Rest Api enum validation does not work correctly WordPress 5.7

[stefanjoebstl]

The following code produces an error when sending a json request with 1, 2 or 3. If I don't use the enum validation it works fine...

<?php
  register_rest_route($this->namespace, '/someendpoint', array(
    array(
      'methods' => WP_REST_Server::CREATABLE,
      'callback' => array($this, 'createEndpoint'),
      'args' => array(
        'gender' => array(
          'type' => 'number',
          'enum' => array(
            1,
            2,
            3,
          ), 
        ),
      ),
    ),
));

The error says: gender isn't one of 1, 2 or 3.

Kind regards
Stefan

[SergeyBiryukov]

Hi there, welcome to WordPress Trac! Thanks for the report.

Moving to 5.7.1 for investigation.

[TimothyBlynJacobs]

Thanks for the report @stefanjoebstl.

The issue here is that you are using a number type with integer values for the enum cases. This causes the incoming value to be sanitized to 1.0. The results are then compared strictly and 1.0 === 1 will fail in PHP.

You can fix this by specifying your type as an integer.

I think, though, we should allow a number with a zero fractional part to be equivalent to an integer of the same value. @yakimun do you have any thoughts on this?

See #51911.

[stefanjoebstl]

Thanks for the really fast answer @TimothyBlynJacobs ,

with integer it works as expected. But maybe you should consider the number with zero fractional part to work again, because in earlier versions it also worked if I used the number with the integer enum.

[TimothyBlynJacobs]

Yep, definitely. To clarify what changed, previously a strict comparison was also used, but the incoming value wasn't sanitized before checking that the enum value matched.

[yakimun]

@TimothyBlynJacobs Hi!

I think that it would be correct to consider such values equal.

Some test cases from the official "JSON Schema Test Suite" confirm this.
Example: ​https://github.com/json-schema-org/JSON-Schema-Test-Suite/blob/master/tests/draft2020-12/enum.json#L215

I can fix it if you don't mind.

[TimothyBlynJacobs]

That'd be great, thanks @yakimun!

With this fix, if rest_are_values_equal compares two values of type int or float (in any combination), we first cast both of them to float and then compare.

Trac ticket: https://core.trac.wordpress.org/ticket/52932

[rachelbaker]

The patch provided looks solid to me. Marking it for commit for 5.7.1.

[SergeyBiryukov]

In 50653:

REST API: Correct enum validation for numeric values.

When validating enum values as integer or number, consider a number with a zero fractional part to be equivalent to an integer of the same value.

In rest_are_values_equal(), when comparing two values of type int or float (in any combination), first cast both of them to float and then compare.

This matches some test cases from the official JSON Schema test suite.

Follow-up to [50010].

Props yakimun, stefanjoebstl, TimothyBlynJacobs, rachelbaker.
Fixes #52932.

[SergeyBiryukov]

Reopening for backporting to the 5.7 branch.

[SergeyBiryukov]

In 50656:

REST API: Correct enum validation for numeric values.

When validating enum values as integer or number, consider a number with a zero fractional part to be equivalent to an integer of the same value.

In rest_are_values_equal(), when comparing two values of type int or float (in any combination), first cast both of them to float and then compare.

This matches some test cases from the official JSON Schema test suite.

Follow-up to [50010].

Props yakimun, stefanjoebstl, TimothyBlynJacobs, rachelbaker.
Merges [50653] to the 5.7 branch.
Fixes #52932.