Make WordPress Core

Opened 21 months ago

#56587 new enhancement

REST API sanitize and validate order / priority

Reported by: pentatonicfunk's profile pentatonicfunk Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.0.1
Component: REST API Keywords:
Focuses: Cc:


wp-rest-server has this snippet

$check_required = $request->has_valid_params();
if ( is_wp_error( $check_required ) ) {
        $error = $check_required;
} else {
        $check_sanitized = $request->sanitize_params();
        if ( is_wp_error( $check_sanitized ) ) {
                $error = $check_sanitized;

questions / need clarifications :

  1. validate and sanitize here stands on its own, other than integrated. Which in result causing rest_sanitize_value_from_schema called twice. Example in array enum
    • has_valid_params calls
      • rest_validate_request_arg calls
      • rest_validate_enum calls
      • rest_sanitize_value_from_schema ( first call )
    • sanitize_params calls
      • rest_sanitize_value_from_schema ( second call )

When sanitize required DB, e.g. enum values are from table, calling it twice would be inefficient, so developers would need to come out with solution to memoize things around sanitize routine.

  1. Shouldn't we prioritize sanitize, so when validate called, it can safely assume data are sanitized already ? otherwise if custom validate_callback function is not calling sanitize explicitly it would end up validate function processing a string a,b,c when its expected an array [a,b,c], but by doing this, it would resulting #1 inefficiency.

Change History (0)

Note: See TracTickets for help on using tickets.