[wp-trac] [WordPress Trac] #43998: REST API: Permit unbounded per_page=-1 requests for authorized users

WordPress Trac noreply at wordpress.org
Wed May 23 20:55:50 UTC 2018

#43998: REST API: Permit unbounded per_page=-1 requests for authorized users
 Reporter:  danielbachhuber               |       Owner:  (none)
     Type:  enhancement                   |      Status:  new
 Priority:  normal                        |   Milestone:  4.9.8
Component:  REST API                      |     Version:
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch needs-unit-tests  |     Focuses:  rest-api

Comment (by danielbachhuber):

 Replying to [comment:4 earnjam]:
 > If we don't pass a `sanitize_callback` as a parameter argument for
 `per_page`, then it ends up just falling back to using
 `rest_sanitize_value_from_schema()` and using the `type` value passed of
 `integer` and then gets typecast as `(int)`, so that will work as long as
 we're ok not explicitly passing a `sanitize_callback` there.

 I agree. Let's start with this and we can introduce a dedicated
 `rest_sanitize_intval` if we really need it.

 > WP_Term_Query uses 0 for the `number` argument to get all terms instead
 of -1 like WP_Query and WP_User_Query do. How should we handle those?
 > Should we allow either -1 or 0 and treat them both as unbounded?

 In the interest of keeping things simple, we should treat `-1` as
 unbounded and `0` as a nonsensical zero results set. For `WP_Term_Query`,
 we should transform `-1` into a `0`, and ignore `0` early.

 I've added you as a collaborator to https://github.com/danielbachhuber
 /wordpress-develop if you want to start a PR and work that way.

Ticket URL: <https://core.trac.wordpress.org/ticket/43998#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list