Skip to content
This repository has been archived by the owner on Sep 24, 2018. It is now read-only.

Sanitize pass on all controllers args #1399

Merged
merged 6 commits into from
Jul 23, 2015
Merged

Sanitize pass on all controllers args #1399

merged 6 commits into from
Jul 23, 2015

Conversation

joehoyle
Copy link
Member

This is a sweep for all the args to make sure we are snitizing where needed. The basic principle is sanitize evertyhing, however the shema does a bunch of stuff for us so we don't need to sepficy it in every case, such as:

  • the schema is marked up as an enum as we have chcking to make sure values are only these
  • the format is set in the schema whereby we have validation, for example, date-time
  • the type is integer

Also, for content and title in the wp/v2/posts endpoint does not have any, as wp_insert_post handles that depending on whatever permissions the user has, so rather than replicating this, we just pass it through.

@joehoyle
Replace the inline sanitization on attachemnts with schema powered
585f131 
definitions
@joehoyle
Update meta controller to have it's args powered by the schema
eded3ec
@joehoyle
Move sanitization to schema definition for posts controller
6daa8ad 
In a lot of cases, the sanitization wasn't needed as they are marked up
in the schema as `enum`s which can only mean the values match those.
@joehoyle
Switch terms CREATE/UPDATE to be powered by the schema
58f2f65 
Also add some schema updates for the `arg_option`s
@joehoyle
Test for alt text with malicious values
98cbf74
@joehoyle joehoyle added this to the 2.0 Beta 4 milestone Jul 12, 2015
@joehoyle joehoyle self-assigned this Jul 12, 2015
@joehoyle
Copy link
Member Author

Doh, need to merge develop

@rachelbaker
Copy link
Member

@joehoyle Any reason you left out the comments controller?

@rachelbaker
Copy link
Member

@joehoyle other than my comment about the comments controller being left out the only other open item I can see is we should also be setting the default values where possible. We can merge this PR, and open issues for both of those items. Just wanted to run it past you to see what you think.

@joehoyle
Copy link
Member Author

@rachelbaker ah I didn't do comments because I wanted to check if there was a reason we hadn't switch to using get_endpoint_args_from_item_schema. I'm presuming not so I'll make that transition.

I think another pass / ticker for defaults would be good.

@rachelbaker
Copy link
Member

Merged #1399

rachelbaker added a commit that referenced this pull request Jul 23, 2015
@rachelbaker
Merge pull request #1399 from WP-API/arg-options-pass
33cc8a6 
Sanitize pass on Attachments, Meta, Posts, and Terms controller args
@rachelbaker rachelbaker merged commit 33cc8a6 into develop Jul 23, 2015
@rachelbaker rachelbaker deleted the arg-options-pass branch July 23, 2015 11:41
This was referenced Jul 23, 2015
Closed
Closed
@davegreenwp davegreenwp mentioned this pull request Jun 25, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@joehoyle joehoyle

Labels
None yet
Projects
None yet
Milestone
2.0 Beta 4
Development

Successfully merging this pull request may close these issues.
2 participants
@joehoyle @rachelbaker