REST API: Fix incorrect uses of `rest_sanitize_value_from_schema()`.
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function. Props jnylen0, joehoyle, rachelbaker, ocean90. Fixes #38984. git-svn-id: https://develop.svn.wordpress.org/trunk@39400 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
d4d90b0425
commit
6ab5804df1
|
@ -840,7 +840,7 @@ function rest_sanitize_request_arg( $value, $request, $param ) {
|
||||||
}
|
}
|
||||||
$args = $attributes['args'][ $param ];
|
$args = $attributes['args'][ $param ];
|
||||||
|
|
||||||
return rest_sanitize_value_from_schema( $value, $args, $param );
|
return rest_sanitize_value_from_schema( $value, $args );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1027,7 +1027,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|string The sanitized username, if valid, otherwise an error.
|
* @return WP_Error|string The sanitized username, if valid, otherwise an error.
|
||||||
*/
|
*/
|
||||||
public function check_username( $value, $request, $param ) {
|
public function check_username( $value, $request, $param ) {
|
||||||
$username = (string) rest_sanitize_value_from_schema( $value, $request, $param );
|
$username = (string) $value;
|
||||||
|
|
||||||
if ( ! validate_username( $username ) ) {
|
if ( ! validate_username( $username ) ) {
|
||||||
return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) );
|
return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) );
|
||||||
|
@ -1056,7 +1056,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|string The sanitized password, if valid, otherwise an error.
|
* @return WP_Error|string The sanitized password, if valid, otherwise an error.
|
||||||
*/
|
*/
|
||||||
public function check_user_password( $value, $request, $param ) {
|
public function check_user_password( $value, $request, $param ) {
|
||||||
$password = (string) rest_sanitize_value_from_schema( $value, $request, $param );
|
$password = (string) $value;
|
||||||
|
|
||||||
if ( empty( $password ) ) {
|
if ( empty( $password ) ) {
|
||||||
return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
|
return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
|
||||||
|
|
Loading…
Reference in New Issue