sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Only validate the format keyword if the type is a string.

Browse Source 
This allows for using multi-type support with a string that has a format. For backwards compatibility support, the format validation will still apply if the type is not specified, or it is invalid.

Two new doing it wrong notices are issued when omitting a type, or using an invalid type.

Props ryotsun.
Fixes #50189.


git-svn-id: https://develop.svn.wordpress.org/trunk@48300 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Timothy Jacobs 2020-07-04 19:51:10 +00:00
parent ee57798a7f
commit fe2ceeada4
3 changed files with 120 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/wp-includes/rest-api.php
View File

@ -1281,6 +1281,12 @@ function rest_get_avatar_sizes() {
* @return true|WP_Error
*/
function rest_validate_value_from_schema( $value, $args, $param = '' ) {
$allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' );
if ( ! isset( $args['type'] ) ) {
_doing_it_wrong( __FUNCTION__, __( 'The "type" schema keyword is required.' ), '5.5.0' );
}
if ( is_array( $args['type'] ) ) {
foreach ( $args['type'] as $type ) {
$type_args = $args;
@ -1295,6 +1301,15 @@ function rest_validate_value_from_schema( $value, $args, $param = '' ) {
return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, implode( ',', $args['type'] ) ) );
}
if ( ! in_array( $args['type'], $allowed_types, true ) ) {
_doing_it_wrong(
__FUNCTION__,
/* translators: 1. The list of allowed types. */
wp_sprintf( __( 'The "type" schema keyword can only be on of the built-in types: %l.' ), $allowed_types ),
'5.5.0'
);
}
if ( 'array' === $args['type'] ) {
if ( ! is_null( $value ) ) {
$value = wp_parse_list( $value );
@ -1449,7 +1464,9 @@ function rest_validate_value_from_schema( $value, $args, $param = '' ) {
}
}
if ( isset( $args['format'] ) ) {
// The "format" keyword should only be applied to strings. However, for backwards compatibility,
// we allow the "format" keyword if the type keyword was not specified, or was set to an invalid value.
if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) {
switch ( $args['format'] ) {
case 'hex-color':
if ( ! rest_parse_hex_color( $value ) ) {
@ -1538,6 +1555,12 @@ function rest_validate_value_from_schema( $value, $args, $param = '' ) {
* @return true|WP_Error
*/
function rest_sanitize_value_from_schema( $value, $args ) {
$allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' );
if ( ! isset( $args['type'] ) ) {
_doing_it_wrong( __FUNCTION__, __( 'The "type" schema keyword is required.' ), '5.5.0' );
}
if ( is_array( $args['type'] ) ) {
// Determine which type the value was validated against,
// and use that type when performing sanitization.
@ -1560,6 +1583,15 @@ function rest_sanitize_value_from_schema( $value, $args ) {
$args['type'] = $validated_type;
}
if ( ! in_array( $args['type'], $allowed_types, true ) ) {
_doing_it_wrong(
__FUNCTION__,
/* translators: 1. The list of allowed types. */
wp_sprintf( __( 'The "type" schema keyword can only be on of the built-in types: %l.' ), $allowed_types ),
'5.5.0'
);
}
if ( 'array' === $args['type'] ) {
if ( empty( $args['items'] ) ) {
return (array) $value;
@ -1619,7 +1651,8 @@ function rest_sanitize_value_from_schema( $value, $args ) {
return rest_sanitize_boolean( $value );
}
if ( isset( $args['format'] ) ) {
// This behavior matches rest_validate_value_from_schema().
if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) {
switch ( $args['format'] ) {
case 'hex-color':
return (string) sanitize_hex_color( $value );

