科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>rest api - rest_sanitize_value_from_schema doesn't sanitize string

    rest api - rest_sanitize_value_from_schema doesn't sanitize string

    programmeradmin0浏览0评论

    This is a part of a simplified piece of code. It accepts a JSON post, validates it against a schema and if ok, sanitize the JSON structure

    $schema = array(
        'type'       => 'object',
        'properties' => array(
            'email' => array(
                'type'   => 'string',
                'format' => 'email',
            ),
            'name'  => array(
                'type' => 'string',
            ),
        ),
    );

    $json = json_decode( '{"email":"[email protected]","name":"John <script>x.js</script>Doe"}', true );

    $result = rest_validate_value_from_schema( $json, $schema );
    if ( is_wp_error( $result ) ) {
        echo 'Error';
        die();
    }

    $clean = rest_sanitize_value_from_schema( $json, $schema );

    I'm expecting that the <script>x.js</script>part is stripped from the JSON-name field in 'rest_sanitize_value_from schema', but its not happening.

    Looking into the function 'rest_sanitize_value_from_schema' on trac (rest-api.php lines 2471) it's obvious why it is not sanitized because all strings are just casted to string!?

    if ( 'string' === $args['type'] ) {
    return (string) $value;
}

    Is it me doing something wrong or is it a bug in 'rest_sanitize_value_from_schema'.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论