Make WordPress Core


Ignore:
Timestamp:
07/02/2016 06:38:07 PM (8 years ago)
Author:
westonruter
Message:

Customize: Reverse order of setting sanitization/validation, validating prior to sanitizing.

Reverses order where sanitization was being applied before validation originally in accordance with REST API logic.

Props westonruter, schlessera.
See #34893.
See #37192.
Fixes #37247.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/customize/manager.php

    r37700 r37942  
    192192
    193193    /**
     194     * Test the WP_Customize_Manager::post_value() method to make sure that the validation and sanitization are done in the right order.
     195     *
     196     * @ticket 37247
     197     */
     198    function test_post_value_validation_sanitization_order() {
     199        $default_value = '0';
     200        $setting = $this->manager->add_setting( 'numeric', array(
     201            'validate_callback' => array( $this, 'filter_customize_validate_numeric' ),
     202            'sanitize_callback' => array( $this, 'filter_customize_sanitize_numeric' ),
     203        ) );
     204        $this->assertEquals( $default_value, $this->manager->post_value( $setting, $default_value ) );
     205        $this->assertEquals( $default_value, $setting->post_value( $default_value ) );
     206
     207        $post_value = '42';
     208        $this->manager->set_post_value( 'numeric', $post_value );
     209        $this->assertEquals( $post_value, $this->manager->post_value( $setting, $default_value ) );
     210        $this->assertEquals( $post_value, $setting->post_value( $default_value ) );
     211    }
     212
     213    /**
     214     * Filter customize_validate callback for a numeric value.
     215     *
     216     * @param mixed $value Value.
     217     * @return string|WP_Error
     218     */
     219    function filter_customize_sanitize_numeric( $value ) {
     220        return absint( $value );
     221    }
     222
     223    /**
     224     * Filter customize_validate callback for a numeric value.
     225     *
     226     * @param WP_Error $validity Validity.
     227     * @param mixed    $value    Value.
     228     * @return WP_Error
     229     */
     230    function filter_customize_validate_numeric( $validity, $value ) {
     231        if ( ! is_string( $value ) || ! is_numeric( $value ) ) {
     232            $validity->add( 'invalid_value_in_validate', __( 'Invalid value.' ), array( 'source' => 'filter_customize_validate_numeric' ) );
     233        }
     234        return $validity;
     235    }
     236
     237    /**
    194238     * Test WP_Customize_Manager::validate_setting_values().
    195239     *
     
    233277        $this->assertEquals( 'invalid_value_in_validate', $error->get_error_code() );
    234278        $this->assertEquals( array( 'source' => 'filter_customize_validate_foo' ), $error->get_error_data() );
     279    }
     280
     281    /**
     282     * Test the WP_Customize_Manager::validate_setting_values() method to make sure that the validation and sanitization are done in the right order.
     283     *
     284     * @ticket 37247
     285     */
     286    function test_validate_setting_values_validation_sanitization_order() {
     287        $setting = $this->manager->add_setting( 'numeric', array(
     288            'validate_callback' => array( $this, 'filter_customize_validate_numeric' ),
     289            'sanitize_callback' => array( $this, 'filter_customize_sanitize_numeric' ),
     290        ) );
     291        $post_value = '42';
     292        $this->manager->set_post_value( 'numeric', $post_value );
     293        $validities = $this->manager->validate_setting_values( $this->manager->unsanitized_post_values() );
     294        $this->assertCount( 1, $validities );
     295        $this->assertEquals( array( 'numeric' => true ), $validities );
    235296    }
    236297
Note: See TracChangeset for help on using the changeset viewer.