[wp-trac] [WordPress Trac] #43998: REST API: Permit unbounded per_page=-1 requests for authorized users
WordPress Trac
noreply at wordpress.org
Wed May 23 20:55:50 UTC 2018
#43998: REST API: Permit unbounded per_page=-1 requests for authorized users
------------------------------------------+-----------------------
Reporter: danielbachhuber | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 4.9.8
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses: rest-api
------------------------------------------+-----------------------
Comment (by danielbachhuber):
Replying to [comment:4 earnjam]:
>
> If we don't pass a `sanitize_callback` as a parameter argument for
`per_page`, then it ends up just falling back to using
`rest_sanitize_value_from_schema()` and using the `type` value passed of
`integer` and then gets typecast as `(int)`, so that will work as long as
we're ok not explicitly passing a `sanitize_callback` there.
I agree. Let's start with this and we can introduce a dedicated
`rest_sanitize_intval` if we really need it.
> WP_Term_Query uses 0 for the `number` argument to get all terms instead
of -1 like WP_Query and WP_User_Query do. How should we handle those?
>
> Should we allow either -1 or 0 and treat them both as unbounded?
In the interest of keeping things simple, we should treat `-1` as
unbounded and `0` as a nonsensical zero results set. For `WP_Term_Query`,
we should transform `-1` into a `0`, and ignore `0` early.
I've added you as a collaborator to https://github.com/danielbachhuber
/wordpress-develop if you want to start a PR and work that way.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43998#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list