WordPress.org
Get WordPress

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#35000 closed enhancement (maybelater)

Strict mode for REST API endpoints

Reported by: danielbachhuber's profile danielbachhuber Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: REST API Keywords:
Focuses: Cc:

Description

Although register_rest_route() supports registering arguments, and validation / sanitization callbacks for those arguments, a WP_REST_Request object ends up with all request data, not limited to registered arguments appropriately validated and sanitized.

For endpoint developers concerned with invalid or unsanitized data leaking through, we should offer a REST API strict mode. If a route is registered with strict mode, arguments would be required to have a validation or sanitization callback, and only registered, validated, and sanitized arguments would be present on the WP_REST_Request object.

Originally https://github.com/WP-API/WP-API/issues/1223

Change History (4)

#1 @rmccue
10 years ago

IMO, we might want to keep this in plugin territory to avoid complicating the core infrastructure further. I think it's mainly useful as a development tool.

This ticket was mentioned in Slack in #core-restapi by danielbachhuber. View the logs.
10 years ago

#3 @danielbachhuber
10 years ago

  • Keywords needs-patch removed
  • Milestone 4.5 deleted
  • Resolution set to maybelater
  • Status changed from new to closed

Feature plugin works for me.

#4 @rmccue
10 years ago

#34725 was marked as a duplicate.

Note: See TracTickets for help on using tickets.