sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Check required properties are provided when validating an object.

Browse Source 
Previously, the WP_REST_Request object validated that top-level properties were defined, but this did not extend to those object's required properties. This adds validation to rest_validate_value_from_schema() directly.

Both the v3 and v4 JSON Schema syntax for required properties is supported.

Props sorenbronsted.
Fixes #48818.


git-svn-id: https://develop.svn.wordpress.org/trunk@47809 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs 2020-05-16 18:41:41 +00:00
parent 6742d0d7a6
commit 8b9823f536
2 changed files with 335 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/wp-includes/rest-api.php
View File

@ -1284,6 +1284,22 @@ function rest_validate_value_from_schema( $value, $args, $param = '' ) {
return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'object' ) );
}
if ( isset( $args['required'] ) && is_array( $args['required'] ) ) { // schema version 4
foreach ( $args['required'] as $name ) {
if ( ! array_key_exists( $name, $value ) ) {
/* translators: 1: Property of an object, 2: Parameter. */
return new WP_Error( 'rest_property_required', sprintf( __( '%1$s is a required property of %2$s.' ), $name, $param ) );
}
}
} elseif ( isset( $args['properties'] ) ) { // schema version 3
foreach ( $args['properties'] as $name => $property ) {
if ( isset( $property['required'] ) && true === $property['required'] && ! array_key_exists( $name, $value ) ) {
/* translators: 1: Property of an object, 2: Parameter. */
return new WP_Error( 'rest_property_required', sprintf( __( '%1$s is a required property of %2$s.' ), $name, $param ) );
}
}
}
foreach ( $value as $property => $v ) {
if ( isset( $args['properties'][ $property ] ) ) {
$is_valid = rest_validate_value_from_schema( $v, $args['properties'][ $property ], $param . '[' . $property . ']' );

320
tests/phpunit/tests/rest-api/rest-schema-validation.php
View File

@ -2,7 +2,7 @@
/**
* Unit tests covering schema validation and sanitization functionality.
*
* @package WordPress
* @package WordPress
* @subpackage REST API
*/
@ -409,4 +409,322 @@ class WP_Test_REST_Schema_Validation extends WP_UnitTestCase {
// three supplementary Unicode code point is to long
$this->assertWPError( rest_validate_value_from_schema( $mb_char . $mb_char . $mb_char, $schema ) );
}
/**
* @ticket 48818
* @dataProvider data_required_property
*/
public function test_property_is_required( $data, $expected ) {
$schema = array(
'type' => 'object',
'properties' => array(
'my_prop' => array(
'type' => 'string',
),
'my_required_prop' => array(
'type' => 'string',
'required' => true,
),
),
);
$valid = rest_validate_value_from_schema( $data, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
/**
* @ticket 48818
* @dataProvider data_required_property
*/
public function test_property_is_required_v4( $data, $expected ) {
$schema = array(
'type' => 'object',
'properties' => array(
'my_prop' => array(
'type' => 'string',
),
'my_required_prop' => array(
'type' => 'string',
),
),
'required' => array( 'my_required_prop' ),
);
$valid = rest_validate_value_from_schema( $data, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
public function data_required_property() {
return array(
array(
array(
'my_required_prop' => 'test',
'my_prop' => 'test',
),
true,
),
array( array( 'my_prop' => 'test' ), false ),
array( array(), false ),
);
}
/**
* @ticket 48818
* @dataProvider data_required_nested_property
*/
public function test_nested_property_is_required( $data, $expected ) {
$schema = array(
'type' => 'object',
'properties' => array(
'my_object' => array(
'type' => 'object',
'properties' => array(
'my_nested_prop' => array(
'type' => 'string',
),
'my_required_nested_prop' => array(
'type' => 'string',
'required' => true,
),
),
),
),
);
$valid = rest_validate_value_from_schema( $data, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
/**
* @ticket 48818
* @dataProvider data_required_nested_property
*/
public function test_nested_property_is_required_v4( $data, $expected ) {
$schema = array(
'type' => 'object',
'properties' => array(
'my_object' => array(
'type' => 'object',
'properties' => array(
'my_nested_prop' => array(
'type' => 'string',
),
'my_required_nested_prop' => array(
'type' => 'string',
),
),
'required' => array( 'my_required_nested_prop' ),
),
),
);
$valid = rest_validate_value_from_schema( $data, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
public function data_required_nested_property() {
return array(
array(
array(
'my_object' => array(
'my_required_nested_prop' => 'test',
'my_nested_prop' => 'test',
),
),
true,
),
array(
array(
'my_object' => array(
'my_nested_prop' => 'test',
),
),
false,
),
array(
array(),
true,
),
);
}
/**
* @ticket 48818
* @dataProvider data_required_deeply_nested_property
*/
public function test_deeply_nested_v3_required_property( $value, $expected ) {
$schema = array(
'type' => 'object',
'properties' => array(
'propA' => array(
'type' => 'object',
'required' => true,
'properties' => array(
'propB' => array(
'type' => 'object',
'required' => true,
'properties' => array(
'propC' => array(
'type' => 'string',
'required' => true,
),
'propD' => array(
'type' => 'string',
),
),
),
),
),
),
);
$valid = rest_validate_value_from_schema( $value, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
/**
* @ticket 48818
* @dataProvider data_required_deeply_nested_property
*/
public function test_deeply_nested_v4_required_property( $value, $expected ) {
$schema = array(
'type' => 'object',
'required' => array( 'propA' ),
'properties' => array(
'propA' => array(
'type' => 'object',
'required' => array( 'propB' ),
'properties' => array(
'propB' => array(
'type' => 'object',
'required' => array( 'propC' ),
'properties' => array(
'propC' => array(
'type' => 'string',
),
'propD' => array(
'type' => 'string',
),
),
),
),
),
),
);
$valid = rest_validate_value_from_schema( $value, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
/**
* @ticket 48818
* @dataProvider data_required_deeply_nested_property
*/
public function test_deeply_nested_mixed_version_required_property( $value, $expected ) {
$schema = array(
'type' => 'object',
'required' => array( 'propA' ),
'properties' => array(
'propA' => array(
'type' => 'object',
'required' => array( 'propB' ),
'properties' => array(
'propB' => array(
'type' => 'object',
'properties' => array(
'propC' => array(
'type' => 'string',
'required' => true,
),
'propD' => array(
'type' => 'string',
),
),
),
),
),
),
);
$valid = rest_validate_value_from_schema( $value, $schema );
if ( $expected ) {
$this->assertTrue( $valid );
} else {
$this->assertWPError( $valid );
}
}
public function data_required_deeply_nested_property() {
return array(
array(
array(),
false,
),
array(
array(
'propA' => array(),
),
false,
),
array(
array(
'propA' => array(
'propB' => array(),
),
),
false,
),
array(
array(
'propA' => array(
'propB' => array(
'propD' => 'd',
),
),
),
false,
),
array(
array(
'propA' => array(
'propB' => array(
'propC' => 'c',
),
),
),
true,
),
);
}
}