In some environments, the PHP_AUTH_USER/PW server vars are empty which
prevents SSL authentication from working properly. This commit allows
the use of a query string fallback (e.g.
`?consumer_key=123&consumer_secret=abc`) for providing credentials over
SSL.
Fixes#5207
The parameters provided to the API endpoints only contain the
parameters specified in the method signature so there’s no need to
strip out the OAuth params.
The OAuth spec indicates that the full query string should be URL
encoded. The array_walk method does not change keys so when used with a
parameter like `filter[period]=week`, the key is not properly encoded.
This fixes that by properly encoding both the key and value.
When WordPress is running inside of a sub-directory,
get_woocommerce_api_url() returns the domain along with the
sub-directory path, which results in a duplicate path when the API
request string is added. This commit fixes this by fetching only the
home host and adding the request path to it. set_url_scheme() is used
to set the scheme to either http or https based on the request itself
instead of basing it on whether force_ssl_checkout is enabled or not.
Simply returning ‘guest’ for the customer property changes the data
type of the response from a dictionary to string which is bad for
clients that should be able to always expect a dictionary. This commit
fixes that by using the same dictionary structure as registered
customer orders, but excluding fields which aren’t applicable. Clients
can determine guest vs. registered customer orders by inspecting the
value of customer ID, which is 0 for guest orders.
This commit completes the XML response handler and adjusts the output
format for all resources to include a top-level property that encloses
the response. This is more consistent with the multi-resource (e.g. GET
/orders) response.
Part of #4165
Max Rice
Mike Jolley
Gerhard
Gregory K
claudiosmweb
Coen Jacobs
Ryan McCue