Pages below Custom Links in available nav menu items panel.
    • [38807]: Customize: Skip triggering initial click on pages section for available nav menu items if already open.
    • [38810]: Customize: Implement customized state persistence with changesets. 
    • [38811]: Customize: Split out link `click.preview` and form `submit.preview` event handlers…
    • [38813]: Customize: Introduce a new experience for discovering, installing, and previewing themes in the customizer.
    • [38829]: Customize: Introduce custom CSS for extending theme styles.
    • [38830]: Customize: Fix unit tests when `twentyfifteeen` is `WP_DEFAULT_THEME` instead of twentyfifteen.
    • [38831]: Customize: Improve the labeling of background and header images in the list mode of the media library.
    • [38837]: Twenty Seventeen: Fix a PHP warning on fresh installs.
    • [38850]: Tests: Prevent Twenty Seventeen from interfering with Customizer tests.
    • [38851]: Tests: Prevent Twenty Seventeen from interfering with Customizer ajax tests.
    • [38853]: Customize: Add sticky headers for panels and sections.
    • [38862]: Customize: Revert part of [38859] which caused sections to get deactivated in the customizer.
    • [38867]: Twenty Seventeen: Add theme support for customize selective refresh.
    • [38881]: Customize: Keep previously uploaded header images in place.

    Big thanks to those who contributed to patches committed this week: @johnregan3, @celloexpressions, @folletto, @westonruter, @deltafactory, @coreymcollins, @desrosj, @pento, @delawski, @davidakennedy, @afercia, @karmatosed, @ryankienstra, @valendesigns, @utkarshpatel, @stubgo, @lgedeon, @ocean90, @mihai2u, @dlh, @aaroncampbell, @jonathanbardo, @jorbin.

    We’re always looking for more contributors; check out the open customize tickets and swing by #core-customize in Slack to get involved. Tickets in the Future Release milestone will be considered first for 4.8 if they have a patch.

     
  • Andrew Rockwell 3:13 pm on October 20, 2016 Permalink |
    Tags: ,   

    Week in Core, October 5 – 18, 2016 

    Welcome back the latest issue of Week in Core, covering changes [38736-38810]. Here are the highlights:

    • 74 commits
    • 76 contributors
    • 129 tickets created
    • 20 tickets reopened
    • 124 tickets closed

    Ticket numbers based on trac timeline for the period above. The following is a summary of commits, organized by component.

    Administration

    • Accessible Tags autocomplete: [38797] #33902
    • Better consistency for the Media, Add Plugins, and Add Themes toolbars. [38795] #38010

    Build/Test Tools

    • Continue eliminating randomness in tests. [38763] #37371
    • Begin eliminating unnecessary randomness in tests. [38762] #37371
    • Revert [38759]. PHPUnit’s @requires syntax was introduced in PHPUnit 3.7, but the tests for PHP 5.2 use PHPUnit 3.6 because it’s the latest version that supports PHP 5.2. [38761] #38256
    • Make use of PHPUnit’s @requires notation. [38759] #38256
    • HTTP API: Remove an unnecessary duplicate HTTP request in the HTTP tests. [38758] #30017
    • HTTP API: Convert the POST redirect test to use a dataProvider in order for its speed to be more accurately measured. [38757] #38237

    Charset

    • Allow _canonical_charset() to handle mixed-case strings. [38809] #38337

    Comments

    • When checking comments, returned error object should include HTTP status code. [38783] #36901
    • Abstract die() calls from comment submission routine. [38778] #36901
    • Pass $comment to the comment_max_links_url filter. [38748] #37955
    • Account for the comment_order option in get_page_of_comment(). [38740] #31101
    • Improve check for previous comments for authenticated users in check_comment(). [38738] #28603

