WordPress.org

Make WordPress Core

Changeset 38601


Ignore:
Timestamp:
09/14/16 15:49:37 (13 months ago)
Author:
joehoyle
Message:

REST API: Enable sanitize_callback to return WP_Error.

Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-request.php

    r37674 r38601  
    781781     * @access public 
    782782     * 
    783      * @return true|null True if there are no parameters to sanitize, null otherwise. 
     783     * @return true|WP_Error True if parameters were sanitized, WP_Error if an error occurred during sanitization. 
    784784     */ 
    785785    public function sanitize_params() { 
    786  
    787786        $attributes = $this->get_attributes(); 
    788787 
     
    793792 
    794793        $order = $this->get_parameter_order(); 
     794 
     795        $invalid_params = array(); 
    795796 
    796797        foreach ( $order as $type ) { 
     
    800801            foreach ( $this->params[ $type ] as $key => $value ) { 
    801802                // Check if this param has a sanitize_callback added. 
    802                 if ( isset( $attributes['args'][ $key ] ) && ! empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) { 
    803                     $this->params[ $type ][ $key ] = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key ); 
     803                if ( ! isset( $attributes['args'][ $key ] ) || empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) { 
     804                    continue; 
     805                } 
     806 
     807                $sanitized_value = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key ); 
     808 
     809                if ( is_wp_error( $sanitized_value ) ) { 
     810                    $invalid_params[ $key ] = $sanitized_value->get_error_message(); 
     811                } else { 
     812                    $this->params[ $type ][ $key ] = $sanitized_value; 
    804813                } 
    805814            } 
    806815        } 
    807         return null; 
     816 
     817        if ( $invalid_params ) { 
     818            return new WP_Error( 'rest_invalid_param', sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params ) ); 
     819        } 
     820 
     821        return true; 
    808822    } 
    809823 
     
    818832     */ 
    819833    public function has_valid_params() { 
    820  
    821834        $attributes = $this->get_attributes(); 
    822835        $required = array(); 
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r38037 r38601  
    867867                    if ( is_wp_error( $check_required ) ) { 
    868868                        $response = $check_required; 
     869                    } else { 
     870                        $check_sanitized = $request->sanitize_params(); 
     871                        if ( is_wp_error( $check_sanitized ) ) { 
     872                            $response = $check_sanitized; 
     873                        } 
    869874                    } 
    870  
    871                     $request->sanitize_params(); 
    872875                } 
    873876 
  • trunk/tests/phpunit/tests/rest-api/rest-request.php

    r36678 r38601  
    308308        $this->assertEquals( 123, $this->request->get_param( 'someinteger' ) ); 
    309309        $this->assertEquals( 0, $this->request->get_param( 'somestring' ) ); 
     310    } 
     311 
     312    public function test_sanitize_params_error() { 
     313        $this->request->set_url_params( array( 
     314            'successparam' => '123', 
     315            'failparam'    => '123', 
     316        )); 
     317        $this->request->set_attributes( array( 
     318            'args' => array( 
     319                'successparam' => array( 
     320                    'sanitize_callback' => 'absint', 
     321                ), 
     322                'failparam' => array( 
     323                    'sanitize_callback' => array( $this, '_return_wp_error_on_validate_callback' ), 
     324                ), 
     325            ), 
     326        )); 
     327 
     328        $valid = $this->request->sanitize_params(); 
     329        $this->assertWPError( $valid ); 
     330        $this->assertEquals( 'rest_invalid_param', $valid->get_error_code() ); 
    310331    } 
    311332 
Note: See TracChangeset for help on using the changeset viewer.