/** * Validate reports request arguments. * * @since 2.6.0 * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return WP_Error|boolean */ function wc_rest_validate_reports_request_arg($value, $request, $param) { $attributes = $request->get_attributes(); if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) { return true; } $args = $attributes['args'][$param]; if ('string' === $args['type'] && !is_string($value)) { return new WP_Error('woocommerce_rest_invalid_param', sprintf(__('%1$s is not of type %2$s', 'woocommerce'), $param, 'string')); } if ('date' === $args['format']) { $regex = '#^\\d{4}-\\d{2}-\\d{2}$#'; if (!preg_match($regex, $value, $matches)) { return new WP_Error('woocommerce_rest_invalid_date', __('The date you provided is invalid.', 'woocommerce')); } } return true; }
/** * Sanitize a request argument based on details registered to the route. * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return mixed */ function rest_sanitize_request_arg($value, $request, $param) { $attributes = $request->get_attributes(); if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) { return $value; } $args = $attributes['args'][$param]; if ('integer' === $args['type']) { return (int) $value; } if ('boolean' === $args['type']) { return rest_sanitize_boolean($value); } if (isset($args['format'])) { switch ($args['format']) { case 'date-time': return sanitize_text_field($value); case 'email': /* * sanitize_email() validates, which would be unexpected */ return sanitize_text_field($value); case 'uri': return esc_url_raw($value); case 'ipv4': return sanitize_text_field($value); } } return $value; }
/** * Validates that the parameter belongs to a list of admitted values. * * @since 4.3.0 * * @param string $value Value to check. * @param WP_REST_Request $request * @param string $param Name of the parameter passed to endpoint holding $value. * * @return bool */ public static function validate_list_item($value = '', $request, $param) { $attributes = $request->get_attributes(); if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) { return new WP_Error('invalid_param', sprintf(esc_html__('%s not recognized', 'jetpack'), $param)); } $args = $attributes['args'][$param]; if (!empty($args['enum'])) { // If it's an associative array, use the keys to check that the value is among those admitted. $enum = count(array_filter(array_keys($args['enum']), 'is_string')) > 0 ? array_keys($args['enum']) : $args['enum']; if (!in_array($value, $enum)) { return new WP_Error('invalid_param_value', sprintf(esc_html__('%1$s must be one of %2$s', 'jetpack'), $param, implode(', ', $enum))); } } return true; }
/** * Sanitize a request argument based on details registered to the route. * * @since 4.7.0 * * @param mixed $value * @param WP_REST_Request $request * @param string $param * @return mixed */ function rest_sanitize_request_arg($value, $request, $param) { $attributes = $request->get_attributes(); if (!isset($attributes['args'][$param]) || !is_array($attributes['args'][$param])) { return $value; } $args = $attributes['args'][$param]; return rest_sanitize_value_from_schema($value, $args, $param); }
/** * Sanitizes and validates the list of post statuses, including whether the * user can query private statuses. * * @since 4.7.0 * @access public * * @param string|array $statuses One or more post statuses. * @param WP_REST_Request $request Full details about the request. * @param string $parameter Additional parameter to pass to validation. * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. */ public function sanitize_post_statuses($statuses, $request, $parameter) { $statuses = wp_parse_slug_list($statuses); // The default status is different in WP_REST_Attachments_Controller $attributes = $request->get_attributes(); $default_status = $attributes['args']['status']['default']; foreach ($statuses as $status) { if ($status === $default_status) { continue; } $post_type_obj = get_post_type_object($this->post_type); if (current_user_can($post_type_obj->cap->edit_posts)) { $result = rest_validate_request_arg($status, $request, $parameter); if (is_wp_error($result)) { return $result; } } else { return new WP_Error('rest_forbidden_status', __('Status is forbidden.'), array('status' => rest_authorization_required_code())); } } return $statuses; }