    Customize

    • Implement customized state persistence with changesets. [38810] #28721, #31089, #30937, #31517, #30028, #23225, #34142, #36485
    • Skip triggering initial click on pages section for available nav menu items if already open. [38807] #36984
    • Move Pages below Custom Links in available nav menu items panel. [38794] #36984
    • Show Pages section first and pre-expanded in list of available nav menu items. [38767] #36984
    • Improve message displayed in widgets panel when there are no widget areas currently displayed in the preview. [38766] #36922
    • Ensure customize_validate_{$setting->id} filters apply on input post values for WP_Customize_Setting subclasses that neglect to apply the filter themselves. [38765] #37638
    • Add workaround for Safari bug causing preview frame to be unscrollable via mousewheel after a refresh. [38742] #38149

    Date/Time

    Editor

    • Add a role button to the Tags meta box tag cloud links. [38800] #38318
    • Do not send the request for releasing the post lock on unload when post_ID or active_post_lock is missing. [38772] #38271

    General

    • Docs: In get_pages() and wp_list_pages(), note that post_status argument can also be an array. [38798] #38136
    • XML-RPC: Re-add a global $wpdb missed in [38768]. [38775] #37699
    • Restore usage of $wpdb, instead of $this->db. [38768] #37699
    • Login: Don’t rely on wp_is_mobile() for functionality. [38739] #33704

    Media

    • Media modal: make it possible to reorder images by dragging on devices with both touch screen and mouse support. [38793] #31652
    • Correct the hostname used in the wp_get_attachment_metadata() test. [38760] #36246

    Menus

    Misc

    • Emoji: Update Emoji CDN filter default for resource hints. [38764] #38724
    • Updates for 4.6. Merge of and to the 4.6 branch.

    Networks and Sites

    • Multisite: Maintain switched state in site icon/logo functions. [38786] #38253
    • Multisite: Clarify that get_site_by_path() does not return exact matches. [38781] #38152

    Pings/Trackbacks

    • Add new pre_trackback_post action before a trackback is added to a post. [38791] #37007
    • Trackbacks: Allow the error message strings passed to trackback_response() to be translatable. [38741] #38214

    Plugins

    • Docs: Improve documentation for install_plugin_install_status(). [38805] #36912
    • Correctly display the current plugin in the plugin editor. [38745] #24122, #17552

    Posts, Post Types

    • Docs: Document global variables used by get_the_content(). [38746] #37173

    Query

    • Allow the hyphen-prefix-for-search-exclusion feature to be disabled by filter. [38792] #38099

    REST API

    Rewrite Rules

    • Make sure rewrite rules are not written until wp_loaded has fired [38751] #37892

    Role/Capability

    • Disregard the order of capabilities when testing that single site and multisite capability tests match. [38802] #38191
    • Add tests for all user roles that check custom capabilities that do not have any form of handling (eg. in a map_meta_cap filter). [38769] #38191

    Security

    Taxonomy

    • Cache results of term count queries. [38784] #38295
    • Specify taxonomy when populating cached object terms. [38779] #37291
    • Avoid a fatal error in the_tags() in the event that get_the_term_list() returns a WP_Error. [38777] #37291
    • Better error handling when fetching object terms from cache. [38776] #37291
    • On wp-admin/term.php, don’t show a ‘Back to’ link which links to the current page. [38753] #37573
    • Remove paged argument from referer and add it only if current page is greater than 1. [38752] #38194
    • Don’t drop term order and current page when bulk deleting terms. [38750] #38194
    • Introduce WP_Taxonomy and use it in register_taxonomy() and unregister_taxonomy(). [38747] #36224, #36217
    • Docs: Improvements to register_taxonomy() docblock. [38737] #38007

    Themes

    • Improve the inline documentation for the get_*_template() functions by providing examples instead of verbose explanations. [38789] #38249, #37770
    • Do not show an update button if there’s no update package. [38788] #37774
    • Remove paged.php from the theme template hierarchy. [38755] #38162

