Make WordPress Core


Ignore:
Timestamp:
07/02/2016 06:38:07 PM (9 years ago)
Author:
westonruter
Message:

Customize: Reverse order of setting sanitization/validation, validating prior to sanitizing.

Reverses order where sanitization was being applied before validation originally in accordance with REST API logic.

Props westonruter, schlessera.
See #34893.
See #37192.
Fixes #37247.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-customize-manager.php

    r37914 r37942  
    671671            return $default;
    672672        }
    673         $value = $setting->sanitize( $post_values[ $setting->id ] );
    674         if ( is_null( $value ) || is_wp_error( $value ) ) {
    675             return $default;
    676         }
     673        $value = $post_values[ $setting->id ];
    677674        $valid = $setting->validate( $value );
    678675        if ( is_wp_error( $valid ) ) {
     676            return $default;
     677        }
     678        $value = $setting->sanitize( $value );
     679        if ( is_null( $value ) || is_wp_error( $value ) ) {
    679680            return $default;
    680681        }
     
    10081009                continue;
    10091010            }
    1010             $validity = $setting->validate( $setting->sanitize( $unsanitized_value ) );
    1011             if ( false === $validity || null === $validity ) {
     1011            $validity = $setting->validate( $unsanitized_value );
     1012            if ( ! is_wp_error( $validity ) ) {
     1013                $value = $setting->sanitize( $unsanitized_value );
     1014                if ( is_null( $value ) ) {
     1015                    $validity = false;
     1016                } elseif ( is_wp_error( $value ) ) {
     1017                    $validity = $value;
     1018                }
     1019            }
     1020            if ( false === $validity ) {
    10121021                $validity = new WP_Error( 'invalid_value', __( 'Invalid value.' ) );
    10131022            }
Note: See TracChangeset for help on using the changeset viewer.