WordPress.org

Make WordPress Core

Changeset 39400


Ignore:
Timestamp:
12/01/2016 02:11:56 AM (4 years ago)
Author:
rachelbaker
Message:

REST API: Fix incorrect uses of rest_sanitize_value_from_schema().

In the check_username() and check_password() callbacks in the Users controller cast the provided request value to a string. The rest_sanitize_value_from_schema() function was being used incorrectly which was causing unintended request parsing.
In rest_sanitize_request_arg() do not pass nonexistent third parameter for the rest_sanitize_value_from_schema() function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.

Location:
trunk/src/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r39329 r39400  
    841841    $args = $attributes['args'][ $param ];
    842842
    843     return rest_sanitize_value_from_schema( $value, $args, $param );
     843    return rest_sanitize_value_from_schema( $value, $args );
    844844}
    845845
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

    r39348 r39400  
    10281028     */
    10291029    public function check_username( $value, $request, $param ) {
    1030         $username = (string) rest_sanitize_value_from_schema( $value, $request, $param );
     1030        $username = (string) $value;
    10311031
    10321032        if ( ! validate_username( $username ) ) {
     
    10571057     */
    10581058    public function check_user_password( $value, $request, $param ) {
    1059         $password = (string) rest_sanitize_value_from_schema( $value, $request, $param );
     1059        $password = (string) $value;
    10601060
    10611061        if ( empty( $password ) ) {
Note: See TracChangeset for help on using the changeset viewer.