Opened 9 years ago
Closed 9 years ago
#39779 closed enhancement (invalid)
rest_parse_request_arg
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.7.2 |
| Component: | REST API | Keywords: | |
| Focuses: | Cc: |
Description
rest_parse_request_arg( $value, $request, $param )
function performs twice rest_validate_request_arg.
Both times returns the returned value, whether it is an error or valid value.
Why not simply return rest_sanitize_request_arg value the first time?
Change History (2)
#2
@
9 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Hi @pissio, welcome to WordPress Core Trac!
As noted above, rest_validate_request_arg() is not the same as rest_sanitize_request_arg(). The former checks if the argument matches the requirements, the latter cleans it to remove potential malicious data.
This Codex article might be helpful to better understand the difference between validation and sanitization:
https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
Note: See
TracTickets for help on using
tickets.
Hey there
The first function being called is rest_validate_request_arg(), the second rest_sanitize_request_arg(). Both do different things.