Ticket #43208: 43208.6.diff
| File 43208.6.diff, 8.1 KB (added by , 5 years ago) |
|---|
-
src/wp-admin/options.php
280 280 } 281 281 $value = wp_unslash( $value ); 282 282 } 283 update_option( $option, $value ); 283 284 $validity = validate_option( $option, $value ); 285 286 if ( is_wp_error( $validity ) ) { 287 foreach ( $validity->errors as $code => $messages ) { 288 foreach ( $messages as $message ) { 289 add_settings_error( $option, $code, $message ); 290 } 291 } 292 } else { 293 update_option( $option, $value ); 294 } 284 295 } 285 296 286 297 /* -
src/wp-includes/class-wp-customize-manager.php
2302 2302 $validity = $setting->validate( $unsanitized_value ); 2303 2303 } 2304 2304 if ( ! is_wp_error( $validity ) ) { 2305 $late_validity = new WP_Error(); 2306 2307 // Use the regular option validation if the Customize setting is an option. 2308 if ( 'option' === $setting->type && ! $setting->is_multidimensional() ) { 2309 $option_validity = validate_option( $setting->id, $unsanitized_value ); 2310 if ( is_wp_error( $option_validity ) ) { 2311 $late_validity = $option_validity; 2312 } 2313 } 2314 2305 2315 /** This filter is documented in wp-includes/class-wp-customize-setting.php */ 2306 $late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting );2316 $late_validity = apply_filters( "customize_validate_{$setting->id}", $late_validity, $unsanitized_value, $setting ); 2307 2317 if ( is_wp_error( $late_validity ) && $late_validity->has_errors() ) { 2308 2318 $validity = $late_validity; 2309 2319 } -
src/wp-includes/class-wp-customize-setting.php
311 311 } 312 312 313 313 $id_base = $this->id_data['base']; 314 $is_multidimensional = ! empty( $this->id_data['keys']);314 $is_multidimensional = $this->is_multidimensional(); 315 315 $multidimensional_filter = array( $this, '_multidimensional_preview_filter' ); 316 316 317 317 /* … … 579 579 580 580 $validity = new WP_Error(); 581 581 582 // Use the regular option validation if the Customize setting is an option. 583 if ( 'option' === $this->type && ! $this->is_multidimensional() ) { 584 $option_validity = validate_option( $this->id, $value ); 585 if ( is_wp_error( $option_validity ) ) { 586 $validity = $option_validity; 587 } 588 } 589 582 590 /** 583 591 * Validates a Customize setting value. 584 592 * … … 635 643 protected function set_root_value( $value ) { 636 644 $id_base = $this->id_data['base']; 637 645 if ( 'option' === $this->type ) { 646 $option_validity = validate_option( $id_base, $value ); 647 if ( is_wp_error( $option_validity ) ) { 648 return false; 649 } 650 638 651 $autoload = true; 639 652 if ( isset( self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload'] ) ) { 640 653 $autoload = self::$aggregated_multidimensionals[ $this->type ][ $this->id_data['base'] ]['autoload']; … … 827 840 } 828 841 829 842 /** 843 * Checks whether the setting is part of a multidimensional root. 844 * 845 * @since 5.0.0 846 * 847 * @return bool True if the setting is multidimensional, false otherwise. 848 */ 849 final public function is_multidimensional() { 850 return ! empty( $this->id_data['keys'] ); 851 } 852 853 /** 830 854 * Multidimensional helper function. 831 855 * 832 856 * @since 3.4.0 -
src/wp-includes/formatting.php