    TinyMCE

    • Remove the calls to getBookmark() and moveToBookmark() in IE. [38808] #38335
    • When editing pages, add body class with the page template, or page-template-default. [38803] #37599
    • Restore the monospace font in textareas in the TinyMCE UI. Make it same as in the Text editor. [38801] #38125
    • Prevent applying Indent and Outdent while an image with a caption is selected. [38796] #38313
    • Prevent iOS Safari from expanding the iframe width beyond the container width. [38782] #38289
    • Update the charmap plugin to the latest dev. version. [38780] #37936
    • Add support for custom dashicon for wp.mce.View.setLoader(). [38774] #37900
    • Update to 4.4.3, changelog: ​https://www.tinymce.com/docs/changelog/#version443-september12016 [38773] #38081, #38245, #37507, #37808, #38000
    • Allow pasting in image captions. Remove blocks and insert “ tags instead, also remove elements that would break the caption like other images, video, audio, etc. [38756] #36211

    Upgrade/Install

    • Show correct time of last checked update. [38743] #37554
    • Updates: Remove the ‘Download’ button on the Updates screen. [38736] #36811

    Users

    • Use the role name instead of the role display name when fetching the list of users with no role. This avoids false positives when dealing with user roles that, for example, contain spaces in the display name. [38787] #38234

    Thanks to @aaroncampbell, @abrightclearweb, @achbed, @adamsilverstein, @afercia, @akibjorklund, @aniketpant, @azaozz, @birgire, @bobbingwide, @boonebgorges, @boonebgorges for review, @celloexpressions, @Cheffheid, @choongsavvi, @choongsavvii, @Chouby, @chriseverson, @clarionwpdeveloper, @dd32, @desrosj, @dlh, @dmsnell, @DrewAPicture, @dshanske, @dungengronovius, @flixos90, @goranseric, @helen, @jamesacero, @jayarjo, @jdgrimes for initial patch, @jeremyfelt, @johnbillion, @jonathanbardo, @jorbin, @karmatosed, @koenschipper, @kraftbj, @lgedeon, @mattking5000, @MattyRob, @michalzuber, @mihai2u, @mikeviele, @morganestes, @mt8.biz, @needle, @ocean90, @pbearne, @pdufour for research, @pento, @peterwilsoncc, @PieWP for initial patch, @procodewp, @rachelbaker, @ryankienstra, @ryankienstra for initial patc, @sayedwp, @SergeyBiryukov, @solarissmoke, @stevenlinx, @stubgo, @sudar, @swissspidy, @tristangemus, @tristangemus for initial patch, @tywayne, @tyxla, @utkarshpatel, @valendesigns, @voldemortensen, @webmandesign, @websupporter, @westonruter, and @WraithKenny for their contributions!

     
  • Jeff Paul 4:00 am on October 20, 2016 Permalink |
    Tags: , ,   

    Dev Chat Summary: October 19 (4.7 week 9) 

    This post summarizes the dev chat meeting from October 19th (agenda, Slack archive).

    Reminders

    Dev Notes / Field Guides

    • In general, if you worked on something that needs to be called out for testing or building upon, there should be a post about it.  These are all tagged as `dev-notes` on the Make/Core site.  The target is everything written before beta 2 so we can get a field guide summarizing them and an email sent to all plugin developers while we are still in beta. In general all active components should have at least one post about what has changed.

    Final Merge Decisions

    • Twenty Seventeen (@davidakennedy)
      • Merge Proposal & Trac ticket
      • 59 contributors. Merging later today.
      • There are 34 issues left, some of which will be moved to Trac. There are 0 pull requests left.
      • A code review was performed by @aaroncampbell, and he didn’t find anything that should hold up merge.
      • Theme does not depend on any core features being merged before/at the same time, but will greatly benefit from any completed.
      • Video headers (#38172) needs consensus on the best approach and testing of functional patches
      • Merge proposal accepted. 🎉
    • REST API: Content API (@kadamwhite)
      • Merge ProposalSuccess metrics
      • 99 contributors. 25 merged PRs in the past 3 days. 27 issues left in the current milestone and a few stray PRs, which will be closed out shortly or moved to Trac.
      • Monday meeting in #core resulting in conditional merge approval
      • Conditions:
        • 1) 4.7: Press This / Quick Draft Core feature (#38343 and #38342)
        • 2) 4.7: Object / non-single level meta. @joehoyle, @jnylen and others have been working on this, tracking via GitHub.
        • 3) 4.7: Define success metrics (see link above)
        • 4) 4.7: Continuing to ensure the API forward compatibility (EVERYONE should be building things with it).
        • 5) 4.7: Review .com API settings discrepancies, determine how to resolve or where to document. @joehoyle, @jnylen and others have been working on this; Progress/documentation.
      • WP-API is code-frozen at this time; open enhancements will be ported over by @rachelbaker as appropriate.
      • Merge proposal accepted (“Let’s do it.”). 🎉

