[wp-trac] [WordPress Trac] #50620: REST API: regression after introducing changes how block renderer endpoint is now defined
WordPress Trac
noreply at wordpress.org
Thu Jul 9 23:00:07 UTC 2020
#50620: REST API: regression after introducing changes how block renderer endpoint
is now defined
--------------------------------------+---------------------
Reporter: manooweb | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: good-first-bug has-patch | Focuses:
--------------------------------------+---------------------
Description changed by SergeyBiryukov:
Old description:
> Hello,
>
> We developed a dynamic block with only boolean block attributes.
> For this development we used WordPress 5.4.2 and everything works fine.
>
> We are testing with the future version of WordPress 5.5 ( WordPress
> 5.5-beta1-48410 ) and we noticed a regression because sanitization of
> block attributes doesn't work anymore espacially for boolean attributes
> which is important to get the right value in PHP (true or false) and not
> a string.
>
> Indeed there has been changes in the REST API block renderer endpoint
> definition introduced by this changeset
> https://core.trac.wordpress.org/changeset/48069 to fix this ticket
> https://core.trac.wordpress.org/ticket/48079
>
> As we can see in the endpoint schema we lost the 'properties' attributes
> which is used before to set the block attributes.
>
> Everything is ok during the attributes validation which passes through
> the 'validate_callback' defined in the endpoint.
>
> However during the REST API process we also pass through a sanitization
> step here https://github.com/WordPress/WordPress/blob/master/wp-includes
> /rest-api/class-wp-rest-server.php#L965
>
> and then here for block attributes
> https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-
> api.php#L1864
>
> We never pass through the condition because the 'properties' array is
> never defined at this point as it should be.
>
> As every dynamic blocks need their own attributes, I don't understand how
> to set correctly this 'properties' array to get the values correctly
> sanitized.
>
> Of course we found a workaround on our side directly in our
> 'render_callback' of our dynamic block function but I think it is not the
> best and right solution.
>
> If you need further information, let me know.
>
> Regards
New description:
Hello,
We developed a dynamic block with only boolean block attributes.
For this development we used WordPress 5.4.2 and everything works fine.
We are testing with the future version of WordPress 5.5 ( WordPress
5.5-beta1-48410 ) and we noticed a regression because sanitization of
block attributes doesn't work anymore espacially for boolean attributes
which is important to get the right value in PHP (true or false) and not a
string.
Indeed there has been changes in the REST API block renderer endpoint
definition introduced by this changeset [48069] to fix this ticket #48079.
As we can see in the endpoint schema we lost the 'properties' attributes
which is used before to set the block attributes.
Everything is ok during the attributes validation which passes through the
'validate_callback' defined in the endpoint.
However during the REST API process we also pass through a sanitization
step here https://github.com/WordPress/WordPress/blob/master/wp-includes
/rest-api/class-wp-rest-server.php#L965
and then here for block attributes
https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-
api.php#L1864
We never pass through the condition because the 'properties' array is
never defined at this point as it should be.
As every dynamic blocks need their own attributes, I don't understand how
to set correctly this 'properties' array to get the values correctly
sanitized.
Of course we found a workaround on our side directly in our
'render_callback' of our dynamic block function but I think it is not the
best and right solution.
If you need further information, let me know.
Regards
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50620#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list