Opened 2 years ago
#56587 new enhancement
REST API sanitize and validate order / priority
Reported by: | pentatonicfunk | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.0.1 |
Component: | REST API | Keywords: | |
Focuses: | Cc: |
Description
wp-rest-server has this snippet
<?php $check_required = $request->has_valid_params(); if ( is_wp_error( $check_required ) ) { $error = $check_required; } else { $check_sanitized = $request->sanitize_params(); if ( is_wp_error( $check_sanitized ) ) { $error = $check_sanitized; } }
questions / need clarifications :
validate
andsanitize
here stands on its own, other than integrated. Which in result causingrest_sanitize_value_from_schema
called twice. Example in arrayenum
has_valid_params
callsrest_validate_request_arg
callsrest_validate_enum
callsrest_sanitize_value_from_schema
( first call )
sanitize_params
callsrest_sanitize_value_from_schema
( second call )
When sanitize required DB, e.g. enum values are from table, calling it twice would be inefficient, so developers would need to come out with solution to memoize things around sanitize routine.
- Shouldn't we prioritize
sanitize
, so whenvalidate
called, it can safely assume data are sanitized already ? otherwise if customvalidate_callback
function is not calling sanitize explicitly it would end up validate function processing a stringa,b,c
when its expected an array[a,b,c]
, but by doing this, it would resulting #1 inefficiency.
Note: See
TracTickets for help on using
tickets.