Ticket #43208: 43208.5.diff
| File 43208.5.diff, 8.1 KB (added by , 6 years ago) |
|---|
-
src/wp-admin/options.php
220 220 } 221 221 $value = wp_unslash( $value ); 222 222 } 223 update_option( $option, $value ); 223 224 $validity = validate_option( $option, $value ); 225 226 if ( is_wp_error( $validity ) ) { 227 foreach ( $validity->errors as $code => $messages ) { 228 foreach ( $messages as $message ) { 229 add_settings_error( $option, $code, $message ); 230 } 231 } 232 } else { 233 update_option( $option, $value ); 234 } 224 235 } 225 236 226 237 /* -
src/wp-includes/class-wp-customize-manager.php
2300 2300 $validity = $setting->validate( $unsanitized_value ); 2301 2301 } 2302 2302 if ( ! is_wp_error( $validity ) ) { 2303 $late_validity = new WP_Error(); 2304 2305 // Use the regular option validation if the Customize setting is an option. 2306 if ( 'option' === $setting->type && ! $setting->is_multidimensional() ) { 2307 $option_validity = validate_option( $setting->id, $unsanitized_value ); 2308 if ( is_wp_error( $option_validity ) ) { 2309 $late_validity = $option_validity; 2310 } 2311 } 2312 2303 2313 /** This filter is documented in wp-includes/class-wp-customize-setting.php */ 2304 $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting );2314 $late_validity = apply_filters( "customize_validate_{$setting->id}", $late_validity, $unsanitized_value, $setting ); 2305 2315 if ( $late_validity->has_errors() ) { 2306 2316 $validity = $late_validity; 2307 2317 } -
src/wp-includes/class-wp-customize-setting.php
311 311 } 312 312 313 313 $id_base = $this->id_data['base']; 314 $is_multidimensional = ! empty( $this->id_data['keys']);314 $is_multidimensional = $this->is_multidimensional(); 315 315 $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); 316 316 317 317 /* … … 579 579 580 580 $validity = new WP_Error(); 581 581 582 // Use the regular option validation if the Customize setting is an option. 583 if ( 'option' === $this->type && ! $this->is_multidimensional() ) { 584 $option_validity = validate_option( $this->id, $value ); 585 if ( is_wp_error( $option_validity ) ) { 586 $validity = $option_validity; 587 } 588 } 589 582 590 /** 583 591 * Validates a Customize setting value. 584 592 * … … 635 643 protected function set_root_value( $value ) { 636 644 $id_base = $this->id_data['base']; 637 645 if ( 'option' === $this->type ) { 646 $option_validity = validate_option( $id_base, $value ); 647 if ( is_wp_error( $option_validity ) ) { 648 return false; 649 } 650 638 651 $autoload = true; 639 652 if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { 640 653 $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; … … 827 840 } 828 841 829 842 /** 843 * Checks whether the setting is part of a multidimensional root. 844 * 845 * @since 5.0.0 846 * 847 * @return bool True if the setting is multidimensional, false otherwise. 848 */ 849 final public function is_multidimensional() { 850 return ! empty( $this->id_data['keys'] ); 851 } 852 853 /** 830 854 * Multidimensional helper function. 831 855 * 832 856 * @since 3.4.0 -
src/wp-includes/formatting.php
4377 4377 } 4378 4378 4379 4379 /** 4380 * Validates an option value based on the nature of the option. 4381 * 4382 * The {@see 'validate_option_$option'} filter should be used to add errors 4383 * to the `WP_Error` object passed-through. 4384 * 4385 * @since 5.0.0 4386 * 4387 * @param string $option The name of the option. 4388 * @param string $value The unsanitized value. 4389 * @return true|WP_Error True if the input was validated, otherwise WP_Error. 4390 */ 4391 function validate_option( $option, $value ) { 4392 $validity = new WP_Error(); 4393 4394 /** 4395 * Validates an option value. 4396 * 4397 * Plugins should amend the `$validity` object via its `WP_Error::add()` method. 4398 * 4399 * The dynamic portion of the hook name, `$option`, refers to the option name. 4400 * 4401 * @since 5.0.0 4402 * 4403 * @param WP_Error $validity Filtered from `true` to `WP_Error` when invalid. 4404 * @param mixed $value The option value. 4405 */ 4406 $validity = apply_filters( "validate_option_{$option}", $validity, $value ); 4407 4408 if ( is_wp_error( $validity ) && empty( $validity->errors ) ) { 4409 $validity = true; 4410 } 4411 4412 return $validity; 4413 } 4414 4415 /** 4380 4416 * Sanitises various option values based on the nature of the option. 4381 4417 * 4382 4418 * This is basically a switch statement which will pass $value through a number -
src/wp-includes/option.php
2037 2037 * 2038 2038 * @since 2.7.0 2039 2039 * @since 4.7.0 `$args` can be passed to set flags on the setting, similar to `register_meta()`. 2040 * @since 5.0.0 Introduced the `$validate_callback` argument. 2040 2041 * 2041 2042 * @global array $new_whitelist_options 2042 2043 * @global array $wp_registered_settings … … 2050 2051 * @type string $type The type of data associated with this setting. 2051 2052 * Valid values are 'string', 'boolean', 'integer', and 'number'. 2052 2053 * @type string $description A description of the data attached to this setting. 2054 * @type callable $validate_callback A callback that checks validity of the option's value. 2053 2055 * @type callable $sanitize_callback A callback function that sanitizes the option's value. 2054 2056 * @type bool $show_in_rest Whether data associated with this setting should be included in the REST API. 2055 2057 * @type mixed $default Default value when calling `get_option()`. … … 2062 2064 'type' => 'string', 2063 2065 'group' => $option_group, 2064 2066 'description' => '', 2067 'validate_callback' => null, 2065 2068 'sanitize_callback' => null, 2066 2069 'show_in_rest' => false, 2067 2070 ); … … 2115 2118 } 2116 2119 2117 2120 $new_whitelist_options[ $option_group ][] = $option_name; 2121 if ( ! empty( $args['validate_callback'] ) ) { 2122 add_filter( "validate_option_{$option_name}", $args['validate_callback'], 10, 2 ); 2123 } 2118 2124 if ( ! empty( $args['sanitize_callback'] ) ) { 2119 2125 add_filter( "sanitize_option_{$option_name}", $args['sanitize_callback'] ); 2120 2126 } … … 2182 2188 } 2183 2189 2184 2190 if ( isset( $wp_registered_settings[ $option_name ] ) ) { 2191 // Remove the validate callback if one was set during registration. 2192 if ( ! empty( $wp_registered_settings[ $option_name ]['validate_callback'] ) ) { 2193 remove_filter( "validate_option_{$option_name}", $wp_registered_settings[ $option_name ]['validate_callback'], 10 ); 2194 } 2195 2185 2196 // Remove the sanitize callback if one was set during registration. 2186 2197 if ( ! empty( $wp_registered_settings[ $option_name ]['sanitize_callback'] ) ) { 2187 2198 remove_filter( "sanitize_option_{$option_name}", $wp_registered_settings[ $option_name ]['sanitize_callback'] ); -
src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
193 193 194 194 delete_option( $args['option_name'] ); 195 195 } else { 196 $validity = validate_option( $args['option_name'], $request[ $name ] ); 197 if ( is_wp_error( $validity ) ) { 198 foreach ( $validity->errors as $code => $messages ) { 199 $validity->add_data( array( 'status' => 400 ), $code ); 200 } 201 202 return $validity; 203 } 204 196 205 update_option( $args['option_name'], $request[ $name ] ); 197 206 } 198 207 }