/** * Sanitize a value based on a schema. * * @param mixed $value The value to sanitize. * @param array $args Schema array to use for sanitization. * @return true|WP_Error */ function rest_sanitize_value_from_schema($value, $args) { if ('array' === $args['type']) { if (empty($args['items'])) { return (array) $value; } if (!is_array($value)) { $value = preg_split('/[\\s,]+/', $value); } foreach ($value as $index => $v) { $value[$index] = rest_sanitize_value_from_schema($v, $args['items']); } return $value; } if ('integer' === $args['type']) { return (int) $value; } if ('number' === $args['type']) { return (double) $value; } if ('boolean' === $args['type']) { return rest_sanitize_boolean($value); } if (isset($args['format'])) { switch ($args['format']) { case 'date-time': return sanitize_text_field($value); case 'email': /* * sanitize_email() validates, which would be unexpected. */ return sanitize_text_field($value); case 'uri': return esc_url_raw($value); case 'ipv4': return sanitize_text_field($value); } } return $value; }
/** * Check a user password for the REST API. * * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. * * @since 4.7.0 * * @param mixed $value The password submitted in the request. * @param WP_REST_Request $request Full details about the request. * @param string $param The parameter name. * @return WP_Error|string The sanitized password, if valid, otherwise an error. */ public function check_user_password($value, $request, $param) { $password = (string) rest_sanitize_value_from_schema($value, $request, $param); if (empty($password)) { return new WP_Error('rest_user_invalid_password', __('Passwords cannot be empty.'), array('status' => 400)); } if (false !== strpos($password, "\\")) { return new WP_Error('rest_user_invalid_password', __('Passwords cannot contain the "\\" character.'), array('status' => 400)); } return $password; }
public function test_no_type() { $schema = array('type' => null); $this->assertEquals('Nothing', rest_sanitize_value_from_schema('Nothing', $schema)); $this->assertEquals(1.1, rest_sanitize_value_from_schema(1.1, $schema)); $this->assertEquals(1, rest_sanitize_value_from_schema(1, $schema)); }
/** * Updates meta values. * * @since 4.7.0 * @access public * * @param WP_REST_Request $request Full details about the request. * @param int $object_id Object ID to fetch meta for. * @return WP_Error|null WP_Error if one occurs, null on success. */ public function update_value($request, $object_id) { $fields = $this->get_registered_fields(); foreach ($fields as $name => $args) { if (!array_key_exists($name, $request)) { continue; } /* * A null value means reset the field, which is essentially deleting it * from the database and then relying on the default value. */ if (is_null($request[$name])) { $result = $this->delete_meta_value($object_id, $name); if (is_wp_error($result)) { return $result; } continue; } $is_valid = rest_validate_value_from_schema($request[$name], $args['schema'], 'meta.' . $name); if (is_wp_error($is_valid)) { $is_valid->add_data(array('status' => 400)); return $is_valid; } $value = rest_sanitize_value_from_schema($request[$name], $args['schema']); if ($args['single']) { $result = $this->update_meta_value($object_id, $name, $value); } else { $result = $this->update_multi_meta_value($object_id, $name, $value); } if (is_wp_error($result)) { return $result; } } return null; }