From f4779221a3b067fb00383ba3ba73b3c1ee104eb4 Mon Sep 17 00:00:00 2001
From: Weston Ruter <westonruter@git.wordpress.org>
Date: Sun, 9 Oct 2016 20:07:16 +0000
Subject: [PATCH] Customize: Ensure `customize_validate_{$setting->id}` filters
 apply on input post values for `WP_Customize_Setting` subclasses that neglect
 to apply the filter themselves.

Fixes #37638.


git-svn-id: https://develop.svn.wordpress.org/trunk@38765 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../class-wp-customize-manager.php            |  7 ++
 tests/phpunit/tests/customize/manager.php     | 66 +++++++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/src/wp-includes/class-wp-customize-manager.php b/src/wp-includes/class-wp-customize-manager.php
index bb892b564e..23e319167e 100644
--- a/src/wp-includes/class-wp-customize-manager.php
+++ b/src/wp-includes/class-wp-customize-manager.php
@@ -1003,6 +1003,13 @@ final class WP_Customize_Manager {
 				continue;
 			}
 			$validity = $setting->validate( $unsanitized_value );
+			if ( ! is_wp_error( $validity ) ) {
+				/** This filter is documented in wp-includes/class-wp-customize-setting.php */
+				$late_validity = apply_filters( "customize_validate_{$setting->id}", new WP_Error(), $unsanitized_value, $setting );
+				if ( ! empty( $late_validity->errors ) ) {
+					$validity = $late_validity;
+				}
+			}
 			if ( ! is_wp_error( $validity ) ) {
 				$value = $setting->sanitize( $unsanitized_value );
 				if ( is_null( $value ) ) {
diff --git a/tests/phpunit/tests/customize/manager.php b/tests/phpunit/tests/customize/manager.php
index f3e4846094..f5e7c87a1b 100644
--- a/tests/phpunit/tests/customize/manager.php
+++ b/tests/phpunit/tests/customize/manager.php
@@ -278,6 +278,50 @@ class Tests_WP_Customize_Manager extends WP_UnitTestCase {
 		$this->assertEquals( array( 'source' => 'filter_customize_validate_foo' ), $error->get_error_data() );
 	}
 
+	/**
+	 * Test WP_Customize_Manager::validate_setting_values().
+	 *
+	 * @ticket 37638
+	 * @covers WP_Customize_Manager::validate_setting_values()
+	 */
+	function test_late_validate_setting_values() {
+		$setting = new Test_Setting_Without_Applying_Validate_Filter( $this->manager, 'required' );
+		$this->manager->add_setting( $setting );
+
+		$this->assertInstanceOf( 'WP_Error', $setting->validate( '' ) );
+		$setting_validities = $this->manager->validate_setting_values( array( $setting->id => '' ) );
+		$this->assertInstanceOf( 'WP_Error', $setting_validities[ $setting->id ] );
+
+		$this->assertTrue( $setting->validate( 'ok' ) );
+		$setting_validities = $this->manager->validate_setting_values( array( $setting->id => 'ok' ) );
+		$this->assertTrue( $setting_validities[ $setting->id ] );
+
+		add_filter( "customize_validate_{$setting->id}", array( $this, 'late_validate_length' ), 10, 3 );
+		$this->assertTrue( $setting->validate( 'bad' ) );
+		$setting_validities = $this->manager->validate_setting_values( array( $setting->id => 'bad' ) );
+		$validity = $setting_validities[ $setting->id ];
+		$this->assertInstanceOf( 'WP_Error', $validity );
+		$this->assertEquals( 'minlength', $validity->get_error_code() );
+	}
+
+	/**
+	 * Add a length constraint to a setting.
+	 *
+	 * Adds minimum-length error code if the length is less than 10.
+	 *
+	 * @param WP_Error             $validity Validity.
+	 * @param mixed                $value    Value.
+	 * @param WP_Customize_Setting $setting  Setting.
+	 * @return WP_Error Validity.
+	 */
+	function late_validate_length( $validity, $value, $setting ) {
+		$this->assertInstanceOf( 'WP_Customize_Setting', $setting );
+		if ( strlen( $value ) < 10 ) {
+			$validity->add( 'minlength', '' );
+		}
+		return $validity;
+	}
+
 	/**
 	 * Test the WP_Customize_Manager::validate_setting_values() method to make sure that the validation and sanitization are done in the right order.
 	 *
@@ -1030,3 +1074,25 @@ class Test_Dynamic_Customize_Setting extends WP_Customize_Setting {
 	public $type = 'dynamic';
 	public $custom;
 }
+
+/**
+ * Class Test_Setting_Without_Applying_Validate_Filter.
+ *
+ * @see Tests_WP_Customize_Manager::test_late_validate_setting_values()
+ */
+class Test_Setting_Without_Applying_Validate_Filter extends WP_Customize_Setting {
+
+	/**
+	 * Validates an input.
+	 *
+	 * @param mixed $value Value to validate.
+	 * @return true|WP_Error True if the input was validated, otherwise WP_Error.
+	 */
+	public function validate( $value ) {
+		if ( empty( $value ) ) {
+			return new WP_Error( 'empty_value', __( 'You must supply a value' ) );
+		}
+		return true;
+	}
+
+}