WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/16/2020 06:41:41 PM (16 months ago)
Author:
TimothyBlynJacobs
Message:

REST API: Check required properties are provided when validating an object.

Previously, the WP_REST_Request object validated that top-level properties were defined, but this did not extend to those object's required properties. This adds validation to rest_validate_value_from_schema() directly.

Both the v3 and v4 JSON Schema syntax for required properties is supported.

Props sorenbronsted.
Fixes #48818.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r47758 r47809  
    12831283            /* translators: 1: Parameter, 2: Type name. */
    12841284            return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'object' ) );
     1285        }
     1286
     1287        if ( isset( $args['required'] ) && is_array( $args['required'] ) ) { // schema version 4
     1288            foreach ( $args['required'] as $name ) {
     1289                if ( ! array_key_exists( $name, $value ) ) {
     1290                    /* translators: 1: Property of an object, 2: Parameter. */
     1291                    return new WP_Error( 'rest_property_required', sprintf( __( '%1$s is a required property of %2$s.' ), $name, $param ) );
     1292                }
     1293            }
     1294        } elseif ( isset( $args['properties'] ) ) { // schema version 3
     1295            foreach ( $args['properties'] as $name => $property ) {
     1296                if ( isset( $property['required'] ) && true === $property['required'] && ! array_key_exists( $name, $value ) ) {
     1297                    /* translators: 1: Property of an object, 2: Parameter. */
     1298                    return new WP_Error( 'rest_property_required', sprintf( __( '%1$s is a required property of %2$s.' ), $name, $param ) );
     1299                }
     1300            }
    12851301        }
    12861302
Note: See TracChangeset for help on using the changeset viewer.