#42810 closed defect (bug) (duplicate)
Updating metadata via the REST API fails when sanitized values match existing values
Reported by: | bradyvercher | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7 |
Component: | REST API | Keywords: | has-patch has-unit-tests |
Focuses: | rest-api | Cc: |
Description
WP_REST_Meta_Fields::update_meta_value()
checks incoming values to make sure they don't match the existing value, otherwise update_metadata()
will return false
to prevent extra SQL queries.
However, the check in update_metadata()
sanitizes values before doing the comparison, while the method in the REST controller does not, which causes the API request to fail when a meta sanitization callback alters the incoming value and causes it to match the existing value.
Attachments (1)
Change History (15)
This ticket was mentioned in Slack in #core-editor by bradyvercher. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-editor by jaswrks. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-restapi by mfolkeseth. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-js by adamsilverstein. View the logs.
7 years ago
This ticket was mentioned in Slack in #core by mfolkeseth. View the logs.
7 years ago
#9
@
7 years ago
Ticket #42069 solves the additional use-case reported by @mfolkeseth. I'd suggest that becomes the ticket to get merged.
#10
follow-up:
↓ 12
@
6 years ago
- Focuses rest-api added
- Milestone changed from Awaiting Review to 5.0
I'd like to flag this as a Gutenberg blocker, because of the following situation:
- You have a post with more than one block that uses post meta attributes
- One or more of those blocks save their data as a JSON-encoded string, as recommended in the documentation https://wordpress.org/gutenberg/handbook/block-api/attributes/#considerations
- You save the post without modifying the data in one or more of the blocks
Because the REST API uses *slashed* data to compare with the existing values, but get_metadata()
returns *unslashed* data, most JSON-encoded strings will look "new" to the REST API https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php?marks=299,301#L287 But update_metadata()
correctly compares unslashed-to-unslashed values, so returns false
. Not only does this cause an "Updating failed" notice in Gutenberg, but because of the way that the update_value()
method returns early out of the foreach()
loop, blocks further down the page are not processed. https://core.trac.wordpress.org/browser/tags/4.9.8/src/wp-includes/rest-api/fields/class-wp-rest-meta-fields.php?marks=131,163-165#L129
This ticket was mentioned in Slack in #core-editor by boone. View the logs.
6 years ago
#12
in reply to:
↑ 10
@
6 years ago
Replying to boonebgorges:
Boone, I'd like to add a test case to the tests in #42069 to cover this case. I added a case using the value
json_encode ( array( "one" => "Someone's Text/Value", "two" => 2, "three" => array( 1, 1, 2, 3, 5 ), ) );
but it appears to pass without the suggested fix. Can you suggest a string or encoded item that currently fails to update via the REST API that I can add to the test cases?
Thanks!
I have a use case which I would like to add to this ticket. If the incoming meta value is a stringified javascript object (JSON), this if check will fail because the incoming meta value is
wp_slash
-ed and old value is not