REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing.
Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization. Props schlessera, rachelbaker. See #37247. Fixes #37192. git-svn-id: https://develop.svn.wordpress.org/trunk@37943 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
c8ebbb3e0d
commit
855c081931
@ -853,8 +853,6 @@ class WP_REST_Server {
|
|||||||
$request->set_url_params( $args );
|
$request->set_url_params( $args );
|
||||||
$request->set_attributes( $handler );
|
$request->set_attributes( $handler );
|
||||||
|
|
||||||
$request->sanitize_params();
|
|
||||||
|
|
||||||
$defaults = array();
|
$defaults = array();
|
||||||
|
|
||||||
foreach ( $handler['args'] as $arg => $options ) {
|
foreach ( $handler['args'] as $arg => $options ) {
|
||||||
@ -869,6 +867,8 @@ class WP_REST_Server {
|
|||||||
if ( is_wp_error( $check_required ) ) {
|
if ( is_wp_error( $check_required ) ) {
|
||||||
$response = $check_required;
|
$response = $check_required;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$request->sanitize_params();
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! is_wp_error( $response ) ) {
|
if ( ! is_wp_error( $response ) ) {
|
||||||
|
@ -940,6 +940,51 @@ class Tests_REST_Server extends WP_Test_REST_TestCase {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make sure that a sanitization that transforms the argument type will not
|
||||||
|
* cause the validation to fail.
|
||||||
|
*
|
||||||
|
* @ticket 37192
|
||||||
|
*/
|
||||||
|
public function test_rest_validate_before_sanitization() {
|
||||||
|
register_rest_route( 'test-ns', '/test', array(
|
||||||
|
'methods' => array( 'GET' ),
|
||||||
|
'callback' => '__return_null',
|
||||||
|
'args' => array(
|
||||||
|
'someinteger' => array(
|
||||||
|
'validate_callback' => array( $this, '_validate_as_integer_123' ),
|
||||||
|
'sanitize_callback' => 'absint',
|
||||||
|
),
|
||||||
|
'somestring' => array(
|
||||||
|
'validate_callback' => array( $this, '_validate_as_string_foo' ),
|
||||||
|
'sanitize_callback' => 'absint',
|
||||||
|
),
|
||||||
|
),
|
||||||
|
) );
|
||||||
|
|
||||||
|
$request = new WP_REST_Request( 'GET', '/test-ns/test' );
|
||||||
|
$request->set_query_params( array( 'someinteger' => 123, 'somestring' => 'foo' ) );
|
||||||
|
$response = $this->server->dispatch( $request );
|
||||||
|
|
||||||
|
$this->assertEquals( 200, $response->get_status() );
|
||||||
|
}
|
||||||
|
|
||||||
|
public function _validate_as_integer_123( $value, $request, $key ) {
|
||||||
|
if ( ! is_int( $value ) ) {
|
||||||
|
return new WP_Error( 'some-error', 'This is not valid!' );
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function _validate_as_string_foo( $value, $request, $key ) {
|
||||||
|
if ( ! is_string( $value ) ) {
|
||||||
|
return new WP_Error( 'some-error', 'This is not valid!' );
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return array {
|
* @return array {
|
||||||
* @type array {
|
* @type array {
|
||||||
|
Loading…
Reference in New Issue
Block a user