WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 5 months ago

Last modified 5 months ago

#50189 closed defect (bug) (fixed)

Only validate format if type is string

Reported by: TimothyBlynJacobs Owned by: TimothyBlynJacobs
Milestone: 5.5 Priority: normal
Severity: normal Version: 5.3
Component: REST API Keywords: needs-patch needs-unit-tests good-first-bug json-schema
Focuses: rest-api Cc:

Description

In #44975 we added support for a schema to specify multiple types. The way this works is we iterate over each possible type and try to find a successful validation. This poses an issue if you are trying to use a schema with a string type and the format keyword. This is because the schema will try and apply the format validation even if it isn't checking against the string type.

From the JSON Schema spec:

A format attribute can generally only validate a given set of instance types. If the type of the instance to validate is not in this set, validation for this format attribute and instance SHOULD succeed.

We should update rest_validate_value_from_schema() and rest_sanitize_value_from_schema() to only check against the format keyword if we are validating a string.

This could be a BC break if a developer had omitted a type definition or misspelled it ( strin instead of string ). We could potentially account for this by also applying the check if there was no type set or it was invalid.

Change History (3)

This ticket was mentioned in PR #289 on WordPress/wordpress-develop by ryotsun.


6 months ago

Only validate format if type is string.
Trac ticket: https://core.trac.wordpress.org/ticket/50189

#2 @TimothyBlynJacobs
5 months ago

  • Owner set to TimothyBlynJacobs
  • Resolution set to fixed
  • Status changed from new to closed

In 48300:

REST API: Only validate the format keyword if the type is a string.

This allows for using multi-type support with a string that has a format. For backwards compatibility support, the format validation will still apply if the type is not specified, or it is invalid.

Two new doing it wrong notices are issued when omitting a type, or using an invalid type.

Props ryotsun.
Fixes #50189.

#3 @prbot
5 months ago

TimothyBJacobs commented on PR #289:

Thanks for the patch @ryotsun! Implemented in https://core.trac.wordpress.org/changeset/48300.

Note: See TracTickets for help on using tickets.