[wp-trac] [WordPress Trac] #37247: Sanitization needs to come after validation in WP_Customize_Manager

WordPress Trac noreply at wordpress.org
Fri Jul 1 13:15:46 UTC 2016

#37247: Sanitization needs to come after validation in WP_Customize_Manager
 Reporter:  schlessera    |       Owner:  westonruter
     Type:  defect (bug)  |      Status:  accepted
 Priority:  normal        |   Milestone:  4.6
Component:  Customize     |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
Changes (by westonruter):

 * owner:   => westonruter
 * status:  new => accepted
 * version:   => trunk
 * milestone:  Awaiting Review => 4.6


 @schlessera great observation. This is something I debated quite a bit,
 and I went with the current sanitize > validate scheme because the REST
 API was doing the same. Now that the order of operations is being changed
 in #37192, I agree that the Customizer should be aligned. Note, however,
 that the Customizer's implementation allowed for the `sanitize` callbacks
 to also return `WP_Error` instances, thus allowing the sanitize callbacks
 to also perform validation since the two are often very closely related. A
 sanitize callback can return a `WP_Error` in the case where the value
 being sanitized is “too far gone” to be recovered for the purposes of
 passing through and needs to be be flatly rejected (marked as invalid).

Ticket URL: <https://core.trac.wordpress.org/ticket/37247#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list