WordPress.org

Make WordPress Core

Changeset 37943


Ignore:
Timestamp:
07/02/2016 11:02:45 PM (4 years ago)
Author:
rachelbaker
Message:

REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.

Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization.

Props schlessera, rachelbaker.
See #37247.
Fixes #37192.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r37903 r37943  
    854854                    $request->set_attributes( $handler );
    855855
    856                     $request->sanitize_params();
    857 
    858856                    $defaults = array();
    859857
     
    870868                        $response = $check_required;
    871869                    }
     870
     871                    $request->sanitize_params();
    872872                }
    873873
  • trunk/tests/phpunit/tests/rest-api/rest-server.php

    r37905 r37943  
    942942
    943943    /**
     944     * Make sure that a sanitization that transforms the argument type will not
     945     * cause the validation to fail.
     946     *
     947     * @ticket 37192
     948     */
     949    public function test_rest_validate_before_sanitization() {
     950        register_rest_route( 'test-ns', '/test', array(
     951            'methods'  => array( 'GET' ),
     952            'callback' => '__return_null',
     953            'args' => array(
     954                'someinteger' => array(
     955                    'validate_callback' => array( $this, '_validate_as_integer_123' ),
     956                    'sanitize_callback' => 'absint',
     957                ),
     958                'somestring'  => array(
     959                    'validate_callback' => array( $this, '_validate_as_string_foo' ),
     960                    'sanitize_callback' => 'absint',
     961                ),
     962            ),
     963        ) );
     964
     965        $request = new WP_REST_Request( 'GET', '/test-ns/test' );
     966        $request->set_query_params( array( 'someinteger' => 123, 'somestring' => 'foo' ) );
     967        $response = $this->server->dispatch( $request );
     968
     969        $this->assertEquals( 200, $response->get_status() );
     970    }
     971
     972    public function _validate_as_integer_123( $value, $request, $key ) {
     973        if ( ! is_int( $value ) ) {
     974            return new WP_Error( 'some-error', 'This is not valid!' );
     975        }
     976
     977        return true;
     978    }
     979
     980    public function _validate_as_string_foo( $value, $request, $key ) {
     981        if ( ! is_string( $value ) ) {
     982            return new WP_Error( 'some-error', 'This is not valid!' );
     983        }
     984
     985        return true;
     986    }
     987
     988    /**
    944989     * @return array {
    945990     *     @type array {
Note: See TracChangeset for help on using the changeset viewer.