Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 22:35:02 +02:00
Code Issues Projects Releases Wiki Activity

REST API: Enable sanitize_callback to return WP_Error.

Browse Source 
Give developers the opportunity to reject incoming data without using the validation callback. It also enables us to do sanitization and validation in one function in instances where this could be useful.

Props websupporter, rmccue.
Fixes #37560.

Built from https://develop.svn.wordpress.org/trunk@38601


git-svn-id: http://core.svn.wordpress.org/trunk@38544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Joe Hoyle 2016-09-14 15:50:29 +00:00
parent d7f840a211
commit 794dd5d8cb
3 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
wp-includes/rest-api/class-wp-rest-request.php
View File

@ -780,10 +780,9 @@ class WP_REST_Request implements ArrayAccess {
* @since 4.4.0
* @access public
*
* @return true|null True if there are no parameters to sanitize, null otherwise.
* @return true|WP_Error True if parameters were sanitized, WP_Error if an error occurred during sanitization.
*/
public function sanitize_params() {
$attributes = $this->get_attributes();
// No arguments set, skip sanitizing.
@ -793,18 +792,33 @@ class WP_REST_Request implements ArrayAccess {
$order = $this->get_parameter_order();
$invalid_params = array();
foreach ( $order as $type ) {
if ( empty( $this->params[ $type ] ) ) {
continue;
}
foreach ( $this->params[ $type ] as $key => $value ) {
// Check if this param has a sanitize_callback added.
if ( isset( $attributes['args'][ $key ] ) && ! empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) {
$this->params[ $type ][ $key ] = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key );
if ( ! isset( $attributes['args'][ $key ] ) || empty( $attributes['args'][ $key ]['sanitize_callback'] ) ) {
continue;
}
$sanitized_value = call_user_func( $attributes['args'][ $key ]['sanitize_callback'], $value, $this, $key );
if ( is_wp_error( $sanitized_value ) ) {
$invalid_params[ $key ] = $sanitized_value->get_error_message();
} else {
$this->params[ $type ][ $key ] = $sanitized_value;
}
}
}
return null;
if ( $invalid_params ) {
return new WP_Error( 'rest_invalid_param', sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ), array( 'status' => 400, 'params' => $invalid_params ) );
}
return true;
}
/**
@ -817,7 +831,6 @@ class WP_REST_Request implements ArrayAccess {
* WP_Error if required parameters are missing.
*/
public function has_valid_params() {
$attributes = $this->get_attributes();
$required = array();

7
wp-includes/rest-api/class-wp-rest-server.php
View File

@ -866,9 +866,12 @@ class WP_REST_Server {
$check_required = $request->has_valid_params();
if ( is_wp_error( $check_required ) ) {
$response = $check_required;
} else {
$check_sanitized = $request->sanitize_params();
if ( is_wp_error( $check_sanitized ) ) {
$response = $check_sanitized;
}
}
$request->sanitize_params();
}
if ( ! is_wp_error( $response ) ) {

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.7-alpha-38600';
$wp_version = '4.7-alpha-38601';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.