Changeset 48300 for trunk/src/wp-includes/rest-api.php

Timestamp:

07/04/2020 07:51:10 PM (5 years ago)

Author:

TimothyBlynJacobs

Message:

REST API: Only validate the format keyword if the type is a string.

This allows for using multi-type support with a string that has a format. For backwards compatibility support, the format validation will still apply if the type is not specified, or it is invalid.

Two new doing it wrong notices are issued when omitting a type, or using an invalid type.

Props ryotsun.
Fixes #50189.

File:

• trunk/src/wp-includes/rest-api.php (modified) (6 diffs)

trunk/src/wp-includes/rest-api.php

@@ -1282 +1282 @@
  */
 function rest_validate_value_from_schema( $value, $args, $param = '' ) {
+    $allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' );
+
+    if ( ! isset( $args['type'] ) ) {
+        _doing_it_wrong( __FUNCTION__, __( 'The "type" schema keyword is required.' ), '5.5.0' );
+    }
+
     if ( is_array( $args['type'] ) ) {
         foreach ( $args['type'] as $type ) {
@@ -1294 +1300 @@
         /* translators: 1: Parameter, 2: List of types. */
         return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, implode( ',', $args['type'] ) ) );
+    }
+
+    if ( ! in_array( $args['type'], $allowed_types, true ) ) {
+        _doing_it_wrong(
+            __FUNCTION__,
+            /* translators: 1. The list of allowed types. */
+            wp_sprintf( __( 'The "type" schema keyword can only be on of the built-in types: %l.' ), $allowed_types ),
+            '5.5.0'
+        );
     }
 
@@ -1450 +1465 @@
     }
 
-    if ( isset( $args['format'] ) ) {
+    // The "format" keyword should only be applied to strings. However, for backwards compatibility,
+    // we allow the "format" keyword if the type keyword was not specified, or was set to an invalid value.
+    if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) {
         switch ( $args['format'] ) {
             case 'hex-color':
@@ -1539 +1556 @@
  */
 function rest_sanitize_value_from_schema( $value, $args ) {
+    $allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' );
+
+    if ( ! isset( $args['type'] ) ) {
+        _doing_it_wrong( __FUNCTION__, __( 'The "type" schema keyword is required.' ), '5.5.0' );
+    }
+
     if ( is_array( $args['type'] ) ) {
         // Determine which type the value was validated against,
@@ -1559 +1582 @@
 
         $args['type'] = $validated_type;
+    }
+
+    if ( ! in_array( $args['type'], $allowed_types, true ) ) {
+        _doing_it_wrong(
+            __FUNCTION__,
+            /* translators: 1. The list of allowed types. */
+            wp_sprintf( __( 'The "type" schema keyword can only be on of the built-in types: %l.' ), $allowed_types ),
+            '5.5.0'
+        );
     }
 
@@ -1620 +1652 @@
     }
 
-    if ( isset( $args['format'] ) ) {
+    // This behavior matches rest_validate_value_from_schema().
+    if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) {
         switch ( $args['format'] ) {
             case 'hex-color':