REST API: Allow sanitization_callback to be set to null to bypass `rest_parse_request_arg()`
|Reported by:||rachelbaker||Owned by:||kkoppenhaver|
|Component:||REST API||Keywords:||has-patch has-unit-tests|
In #38593 we use the default callback for a property type if it is set, but you cannot override this behavior.
As an example, if you have a property schema like:
'some_email' => array( 'description' => __( 'Email address for ...' ), 'type' => 'string', 'format' => 'email', 'arg_options' => array( 'sanitize_callback' => null, // SHOULD skip built-in saniziation of 'email' type. 'validate_callback' => 'custom_callback', ), ),
The logic in WP_REST_Request->sanitize_params() that was added in  does not account for null being the sanitization_callback which then results in rest_parse_request_arg() being set to the callback, which runs both default sanitization and validation functions.
Change History (16)
4 months ago
- Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed