mirror of
https://github.com/WordPress/WordPress.git
synced 2024-06-23 13:24:57 +02:00
REST API: Validate and Sanitize registered meta based off the schema.
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly. Fixes #38531. Props rachelbaker, tharsheblows. Built from https://develop.svn.wordpress.org/trunk@39222 git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Joe Hoyle
parent
b6e848e638
commit
5c90d9ed8e
|
|
@ -998,6 +998,9 @@ function rest_validate_value_from_schema( $value, $args, $param = '' ) {
|
|||
if ( ! is_array( $value ) ) {
|
||||
$value = preg_split( '/[\s,]+/', $value );
|
||||
}
|
||||
if ( ! wp_is_numeric_array( $value ) ) {
|
||||
return new WP_Error( 'rest_invalid_param', sprintf( /* translators: 1: parameter, 2: type name */ __( '%1$s is not of type %2$s.' ), $param, 'array' ) );
|
||||
}
|
||||
foreach ( $value as $index => $v ) {
|
||||
$is_valid = rest_validate_value_from_schema( $v, $args['items'], $param . '[' . $index . ']' );
|
||||
if ( is_wp_error( $is_valid ) ) {
|
||||
|
|
@ -1107,6 +1110,9 @@ function rest_sanitize_value_from_schema( $value, $args ) {
|
|||
foreach ( $value as $index => $v ) {
|
||||
$value[ $index ] = rest_sanitize_value_from_schema( $v, $args['items'] );
|
||||
}
|
||||
// Normalize to numeric array so nothing unexpected
|
||||
// is in the keys.
|
||||
$value = array_values( $value );
|
||||
return $value;
|
||||
}
|
||||
if ( 'integer' === $args['type'] ) {
|
||||
|
|
@ -1140,5 +1146,9 @@ function rest_sanitize_value_from_schema( $value, $args ) {
|
|||
}
|
||||
}
|
||||
|
||||
if ( 'string' === $args['type'] ) {
|
||||
return strval( $value );
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ abstract class WP_REST_Meta_Fields {
|
|||
$response[ $name ] = $value;
|
||||
}
|
||||
|
||||
return (object) $response;
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -133,10 +133,24 @@ abstract class WP_REST_Meta_Fields {
|
|||
*/
|
||||
if ( is_null( $request[ $name ] ) ) {
|
||||
$result = $this->delete_meta_value( $object_id, $name );
|
||||
} elseif ( $args['single'] ) {
|
||||
$result = $this->update_meta_value( $object_id, $name, $request[ $name ] );
|
||||
if ( is_wp_error( $result ) ) {
|
||||
return $result;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
$is_valid = rest_validate_value_from_schema( $request[ $name ], $args['schema'], 'meta.' . $name );
|
||||
if ( is_wp_error( $is_valid ) ) {
|
||||
$is_valid->add_data( array( 'status' => 400 ) );
|
||||
return $is_valid;
|
||||
}
|
||||
|
||||
$value = rest_sanitize_value_from_schema( $request[ $name ], $args['schema'] );
|
||||
|
||||
if ( $args['single'] ) {
|
||||
$result = $this->update_meta_value( $object_id, $name, $value );
|
||||
} else {
|
||||
$result = $this->update_multi_meta_value( $object_id, $name, $request[ $name ] );
|
||||
$result = $this->update_multi_meta_value( $object_id, $name, $value );
|
||||
}
|
||||
|
||||
if ( is_wp_error( $result ) ) {
|
||||
|
|
@ -319,12 +333,13 @@ abstract class WP_REST_Meta_Fields {
|
|||
$default_args = array(
|
||||
'name' => $name,
|
||||
'single' => $args['single'],
|
||||
'type' => ! empty( $args['type'] ) ? $args['type'] : null,
|
||||
'schema' => array(),
|
||||
'prepare_callback' => array( $this, 'prepare_value' ),
|
||||
);
|
||||
|
||||
$default_schema = array(
|
||||
'type' => null,
|
||||
'type' => $default_args['type'],
|
||||
'description' => empty( $args['description'] ) ? '' : $args['description'],
|
||||
'default' => isset( $args['default'] ) ? $args['default'] : null,
|
||||
);
|
||||
|
|
@ -332,20 +347,18 @@ abstract class WP_REST_Meta_Fields {
|
|||
$rest_args = array_merge( $default_args, $rest_args );
|
||||
$rest_args['schema'] = array_merge( $default_schema, $rest_args['schema'] );
|
||||
|
||||
if ( empty( $rest_args['schema']['type'] ) ) {
|
||||
// Skip over meta fields that don't have a defined type.
|
||||
if ( empty( $args['type'] ) ) {
|
||||
continue;
|
||||
}
|
||||
$type = ! empty( $rest_args['type'] ) ? $rest_args['type'] : null;
|
||||
$type = ! empty( $rest_args['schema']['type'] ) ? $rest_args['schema']['type'] : $type;
|
||||
|
||||
if ( $rest_args['single'] ) {
|
||||
$rest_args['schema']['type'] = $args['type'];
|
||||
} else {
|
||||
$rest_args['schema']['type'] = 'array';
|
||||
$rest_args['schema']['items'] = array(
|
||||
'type' => $args['type'],
|
||||
);
|
||||
}
|
||||
if ( ! in_array( $type, array( 'string', 'boolean', 'integer', 'number' ) ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ( empty( $rest_args['single'] ) ) {
|
||||
$rest_args['schema']['items'] = array(
|
||||
'type' => $rest_args['type'],
|
||||
);
|
||||
$rest_args['schema']['type'] = 'array';
|
||||
}
|
||||
|
||||
$registered[ $rest_args['name'] ] = $rest_args;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.7-beta3-39221';
|
||||
$wp_version = '4.7-beta3-39222';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user