4381 4381 } 4382 4382 4383 4383 /** 4384 * Validates an option value based on the nature of the option. 4385 * 4386 * The {@see 'validate_option_$option'} action should be used to add errors 4387 * to the `WP_Error` object passed-through. 4388 * 4389 * @since 5.0.0 4390 * 4391 * @param string $option The name of the option. 4392 * @param string $value The unsanitized value. 4393 * @return true|WP_Error True if the input was validated, otherwise WP_Error. 4394 */ 4395 function validate_option( $option, $value ) { 4396 $errors = new WP_Error(); 4397 4398 /** 4399 * Validates an option value. 4400 * 4401 * Plugins should amend the `$errors` object via its `WP_Error::add()` method. 4402 * 4403 * The dynamic portion of the hook name, `$option`, refers to the option name. 4404 * 4405 * @since 5.0.0 4406 * 4407 * @param WP_Error $errors Error object to add validation errors to. 4408 * @param mixed $value The option value. 4409 */ 4410 do_action( "validate_option_{$option}", $errors, $value ); 4411 4412 if ( empty( $errors->errors ) ) { 4413 return true; 4414 } 4415 4416 return $errors; 4417 } 4418 4419 /** 4384 4420 * Sanitises various option values based on the nature of the option. 4385 4421 * 4386 4422 * This is basically a switch statement which will pass $value through a number -
src/wp-includes/option.php
2075 2075 * 2076 2076 * @since 2.7.0 2077 2077 * @since 4.7.0 `$args` can be passed to set flags on the setting, similar to `register_meta()`. 2078 * @since 5.0.0 Introduced the `$validate_callback` argument. 2078 2079 * 2079 2080 * @global array $new_whitelist_options 2080 2081 * @global array $wp_registered_settings … … 2088 2089 * @type string $type The type of data associated with this setting. 2089 2090 * Valid values are 'string', 'boolean', 'integer', and 'number'. 2090 2091 * @type string $description A description of the data attached to this setting. 2092 * @type callable $validate_callback A callback that checks validity of the option's value. 2091 2093 * @type callable $sanitize_callback A callback function that sanitizes the option's value. 2092 2094 * @type bool $show_in_rest Whether data associated with this setting should be included in the REST API. 2093 2095 * @type mixed $default Default value when calling `get_option()`. … … 2100 2102 'type' => 'string', 2101 2103 'group' => $option_group, 2102 2104 'description' => '', 2105 'validate_callback' => null, 2103 2106 'sanitize_callback' => null, 2104 2107 'show_in_rest' => false, 2105 2108 ); … … 2155 2158 } 2156 2159 2157 2160 $new_whitelist_options[ $option_group ][] = $option_name; 2161 if ( ! empty( $args['validate_callback'] ) ) { 2162 add_action( "validate_option_{$option_name}", $args['validate_callback'], 10, 2 ); 2163 } 2158 2164 if ( ! empty( $args['sanitize_callback'] ) ) { 2159 2165 add_filter( "sanitize_option_{$option_name}", $args['sanitize_callback'] ); 2160 2166 } … … 2225 2231 } 2226 2232 2227 2233 if ( isset( $wp_registered_settings[ $option_name ] ) ) { 2234 // Remove the validate callback if one was set during registration. 2235 if ( ! empty( $wp_registered_settings[ $option_name ]['validate_callback'] ) ) { 2236 remove_filter( "validate_option_{$option_name}", $wp_registered_settings[ $option_name ]['validate_callback'], 10 ); 2237 } 2238 2228 2239 // Remove the sanitize callback if one was set during registration. 2229 2240 if ( ! empty( $wp_registered_settings[ $option_name ]['sanitize_callback'] ) ) { 2230 2241 remove_filter( "sanitize_option_{$option_name}", $wp_registered_settings[ $option_name ]['sanitize_callback'] ); -
src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
197 197 198 198 delete_option( $args['option_name'] ); 199 199 } else { 200 $validity = validate_option( $args['option_name'], $request[ $name ] ); 201 if ( is_wp_error( $validity ) ) { 202 foreach ( $validity->errors as $code => $messages ) { 203 $validity->add_data( array( 'status' => 400 ), $code ); 204 } 205 206 return $validity; 207 } 208 200 209 update_option( $args['option_name'], $request[ $name ] ); 201 210 } 202 211 }