[wp-trac] [WordPress Trac] #37638: Allow plugins to do comprehensive late validation of settings
WordPress Trac
noreply at wordpress.org
Thu Aug 11 18:34:41 UTC 2016
#37638: Allow plugins to do comprehensive late validation of settings
-------------------------+-----------------------
Reporter: westonruter | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.7
Component: Customize | Version: trunk
Severity: normal | Keywords: has-patch
Focuses: |
-------------------------+-----------------------
With #34893 there was introduced a new pass/fail validation model for
Customizer settings. The constructor for `WP_Customize_Setting` will add a
`customize_validate_{$setting->id}` filter '''if''' there is a supplied
`validate_callback` param. Then inside of
`WP_Customize_Setting::validate()` it `applies_filters` on this hook.
There is currently a scenario where a plugin could create a subclass of
`WP_Customize_Setting` and with a custom `validate` method that neglects
to `apply_filters`. For example:
{{{#!php
<?php
class Required_Setting extends WP_Customize_Setting {
function validate( $value ) {
if ( empty( $value ) ) {
return new WP_Error( 'empty_value', __( 'You must
supply a value' ) );
}
return true;
}
}
}}}
The simplest fix here for a plugin would be to explicitly call
`parent::validate( $value )` like so:
{{{#!php
<?php
class Required_Setting extends WP_Customize_Setting {
function validate( $value ) {
if ( empty( $value ) ) {
return new WP_Error( 'empty_value', __( 'You must
supply a value' ) );
}
return parent::validate( $value ); // <= apply_filters on
"customize_validate_{$this->id}"
}
}
}}}
''Nevertheless'', since it is not mandated that a subclass's override
method call its parent class's overridden method, there should be some way
to guarantee that these filters get applied to account for this edge case.
There are two options I see:
1) We could just (re-)apply the filter in
`WP_Customize_Manager::validate_setting_values()`:
{{{#!diff
--- src/wp-includes/class-wp-customize-manager.php
+++ src/wp-includes/class-wp-customize-manager.php
@@ -1013,6 +1013,10 @@ final class WP_Customize_Manager {
}
$validity = $setting->validate( $unsanitized_value
);
+ if ( ! is_wp_error( $validity ) ) {
+ /** This filter is documented in wp-
includes/class-wp-customize-setting.php */
+ $validity = apply_filters(
"customize_validate_{$setting->id}", $validity, $unsanitized_value,
$setting );
+ }
if ( ! is_wp_error( $validity ) ) {
$value = $setting->sanitize(
$unsanitized_value );
if ( is_null( $value ) ) {
$validity = false;
}}}
2) We could introduce a new filter in
`WP_Customize_Manager::validate_setting_values()` that applies on the
array of setting validities:
{{{#!diff
--- src/wp-includes/class-wp-customize-manager.php
+++ src/wp-includes/class-wp-customize-manager.php
@@ -1025,6 +1025,18 @@ final class WP_Customize_Manager {
}
$validities[ $setting_id ] = $validity;
}
+
+ /**
+ * Filters the result of validating the setting values
after each setting's validate method is called.
+ *
+ * @see WP_Customize_Setting::validate()
+ *
+ * @param array $validities Validities
for settings, mapping setting ID to validity.
+ * @param array $setting_values Unsanitized
setting values.
+ * @param WP_Customize_Manager $wp_customize Manager.
+ */
+ $validities = apply_filters(
'customize_setting_validities', $validities, $setting_values, $this );
+
return $validities;
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37638>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list