    Components and Other Enhancements

    • i18n (@swissspidy)
      • Nothing newsworthy from the i18n side which isn’t already on Make/Core.
    • Make it easier to visualize where to put your content in a given theme (aka “dummy content”)
      • If there are people out there interested in content writing and stuff like customizer integration, hit up @helen.
    • Media (@mikeschroder, @joemcgill)
      • We’re working on trying to get #31050 (Better PDF Upload Management) into shape for commit this week. Still some issues to iron out, but it’s getting close.
      • I want to call out that we’ve removed the automatic fallbacks for generating `alt` attributes from images with consultation from the a11y team to improve the user experience for screen readers. See: #34635 for details.
      • We have a few other things we’re looking at this week, but if there is anything pressing that needs eyes specifically from someone on the Media team, please reach out in #core-media.
    • Customize (@westonruter, @celloexpressions)
      • Remaining three major 4.7 feature projects merged in the last 24 hours.
      • #27403 and #38164 are our larger remaining tickets needing attention currently, with #29158 and #22058 pending final patches for review and discussion.
    • Editor (@azaozz, @iseulde)
      • TinyMCE: allow pasting in image captions (#36211) needs some more testing
        • Add an image in the editor, add a caption, then try pasting different things copied from another web page in it. This makes some assumptions of what the user expects, and what should happen, i.e. when pasting an image into a caption it should remove the image but let the text in, or keep all that is pasted but move it under the caption?
     
  • K.Adam White 11:15 pm on October 13, 2016 Permalink |
    Tags: ,   

    Merge Proposal Discussion: REST API Content Endpoints 

    There are discussion meetings and office hours in #core-restapi at 2016-10-14 14:00UTC and 2016-10-14 19:00UTC on Friday the 14th. Our next team meeting is on 2016-10-17 14:00UTC. Please attend some of all of these, because

    We are meeting at 2016-10-18 01:00 UTC to make a decision on this merge proposal!

    To that end, the below discussion points will be updated regularly, please leave comments on this post or join the conversation in #core-restapi.

    Yesterday at the dev chat the API Team proposed the Content API Endpoints for merge in WordPress 4.7. There was popular support for this feature but as @jorbin and @helen noted that the lack of dissent suggested additional review is needed, so the API Team is continuing to seek thorough review & constructive criticism of the content endpoints, including the open questions previously shared on the week 7 and week 8 API team updates.

    The merge proposal also engendered follow-up discussion in the #core-restapi channel about the benefit content endpoints bring to core, whether having such endpoints built in is quantifiably more beneficial than having them as a plugin, whether moving development from a plugin to core would slow development, and whether the endpoints as-proposed have been sufficiently reviewed for security and performance. We attempt to capture those questions & concerns (and the perspectives on them) below.

    Security

    Have the content API endpoints been thoroughly reviewed for security?

    • The REST API plugin has been on HackerOne for over a year with paid bounties for bugs
    • @barry has begun a security review

    Performance

    How does the API measure up against alternatives? Are there concerns about how the API could impact the servers to which it is deployed?

    • DeliciousBrains did a performance comparison with Admin AJAX and found the REST API to have a performance improvement (These tests have not yet been independently verified)
    • @mikeschroder notes in the comments that using the REST API in place of Admin-Ajax will also bring speed benefits by permitting many previously-uncacheable requests to be cached.

