WP_REST_Request::sanitize_params() WordPress Method

The WP_REST_Request::sanitize_params() method is used to sanitize a set of request parameters. This is useful when validating or sanitizing user-provided data before passing it to theWP_REST_Request::set_param() method.

WP_REST_Request::sanitize_params() #

Sanitizes (where possible) the params on the request.

Contents

Description

This is primarily based off the sanitize_callback param on each registered argument.

Top ↑

Return

(true|WP_Error) True if parameters were sanitized, WP_Error if an error occurred during sanitization.

Top ↑

Source

File: wp-includes/rest-api/class-wp-rest-request.php

	public function sanitize_params() {
		$attributes = $this->get_attributes();

		// No arguments set, skip sanitizing.
		if ( empty( $attributes['args'] ) ) {
			return true;
		}

		$order = $this->get_parameter_order();

		$invalid_params  = array();
		$invalid_details = array();

		foreach ( $order as $type ) {
			if ( empty( $this->params[ $type ] ) ) {
				continue;
			}

			foreach ( $this->params[ $type ] as $key => $value ) {
				if ( ! isset( $attributes['args'][ $key ] ) ) {
					continue;
				}

				$param_args = $attributes['args'][ $key ];

				// If the arg has a type but no sanitize_callback attribute, default to rest_parse_request_arg.
				if ( ! array_key_exists( 'sanitize_callback', $param_args ) && ! empty( $param_args['type'] ) ) {
					$param_args['sanitize_callback'] = 'rest_parse_request_arg';
				}
				// If there's still no sanitize_callback, nothing to do here.
				if ( empty( $param_args['sanitize_callback'] ) ) {
					continue;
				}

				/** @var mixed|WP_Error $sanitized_value */
				$sanitized_value = call_user_func( $param_args['sanitize_callback'], $value, $this, $key );

				if ( is_wp_error( $sanitized_value ) ) {
					$invalid_params[ $key ]  = implode( ' ', $sanitized_value->get_error_messages() );
					$invalid_details[ $key ] = rest_convert_error_to_response( $sanitized_value )->get_data();
				} else {
					$this->params[ $type ][ $key ] = $sanitized_value;
				}
			}
		}

		if ( $invalid_params ) {
			return new WP_Error(
				'rest_invalid_param',
				/* translators: %s: List of invalid parameters. */
				sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ),
				array(
					'status'  => 400,
					'params'  => $invalid_params,
					'details' => $invalid_details,
				)
			);
		}

		return true;
	}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/rest-api.php:rest_convert_error_to_response()

Converts an error to a response object.

wp-includes/rest-api/class-wp-rest-request.php:WP_REST_Request::get_attributes()

Retrieves the attributes for the request.

wp-includes/rest-api/class-wp-rest-request.php:WP_REST_Request::get_parameter_order()

Retrieves the parameter priority order.

wp-includes/l10n.php:__()

Retrieve the translation of $text.

wp-includes/load.php:is_wp_error()

Checks whether the given variable is a WordPress Error.

wp-includes/class-wp-error.php:WP_Error::__construct()

Initializes the error.

Show 1 more useHide more uses

Top ↑

Changelog

Changelog
VersionDescription
4.4.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.