Validation is skipped for unregistered settings or for values that are
already null since they will be skipped anyway. Sanitization is applied
to values that pass validation, and values that become null or WP_Error
after sanitizing are marked invalid.
| public validate_setting_values ( array $setting_values, array $options = [] ) : array | ||
| $setting_values | array | Mapping of setting IDs to values to validate and sanitize. |
| $options | array | { Options. @type bool $validate_existence Whether a setting's existence will be checked. @type bool $validate_capability Whether the setting capability will be checked. } |
| return | array | Mapping of setting IDs to return value of validate method calls, either `true` or `WP_Error`. |
/**
* Test WP_Customize_Manager::validate_setting_values().
*
* @see WP_Customize_Manager::validate_setting_values()
*/
function test_validate_setting_values()
{
$default_value = 'foo_default';
$setting = $this->manager->add_setting('foo', array('validate_callback' => array($this, 'filter_customize_validate_foo'), 'sanitize_callback' => array($this, 'filter_customize_sanitize_foo')));
$post_value = 'bar';
$this->manager->set_post_value('foo', $post_value);
$this->assertEmpty($this->manager->validate_setting_values($this->manager->unsanitized_post_values()));
$this->manager->set_post_value('foo', 'return_wp_error_in_sanitize');
$invalid_settings = $this->manager->validate_setting_values($this->manager->unsanitized_post_values());
$this->assertCount(1, $invalid_settings);
$this->assertArrayHasKey($setting->id, $invalid_settings);
$this->assertInstanceOf('WP_Error', $invalid_settings[$setting->id]);
$error = $invalid_settings[$setting->id];
$this->assertEquals('invalid_value_in_sanitize', $error->get_error_code());
$this->assertEquals(array('source' => 'filter_customize_sanitize_foo'), $error->get_error_data());
$this->manager->set_post_value('foo', 'return_null_in_sanitize');
$invalid_settings = $this->manager->validate_setting_values($this->manager->unsanitized_post_values());
$this->assertCount(1, $invalid_settings);
$this->assertArrayHasKey($setting->id, $invalid_settings);
$this->assertInstanceOf('WP_Error', $invalid_settings[$setting->id]);
$this->assertNull($invalid_settings[$setting->id]->get_error_data());
$post_value = '<script>evil</script>';
$this->manager->set_post_value('foo', $post_value);
$invalid_settings = $this->manager->validate_setting_values($this->manager->unsanitized_post_values());
$this->assertCount(1, $invalid_settings);
$this->assertArrayHasKey($setting->id, $invalid_settings);
$this->assertInstanceOf('WP_Error', $invalid_settings[$setting->id]);
$error = $invalid_settings[$setting->id];
$this->assertEquals('invalid_value_in_validate', $error->get_error_code());
$this->assertEquals(array('source' => 'filter_customize_validate_foo'), $error->get_error_data());
}
/**
* Test the WP_Customize_Manager::validate_setting_values() method to make sure that the validation and sanitization are done in the right order.
*
* @ticket 37247
*/
function test_validate_setting_values_validation_sanitization_order()
{
$setting = $this->manager->add_setting('numeric', array('validate_callback' => array($this, 'filter_customize_validate_numeric'), 'sanitize_callback' => array($this, 'filter_customize_sanitize_numeric')));
$post_value = '42';
$this->manager->set_post_value('numeric', $post_value);
$validities = $this->manager->validate_setting_values($this->manager->unsanitized_post_values());
$this->assertCount(1, $validities);
$this->assertEquals(array('numeric' => true), $validities);
}
/**
* Handles the Ajax request to return the rendered partials for the requested placements.
*
* @since 4.5.0
* @access public
*/
public function handle_render_partials_request()
{
if (!$this->is_render_partials_request()) {
return;
}
/*
* Note that is_customize_preview() returning true will entail that the
* user passed the 'customize' capability check and the nonce check, since
* WP_Customize_Manager::setup_theme() is where the previewing flag is set.