    User Feedback

    Are the content endpoints sufficiently well-tested & vetted by the community?

    • @matt questions whether feedback is coming too late in development for concerns to be acted upon
      • @rmccue notes that the v2 endpoints were created based on user feedback; REST API endpoints are being deployed by plugins and running on VIP, and the content endpoints have been in wide use across a variety of sites, leading to 90+ code contributors and far more developers’ support & feedback on the endpoints
    • @rmccue has also reached out to Phil Sturgeon for feedback and will follow up

    Do Content Endpoints Benefit Core Development?

    Will having these endpoints in core improve future core development, or solve any immediate problems?

    • @bradyvercher suggested that the content API endpoints would remove the need to write a variety of one-off ajax callbacks when developing future WordPress Core AJAX functionality
    • @westonruter notes that the customizer could dynamically create settings for posts and other kinds of content without having to wire up new admin-ajax handlers

    Will Merging Negatively Impact API Development?

    Will having to work through trac instead of GitHub cause development to atrophy?

    • @jjj argues that merging will slow development, because GitHub-hosted plugins are not bound to WordPress release cycles and have less overhead for features to be developed and deployed for testing. @jjj requested a plan for how the REST API will be developed going forward after the merge of these endpoints that would account for the added friction.
    • @krogsgard countered that core increases the visibility of a project like the content endpoints
      • The number of new contributors in this Slack discussion suggests that this merge proposal is bringing in new voices; whether this supports Brian’s point or not, the team is grateful for the breadth of perspectives being shared -Ed.
    • @rachelbaker suggested that the API endpoints are sufficiently inter-dependent with core WordPress code that maintaining the plugin separately amounts to maintaining a fork, and that such separated development is untenable long-term.
    • @matt hopes that a merge of these endpoints would slow release speed, but not development speed; @rmccue feels that development speed will stay the same or increase, and that tying releases to WordPress Core increases the stability and predictability of the API endpoints.
    • The versioning of the API endpoints supports forward compatibility

    Do Content Endpoints Belong on Every WordPress Site?

    What are the pros and cons to having every WordPress site have content API endpoints?

    • @rmccue suggests the API has network effects that can only be realized with a large install base. @krogsgard draws a comparison to RSS, the widespread availability of which enables everything from podcasting from WP to the use of apps like Feedly.
    • @matt suggests that the Atom API is a better analogue than RSS, which is an independent and pre-existing standard, and that network effects could be tested through inclusion in Jetpack
    • @joostdevalk notes that many plugins, like Yoast, have data tied to existing content such as posts and pages; either they expose the content through their own endpoints, or core does. If Core exposes content types through the API then plugins may build on top of that shared foundation, not independently reinvent the wheel. “if this doesn’t end up in core, we’ll start rolling our own API for stuff. Others will too. Interoperability won’t be there, for even the most basic stuff. I think this isn’t like RSS, I think this is much more like all of us using the same table space in MySQL.”
      • @shelob9 and @masonjames agree that merging the endpoints would create a consistent and reliable open “standard” that WordPress developers can use instead of continually reinventing how to read and edit post data over HTTP.
      • In response to the question “what prevents you from building on the endpoints in their plugin form,” @joostdevalk went on to note that plugin dependencies would make that a viable option, but that burden currently lies on the user. Plugin installation is not frictionless.
    • Can these endpoints be bundled? short takeaway: no
      • Woo bundled the API infrastructure before it was merged; doing so for content endpoints would require bundling prohibitively large amounts of endpoint code.
      • @nerrad worries that if plugins bundle different versions of the endpoints plugin, then those plugins may conflict if all bundled copies are not kept in sync.
        • @nerrad clarifies in the comments below that these worries also encompass the additional risk of conflicts when plugin authors each build their own versions of these content endpoints, instead of leveraging a shared standard: if two plugins each expose their own REST collection for posts, a developer working on a site with multiple such endpoints will need to decide which to extend, and will then have their extension tied to that specific plugin rather than to a core API.
    • @schrapel and @jorbin discussed that these content endpoints make it much easier to crawl a site, which also brings some potential performance concerns: no new content is exposed, but the process of aggregating it is easier and more easily automated.
    • In the  comments below @foliovision believes that merging the endpoints will be the best way to assert the level of back-compatibility that mid-size agencies need in order to confidently utilize the endpoints.

