[wp-trac] [WordPress Trac] #34893: Improve Customizer setting validation model
WordPress Trac
noreply at wordpress.org
Mon Dec 7 08:25:30 UTC 2015
#34893: Improve Customizer setting validation model
-------------------------+----------------------------
Reporter: westonruter | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Customize | Version: 3.4
Severity: normal | Keywords: needs-patch
Focuses: javascript |
-------------------------+----------------------------
Customizer setting values need to be able to be validated and for any
validation errors to block the Customizer from saving any setting until
all are valid.
Settings in the Customizer rely on sanitization to ensure that only valid
values get persisted to the database. The sanitization in the Customizer
generally allows values to be passed through to be persisted and does not
enforce validation that blocks the saving of the value. This is in large
part because there is no standard facility for showing error messages
relating to Customizer controls, and there is no standard method to raise
validation errors. A Customizer setting ''can'' be blocked from being
saved by returning `null` from the `WP_Customize_Setting::sanitize()`
method (i.e. generally returned via `customize_sanitize_{$setting_id}`).
When this is done, however, the modified value completely disappears from
the preview with no indication for why the value seems to be reset to the
default.
In JavaScript there is the `wp.customize.Setting.prototype.validate()`
method that can be extended to return `null` in the case where the value
should be rejected, but again this does not provide a way to display a
validation message: the user can be entering data but they just stop
seeing the value making changes in the preview without any feedback. Even
worse, if the JS `validate` method actually manipulates the value to make
it valid, there can be strange behavior in the UI as the user provides
input, likely having to do with the two-way data binding of
`wp.customize.Element` instances.
Furthermore, if one setting is blocked from being saved by means of
validation in the sanitization method, the other settings in the
Customizer state may very well be completely valid, and thus they would
save successfully. The result is that some settings would get saved,
whereas others would not, and the user wouldn't know which were successful
and which failed (again, since there is no standard mechanism for showing
validation error message). The Customizer state would only partially get
persisted to the database. This isn't good.
We need to improve the Customizer by:
* Validating settings on server before save.
* Displaying validation error messages from server and from JS client.
* Performing transactional/atomic setting saving, rejecting all settings
if one is invalid.
Since the `WP_Customize_Setting::sanitize()` already partially supports
validation by returning `null`, we can build on that to also allow it to
return a `WP_Error` object. We'd want to retain the regular fuzzy
sanitization during preview updates, but during the `customize_save`
action we'd want to impose a strict pass/fail for setting validation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34893>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list