[wp-trac] [WordPress Trac] #37247: Sanitization needs to come after validation in WP_Customize_Manager
WordPress Trac
noreply at wordpress.org
Fri Jul 1 13:15:46 UTC 2016
#37247: Sanitization needs to come after validation in WP_Customize_Manager
--------------------------+--------------------------
Reporter: schlessera | Owner: westonruter
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.6
Component: Customize | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+--------------------------
Changes (by westonruter):
* owner: => westonruter
* status: new => accepted
* version: => trunk
* milestone: Awaiting Review => 4.6
Comment:
@schlessera great observation. This is something I debated quite a bit,
and I went with the current sanitize > validate scheme because the REST
API was doing the same. Now that the order of operations is being changed
in #37192, I agree that the Customizer should be aligned. Note, however,
that the Customizer's implementation allowed for the `sanitize` callbacks
to also return `WP_Error` instances, thus allowing the sanitize callbacks
to also perform validation since the two are often very closely related. A
sanitize callback can return a `WP_Error` in the case where the value
being sanitized is “too far gone” to be recovered for the purposes of
passing through and needs to be be flatly rejected (marked as invalid).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37247#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list