mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-04 17:20:07 +00:00
REST API: Don’t remove unregistered properties from objects in schema.
In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint. See #38583. git-svn-id: https://develop.svn.wordpress.org/trunk@42000 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -545,7 +545,7 @@ abstract class WP_REST_Controller {
|
||||
$endpoint_args[ $field_id ]['required'] = true;
|
||||
}
|
||||
|
||||
foreach ( array( 'type', 'format', 'enum', 'items', 'properties' ) as $schema_prop ) {
|
||||
foreach ( array( 'type', 'format', 'enum', 'items', 'properties', 'additionalProperties' ) as $schema_prop ) {
|
||||
if ( isset( $params[ $schema_prop ] ) ) {
|
||||
$endpoint_args[ $field_id ][ $schema_prop ] = $params[ $schema_prop ];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user