[wp-trac] [WordPress Trac] #43208: Separate setting validation from sanitization

WordPress Trac noreply at wordpress.org
Tue Apr 3 11:32:23 UTC 2018 

#43208: Separate setting validation from sanitization
-------------------------------------------------+-------------------------
 Reporter:  flixos90                             |       Owner:
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
Component:  Options, Meta APIs                   |  Review
 Severity:  normal                               |     Version:
 Keywords:  2nd-opinion has-patch needs-unit-    |  Resolution:
  tests                                          |     Focuses:
-------------------------------------------------+-------------------------

Comment (by flixos90):

 [attachment:43208.5.diff] makes the following changes:

 * Fix minor bug in `register_setting()` where the count of arguments
 passed to the filter was wrong prior.
 * Only call `validate_option()` in Customizer if the customize setting is
 an actual option, NOT part of a multidimensional array option (a new
 utility method `is_multidimensional()` has been introduced for that).
 * Call `validate_option()` before calling `update_option()` in the
 Customizer, and do not save if errors occur.

 The latter two changes above ensure that options in the Customizer are
 validated as expected. We could go even further if we wanted to and even
 validate multidimensional option settings. That would require us to call
 `validate_option()` with the whole root value, with the actual value being
 part of the array (which could happen with the
 `multidimensional_replace()` method). However, since all of this logic
 needs to happen in the `WP_Customize_Manager` as well, we'd need to make
 the `get_root_value()` and `multidimensional_replace()` methods public,
 which would be ugly. On the other hand, the requirement to have duplicate
 logic here is ugly already anyway. :/

 Pinging @johnjamesjacoby for general feedback and @westonruter for the
 Customizer part specifically.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43208#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list