    Please leave thoughts, questions, concerns, comments & experience in the comments below. Thank you!

    Edited 2016-10-16 to include the below comments into the body of the post

     
    • FolioVision 11:27 pm on October 13, 2016 Permalink | Log in to Reply

      Great discussion summary Adam. As the leader of a mid-size development agency, the sooner these endpoints are in core, the sooner we can start to use the REST API. For smaller to medium size clients, trying to play pin the tail on a donkey on a moving train (i.e. different versions of the REST API plugin, different versions of core) is simply not economically or technologically viable.

      As long as the REST API team can commit to retaining some backward compatibility if the API endpoints must change significantly in a couple of major releases, I can’t see any benefit to keeping REST API separate from core. So much great work has gone into creating the additional REST potential, it would be a shame to see it remain bottled up and a niche product only for huge agencies and hosts like VIP.wordpress.com or WordPress.com.

    • Josh Pollock 11:39 pm on October 13, 2016 Permalink | Log in to Reply

      One thing I wanted to add to this is that the REST API adds standards. I and many others have written tons of custom systems for alternative ways to read and edit post data using admin-ajax, or using custom rewrite rules.

      The constant reinventing of the wheal is counter to the spirit of open-source. By agreeing to a standard, with tons of eyes on it, we can all do better with greater efficiency and security. This after all is why we use WordPress and other open-source tools, instead of making our own CMSes.

      • masonjames 12:53 pm on October 14, 2016 Permalink | Log in to Reply

        I want to affirm this point as well. Our agency looks to WordPress (core) to provide an opinion. We value the decisions and respect them (even when we disagree).

        Web development is an incredibly competitive space with pressures in open source and otherwise. Having content end points in core ensures consistency and reliability across the WP community.

    • rag-guay 7:00 am on October 14, 2016 Permalink | Log in to Reply

      I would like to be able to edit widgets from the desktop app. So slow over the net from Thailand!

      • K.Adam White 12:58 pm on October 14, 2016 Permalink | Log in to Reply

        That’s a good point and I agree we need a solution for it. On behalf of the API Team, support for editing widgets is on the roadmap but is not part of what’s being proposed for merge this cycle. It is definitely a common request, and is one of our priorities for 4.8 as we expand the site management capabilities of the API!

        You can see some early experiments from earlier this year towards this usage here: https://github.com/WP-API/wp-api-menus-widgets-endpoints

    • Darren Ethier (nerrad) 10:46 am on October 14, 2016 Permalink | Log in to Reply

      Great summary! A lot of great back and forth in that discussion thread that isn’t always easy to capture 🙂

      Just wanted to clarify that the comments I made were not only in regards to the possibility of conflicts if plugin authors bundled the plugin version of the REST API with their own plugins, but also, with the presence of the infrastructure already in WordPress core, there is the possibility of conflicts should plugin authors roll their own different versions of the content endpoints to support what they are doing.

      Imagine plugin author A has used to api infrastructure in WP core to build custom endpoints for his plugin and his users are asking if he can add some endpoints for their posts, pages and users as well, so he goes ahead and does that. In the meantime, plugin author B has users asking her to build custom endpoints for users that support her needs as well so she adds them. Then along comes User Sally who installs and activates both plugins. She contracts mobile app developer Jimmy to build an app for her that interacts with both plugins and her website. Jimmy starts running into conflicts between what “user” endpoint to use but he manages to get it working. Then Sally tells Jimmy that she wants to distribute this app for anybody using plugin A or plugin B and Jimmy starts thinking about building a custom user endpoint in a plugin that site owners will need to install to use the app to save having to worry in the mobile app about what user endpoint to utilize.

