WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#40473 closed enhancement (wontfix)

Allow array of sanitize_callback parameters in register_rest_route()

Reported by: GunGeekATX Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.4
Component: REST API Keywords:
Focuses: Cc:

Description

By allowing an array of sanitize callbacks when registering a route, we can easily add support for multiple sanitize functions. For example, registering with the following callbacks would allow a color to be trimmed and then sanitized.

'sanitize_callback' => array(
	'normalize_whitespace',
	'sanitize_hex_color_no_hash',
	),

Example: http://src.wordpress-develop.dev/wp-json/test/multisanitize?color=%20ff0000

Another example may be someone parsing post IDs from a list, then sanitizing it down to valid post IDs with a custom function.

'sanitize_callback' => array(
	'wp_parse_id_list',
	'sanitize_post_ids',
	),

The attached patch adds support for multiple sanitize_callback handlers. The same logic could be applied to validate_callback handlers.

Attachments (1)

40473.diff (769 bytes) - added by GunGeekATX 2 years ago.

Download all attachments as: .zip

Change History (4)

@GunGeekATX
2 years ago

#1 @swissspidy
2 years ago

  • Version changed from trunk to 4.4

An array of callbacks executed in a specific order… sounds like we could use filters here.

#2 @rmccue
2 years ago

  • Keywords close added

Strong -1 on this. If you want to call multiple sanitising functions, make a function that calls them yourself. I don't see a need for this to be included in the general REST API infrastructure.

#3 @jnylen0
2 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I agree with Ryan here; I think this is uncommon enough that you should just write the function yourself. Then, if certain cases end up being common, they should have their own functions to handle them, and these functions should be documented and tested. After that, we are back to a single sanitize_callback.

Our sanitize and validate infrastructure is already pretty magical and complicated, let's not make it more so.

Note: See TracTickets for help on using tickets.