admin管理员组文章数量:1310941
This is a part of a simplified piece of code. It accepts a JSON post, validates it against a schema and if ok, sanitize the JSON structure
$schema = array(
'type' => 'object',
'properties' => array(
'email' => array(
'type' => 'string',
'format' => 'email',
),
'name' => array(
'type' => 'string',
),
),
);
$json = json_decode( '{"email":"[email protected]","name":"John <script>x.js</script>Doe"}', true );
$result = rest_validate_value_from_schema( $json, $schema );
if ( is_wp_error( $result ) ) {
echo 'Error';
die();
}
$clean = rest_sanitize_value_from_schema( $json, $schema );
I'm expecting that the <script>x.js</script>part is stripped from the JSON-name field in 'rest_sanitize_value_from schema', but its not happening.
Looking into the function 'rest_sanitize_value_from_schema' on trac (rest-api.php lines 2471) it's obvious why it is not sanitized because all strings are just casted to string!?
if ( 'string' === $args['type'] ) {
return (string) $value;
}
Is it me doing something wrong or is it a bug in 'rest_sanitize_value_from_schema'.
本文标签: rest apirestsanitizevaluefromschema doesn39t sanitize string
版权声明:本文标题:rest api - rest_sanitize_value_from_schema doesn't sanitize string 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741863627a2401771.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论