Opened 17 months ago
Last modified 4 months ago
#49960 accepted enhancement
REST API: Support sanitize callbacks for nested properties
Reported by: | ocean90 | Owned by: | rachelbaker |
---|---|---|---|
Milestone: | 5.9 | Priority: | normal |
Severity: | normal | Version: | |
Component: | REST API | Keywords: | has-patch has-unit-tests commit |
Focuses: | Cc: |
Description
Example schema:
'foobar' => [ 'required' => true, 'type' => 'object', 'properties' => [ 'foo' => [ 'required' => true, 'type' => 'string', 'sanitize_callback' => 'sanitize_text_field', ], 'bar' => [ 'required' => true, 'type' => 'string', 'sanitize_callback' => [ static::class, 'sanitize_bar' ], ], ], ],
Unfortunately, the required
and sanitize_callback
values are currently not used for properties. required
is now handled in #48818. With support for sanitize_callback
we'd have another way to enforce a specific format without much hassle.
Related:
Change History (7)
#2
@
11 months ago
- Keywords reporter-feedback added
@ocean90 Could you share some examples of what kind of validation you would want to do in these instances?
I've been thinking that this might be better served by an API to register a JSON Schema format
.
#3
@
6 months ago
- Keywords reporter-feedback removed
@TimothyBlynJacobs Since I just stumbled upon this again, the most common so far is limiting a field to only plain strings without any HTML like sanitize_text_field()
(or sanitize_textarea_field()
does for us.
Maybe it's common enough to be added as a default text-field
format?
This ticket was mentioned in PR #1187 on WordPress/wordpress-develop by ocean90.
6 months ago
- Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
Probably going to create a separate ticket for this enhancement but it's related to #WP49960.
So far the formats are only used in rest_sanitize_value_from_schema()
because I'm not sure how a validation should look like. Do we need one?
Trac ticket: https://core.trac.wordpress.org/ticket/49960
This would definitely be helpful. I'm not sure what the best way to go about it is.
We have
rest_validate_request_from_schema
, but that doesn't have any knowledge of the idea ofsanitize_callback
orvalidate_callback
and I'd be hesitant to add that to what is a generic JSON schema validator/sanitizer.Perhaps it could live in
rest_validate_request_arg
? Though for similar reasons as mentioned in #48818, it'd be much simpler to add it torest_validate_value_from_schema
since it handles schema traversing. Maybe we need a general purpose schema traversing function?