From 66ed91d21406b979f3c8b6f7e321b656896149bc Mon Sep 17 00:00:00 2001 From: Rachel Baker Date: Fri, 15 Oct 2021 02:03:38 +0000 Subject: [PATCH] REST API: Add text-field and textarea-field as available schema formats for string sanitization. Props ocean90, TimothyBlynJacobs. Fixes #49960. git-svn-id: https://develop.svn.wordpress.org/trunk@51908 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/rest-api.php | 7 ++ .../tests/rest-api/rest-controller.php | 76 +++++++++++++++++-- .../tests/rest-api/rest-test-controller.php | 36 +++++---- 3 files changed, 98 insertions(+), 21 deletions(-) diff --git a/src/wp-includes/rest-api.php b/src/wp-includes/rest-api.php index fb83e38f4c..7e66ecd801 100644 --- a/src/wp-includes/rest-api.php +++ b/src/wp-includes/rest-api.php @@ -2635,6 +2635,7 @@ function rest_validate_integer_value_from_schema( $value, $args, $param ) { * @since 4.7.0 * @since 5.5.0 Added the `$param` parameter. * @since 5.6.0 Support the "anyOf" and "oneOf" keywords. + * @since 5.9.0 Added `text-field` and `textarea-field` formats. * * @param mixed $value The value to sanitize. * @param array $args Schema array to use for sanitization. @@ -2777,6 +2778,12 @@ function rest_sanitize_value_from_schema( $value, $args, $param = '' ) { case 'uuid': return sanitize_text_field( $value ); + + case 'text-field': + return sanitize_text_field( $value ); + + case 'textarea-field': + return sanitize_textarea_field( $value ); } } diff --git a/tests/phpunit/tests/rest-api/rest-controller.php b/tests/phpunit/tests/rest-api/rest-controller.php index 0af9460aa5..270d1f32d1 100644 --- a/tests/phpunit/tests/rest-api/rest-controller.php +++ b/tests/phpunit/tests/rest-api/rest-controller.php @@ -23,35 +23,43 @@ class WP_Test_REST_Controller extends WP_Test_REST_TestCase { '/wp/v2/testroute', array( 'args' => array( - 'someinteger' => array( + 'someinteger' => array( 'type' => 'integer', ), - 'someboolean' => array( + 'someboolean' => array( 'type' => 'boolean', ), - 'somestring' => array( + 'somestring' => array( 'type' => 'string', ), - 'somehex' => array( + 'somehex' => array( 'type' => 'string', 'format' => 'hex-color', ), - 'someenum' => array( + 'someenum' => array( 'type' => 'string', 'enum' => array( 'a' ), ), - 'somedate' => array( + 'somedate' => array( 'type' => 'string', 'format' => 'date-time', ), - 'someemail' => array( + 'someemail' => array( 'type' => 'string', 'format' => 'email', ), - 'someuuid' => array( + 'someuuid' => array( 'type' => 'string', 'format' => 'uuid', ), + 'sometextfield' => array( + 'type' => 'string', + 'format' => 'text-field', + ), + 'sometextareafield' => array( + 'type' => 'string', + 'format' => 'textarea-field', + ), ), ) ); @@ -219,6 +227,52 @@ class WP_Test_REST_Controller extends WP_Test_REST_TestCase { ); } + /** + * @ticket 49960 + */ + public function test_validate_schema_format_text_field() { + $this->assertTrue( + rest_validate_request_arg( 'Hello World', $this->request, 'sometextfield' ) + ); + + $this->assertErrorResponse( + 'rest_invalid_type', + rest_validate_request_arg( false, $this->request, 'sometextfield' ) + ); + + $this->assertSame( + 'Hello World', + rest_sanitize_request_arg( 'Hello World', $this->request, 'sometextfield' ) + ); + $this->assertSame( + 'Hello World', + rest_sanitize_request_arg( '

Hello World

', $this->request, 'sometextfield' ) + ); + } + + /** + * @ticket 49960 + */ + public function test_validate_schema_format_textarea_field() { + $this->assertTrue( + rest_validate_request_arg( "Hello\nWorld", $this->request, 'sometextareafield' ) + ); + + $this->assertErrorResponse( + 'rest_invalid_type', + rest_validate_request_arg( false, $this->request, 'sometextareafield' ) + ); + + $this->assertSame( + "Hello\nWorld", + rest_sanitize_request_arg( "Hello\nWorld", $this->request, 'sometextareafield' ) + ); + $this->assertSame( + "Hello\nWorld", + rest_sanitize_request_arg( "

