Context Navigation

← Previous Change
Next Change →

rest-schema-sanitization.php

Timestamp:

10/24/2017 09:04:50 PM (6 years ago)

Author:

joehoyle

Message:

REST API: Don’t remove unregistered properties from objects in schema.

In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.

See #38583.

File:

: 1 edited

trunk/tests/phpunit/tests/rest-api/rest-schema-sanitization.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/tests/phpunit/tests/rest-api/rest-schema-sanitization.php

-                      r41727
+                      r42000
         $this->assertEquals( array( 'a' => 1 ), rest_sanitize_value_from_schema( array( 'a' => 1 ), $schema ) );
         $this->assertEquals( array( 'a' => 1 ), rest_sanitize_value_from_schema( array( 'a' => '1' ), $schema ) );
+        $this->assertEquals( array( 'a' => 1, 'b' => 1 ), rest_sanitize_value_from_schema( array( 'a' => '1', 'b' => 1 ), $schema ) );
+    }
+    public function test_type_object_strips_additional_properties() {
+        $schema = array(
+            'type'       => 'object',
+            'properties' => array(
+                'a' => array(
+                    'type' => 'number',
+                ),
+            ),
+            'additionalProperties' => false,
+        );
+        $this->assertEquals( array( 'a' => 1 ), rest_sanitize_value_from_schema( array( 'a' => 1 ), $schema ) );
+        $this->assertEquals( array( 'a' => 1 ), rest_sanitize_value_from_schema( array( 'a' => '1' ), $schema ) );
+        $this->assertEquals( array( 'a' => 1 ), rest_sanitize_value_from_schema( array( 'a' => '1', 'b' => 1 ), $schema ) );
+    }
 …
                     'b' => 1,
                     'c' => 3,
+                ),
+                    'd' => '1',
+                ),
+                'b' => 1,
             ),
             rest_sanitize_value_from_schema(

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 42000 for trunk/tests/phpunit/tests/rest-api/rest-schema-sanitization.php

Legend:

trunk/tests/phpunit/tests/rest-api/rest-schema-sanitization.php

Download in other formats: