Get WordPress

Make WordPress Core

Changeset 48437

Timestamp:
07/11/2020 08:32:19 PM (4 years ago)
Author:
TimothyBlynJacobs
Message:

REST API: Sanitize block renderer attributes.

In [48069] the Block Renderer was changed to register a single route for all dynamic blocks. Validation was dynamically applied based on the requested block, but sanitization was not. This commit adds the same sanitization back to the block attributes.

Props manooweb.
Fixes #50620. See #48079.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/package-lock.json

    r48434 r48437  
    59405940                "kind-of": {
    59415941                    "version": "6.0.2",
    5942                     "resolved": "",
     5942                    "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
     5943                    "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==",
    59435944                    "dev": true
    59445945                }
     
    1056710568                "kind-of": {
    1056810569                    "version": "6.0.2",
    10569                     "resolved": "",
     10570                    "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
     10571                    "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==",
    1057010572                    "dev": true
    1057110573                }
     
    2358523587                "kind-of": {
    2358623588                    "version": "6.0.2",
    23587                     "resolved": "",
     23589                    "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
     23590                    "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==",
    2358823591                    "dev": true
    2358923592                }

  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-block-renderer-controller.php

    r48069 r48437  
    7171                                return rest_validate_value_from_schema( $value, $schema );
    7272                            },
     73
     74
     75
     76
     77
     78
     79
     80
     81
     82
     83
     84
     85
     86
     87
     88
    7389                        ),
    7490                        'post_id'    => array(

  • trunk/tests/phpunit/tests/rest-api/rest-block-renderer-controller.php

    r48118 r48437  
    5757
    5858    /**
     59
     60
     61
     62
     63
     64
     65
     66
     67
    5968     * Test API user's ID.
    6069     *
     
    128137        $this->register_post_context_test_block();
    129138        $this->register_non_dynamic_block();
     139
    130140        parent::setUp();
    131141    }
     
    140150        WP_Block_Type_Registry::get_instance()->unregister( self::$context_block_name );
    141151        WP_Block_Type_Registry::get_instance()->unregister( self::$non_dynamic_block_name );
     152
    142153        parent::tearDown();
    143154    }
     
    197208
    198209    /**
     210
     211
     212
     213
     214
     215
     216
     217
     218
     219
     220
     221
     222
     223
     224
     225
     226
     227
     228
     229
     230
     231
     232
     233
    199234     * Test render callback.
    200235     *
     
    524559
    525560    /**
     561
     562
     563
     564
     565
     566
     567
     568
     569
     570
     571
     572
     573
     574
     575
     576
     577
     578
     579
     580
     581
     582
     583
     584
     585
     586
     587
    526588     * Get item schema.
    527589     *
Note: See TracChangeset for help on using the changeset viewer.