WordPress.org

Make WordPress Core

Changeset 38601


Ignore:
Timestamp:
09/14/2016 03:49:37 PM (21 months ago)
Author:
joehoyle
Message:

REST API: Enable sanitize_callback to return WP_Error.

Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-request.php

    r37674 r38601  
    781781     * @access public
    782782     *
    783      * @return true|null True if there are no parameters to sanitize, null otherwise.
     783     * @return true|WP_Error True if parameters were sanitized, WP_Error if an error occurred during sanitization.
    784784     */
    785785    public function sanitize_params() {
    786 
    787786        $attributes = $this->get_attributes();
    788787
     
    793792
    794793        $order = $this->get_parameter_order();
     794
     795        $invalid_params = array();
    795796
    796797        foreach ( $order as $type ) {
     
    800801            foreach ( $this->params[ $type ] as $key => $value ) {
    801802                // Check if this param has a sanitize_callback added.
    802                 if ( isset( $attributes['args'][ $key ] ) && ! empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) {
    803                     $this->params[ $type ][ $key ] = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key );
     803                if ( ! isset( $attributes['args'][ $key ] ) || empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) {
     804                    continue;
     805                }
     806
     807                $sanitized_value = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key );
     808
     809                if ( is_wp_error( $sanitized_value ) ) {
     810                    $invalid_params[ $key ] = $sanitized_value->get_error_message();
     811                } else {
     812                    $this->params[ $type ][ $key ] = $sanitized_value;
    804813                }
    805814            }
    806815        }
    807         return null;
     816
     817        if ( $invalid_params ) {
     818            return new WP_Error( 'rest_invalid_param', sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params ) );
     819        }
     820
     821        return true;
    808822    }
    809823
     
    818832     */
    819833    public function has_valid_params() {
    820 
    821834        $attributes = $this->get_attributes();
    822835        $required = array();
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r38037 r38601  
    867867                    if ( is_wp_error( $check_required ) ) {
    868868                        $response = $check_required;
     869                    } else {
     870                        $check_sanitized = $request->sanitize_params();
     871                        if ( is_wp_error( $check_sanitized ) ) {
     872                            $response = $check_sanitized;
     873                        }
    869874                    }
    870 
    871                     $request->sanitize_params();
    872875                }
    873876
  • trunk/tests/phpunit/tests/rest-api/rest-request.php

    r36678 r38601  
    308308        $this->assertEquals( 123, $this->request->get_param( 'someinteger' ) );
    309309        $this->assertEquals( 0, $this->request->get_param( 'somestring' ) );
     310    }
     311
     312    public function test_sanitize_params_error() {
     313        $this->request->set_url_params( array(
     314            'successparam' => '123',
     315            'failparam'    => '123',
     316        ));
     317        $this->request->set_attributes( array(
     318            'args' => array(
     319                'successparam' => array(
     320                    'sanitize_callback' => 'absint',
     321                ),
     322                'failparam' => array(
     323                    'sanitize_callback' => array( $this, '_return_wp_error_on_validate_callback' ),
     324                ),
     325            ),
     326        ));
     327
     328        $valid = $this->request->sanitize_params();
     329        $this->assertWPError( $valid );
     330        $this->assertEquals( 'rest_invalid_param', $valid->get_error_code() );
    310331    }
    311332
Note: See TracChangeset for help on using the changeset viewer.