vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-02 11:44:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

REST API: Return WP_Error when a client is attempting to update an option with a non-scalar value to null.

Browse Source 
A `null` value is returned in the response for any option that has a non-scalar value.

To protect clients from accidentally including the `null` values from a response object in a request, we do not allow options with non-scalar values to be updated to `null`. Without this added protection a client could mistakenly delete all options that have non-scalar values from the database.

Props joehoyle, rachelbaker.
Fixes #38527.

git-svn-id: https://develop.svn.wordpress.org/trunk@38982 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Rachel Baker
2016-10-27 16:07:06 +00:00
parent f6c85e6b72
commit 3ffefccdf2
2 changed files with 90 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
tests/phpunit/tests/rest-api/rest-settings-controller.php
View File

@@ -159,6 +159,51 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase
remove_all_filters( 'rest_pre_get_setting' );
}
public function test_get_item_with_invalid_value_array_in_options() {
wp_set_current_user( self::$administrator );
register_setting( 'somegroup', 'mycustomsetting', array(
'show_in_rest' => array(
'name' => 'mycustomsettinginrest',
'schema' => array(
'enum' => array( 'validvalue1', 'validvalue2' ),
'default' => 'validvalue1',
),
),
'type' => 'string',
) );
update_option( 'mycustomsetting', array( 'A sneaky array!' ) );
$request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
$response = $this->server->dispatch( $request );
$data = $response->get_data();
$this->assertEquals( null, $data['mycustomsettinginrest'] );
}
public function test_get_item_with_invalid_object_array_in_options() {
wp_set_current_user( self::$administrator );
register_setting( 'somegroup', 'mycustomsetting', array(
'show_in_rest' => array(
'name' => 'mycustomsettinginrest',
'schema' => array(
'enum' => array( 'validvalue1', 'validvalue2' ),
'default' => 'validvalue1',
),
),
'type' => 'string',
) );
update_option( 'mycustomsetting', (object) array( 'A sneaky array!' ) );
$request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
$response = $this->server->dispatch( $request );
$data = $response->get_data();
$this->assertEquals( null, $data['mycustomsettinginrest'] );
}
public function test_create_item() {
}
@@ -248,6 +293,23 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase
$this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
}
public function test_update_item_with_invalid_stored_value_in_options() {
wp_set_current_user( self::$administrator );
register_setting( 'somegroup', 'mycustomsetting', array(
'show_in_rest' => true,
'type' => 'string',
) );
update_option( 'mycustomsetting', array( 'A sneaky array!' ) );
wp_set_current_user( self::$administrator );
$request = new WP_REST_Request( 'PUT', '/wp/v2/settings' );
$request->set_param( 'mycustomsetting', null );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_invalid_stored_value', $response, 500 );
}
public function test_delete_item() {
}