[wp-trac] [WordPress Trac] #39042: REST API: Allow sanitization_callback to be set to null to bypass `rest_parse_request_arg()`
WordPress Trac
noreply at wordpress.org
Sat Dec 3 19:41:39 UTC 2016
#39042: REST API: Allow sanitization_callback to be set to null to bypass
`rest_parse_request_arg()`
--------------------------+-------------------------
Reporter: rachelbaker | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7.1
Component: REST API | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-------------------------
In #38593 we use the default callback for a property type if it is set,
but you cannot override this behavior.
As an example, if you have a property schema like:
{{{#!php
'some_email' => array(
'description' => __( 'Email address for ...' ),
'type' => 'string',
'format' => 'email',
'arg_options' => array(
'sanitize_callback' => null, // SHOULD skip built-in saniziation
of 'email' type.
'validate_callback' => 'custom_callback',
),
),
}}}
The logic in `WP_REST_Request->sanitize_params()` that was added in
[39091] does not account for `null` being the `sanitization_callback`
which then results in `rest_parse_request_arg()` being set to the
callback, which runs both default sanitization and validation functions.
See: https://core.trac.wordpress.org/browser/trunk/src/wp-includes/rest-
api/class-wp-rest-request.php?annotate=blame#L823
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39042>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list