IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

REST API: Validate and Sanitize registered meta based off the schema.

Browse Source 
With the addition of Array support in our schema validation functions, it's now possible to use these in the meta validation and sanitization steps. Also, this increases the test coverage of using registered via meta the API significantly.

Fixes #38531.
Props rachelbaker, tharsheblows.

Built from https://develop.svn.wordpress.org/trunk@39222


git-svn-id: http://core.svn.wordpress.org/trunk@39162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Joe Hoyle
2016-11-14 16:36:33 +00:00
parent b6e848e638
commit 5c90d9ed8e
3 changed files with 42 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
wp-includes/rest-api/fields/class-wp-rest-meta-fields.php
View File

@@ -84,7 +84,7 @@ abstract class WP_REST_Meta_Fields {
$response[ $name ] = $value;
}
return (object) $response;
return $response;
}
/**
@@ -133,10 +133,24 @@ abstract class WP_REST_Meta_Fields {
*/
if ( is_null( $request[ $name ] ) ) {
$result = $this->delete_meta_value( $object_id, $name );
} elseif ( $args['single'] ) {
$result = $this->update_meta_value( $object_id, $name, $request[ $name ] );
if ( is_wp_error( $result ) ) {
return $result;
}
continue;
}
$is_valid = rest_validate_value_from_schema( $request[ $name ], $args['schema'], 'meta.' . $name );
if ( is_wp_error( $is_valid ) ) {
$is_valid->add_data( array( 'status' => 400 ) );
return $is_valid;
}
$value = rest_sanitize_value_from_schema( $request[ $name ], $args['schema'] );
if ( $args['single'] ) {
$result = $this->update_meta_value( $object_id, $name, $value );
} else {
$result = $this->update_multi_meta_value( $object_id, $name, $request[ $name ] );
$result = $this->update_multi_meta_value( $object_id, $name, $value );
}
if ( is_wp_error( $result ) ) {
@@ -319,12 +333,13 @@ abstract class WP_REST_Meta_Fields {
$default_args = array(
'name' => $name,
'single' => $args['single'],
'type' => ! empty( $args['type'] ) ? $args['type'] : null,
'schema' => array(),
'prepare_callback' => array( $this, 'prepare_value' ),
);
$default_schema = array(
'type' => null,
'type' => $default_args['type'],
'description' => empty( $args['description'] ) ? '' : $args['description'],
'default' => isset( $args['default'] ) ? $args['default'] : null,
);
@@ -332,20 +347,18 @@ abstract class WP_REST_Meta_Fields {
$rest_args = array_merge( $default_args, $rest_args );
$rest_args['schema'] = array_merge( $default_schema, $rest_args['schema'] );
if ( empty( $rest_args['schema']['type'] ) ) {
// Skip over meta fields that don't have a defined type.
if ( empty( $args['type'] ) ) {
continue;
}
$type = ! empty( $rest_args['type'] ) ? $rest_args['type'] : null;
$type = ! empty( $rest_args['schema']['type'] ) ? $rest_args['schema']['type'] : $type;
if ( $rest_args['single'] ) {
$rest_args['schema']['type'] = $args['type'];
} else {
$rest_args['schema']['type'] = 'array';
$rest_args['schema']['items'] = array(
'type' => $args['type'],
);
}
if ( ! in_array( $type, array( 'string', 'boolean', 'integer', 'number' ) ) ) {
continue;
}
if ( empty( $rest_args['single'] ) ) {
$rest_args['schema']['items'] = array(
'type' => $rest_args['type'],
);
$rest_args['schema']['type'] = 'array';
}
$registered[ $rest_args['name'] ] = $rest_args;