Make WordPress Core


Ignore:
Timestamp:
07/04/2020 07:51:10 PM (4 years ago)
Author:
TimothyBlynJacobs
Message:

REST API: Only validate the format keyword if the type is a string.

This allows for using multi-type support with a string that has a format. For backwards compatibility support, the format validation will still apply if the type is not specified, or it is invalid.

Two new doing it wrong notices are issued when omitting a type, or using an invalid type.

Props ryotsun.
Fixes #50189.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r48273 r48300  
    12821282 */
    12831283function rest_validate_value_from_schema( $value, $args, $param = '' ) {
     1284    $allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' );
     1285
     1286    if ( ! isset( $args['type'] ) ) {
     1287        _doing_it_wrong( __FUNCTION__, __( 'The "type" schema keyword is required.' ), '5.5.0' );
     1288    }
     1289
    12841290    if ( is_array( $args['type'] ) ) {
    12851291        foreach ( $args['type'] as $type ) {
     
    12941300        /* translators: 1: Parameter, 2: List of types. */
    12951301        return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, implode( ',', $args['type'] ) ) );
     1302    }
     1303
     1304    if ( ! in_array( $args['type'], $allowed_types, true ) ) {
     1305        _doing_it_wrong(
     1306            __FUNCTION__,
     1307            /* translators: 1. The list of allowed types. */
     1308            wp_sprintf( __( 'The "type" schema keyword can only be on of the built-in types: %l.' ), $allowed_types ),
     1309            '5.5.0'
     1310        );
    12961311    }
    12971312
     
    14501465    }
    14511466
    1452     if ( isset( $args['format'] ) ) {
     1467    // The "format" keyword should only be applied to strings. However, for backwards compatibility,
     1468    // we allow the "format" keyword if the type keyword was not specified, or was set to an invalid value.
     1469    if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) {
    14531470        switch ( $args['format'] ) {
    14541471            case 'hex-color':
     
    15391556 */
    15401557function rest_sanitize_value_from_schema( $value, $args ) {
     1558    $allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' );
     1559
     1560    if ( ! isset( $args['type'] ) ) {
     1561        _doing_it_wrong( __FUNCTION__, __( 'The "type" schema keyword is required.' ), '5.5.0' );
     1562    }
     1563
    15411564    if ( is_array( $args['type'] ) ) {
    15421565        // Determine which type the value was validated against,
     
    15591582
    15601583        $args['type'] = $validated_type;
     1584    }
     1585
     1586    if ( ! in_array( $args['type'], $allowed_types, true ) ) {
     1587        _doing_it_wrong(
     1588            __FUNCTION__,
     1589            /* translators: 1. The list of allowed types. */
     1590            wp_sprintf( __( 'The "type" schema keyword can only be on of the built-in types: %l.' ), $allowed_types ),
     1591            '5.5.0'
     1592        );
    15611593    }
    15621594
     
    16201652    }
    16211653
    1622     if ( isset( $args['format'] ) ) {
     1654    // This behavior matches rest_validate_value_from_schema().
     1655    if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) {
    16231656        switch ( $args['format'] ) {
    16241657            case 'hex-color':
Note: See TracChangeset for help on using the changeset viewer.