[wp-trac] [WordPress Trac] #38531: Support for arrays in schema validation and sanitization
WordPress Trac
noreply at wordpress.org
Mon Oct 31 16:04:06 UTC 2016
#38531: Support for arrays in schema validation and sanitization
---------------------------------------------+---------------------
Reporter: joehoyle | Owner: pento
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.7
Component: REST API | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses:
---------------------------------------------+---------------------
Comment (by joehoyle):
In the latest patch I think from @rachelbaker we are skipping sanitization
if nothing is specified in the `items` property:
{{{#!php
if ( empty( $args['items'] ) ) {
return (array) $value;
}
}}}
This means that we are "passing thru by default" which I think is a bad
idea for a sanitizing function. IMO if the items is not present we should
return an empty, and maybe fire a `doing_it_wrong`. With this, it would be
easy (and some places in the rest api already do this) to specify `type`
=> `array`, and therefor get no sanitization.
Looking for thoughts from @rachelbaker :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38531#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list