[wp-trac] [WordPress Trac] #34725: Require registered endpoints arguments to have a validate or sanitize callback

WordPress Trac noreply at wordpress.org
Wed Nov 18 19:00:17 UTC 2015


#34725: Require registered endpoints arguments to have a validate or sanitize
callback
-----------------------------+------------------
 Reporter:  danielbachhuber  |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  4.4
Component:  REST API         |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  needs-patch      |     Focuses:
-----------------------------+------------------

Comment (by danielbachhuber):

 From the Slack conversation, some of the options present to us:

 * Default to `sanitize_text_field()` when no validation or sanitization
 callback is specified, but this can't guarantee security.
 * Silently discard the argument if validation or sanitization hasn’t been
 specified.
 * Error any misspelled callbacks, but don't require one.
 `register_setting()` has these callbacks as optional.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/34725#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list