From f43ca27db9ceab7354f6aedcb1e55941fe3a0531 Mon Sep 17 00:00:00 2001 From: TimothyBlynJacobs Date: Sat, 5 Sep 2020 18:09:06 +0000 Subject: [PATCH] REST API: Support a route-level validation callback. Most request data is validated on a per-parameter basis. Often, however, additional validation is needed that operates on the entire request object. Currently, this is done in the route callback and often in the `prepare_item_for_database` method specifically. #50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode. This patch introduces support for calling a `validate_callback` after all parameter validation has succeeded. That allows moving more validation outside of the route callback and into `WP_REST_Request` which will improve "pre-validate" support. Props TimothyBlynJacobs, zieladam. Fixes #51255. See #50244. Built from https://develop.svn.wordpress.org/trunk@48945 git-svn-id: http://core.svn.wordpress.org/trunk@48707 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- .../rest-api/class-wp-rest-request.php | 24 ++++++++++++------- wp-includes/version.php | 2 +- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/wp-includes/rest-api/class-wp-rest-request.php b/wp-includes/rest-api/class-wp-rest-request.php index 73548d4f38..937b5684cd 100644 --- a/wp-includes/rest-api/class-wp-rest-request.php +++ b/wp-includes/rest-api/class-wp-rest-request.php @@ -858,13 +858,9 @@ class WP_REST_Request implements ArrayAccess { $attributes = $this->get_attributes(); $required = array(); - // No arguments set, skip validation. - if ( empty( $attributes['args'] ) ) { - return true; - } - - foreach ( $attributes['args'] as $key => $arg ) { + $args = empty( $attributes['args'] ) ? array() : $attributes['args']; + foreach ( $args as $key => $arg ) { $param = $this->get_param( $key ); if ( isset( $arg['required'] ) && true === $arg['required'] && null === $param ) { $required[] = $key; @@ -890,7 +886,7 @@ class WP_REST_Request implements ArrayAccess { */ $invalid_params = array(); - foreach ( $attributes['args'] as $key => $arg ) { + foreach ( $args as $key => $arg ) { $param = $this->get_param( $key ); @@ -919,8 +915,20 @@ class WP_REST_Request implements ArrayAccess { ); } - return true; + if ( isset( $attributes['validate_callback'] ) ) { + $valid_check = call_user_func( $attributes['validate_callback'], $this ); + if ( is_wp_error( $valid_check ) ) { + return $valid_check; + } + + if ( false === $valid_check ) { + // A WP_Error instance is preferred, but false is supported for parity with the per-arg validate_callback. + return new WP_Error( 'rest_invalid_params', __( 'Invalid parameters.' ), array( 'status' => 400 ) ); + } + } + + return true; } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index afcdee3ffa..2565d62a17 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.6-alpha-48944'; +$wp_version = '5.6-alpha-48945'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.