WordPress.org

Make WordPress Core

Opened 4 months ago

Last modified 5 weeks ago

#48819 assigned defect (bug)

Filter response by context misses certain schemas

Reported by: TimothyBlynJacobs Owned by: TimothyBlynJacobs
Milestone: 5.5 Priority: normal
Severity: normal Version: 4.7
Component: REST API Keywords: has-patch has-unit-tests early
Focuses: Cc:

Description

WP_REST_Controller:filter_response_by_context is used to remove properties from a response that require a different context than requested. ie it removes edit properties if the request doesn't have an edit context. However it misses a few cases.

  • Does not check array items.
  • Does not checked multi nested properties. It only checks the first child property level.
  • Does not handle additionalProperties.
  • Does not handle type being an array of types.

Attachments (2)

48819.diff (11.8 KB) - added by TimothyBlynJacobs 4 months ago.
48819.2.diff (12.3 KB) - added by TimothyBlynJacobs 6 weeks ago.

Download all attachments as: .zip

Change History (6)

#1 @TimothyBlynJacobs
4 months ago

  • Keywords has-patch has-unit-tests added

I did a first pass patch implementing the changes described above. I ended up extracting it to a standalone function. I think it is still helpful when not subclassing WP_REST_Controller. It also made it a bit easier to test.

This new function also uses recursion to ensure we traverse the whole schema. It seemed like it might be unsafe BC wise to implement recursion with the original method if any controllers are overwriting that method and calling the parent.

This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.


2 months ago

#3 @TimothyBlynJacobs
6 weeks ago

I've uploaded a revised version of the patch that does not traverse child schemas unless a context is set at every level. This means the performance impact of traversing the entire object will only occur if the author is utilizing that functionality.

That is, for the following schema.

<?php
array(
        '$schema'    => 'http://json-schema.org/draft-04/schema#',
        'type'       => 'object',
        'properties' => array(
                'parent' => array(
                        'type'       => 'object',
                        'context'    => array( 'view', 'edit' ),
                        'properties' => array(
                                'child' => array(
                                        'type'       => 'object',
                                        'properties' => array(
                                                'grand'  => array(
                                                        'type'    => 'string',
                                                        'context' => array( 'view', 'edit' ),
                                                ),
                                                'hidden' => array(
                                                        'type'    => 'string',
                                                        'context' => array( 'edit' ),
                                                ),
                                        ),
                                ),
                        ),
                ),
        ),
)

and the following data

<?php
array(
        'parent' => array(
                'child' => array(
                        'grand'  => 'hi',
                        'hidden' => 'there',
                ),
        ),
)

In the first patch, the hidden field would be excluded, now it isn't. Notice that no context is specified for the child schema.

#4 @TimothyBlynJacobs
5 weeks ago

  • Keywords early added
  • Milestone changed from 5.4 to 5.5

Punting to 5.5. I think this is too large a change to land at this point in the cycle.

Note: See TracTickets for help on using tickets.