[wp-trac] [WordPress Trac] #64989: Add execution lifecycle filters to WP_Ability methods
WordPress Trac
noreply at wordpress.org
Thu May 21 07:56:47 UTC 2026
#64989: Add execution lifecycle filters to WP_Ability methods
--------------------------------------+---------------------
Reporter: gziolo | Owner: gziolo
Type: enhancement | Status: closed
Priority: normal | Milestone: 7.1
Component: Abilities API | Version: 6.9
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+---------------------
Changes (by gziolo):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"62397" 62397]:
{{{
#!CommitTicketReference repository="" revision="62397"
Abilities API: Add execution lifecycle filters to WP_Ability methods
Introduce four filters that give plugins hook points across the ability
execution lifecycle, complementing the existing observation-only actions
(`wp_before_execute_ability`, `wp_after_execute_ability`):
- `wp_pre_execute_ability`: short-circuits `execute()` when it returns a
value other than the supplied default.
- `wp_ability_normalize_input`: transforms input inside
`normalize_input()`, and returning `WP_Error` halts execution.
- `wp_ability_permission_result`: overrides the `permission_callback`
result inside `check_permissions()`, consistently for `execute()` and
direct callers.
- `wp_ability_execute_result`: transforms the result inside `do_execute()`
before output validation, and can recover from execute callback failures.
The input and result filters fire before their respective schema
validation steps, so `validate_input()` and `validate_output()` remain the
final integrity gates. Only `wp_pre_execute_ability` can bypass
validation, with the caller owning the returned value's shape.
Add `WP_Filter_Sentinel`, a reusable marker class loaded alongside
`WP_Hook`, whose per-instance identity lets a filter default be
distinguished from any
user value — including `null`, `false`, or arbitrary objects — via `===`.
Update `WP_REST_Abilities_V1_Run_Controller::check_ability_permissions()`
to propagate `WP_Error` results from `normalize_input()` directly,
defaulting to
status 400 while preserving filter-set statuses (e.g. 422, 429).
Props gziolo, westonruter, migueluy.
Fixes #64989.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64989#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list