REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.

Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization. Props schlessera, rachelbaker. See #37247. Fixes #37192. git-svn-id: https://develop.svn.wordpress.org/trunk@37943 602fd350-edb4-49c9-b593-d223f7449a82
2016-07-02 23:02:45 +00:00 · 2016-07-02 23:02:45 +00:00 · 855c081931
commit 855c081931
parent c8ebbb3e0d
2 changed files with 47 additions and 2 deletions
--- a/src/wp-includes/rest-api/class-wp-rest-server.php
+++ b/src/wp-includes/rest-api/class-wp-rest-server.php
@ -853,8 +853,6 @@ class WP_REST_Server {
 					$request->set_url_params( $args );
 					$request->set_attributes( $handler );

-					$request->sanitize_params();
-
 					$defaults = array();

 					foreach ( $handler['args'] as $arg => $options ) {
@ -869,6 +867,8 @@ class WP_REST_Server {
 					if ( is_wp_error( $check_required ) ) {
 						$response = $check_required;
 					}
+
+					$request->sanitize_params();
 				}

 				if ( ! is_wp_error( $response ) ) {
--- a/tests/phpunit/tests/rest-api/rest-server.php
+++ b/tests/phpunit/tests/rest-api/rest-server.php
@ -940,6 +940,51 @@ class Tests_REST_Server extends WP_Test_REST_TestCase {
 		}
 	}

+	/**
+	 * Make sure that a sanitization that transforms the argument type will not
+	 * cause the validation to fail.
+	 *
+	 * @ticket 37192
+	 */
+	public function test_rest_validate_before_sanitization() {
+		register_rest_route( 'test-ns', '/test', array(
+			'methods'  => array( 'GET' ),
+			'callback' => '__return_null',
+			'args' => array(
+				'someinteger' => array(
+					'validate_callback' => array( $this, '_validate_as_integer_123' ),
+					'sanitize_callback' => 'absint',
+				),
+				'somestring'  => array(
+					'validate_callback' => array( $this, '_validate_as_string_foo' ),
+					'sanitize_callback' => 'absint',
+				),
+			),
+		) );
+
+		$request = new WP_REST_Request( 'GET', '/test-ns/test' );
+		$request->set_query_params( array( 'someinteger' => 123, 'somestring' => 'foo' ) );
+		$response = $this->server->dispatch( $request );
+
+		$this->assertEquals( 200, $response->get_status() );
+	}
+
+	public function _validate_as_integer_123( $value, $request, $key ) {
+		if ( ! is_int( $value ) ) {
+			return new WP_Error( 'some-error', 'This is not valid!' );
+		}
+
+		return true;
+	}
+
+	public function _validate_as_string_foo( $value, $request, $key ) {
+		if ( ! is_string( $value ) ) {
+			return new WP_Error( 'some-error', 'This is not valid!' );
+		}
+
+		return true;
+	}
+
 	/**
 	 * @return array {
 	 *     @type array {