Hello\nWorld

", $this->request, 'sometextareafield' ) + ); + } + /** * @ticket 50876 */ @@ -234,6 +288,8 @@ class WP_Test_REST_Controller extends WP_Test_REST_TestCase { $this->assertArrayHasKey( 'someemail', $args ); $this->assertArrayHasKey( 'somehex', $args ); $this->assertArrayHasKey( 'someuuid', $args ); + $this->assertArrayHasKey( 'sometextfield', $args ); + $this->assertArrayHasKey( 'sometextareafield', $args ); $this->assertArrayHasKey( 'someenum', $args ); $this->assertArrayHasKey( 'someargoptions', $args ); $this->assertArrayHasKey( 'somedefault', $args ); @@ -323,6 +379,8 @@ class WP_Test_REST_Controller extends WP_Test_REST_TestCase { 'someemail', 'somehex', 'someuuid', + 'sometextfield', + 'sometextareafield', 'someenum', 'someargoptions', 'somedefault', @@ -356,6 +414,8 @@ class WP_Test_REST_Controller extends WP_Test_REST_TestCase { 'someemail', 'somehex', 'someuuid', + 'sometextfield', + 'sometextareafield', 'someenum', 'someargoptions', 'somedefault', diff --git a/tests/phpunit/tests/rest-api/rest-test-controller.php b/tests/phpunit/tests/rest-api/rest-test-controller.php index d09cb5e7a3..f75de9e458 100644 --- a/tests/phpunit/tests/rest-api/rest-test-controller.php +++ b/tests/phpunit/tests/rest-api/rest-test-controller.php @@ -36,7 +36,7 @@ class WP_REST_Test_Controller extends WP_REST_Controller { 'title' => 'type', 'type' => 'object', 'properties' => array( - 'somestring' => array( + 'somestring' => array( 'type' => 'string', 'description' => 'A pretty string.', 'minLength' => 3, @@ -44,7 +44,7 @@ class WP_REST_Test_Controller extends WP_REST_Controller { 'pattern' => '[a-zA-Z]+', 'context' => array( 'view' ), ), - 'someinteger' => array( + 'someinteger' => array( 'type' => 'integer', 'multipleOf' => 10, 'minimum' => 100, @@ -53,41 +53,51 @@ class WP_REST_Test_Controller extends WP_REST_Controller { 'exclusiveMaximum' => true, 'context' => array( 'view' ), ), - 'someboolean' => array( + 'someboolean' => array( 'type' => 'boolean', 'context' => array( 'view' ), ), - 'someurl' => array( + 'someurl' => array( 'type' => 'string', 'format' => 'uri', 'context' => array( 'view' ), ), - 'somedate' => array( + 'somedate' => array( 'type' => 'string', 'format' => 'date-time', 'context' => array( 'view' ), ), - 'someemail' => array( + 'someemail' => array( 'type' => 'string', 'format' => 'email', 'context' => array( 'view' ), ), - 'somehex' => array( + 'somehex' => array( 'type' => 'string', 'format' => 'hex-color', 'context' => array( 'view' ), ), - 'someuuid' => array( + 'someuuid' => array( 'type' => 'string', 'format' => 'uuid', 'context' => array( 'view' ), ), - 'someenum' => array( + 'sometextfield' => array( + 'type' => 'string', + 'format' => 'text-field', + 'context' => array( 'view' ), + ), + 'sometextareafield' => array( + 'type' => 'string', + 'format' => 'textarea-field', + 'context' => array( 'view' ), + ), + 'someenum' => array( 'type' => 'string', 'enum' => array( 'a', 'b', 'c' ), 'context' => array( 'view' ), ), - 'someargoptions' => array( + 'someargoptions' => array( 'type' => 'integer', 'required' => true, 'arg_options' => array( @@ -95,13 +105,13 @@ class WP_REST_Test_Controller extends WP_REST_Controller { 'sanitize_callback' => '__return_true', ), ), - 'somedefault' => array( + 'somedefault' => array( 'type' => 'string', 'enum' => array( 'a', 'b', 'c' ), 'context' => array( 'view' ), 'default' => 'a', ), - 'somearray' => array( + 'somearray' => array( 'type' => 'array', 'items' => array( 'type' => 'string', @@ -111,7 +121,7 @@ class WP_REST_Test_Controller extends WP_REST_Controller { 'uniqueItems' => true, 'context' => array( 'view' ), ), - 'someobject' => array( + 'someobject' => array( 'type' => 'object', 'additionalProperties' => array( 'type' => 'string',