[wp-trac] [WordPress Trac] #35000: Strict mode for REST API endpoints
WordPress Trac
noreply at wordpress.org
Fri Dec 11 01:12:20 UTC 2015
#35000: Strict mode for REST API endpoints
-----------------------------+-------------------------
Reporter: danielbachhuber | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.5
Component: REST API | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
-----------------------------+-------------------------
Although `register_rest_route()` supports registering arguments, and
validation / sanitization callbacks for those arguments, a
`WP_REST_Request` object ends up with all request data, not limited to
registered arguments appropriately validated and sanitized.
For endpoint developers concerned with invalid or unsanitized data leaking
through, we should offer a REST API strict mode. If a route is registered
with strict mode, arguments would be required to have a validation or
sanitization callback, and only registered, validated, and sanitized
arguments would be present on the `WP_REST_Request` object.
Originally https://github.com/WP-API/WP-API/issues/1223
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35000>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list