[wp-trac] [WordPress Trac] #34725: Require registered endpoints arguments to have a validate or sanitize callback
WordPress Trac
noreply at wordpress.org
Wed Nov 18 19:00:17 UTC 2015
#34725: Require registered endpoints arguments to have a validate or sanitize
callback
-----------------------------+------------------
Reporter: danielbachhuber | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.4
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-----------------------------+------------------
Comment (by danielbachhuber):
From the Slack conversation, some of the options present to us:
* Default to `sanitize_text_field()` when no validation or sanitization
callback is specified, but this can't guarantee security.
* Silently discard the argument if validation or sanitization hasn’t been
specified.
* Error any misspelled callbacks, but don't require one.
`register_setting()` has these callbacks as optional.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34725#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list