#39042 closed defect (bug) (fixed)
REST API: Allow sanitization_callback to be set to null to bypass `rest_parse_request_arg()`
Reported by: | rachelbaker | Owned by: | kkoppenhaver |
---|---|---|---|
Milestone: | 4.7.1 | Priority: | normal |
Severity: | normal | Version: | 4.7 |
Component: | REST API | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description
In #38593 we use the default callback for a property type if it is set, but you cannot override this behavior.
As an example, if you have a property schema like:
'some_email' => array(
'description' => __( 'Email address for ...' ),
'type' => 'string',
'format' => 'email',
'arg_options' => array(
'sanitize_callback' => null, // SHOULD skip built-in saniziation of 'email' type.
'validate_callback' => 'custom_callback',
),
),
The logic in WP_REST_Request->sanitize_params()
that was added in [39091] does not account for null
being the sanitization_callback
which then results in rest_parse_request_arg()
being set to the callback, which runs both default sanitization and validation functions.
Attachments (3)
Change History (16)
#5
@
8 years ago
Thanks for the patch @kkoppenhaver.
I wish there was a better way to structure this logic, so we didn't need to nest the ! array_key_exists()
conditional, but I didn't see an obvious way around it.
#7
@
8 years ago
- Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
39042.2.diff adds unit tests for null
and false
sanitization_callback values.
#8
@
8 years ago
@joehoyle would like your eyes on 39042.2.diff, would love a better approach than the nested conditional.
#9
@
8 years ago
This looks good to me, I had incorrectly assumed isset
was going to fail on null
, but I guess that's not the case.
#10
@
8 years ago
In 39042.3.diff:
- Restructure this code block a bit more to get rid of the nested conditional and shorten up some long lines
- One assertion per test (separate tests for
null
andfalse
)
I also removed the @ticket
annotation from the tests as I don't think it adds much value: I'm not sure why you'd need this information, but if you do, you can find it via blame.
One way we can check if
sanitization_callback
isnull
would be to add a check forarray_key_exists( 'sanitize_callback', $attributes['args'][ $key ] )
.We should also add a unit test as @jnylen0 suggested in the original ticket: https://core.trac.wordpress.org/ticket/38593#comment:4