Make WordPress Core


Ignore:
Timestamp:
09/05/2020 06:07:46 PM (4 years ago)
Author:
TimothyBlynJacobs
Message:

REST API: Support a route-level validation callback.

Most request data is validated on a per-parameter basis. Often, however, additional validation is needed that operates on the entire request object. Currently, this is done in the route callback and often in the prepare_item_for_database method specifically.

#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.

This patch introduces support for calling a validate_callback after all parameter validation has succeeded. That allows moving more validation outside of the route callback and into WP_REST_Request which will improve "pre-validate" support.

Props TimothyBlynJacobs, zieladam.
Fixes #51255.
See #50244.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-request.php

    r48642 r48945  
    859859        $required   = array();
    860860
    861         // No arguments set, skip validation.
    862         if ( empty( $attributes['args'] ) ) {
    863             return true;
    864         }
    865 
    866         foreach ( $attributes['args'] as $key => $arg ) {
    867 
     861        $args = empty( $attributes['args'] ) ? array() : $attributes['args'];
     862
     863        foreach ( $args as $key => $arg ) {
    868864            $param = $this->get_param( $key );
    869865            if ( isset( $arg['required'] ) && true === $arg['required'] && null === $param ) {
     
    891887        $invalid_params = array();
    892888
    893         foreach ( $attributes['args'] as $key => $arg ) {
     889        foreach ( $args as $key => $arg ) {
    894890
    895891            $param = $this->get_param( $key );
     
    920916        }
    921917
     918        if ( isset( $attributes['validate_callback'] ) ) {
     919            $valid_check = call_user_func( $attributes['validate_callback'], $this );
     920
     921            if ( is_wp_error( $valid_check ) ) {
     922                return $valid_check;
     923            }
     924
     925            if ( false === $valid_check ) {
     926                // A WP_Error instance is preferred, but false is supported for parity with the per-arg validate_callback.
     927                return new WP_Error( 'rest_invalid_params', __( 'Invalid parameters.' ), array( 'status' => 400 ) );
     928            }
     929        }
     930
    922931        return true;
    923 
    924932    }
    925933
Note: See TracChangeset for help on using the changeset viewer.