[wp-trac] [WordPress Trac] #56587: REST API sanitize and validate order / priority
WordPress Trac
noreply at wordpress.org
Fri Sep 16 11:49:30 UTC 2022
#56587: REST API sanitize and validate order / priority
----------------------------+-----------------------------
Reporter: pentatonicfunk | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 6.0.1
Severity: normal | Keywords:
Focuses: |
----------------------------+-----------------------------
wp-rest-server has this snippet
{{{#!php
<?php
$check_required = $request->has_valid_params();
if ( is_wp_error( $check_required ) ) {
$error = $check_required;
} else {
$check_sanitized = $request->sanitize_params();
if ( is_wp_error( $check_sanitized ) ) {
$error = $check_sanitized;
}
}
}}}
questions / need clarifications :
1. `validate` and `sanitize` here stands on its own, other than
integrated. Which in result causing `rest_sanitize_value_from_schema`
called twice. Example in array `enum`
- `has_valid_params` calls
- `rest_validate_request_arg` calls
- `rest_validate_enum` calls
- `rest_sanitize_value_from_schema` ( first call )
- `sanitize_params` calls
- `rest_sanitize_value_from_schema` ( second call )
When sanitize required DB, e.g. enum values are from table, calling it
twice would be inefficient, so developers would need to come out with
solution to memoize things around sanitize routine.
2. Shouldn't we prioritize `sanitize`, so when `validate` called, it can
safely assume data are sanitized already ? otherwise if custom
`validate_callback` function is not calling sanitize explicitly it would
end up validate function processing a string `a,b,c` when its expected an
array `[a,b,c]`, but by doing this, it would resulting #1 inefficiency.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56587>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list