      There are definitely different technical solutions to the above example story, but the reality is, things would be MUCH simpler for all the actors in the story above if there was an accepted standard in WordPress core for the content endpoints. It prevents a lot of problems from occurring.

    • K.Adam White 1:00 pm on October 14, 2016 Permalink | Log in to Reply

      If I may make a request of the developer community: Share this with your colleagues and friends outside of WordPress. See what they like, and what they find rough; let us know what they think! We’ve been gathering outside input on this but for more is always better.

    • Mike Schroder 6:03 pm on October 14, 2016 Permalink | Log in to Reply

      I noted this in the #core chat this week, but from my perspective at a host, we’re excited that landing the REST API will have performance benefits — in particular, because it will mean that we can cache requests that could only go through `admin-ajax` previously (and were thus forced to be dynamic).

      This will help with scaling even if it’s found that performance for the actual time in PHP/MySQL is exactly the same.

      Gradually moving those requests (whether they be core related, or added with plugins) out of `admin-ajax` will also help SysEng/Support more easily spot which requests are problematic.

      • Matt Mullenweg 1:15 am on October 18, 2016 Permalink | Log in to Reply

        It probably won’t have any real-world performance benefit — the admin-ajax benchmark was kind of flawed, and you won’t be able to do HTTP-level caching unless you also support some quite-fancy invalidation.

    • Luke Cavanagh 9:49 pm on October 14, 2016 Permalink | Log in to Reply

      I only see this as positive thing to be in WP core.

    • Brian Richards 2:21 pm on October 17, 2016 Permalink | Log in to Reply

      I’m late to the party but I want to officially register my voice in favor of merging the content endpoints into core.

      As @joostdevalk mentioned in Slack (and others have discussed elsewhere), there are a lot of opportunities to include API-based interactions within a plugin that are stifled presently because of the dependency on the REST API as a plugin. While it does seem like a small thing to inform end-users “This plugin requires the WP REST API plugin” it’s still a burden they needn’t bear. Further, by relegating the REST API to a plugin it stifles the ability for API-based interactions across many sites. For instance, a plugin that creates a widget that shows the most recent comments across a number of sites that you don’t control (e.g. getting the latest comments from a variety make/core inside a personal dashboard … and having the ability to bookmark certain comments or posts into a “read later” list for later consumption).

      As @getsource mentions above there are some fantastic wins by moving these interactions that currently depend on admin-ajax.php into standard, cacheable API calls.

      The most convincing dissenting opinion that gave me reason to pause was @JJJ‘s post that merging would hinder development. I do believe that is true. However, I also believe @rachelbaker is correct in that maintaining parity within the plugin as a long-term stand-alone is implausible. Given the choice between a REST API that can adapt and change quickly at the expense of dying slowly from a thousand cuts and a REST API that changes slowly but maintains perfect core parity I will pick the latter, every time.

      TL;DR: I really want to see the REST API land in core because I want to build some fantastic utilities (for myself and others) that can communicate with many sites without necessarily requiring administrative access (the ability to install the REST API plugin) within those sites.

    • K.Adam White 2:30 pm on October 17, 2016 Permalink | Log in to Reply

      I don’t think we’ve noted yet that the endpoints here don’t just encompass the built-in types, but also the endpoints that extend them — `WP_REST_Controller` provides a strong base for implementing new endpoints, and a custom post type with `show_in_rest => true` will automatically pick up behavior extending that class without any further action from the developer than a single line in `register_post_type`.

      Aside from the benefits of augmenting a shared resource like the posts collection @joostdevalk mentions above, having a sharable code foundation for new custom classes has the potential to reduce a lot of endpoint class duplication and fragmentation across the plugin ecosystem.

  • K.Adam White 6:36 pm on October 12, 2016 Permalink |
    Tags: ,   

    REST API Team Update, 4.7 Week 8 

    Summary: Beta 15 has been released, there are open questions that would benefit from your feedback, and the Content API Endpoints and OAuth Server are being proposed for merge as distinct, separate enhancements to the existing WordPress REST API infrastructure.

