#64291 closed defect (bug) (maybelater)
REST API: null is accepted for every type
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 6.9 |
| Component: | REST API | Keywords: | |
| Focuses: | Cc: |
Description
Because of line 928 of class-wp-rest-request.php, parameters with the value null are never validated, so they are accepted regardless of the schema type. However, they are still sanitized, so they are converted to the correct type via the sanitization functions. Since these parameters completely bypass the validate_callback, and since it's not documented anywhere, this behaviour seems unintentional.
As this behaviour does not conform to the JSON Schema, it should be corrected by calling validate_callback for parameters with a value of null that are present in the request. If keeping this behaviour by default is desired for backwards compatibility, an opt-out flag should be added to the WordPress schema definition to determine if rest_validate_value_from_schema should ignore parameters with a value of null.
At the very least, the documentation at https://developer.wordpress.org/rest-api/extending-the-rest-api/adding-custom-endpoints/#arguments needs to be updated to reflect that validate_callback is never called for parameters with a null value, and https://developer.wordpress.org/rest-api/extending-the-rest-api/schema/#type-juggling should be updated to mention this behaviour.
After some further searching, this test documents using
nullas a way to reset a value. It seems reasonable to just update the documentation for now.