Make WordPress Core

Changeset 37942


Ignore:
Timestamp:
07/02/2016 06:38:07 PM (8 years ago)
Author:
westonruter
Message:

Customize: Reverse order of setting sanitization/validation, validating prior to sanitizing.

Reverses order where sanitization was being applied before validation originally in accordance with REST API logic.

Props westonruter, schlessera.
See #34893.
See #37192.
Fixes #37247.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-manager.php

    r37914 r37942  
    671671            return $default;
    672672        }
    673         $value = $setting->sanitize( $post_values[ $setting->id ] );
    674         if ( is_null( $value ) || is_wp_error( $value ) ) {
    675             return $default;
    676         }
     673        $value = $post_values[ $setting->id ];
    677674        $valid = $setting->validate( $value );
    678675        if ( is_wp_error( $valid ) ) {
     676            return $default;
     677        }
     678        $value = $setting->sanitize( $value );
     679        if ( is_null( $value ) || is_wp_error( $value ) ) {
    679680            return $default;
    680681        }
     
    10081009                continue;
    10091010            }
    1010             $validity = $setting->validate( $setting->sanitize( $unsanitized_value ) );
    1011             if ( false === $validity || null === $validity ) {
     1011            $validity = $setting->validate( $unsanitized_value );
     1012            if ( ! is_wp_error( $validity ) ) {
     1013                $value = $setting->sanitize( $unsanitized_value );
     1014                if ( is_null( $value ) ) {
     1015                    $validity = false;
     1016                } elseif ( is_wp_error( $value ) ) {
     1017                    $validity = $value;
     1018                }
     1019            }
     1020            if ( false === $validity ) {
    10121021                $validity = new WP_Error( 'invalid_value', __( 'Invalid value.' ) );
    10131022            }
  • trunk/tests/phpunit/tests/customize/manager.php

    r37700 r37942  
    192192
    193193    /**
     194     * Test the WP_Customize_Manager::post_value() method to make sure that the validation and sanitization are done in the right order.
     195     *
     196     * @ticket 37247
     197     */
     198    function test_post_value_validation_sanitization_order() {
     199        $default_value = '0';
     200        $setting = $this->manager->add_setting( 'numeric', array(
     201            'validate_callback' => array( $this, 'filter_customize_validate_numeric' ),
     202            'sanitize_callback' => array( $this, 'filter_customize_sanitize_numeric' ),
     203        ) );
     204        $this->assertEquals( $default_value, $this->manager->post_value( $setting, $default_value ) );
     205        $this->assertEquals( $default_value, $setting->post_value( $default_value ) );
     206
     207        $post_value = '42';
     208        $this->manager->set_post_value( 'numeric', $post_value );
     209        $this->assertEquals( $post_value, $this->manager->post_value( $setting, $default_value ) );
     210        $this->assertEquals( $post_value, $setting->post_value( $default_value ) );
     211    }
     212
     213    /**
     214     * Filter customize_validate callback for a numeric value.
     215     *
     216     * @param mixed $value Value.
     217     * @return string|WP_Error
     218     */
     219    function filter_customize_sanitize_numeric( $value ) {
     220        return absint( $value );
     221    }
     222
     223    /**
     224     * Filter customize_validate callback for a numeric value.
     225     *
     226     * @param WP_Error $validity Validity.
     227     * @param mixed    $value    Value.
     228     * @return WP_Error
     229     */
     230    function filter_customize_validate_numeric( $validity, $value ) {
     231        if ( ! is_string( $value ) || ! is_numeric( $value ) ) {
     232            $validity->add( 'invalid_value_in_validate', __( 'Invalid value.' ), array( 'source' => 'filter_customize_validate_numeric' ) );
     233        }
     234        return $validity;
     235    }
     236
     237    /**
    194238     * Test WP_Customize_Manager::validate_setting_values().
    195239     *
     
    233277        $this->assertEquals( 'invalid_value_in_validate', $error->get_error_code() );
    234278        $this->assertEquals( array( 'source' => 'filter_customize_validate_foo' ), $error->get_error_data() );
     279    }
     280
     281    /**
     282     * Test the WP_Customize_Manager::validate_setting_values() method to make sure that the validation and sanitization are done in the right order.
     283     *
     284     * @ticket 37247
     285     */
     286    function test_validate_setting_values_validation_sanitization_order() {
     287        $setting = $this->manager->add_setting( 'numeric', array(
     288            'validate_callback' => array( $this, 'filter_customize_validate_numeric' ),
     289            'sanitize_callback' => array( $this, 'filter_customize_sanitize_numeric' ),
     290        ) );
     291        $post_value = '42';
     292        $this->manager->set_post_value( 'numeric', $post_value );
     293        $validities = $this->manager->validate_setting_values( $this->manager->unsanitized_post_values() );
     294        $this->assertCount( 1, $validities );
     295        $this->assertEquals( array( 'numeric' => true ), $validities );
    235296    }
    236297
Note: See TracChangeset for help on using the changeset viewer.