From e5fcbb35145f1e8483f7232cd7f63cd7a70997a2 Mon Sep 17 00:00:00 2001 From: Rachel Baker Date: Sat, 2 Jul 2016 23:03:27 +0000 Subject: [PATCH] REST API: Reverse order of setting sanitization/validation, validating prior to sanitizing. Fixes mistake in the current behavior, where the sanitization callback ran before the validation callback. Now the validation callback will run before the sanitization. Props schlessera, rachelbaker. See #37247. Fixes #37192. Built from https://develop.svn.wordpress.org/trunk@37943 git-svn-id: http://core.svn.wordpress.org/trunk@37884 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rest-api/class-wp-rest-server.php | 4 ++-- wp-includes/version.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/wp-includes/rest-api/class-wp-rest-server.php b/wp-includes/rest-api/class-wp-rest-server.php index cb19242bf1..2c49c8fc69 100644 --- a/wp-includes/rest-api/class-wp-rest-server.php +++ b/wp-includes/rest-api/class-wp-rest-server.php @@ -853,8 +853,6 @@ class WP_REST_Server { $request->set_url_params( $args ); $request->set_attributes( $handler ); - $request->sanitize_params(); - $defaults = array(); foreach ( $handler['args'] as $arg => $options ) { @@ -869,6 +867,8 @@ class WP_REST_Server { if ( is_wp_error( $check_required ) ) { $response = $check_required; } + + $request->sanitize_params(); } if ( ! is_wp_error( $response ) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index 9fdc7479e6..4aa9bca937 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.6-beta1-37942'; +$wp_version = '4.6-beta1-37943'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.