[wp-trac] [WordPress Trac] #34893: Improve Customizer setting validation model
WordPress Trac
noreply at wordpress.org
Mon Dec 7 16:28:36 UTC 2015
#34893: Improve Customizer setting validation model
-------------------------------------+--------------------------
Reporter: westonruter | Owner: westonruter
Type: enhancement | Status: accepted
Priority: normal | Milestone: 4.5
Component: Customize | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses: javascript
-------------------------------------+--------------------------
Comment (by westonruter):
Instead of overloading the Customizer setting's `sanitize_callback` to do
both sanitization and validation, for a Core patch the
`WP_Customizer_Setting` should really also implement a
`validate_callback`, just as has been done for the REST API (see
`WP_REST_Request::has_valid_params()`). There can be a default
`validate_callback` that checks if the `sanitize_callback` returns `null`
and if so, then it can return `false`. Otherwise, it can return `true`.
The REST API also supports the `validate_callback` returning a `WP_Error`,
so our `validate_callback` in `WP_Customize_Setting` can do the same,
something like [attachment:34893.0.diff].
Note the addition of a new `$strict` argument to the `customize_sanitize`
filter which allows the filter to do strict/validation checking. I'm not
100% sold on this, but it would be nice if there could be some way to more
easily integrate the sanitization/validation logic.
Maybe the REST API folks have some insights here :). The goal here is to
keep the Customizer API as close to the REST API, so that Customizer
settings can be just added to the REST API and it will just work.
/cc @rmccue @rachelbaker @danielbachhuber @joehoyle
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34893#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list