From f276b4901bafd84bfb319084e4fbbcb0cee1b64e Mon Sep 17 00:00:00 2001 From: Joe Hoyle Date: Wed, 4 Oct 2017 08:27:47 +0000 Subject: [PATCH] REST API: Support for objects in schema validation and sanitization. When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting. See #38583. Props TimothyBlynJacobs5. Built from https://develop.svn.wordpress.org/trunk@41727 git-svn-id: http://core.svn.wordpress.org/trunk@41561 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rest-api.php | 42 +++++++++++++++++++ .../class-wp-rest-attachments-controller.php | 2 + .../class-wp-rest-comments-controller.php | 1 + .../class-wp-rest-posts-controller.php | 3 ++ wp-includes/version.php | 2 +- 5 files changed, 49 insertions(+), 1 deletion(-) diff --git a/wp-includes/rest-api.php b/wp-includes/rest-api.php index 06bb9f9f80..34e1c591f6 100644 --- a/wp-includes/rest-api.php +++ b/wp-includes/rest-api.php @@ -1051,6 +1051,28 @@ function rest_validate_value_from_schema( $value, $args, $param = '' ) { } } } + + if ( 'object' === $args['type'] ) { + if ( $value instanceof stdClass ) { + $value = (array) $value; + } + if ( ! is_array( $value ) ) { + /* translators: 1: parameter, 2: type name */ + return new WP_Error( 'rest_invalid_param', sprintf( __( '%1$s is not of type %2$s.' ), $param, 'object' ) ); + } + + foreach ( $value as $property => $v ) { + if ( ! isset( $args['properties'][ $property ] ) ) { + continue; + } + $is_valid = rest_validate_value_from_schema( $v, $args['properties'][ $property ], $param . '[' . $property . ']' ); + + if ( is_wp_error( $is_valid ) ) { + return $is_valid; + } + } + } + if ( ! empty( $args['enum'] ) ) { if ( ! in_array( $value, $args['enum'], true ) ) { /* translators: 1: parameter, 2: list of valid values */ @@ -1170,6 +1192,26 @@ function rest_sanitize_value_from_schema( $value, $args ) { $value = array_values( $value ); return $value; } + + if ( 'object' === $args['type'] ) { + if ( $value instanceof stdClass ) { + $value = (array) $value; + } + if ( ! is_array( $value ) ) { + return array(); + } + + foreach ( $value as $property => $v ) { + if ( ! isset( $args['properties'][ $property ] ) ) { + unset( $value[ $property ] ); + continue; + } + $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['properties'][ $property ] ); + } + + return $value; + } + if ( 'integer' === $args['type'] ) { return (int) $value; } diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index 76802fea76..ed101815a1 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php @@ -391,6 +391,7 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() ), 'properties' => array( 'raw' => array( @@ -413,6 +414,7 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { 'context' => array( 'view', 'edit' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() ), 'properties' => array( 'raw' => array( diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php index 810a3fb867..415ba8e9bc 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php @@ -1200,6 +1200,7 @@ class WP_REST_Comments_Controller extends WP_REST_Controller { 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() ), 'properties' => array( 'raw' => array( diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 018b66ec2d..80027cfea8 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -1846,6 +1846,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() ), 'properties' => array( 'raw' => array( @@ -1870,6 +1871,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { 'context' => array( 'view', 'edit' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() ), 'properties' => array( 'raw' => array( @@ -1908,6 +1910,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { 'context' => array( 'view', 'edit', 'embed' ), 'arg_options' => array( 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() + 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() ), 'properties' => array( 'raw' => array( diff --git a/wp-includes/version.php b/wp-includes/version.php index 681d4c23aa..6ebbb27cca 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9-alpha-41726'; +$wp_version = '4.9-alpha-41727'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.