WordPress.org

Make WordPress Core


Ignore:
Timestamp:
09/14/2016 03:49:37 PM (22 months ago)
Author:
joehoyle
Message:

REST API: Enable sanitize_callback to return WP_Error.

Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-request.php

    r37674 r38601  
    781781     * @access public
    782782     *
    783      * @return true|null True if there are no parameters to sanitize, null otherwise.
     783     * @return true|WP_Error True if parameters were sanitized, WP_Error if an error occurred during sanitization.
    784784     */
    785785    public function sanitize_params() {
    786 
    787786        $attributes = $this->get_attributes();
    788787
     
    793792
    794793        $order = $this->get_parameter_order();
     794
     795        $invalid_params = array();
    795796
    796797        foreach ( $order as $type ) {
     
    800801            foreach ( $this->params[ $type ] as $key => $value ) {
    801802                // Check if this param has a sanitize_callback added.
    802                 if ( isset( $attributes['args'][ $key ] ) && ! empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) {
    803                     $this->params[ $type ][ $key ] = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key );
     803                if ( ! isset( $attributes['args'][ $key ] ) || empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) {
     804                    continue;
     805                }
     806
     807                $sanitized_value = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key );
     808
     809                if ( is_wp_error( $sanitized_value ) ) {
     810                    $invalid_params[ $key ] = $sanitized_value->get_error_message();
     811                } else {
     812                    $this->params[ $type ][ $key ] = $sanitized_value;
    804813                }
    805814            }
    806815        }
    807         return null;
     816
     817        if ( $invalid_params ) {
     818            return new WP_Error( 'rest_invalid_param', sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params ) );
     819        }
     820
     821        return true;
    808822    }
    809823
     
    818832     */
    819833    public function has_valid_params() {
    820 
    821834        $attributes = $this->get_attributes();
    822835        $required = array();
Note: See TracChangeset for help on using the changeset viewer.