Validate font face and font family settings as JSON strings#10966
Validate font face and font family settings as JSON strings#10966deepaklalwani97 wants to merge 2 commits intoWordPress:trunkfrom
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
| // Check whether $value is a string, since it should be stringified JSON in the request. | ||
| if ( ! is_string( $value ) ) { | ||
| return new WP_Error( | ||
| 'rest_invalid_param', | ||
| __( 'font_face_settings parameter must be a valid JSON string.' ), | ||
| array( 'status' => 400 ) | ||
| ); | ||
| } |
There was a problem hiding this comment.
Is this not redundant? The schema already specifies that it must be a string:
There was a problem hiding this comment.
Not the check is not redundant. Even though the endpoint arg declares font_face_settings as type string, this route uses a custom validate_callback and sanitize_callback, so core does not automatically enforce type parsing for that arg before our validator runs. This explicit is_string check is a defensive guard to ensure json_decode only receives a string and to return a clean 400 error instead of risking a PHP TypeError/fatal.
There was a problem hiding this comment.
Alas, you're right. That's too bad. In that case, I think it would be better to look up the schema for the request and then manually enforce it:
| // Check whether $value is a string, since it should be stringified JSON in the request. | |
| if ( ! is_string( $value ) ) { | |
| return new WP_Error( | |
| 'rest_invalid_param', | |
| __( 'font_face_settings parameter must be a valid JSON string.' ), | |
| array( 'status' => 400 ) | |
| ); | |
| } | |
| // Enforce JSON Schema validity for field before applying custom validation logic. | |
| $args = $this->get_endpoint_args_for_item_schema( $request->get_method() ); | |
| $validity = rest_validate_value_from_schema( $value, $args['font_family_settings'], 'font_family_settings' ); | |
| if ( is_wp_error( $validity ) ) { | |
| return $validity; | |
| } |
You can see this is also being done similarly below:
There was a problem hiding this comment.
I have updated the PR to use re-use defined schema for validation.
| if ( ! is_string( $value ) ) { | ||
| return new WP_Error( | ||
| 'rest_invalid_param', | ||
| /* translators: %s: Parameter name: "font_family_settings". */ | ||
| sprintf( __( '%s parameter must be a valid JSON string.' ), 'font_family_settings' ), | ||
| array( 'status' => 400 ) | ||
| ); | ||
| } |
There was a problem hiding this comment.
Ditto above, the param seems to already be required to be a string:
There was a problem hiding this comment.
The same applies to this endpoint as well.
There was a problem hiding this comment.
See above suggestion about re-using the schema.
…oints for font faces and font families. The value is expected to be a serialized JSON string, which the validation callback validates. Developed in #10966 Follow-up to r57548. Props deepaklalwani, westonruter. See #59166. Fixes #64666. git-svn-id: https://develop.svn.wordpress.org/trunk@61765 602fd350-edb4-49c9-b593-d223f7449a82
…oints for font faces and font families. The value is expected to be a serialized JSON string, which the validation callback validates. Developed in WordPress/wordpress-develop#10966 Follow-up to r57548. Props deepaklalwani, westonruter. See #59166. Fixes #64666. Built from https://develop.svn.wordpress.org/trunk@61765 git-svn-id: http://core.svn.wordpress.org/trunk@61071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2 participants
Trac ticket: https://core.trac.wordpress.org/ticket/64666
Use of AI Tools
Used Github Copilot for unit test cases which is updated and reviewed by me.
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.