public function test_validate_less_than_max_exclusive() { $request = new WP_REST_Request('GET', '/wp/v2/foo', array('args' => array('lessthanmax' => array('type' => 'integer', 'maximum' => 10, 'exclusiveMaximum' => true)))); $ret = rest_validate_request_arg(11, $request, 'lessthanmax'); $this->assertEquals('lessthanmax must be less than 10 (exclusive)', $ret->get_error_message()); $ret = rest_validate_request_arg(10, $request, 'lessthanmax'); $this->assertEquals('lessthanmax must be less than 10 (exclusive)', $ret->get_error_message()); $ret = rest_validate_request_arg(9, $request, 'lessthanmax'); $this->assertTrue($ret); }
/** * Parse a request argument based on details registered to the route. * * Runs a validation check and sanitizes the value, primarily to be used via * the `sanitize_callback` arguments in the endpoint args registration. * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return mixed */ function rest_parse_request_arg($value, $request, $param) { $is_valid = rest_validate_request_arg($value, $request, $param); if (is_wp_error($is_valid)) { return $is_valid; } $value = rest_sanitize_request_arg($value, $request, $param); return $value; }
/** * Checks a comment author email for validity. * * Accepts either a valid email address or empty string as a valid comment * author email address. Setting the comment author email to an empty * string is allowed when a comment is being updated. * * @since 4.7.0 * * @param string $value Author email value submitted. * @param WP_REST_Request $request Full details about the request. * @param string $param The parameter name. * @return WP_Error|string The sanitized email address, if valid, * otherwise an error. */ public function check_comment_author_email($value, $request, $param) { $email = (string) $value; if (empty($email)) { return $email; } $check_email = rest_validate_request_arg($email, $request, $param); if (is_wp_error($check_email)) { return $check_email; } return $email; }
/** * Sanitizes and validates the list of post statuses, including whether the * user can query private statuses. * * @since 4.7.0 * @access public * * @param string|array $statuses One or more post statuses. * @param WP_REST_Request $request Full details about the request. * @param string $parameter Additional parameter to pass to validation. * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. */ public function sanitize_post_statuses($statuses, $request, $parameter) { $statuses = wp_parse_slug_list($statuses); // The default status is different in WP_REST_Attachments_Controller $attributes = $request->get_attributes(); $default_status = $attributes['args']['status']['default']; foreach ($statuses as $status) { if ($status === $default_status) { continue; } $post_type_obj = get_post_type_object($this->post_type); if (current_user_can($post_type_obj->cap->edit_posts)) { $result = rest_validate_request_arg($status, $request, $parameter); if (is_wp_error($result)) { return $result; } } else { return new WP_Error('rest_forbidden_status', __('Status is forbidden.'), array('status' => rest_authorization_required_code())); } } return $statuses; }
public function test_validate_schema_format_date_time() { $this->assertTrue(rest_validate_request_arg('2010-01-01T12:00:00', $this->request, 'somedate')); $this->assertErrorResponse('rest_invalid_date', rest_validate_request_arg('2010-18-18T12:00:00', $this->request, 'somedate')); }