Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Needs more detailed descriptions about validate_callback in WP REST API #194

Open
fumikito opened this issue Nov 28, 2024 · 0 comments · May be fixed by #195
Open

Needs more detailed descriptions about validate_callback in WP REST API #194

fumikito opened this issue Nov 28, 2024 · 0 comments · May be fixed by #195

Comments

@fumikito
Copy link

In Adding Custom Endpoints, validate_callback for arguments list is described like below.

validate_callback: Used to pass a function that will be passed the value of the argument. That function should return true if the value is valid, and false if not.

source: https://github.com/WP-API/docs/blob/master/extending-the-rest-api/adding-custom-endpoints.md?plain=1#L123

But it seems that extra descriptions are required.

  • It also accepts WP_Error as return value. WP_Error adds extra messages to response.
  • false is checked strictly, so other falsey values like '', 0, and null will be recognized as valid.

Code is here: https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-api/class-wp-rest-request.php#L911-L923
fumikito added a commit to fumikito/docs that referenced this issue Nov 28, 2024
@fumikito
Update adding-custom-endpoints.md
4a66ff9 
WP-API#194

- Add return value for validate_callback
- Add detailed description for falsy return value.
@fumikito fumikito linked a pull request Nov 28, 2024 that will close this issue
Open
fumikito added a commit to fumikito/wordpress-develop that referenced this issue Nov 28, 2024
@fumikito
Prevent false-positive in validate_callback of REST API
232ba59 
Related: WP-API/docs#194

```php
'type' => 'string',
'validate_callback' => function( $should_be_date ) {
     return preg_match( '/^\d{4}-\d{2}-\d{2}$/u', $should_be_date );
}
```

Above validation expects the parameter should be 'YYYY-MM-DD' format, but actually any string as "valid" because `preg_match()` returns 0(falsy value) for mismatch.

So, validation priority should be `is_wp_error()` -> "is true?" -> "else, invalid."

Concerns:

`strpos()` return 0 for match.
@fumikito fumikito mentioned this issue Nov 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@fumikito