Changeset 42000 for trunk/tests/phpunit/tests/rest-api/rest-schema-validation.php

Timestamp:

10/24/2017 09:04:50 PM (6 years ago)

Author:

joehoyle

Message:

REST API: Don’t remove unregistered properties from objects in schema.

In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.

See #38583.

File:

• trunk/tests/phpunit/tests/rest-api/rest-schema-validation.php (modified) (1 diff)

trunk/tests/phpunit/tests/rest-api/rest-schema-validation.php

@@ -187 +187 @@
             'properties' => array(
                 'a' => array(
-                    'type' => 'number'
+                    'type' => 'number',
                 ),
             ),
         );
         $this->assertTrue( rest_validate_value_from_schema( array( 'a' => 1 ), $schema ) );
+        $this->assertTrue( rest_validate_value_from_schema( array( 'a' => 1, 'b' => 2 ), $schema ) );
         $this->assertWPError( rest_validate_value_from_schema( array( 'a' => 'invalid' ), $schema ) );
+    }
+
+    public function test_type_object_additional_properties_false() {
+        $schema = array(
+            'type'       => 'object',
+            'properties' => array(
+                'a' => array(
+                    'type' => 'number',
+                ),
+            ),
+            'additionalProperties' => false,
+        );
+        $this->assertTrue( rest_validate_value_from_schema( array( 'a' => 1 ), $schema ) );
+        $this->assertWPError( rest_validate_value_from_schema( array( 'a' => 1, 'b' => 2 ), $schema ) );
     }