From 2a32f5ca13fd0b3938eb4191f76bed37a28bec5f Mon Sep 17 00:00:00 2001 From: Rachel Baker Date: Thu, 1 Dec 2016 02:18:41 +0000 Subject: [PATCH] REST API: Fix incorrect uses of `rest_sanitize_value_from_schema()`. In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function. Props jnylen0, joehoyle, rachelbaker, ocean90. Merges [39400] to the 4.7 branch. Fixes #38984 for 4.7. git-svn-id: https://develop.svn.wordpress.org/branches/4.7@39401 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/rest-api.php | 2 +- .../rest-api/endpoints/class-wp-rest-users-controller.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/wp-includes/rest-api.php b/src/wp-includes/rest-api.php index 3d0b7ee6d5..e5efb74fbe 100644 --- a/src/wp-includes/rest-api.php +++ b/src/wp-includes/rest-api.php @@ -840,7 +840,7 @@ function rest_sanitize_request_arg( $value, $request, $param ) { } $args = $attributes['args'][ $param ]; - return rest_sanitize_value_from_schema( $value, $args, $param ); + return rest_sanitize_value_from_schema( $value, $args ); } /** diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php index 7ede596c56..823e5d571e 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php @@ -1027,7 +1027,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller { * @return WP_Error|string The sanitized username, if valid, otherwise an error. */ public function check_username( $value, $request, $param ) { - $username = (string) rest_sanitize_value_from_schema( $value, $request, $param ); + $username = (string) $value; if ( ! validate_username( $username ) ) { return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) ); @@ -1056,7 +1056,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller { * @return WP_Error|string The sanitized password, if valid, otherwise an error. */ public function check_user_password( $value, $request, $param ) { - $password = (string) rest_sanitize_value_from_schema( $value, $request, $param ); + $password = (string) $value; if ( empty( $password ) ) { return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );