/** * Sanitize a request argument based on details registered to the route. * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return mixed */ function rest_sanitize_request_arg($value, $request, $param) { $attributes = $request->get_attributes(); if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) { return $value; } $args = $attributes['args'][$param]; if ('integer' === $args['type']) { return (int) $value; } if ('boolean' === $args['type']) { return rest_sanitize_boolean($value); } if (isset($args['format'])) { switch ($args['format']) { case 'date-time': return sanitize_text_field($value); case 'email': /* * sanitize_email() validates, which would be unexpected */ return sanitize_text_field($value); case 'uri': return esc_url_raw($value); case 'ipv4': return sanitize_text_field($value); } } return $value; }
/** * Sanitize a value based on a schema. * * @param mixed $value The value to sanitize. * @param array $args Schema array to use for sanitization. * @return true|WP_Error */ function rest_sanitize_value_from_schema($value, $args) { if ('array' === $args['type']) { if (empty($args['items'])) { return (array) $value; } if (!is_array($value)) { $value = preg_split('/[\\s,]+/', $value); } foreach ($value as $index => $v) { $value[$index] = rest_sanitize_value_from_schema($v, $args['items']); } return $value; } if ('integer' === $args['type']) { return (int) $value; } if ('number' === $args['type']) { return (double) $value; } if ('boolean' === $args['type']) { return rest_sanitize_boolean($value); } if (isset($args['format'])) { switch ($args['format']) { case 'date-time': return sanitize_text_field($value); case 'email': /* * sanitize_email() validates, which would be unexpected. */ return sanitize_text_field($value); case 'uri': return esc_url_raw($value); case 'ipv4': return sanitize_text_field($value); } } return $value; }