    REST API v2 Beta 15 released

    The 15th beta release of the REST API content endpoints plugin was released on October 7. This release builds on top of the recent Beta 14 to…

    • Add support for Post Meta, Term Meta, User Meta and Comment Meta within their parent endpoints
    • Introduce a settings endpoint to allow key site setting values to be retrieved & modified using the API
    • Introduce query parameters to query for posts that are NOT IN one or many terms of specific taxonomies
    • Resolve bugs, including bad comparison logic when updating comments.

    Please try it out and report any outstanding issues; the REST API project gained its 90th code contributor this week and the team is deeply grateful for the energy and support of the broader WordPress community in testing out this merge-candidate plugin!

    New Questions & Discussion Items

    Items which have arisen through final ticket triage & review on which the team seeks feedback:

    1. Should the `filter` shim should be removed prior to merge? It is the majority position of the API team that `filter` be deprecated to dramatically improve the simplicity and consistency of API query functionality
    2. How should comments be handled for password-protected posts? Should the password be passed as a query parameter with the PUT/POST request, or is there a better option?
    3. Should the API match core’s logic when users with the `unfiltered_html` capability are creating or updating Posts or Comments?

    Meeting Notes

    At the weekly team meeting on October 10 the group reviewed open issues in the 2.0 milestone, which represents the candidate for our merge proposal shared last week.

    Meeting attendees agreed to review open issues and pull requests individually, and to reconvene on Tuesday at 1500UTC to ensure all priority tickets had an owner.

    At that meeting on October 11, the team reviewed the incoming feedback around the OAuth plugin (linked above). While the API team feels that having a built-in authentication solution provides a much-needed service, particularly to developers building mobile and desktop applications, the design and usability feedback we have received does indicate that the plugin needs more work.

    OAuth’s place in the Merge Proposal

    The API Team believes that the identified issues are resolvable, that the OAuth plugin is on track and that it should still be considered for merge in 4.7. However, after discussion within the team, input from @matt, and advice from @aaroncampbell and other core committers, we have edited our merge proposal to submit the Content API Endpoints and OAuth server as separate merge candidates. The API Team proposes both components for merge, but we submit the content endpoints for consideration independently of the OAuth1 server.

    Content Endpoints Without OAuth

    The Content API endpoints are stable, well-tested, and in wide production use across a variety of applications. Theme and plugin developers will benefit from having canonical, well-tested API endpoints in core, which may be used to query WordPress both from PHP code and from JavaScript applications running on the front-end or admin of WordPress. Sharing the endpoints for core data types enables increased consistency of what data is exposed and how it is persisted across different plugins, improving consistency and shortening development time by using . These themes and plugins have full read and write access to the API using the existing cookie & nonce authentication.

    Mobile and desktop applications can leverage these same endpoints in a read-only capacity to create a variety of powerful reader-oriented applications and tools that expand the capability of what WordPress can do today, such as a unified reader for Make WordPress blogs and other experiments hypothesized by @jorbin.

    Should OAuth 1 not be accepted for 4.7, secure write access for these external applications would still be only a plugin install away; and while having an OAuth server in core will provide a canonical approach for authenticating from remote applications, depending on the needs of a specific site or specific client application other authentication schemes may actually be preferable. Plugins exist for JWT Authentication and of course OAuth 2, and should OAuth 1 not be accepted for 4.7 these plugins may still be installed to enable an external application to opt-in to secure write access to your WordPress site.

    In Summary

    The API team submits for 4.7 merge consideration two enhancements to the REST API infrastructure: the Content API Endpoints for core WordPress datatypes, and an OAuth server which will reduce the setup time needed to securely interact with those endpoints from outside of WordPress. We believe these enhancements are each individually sufficiently tested and mature to meet the quality and security standards of WordPress Core, and each individually provides wide-reaching benefit to WordPress developers, and through them to the authors, readers & publishers of the web.

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel
Skip to toolbar