id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 56587 REST API sanitize and validate order / priority pentatonicfunk "wp-rest-server has this snippet {{{#!php has_valid_params(); if ( is_wp_error( $check_required ) ) { $error = $check_required; } else { $check_sanitized = $request->sanitize_params(); if ( is_wp_error( $check_sanitized ) ) { $error = $check_sanitized; } } }}} questions / need clarifications : 1. `validate` and `sanitize` here stands on its own, other than integrated. Which in result causing `rest_sanitize_value_from_schema` called twice. Example in array `enum` - `has_valid_params` calls - `rest_validate_request_arg` calls - `rest_validate_enum` calls - `rest_sanitize_value_from_schema` ( first call ) - `sanitize_params` calls - `rest_sanitize_value_from_schema` ( second call ) When sanitize required DB, e.g. enum values are from table, calling it twice would be inefficient, so developers would need to come out with solution to memoize things around sanitize routine. 2. Shouldn't we prioritize `sanitize`, so when `validate` called, it can safely assume data are sanitized already ? otherwise if custom `validate_callback` function is not calling sanitize explicitly it would end up validate function processing a string `a,b,c` when its expected an array `[a,b,c]`, but by doing this, it would resulting #1 inefficiency." enhancement new normal Awaiting Review REST API 6.0.1 normal