/**
* Sanitize a value based on a schema.
*
* @param mixed $value The value to sanitize.
* @param array $args Schema array to use for sanitization.
* @return true|WP_Error
*/
function rest_sanitize_value_from_schema($value, $args)
{
if ('array' === $args['type']) {
if (empty($args['items'])) {
return (array) $value;
}
if (!is_array($value)) {
$value = preg_split('/[\\s,]+/', $value);
}
foreach ($value as $index => $v) {
$value[$index] = rest_sanitize_value_from_schema($v, $args['items']);
}
return $value;
}
if ('integer' === $args['type']) {
return (int) $value;
}
if ('number' === $args['type']) {
return (double) $value;
}
if ('boolean' === $args['type']) {
return rest_sanitize_boolean($value);
}
if (isset($args['format'])) {
switch ($args['format']) {
case 'date-time':
return sanitize_text_field($value);
case 'email':
/*
* sanitize_email() validates, which would be unexpected.
*/
return sanitize_text_field($value);
case 'uri':
return esc_url_raw($value);
case 'ipv4':
return sanitize_text_field($value);
}
}
return $value;
}
/**
* Check a user password for the REST API.
*
* Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
*
* @since 4.7.0
*
* @param mixed $value The password submitted in the request.
* @param WP_REST_Request $request Full details about the request.
* @param string $param The parameter name.
* @return WP_Error|string The sanitized password, if valid, otherwise an error.
*/
public function check_user_password($value, $request, $param)
{
$password = (string) rest_sanitize_value_from_schema($value, $request, $param);
if (empty($password)) {
return new WP_Error('rest_user_invalid_password', __('Passwords cannot be empty.'), array('status' => 400));
}
if (false !== strpos($password, "\\")) {
return new WP_Error('rest_user_invalid_password', __('Passwords cannot contain the "\\" character.'), array('status' => 400));
}
return $password;
}
public function test_no_type()
{
$schema = array('type' => null);
$this->assertEquals('Nothing', rest_sanitize_value_from_schema('Nothing', $schema));
$this->assertEquals(1.1, rest_sanitize_value_from_schema(1.1, $schema));
$this->assertEquals(1, rest_sanitize_value_from_schema(1, $schema));
}
/**
* Updates meta values.
*
* @since 4.7.0
* @access public
*
* @param WP_REST_Request $request Full details about the request.
* @param int $object_id Object ID to fetch meta for.
* @return WP_Error|null WP_Error if one occurs, null on success.
*/
public function update_value($request, $object_id)
{
$fields = $this->get_registered_fields();
foreach ($fields as $name => $args) {
if (!array_key_exists($name, $request)) {
continue;
}
/*
* A null value means reset the field, which is essentially deleting it
* from the database and then relying on the default value.
*/
if (is_null($request[$name])) {
$result = $this->delete_meta_value($object_id, $name);
if (is_wp_error($result)) {
return $result;
}
continue;
}
$is_valid = rest_validate_value_from_schema($request[$name], $args['schema'], 'meta.' . $name);
if (is_wp_error($is_valid)) {
$is_valid->add_data(array('status' => 400));
return $is_valid;
}
$value = rest_sanitize_value_from_schema($request[$name], $args['schema']);
if ($args['single']) {
$result = $this->update_meta_value($object_id, $name, $value);
} else {
$result = $this->update_multi_meta_value($object_id, $name, $value);
}
if (is_wp_error($result)) {
return $result;
}
}
return null;
}