*/
if (!is_customize_preview()) {
wp_send_json_error('expected_customize_preview', 403);
} else {
if (!isset($_POST['partials'])) {
wp_send_json_error('missing_partials', 400);
}
}
$partials = json_decode(wp_unslash($_POST['partials']), true);
if (!is_array($partials)) {
wp_send_json_error('malformed_partials');
}
$this->add_dynamic_partials(array_keys($partials));
/**
* Fires immediately before partials are rendered.
*
* Plugins may do things like call wp_enqueue_scripts() and gather a list of the scripts
* and styles which may get enqueued in the response.
*
* @since 4.5.0
*
* @param WP_Customize_Selective_Refresh $this Selective refresh component.
* @param array $partials Placements' context data for the partials rendered in the request.
* The array is keyed by partial ID, with each item being an array of
* the placements' context data.
*/
do_action('customize_render_partials_before', $this, $partials);
set_error_handler(array($this, 'handle_error'), error_reporting());
$contents = array();
foreach ($partials as $partial_id => $container_contexts) {
$this->current_partial_id = $partial_id;
if (!is_array($container_contexts)) {
wp_send_json_error('malformed_container_contexts');
}
$partial = $this->get_partial($partial_id);
if (!$partial || !$partial->check_capabilities()) {
$contents[$partial_id] = null;
continue;
}
$contents[$partial_id] = array();
// @todo The array should include not only the contents, but also whether the container is included?
if (empty($container_contexts)) {
// Since there are no container contexts, render just once.
$contents[$partial_id][] = $partial->render(null);
} else {
foreach ($container_contexts as $container_context) {
$contents[$partial_id][] = $partial->render($container_context);
}
}
}
$this->current_partial_id = null;
restore_error_handler();
/**
* Fires immediately after partials are rendered.
*
* Plugins may do things like call wp_footer() to scrape scripts output and return them
* via the {@see 'customize_render_partials_response'} filter.
*
* @since 4.5.0
*
* @param WP_Customize_Selective_Refresh $this Selective refresh component.
* @param array $partials Placements' context data for the partials rendered in the request.
* The array is keyed by partial ID, with each item being an array of
* the placements' context data.
*/
do_action('customize_render_partials_after', $this, $partials);
$response = array('contents' => $contents);
if (defined('WP_DEBUG_DISPLAY') && WP_DEBUG_DISPLAY) {
$response['errors'] = $this->triggered_errors;
}
$setting_validities = $this->manager->validate_setting_values($this->manager->unsanitized_post_values());
$exported_setting_validities = array_map(array($this->manager, 'prepare_setting_validity_for_js'), $setting_validities);
$response['setting_validities'] = $exported_setting_validities;
/**
* Filters the response from rendering the partials.
*
* Plugins may use this filter to inject `$scripts` and `$styles`, which are dependencies
* for the partials being rendered. The response data will be available to the client via
* the `render-partials-response` JS event, so the client can then inject the scripts and
* styles into the DOM if they have not already been enqueued there.
*
* If plugins do this, they'll need to take care for any scripts that do `document.write()`
* and make sure that these are not injected, or else to override the function to no-op,
* or else the page will be destroyed.
*
* Plugins should be aware that `$scripts` and `$styles` may eventually be included by
* default in the response.
*
* @since 4.5.0
*
* @param array $response {
* Response.
*
* @type array $contents Associative array mapping a partial ID its corresponding array of contents
* for the containers requested.
* @type array $errors List of errors triggered during rendering of partials, if `WP_DEBUG_DISPLAY`
* is enabled.
* }
* @param WP_Customize_Selective_Refresh $this Selective refresh component.
* @param array $partials Placements' context data for the partials rendered in the request.
* The array is keyed by partial ID, with each item being an array of
* the placements' context data.
*/
$response = apply_filters('customize_render_partials_response', $response, $this, $partials);
wp_send_json_success($response);
}