42
tests/phpunit/tests/rest-api/rest-schema-sanitization.php
View File

@ -312,6 +312,8 @@ class WP_Test_REST_Schema_Sanitization extends WP_UnitTestCase {
}
public function test_type_unknown() {
$this->setExpectedIncorrectUsage( 'rest_sanitize_value_from_schema' );
$schema = array(
'type' => 'lalala',
);
@ -321,6 +323,8 @@ class WP_Test_REST_Schema_Sanitization extends WP_UnitTestCase {
}
public function test_no_type() {
$this->setExpectedIncorrectUsage( 'rest_sanitize_value_from_schema' );
$schema = array(
'type' => null,
);
@ -340,6 +344,44 @@ class WP_Test_REST_Schema_Sanitization extends WP_UnitTestCase {
$this->assertNull( rest_sanitize_value_from_schema( 'lalala', $schema ) );
}
/**
* @ticket 50189
*/
public function test_format_validation_is_skipped_if_non_string_type() {
$schema = array(
'type' => 'array',
'format' => 'hex-color',
);
$this->assertEquals( array( '#fff' ), rest_sanitize_value_from_schema( '#fff', $schema ) );
$this->assertEquals( array( '#qrst' ), rest_sanitize_value_from_schema( '#qrst', $schema ) );
}
/**
* @ticket 50189
*/
public function test_format_validation_is_applied_if_missing_type() {
$this->expectException( 'PHPUnit_Framework_Error_Notice' ); // For the undefined index.
$this->setExpectedIncorrectUsage( 'rest_sanitize_value_from_schema' );
$schema = array( 'format' => 'hex-color' );
$this->assertEquals( '#abc', rest_sanitize_value_from_schema( '#abc', $schema ) );
$this->assertEquals( '', rest_sanitize_value_from_schema( '#jkl', $schema ) );
}
/**
* @ticket 50189
*/
public function test_format_validation_is_applied_if_unknown_type() {
$this->setExpectedIncorrectUsage( 'rest_sanitize_value_from_schema' );
$schema = array(
'format' => 'hex-color',
'type' => 'str',
);
$this->assertEquals( '#abc', rest_sanitize_value_from_schema( '#abc', $schema ) );
$this->assertEquals( '', rest_sanitize_value_from_schema( '#jkl', $schema ) );
}
public function test_object_or_string() {
$schema = array(
'type' => array( 'object', 'string' ),

43
tests/phpunit/tests/rest-api/rest-schema-validation.php
View File

@ -137,6 +137,47 @@ class WP_Test_REST_Schema_Validation extends WP_UnitTestCase {
$this->assertWPError( rest_validate_value_from_schema( 'FF01::101::2', $schema ) ); // Multicast, compressed.
}
/**
* @ticket 50189
*/
public function test_format_validation_is_skipped_if_non_string_type() {
$schema = array(
'type' => 'array',
'items' => array(
'type' => 'string',
),
'format' => 'email',
);
$this->assertTrue( rest_validate_value_from_schema( 'email@example.com', $schema ) );
$this->assertTrue( rest_validate_value_from_schema( 'email', $schema ) );
}
/**
* @ticket 50189
*/
public function test_format_validation_is_applied_if_missing_type() {
$this->expectException( 'PHPUnit_Framework_Error_Notice' ); // For the undefined index.
$this->setExpectedIncorrectUsage( 'rest_validate_value_from_schema' );
$schema = array( 'format' => 'email' );
$this->assertTrue( rest_validate_value_from_schema( 'email@example.com', $schema ) );
$this->assertWPError( rest_validate_value_from_schema( 'email', $schema ) );
}
/**
* @ticket 50189
*/
public function test_format_validation_is_applied_if_unknown_type() {
$this->setExpectedIncorrectUsage( 'rest_validate_value_from_schema' );
$schema = array(
'format' => 'email',
'type' => 'str',
);
$this->assertTrue( rest_validate_value_from_schema( 'email@example.com', $schema ) );
$this->assertWPError( rest_validate_value_from_schema( 'email', $schema ) );
}
public function test_type_array() {
$schema = array(
'type' => 'array',
@ -322,6 +363,8 @@ class WP_Test_REST_Schema_Validation extends WP_UnitTestCase {
}
public function test_type_unknown() {
$this->setExpectedIncorrectUsage( 'rest_validate_value_from_schema' );
$schema = array(
'type' => 'lalala',
);