Changeset 39400 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

Timestamp:

12/01/2016 02:11:56 AM (8 years ago)

Author:

rachelbaker

Message:

REST API: Fix incorrect uses of rest_sanitize_value_from_schema().

In the check_username() and check_password() callbacks in the Users controller cast the provided request value to a string. The rest_sanitize_value_from_schema() function was being used incorrectly which was causing unintended request parsing.
In rest_sanitize_request_arg() do not pass nonexistent third parameter for the rest_sanitize_value_from_schema() function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (modified) (2 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

@@ -1028 +1028 @@
      */
     public function check_username( $value, $request, $param ) {
-        $username = (string) rest_sanitize_value_from_schema( $value, $request, $param );
+        $username = (string) $value;
 
         if ( ! validate_username( $username ) ) {
@@ -1057 +1057 @@
      */
     public function check_user_password( $value, $request, $param ) {
-        $password = (string) rest_sanitize_value_from_schema( $value, $request, $param );
+        $password = (string) $value;
 
         if ( empty( $password ) ) {