[wp-trac] [WordPress Trac] #62604: Prevent false-positive in validate_callback() in REST API
WordPress Trac
noreply at wordpress.org
Thu Nov 28 16:19:05 UTC 2024
#62604: Prevent false-positive in validate_callback() in REST API
------------------------------+-----------------------------
Reporter: Takahashi_Fumiki | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
------------------------------+-----------------------------
Related: https://github.com/WP-API/docs/issues/194
```php
'type' => 'string',
'validate_callback' => function( $should_be_date ) {
return preg_match( '/^\d{4}-\d{2}-\d{2}$/u', $should_be_date );
}
```
Above validation expects the parameter should be 'YYYY-MM-DD' format, but
actually any string as "valid" because `preg_match()` returns 0(falsy
value) for mismatch.
So, validation priority should be `is_wp_error()` -> "is true?" -> "else,
invalid."
Concerns:
`strpos()` return 0 for match.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62604>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list