From b4e209b290d6485c865dfa6205c7a0976ec5c954 Mon Sep 17 00:00:00 2001 From: Eric Stout Date: Thu, 2 Nov 2017 11:23:27 -0700 Subject: [PATCH] Update validation callbacks and sanitizations --- better-wp-endpoints.php | 2 +- includes/create_cpt_endpoints.php | 41 +++++++++++++++++++++------- includes/get_pages.php | 18 ++++++++++--- includes/get_posts.php | 45 ++++++++++++++++++++++++++----- package-lock.json | 2 +- package.json | 2 +- 6 files changed, 88 insertions(+), 22 deletions(-) diff --git a/better-wp-endpoints.php b/better-wp-endpoints.php index a3b911b..4c8687c 100644 --- a/better-wp-endpoints.php +++ b/better-wp-endpoints.php @@ -3,7 +3,7 @@ Plugin Name: Better WordPress Endpoints Plugin URI: https://github.com/factor1/better-wp-endpoints/ Description: Serves up slimmer WordPress Rest API endpoints, with some great enhancements. -Version: 0.1.10 +Version: 0.1.11 Author: Eric Stout, Factor1 Studios Author URI: https://factor1studios.com/ License: GPL3 diff --git a/includes/create_cpt_endpoints.php b/includes/create_cpt_endpoints.php index 904b9e8..af47768 100644 --- a/includes/create_cpt_endpoints.php +++ b/includes/create_cpt_endpoints.php @@ -123,19 +123,42 @@ function bwe_build_cpt_endpoints() { }, 'args' => array( 'per_page' => array( - 'validate_callback' => 'is_numeric' + 'description' => 'Maxiumum number of items to show per page.', + 'type' => 'integer', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, + 'sanitize_callback' => 'absint', ), 'page' => array( - 'validate_callback' => 'is_numeric' - ), - 'category' => array( - 'validate_callback' => 'is_numeric' - ), - 'tag' => array( - 'validate_callback' => 'is_numeric' + 'description' => 'Current page of the collection.', + 'type' => 'integer', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, + 'sanitize_callback' => 'absint' ), 'content' => array( - 'validate_callback' => 'is_boolean' + 'description' => 'Hide or show the_content from the collection.', + 'type' => 'boolean', + 'validate_callback' => function( $param, $request, $key ) { + + if ( $param == 'true' || $param == 'TRUE' ) { + $param = true; + } else if( $param == 'false' || $param == 'FALSE') { + $param = false; + } + + return is_bool( $param ); + } + ), + 'orderby' => array( + 'description' => 'The sort order of the collection.', + 'type' => 'string', + 'validate_callback' => function($param, $request, $key) { + return is_string( $param ); + }, + 'sanitize_callback' => 'sanitize_text_field' ), ), ) ); diff --git a/includes/get_pages.php b/includes/get_pages.php index 4e70afa..fe3534d 100644 --- a/includes/get_pages.php +++ b/includes/get_pages.php @@ -125,29 +125,41 @@ function bwe_get_pages( WP_REST_Request $request ) { 'per_page' => array( 'description' => 'Maxiumum number of items to show per page.', 'type' => 'integer', - 'validate_callback' => function( $v ) { return is_numeric( $v );}, + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, 'sanitize_callback' => 'absint', ), 'page' => array( 'description' => 'Current page of the collection.', 'type' => 'integer', - 'validate_callback' => 'is_numeric', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, 'sanitize_callback' => 'absint', ), 'exclude' => array( 'description' => 'Exclude an item from the collection.', 'type' => 'integer', - 'validate_callback' => 'is_numeric', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, 'sanitize_callback' => 'absint', ), 'order' => array( 'description' => 'Change order of the collection.', 'type' => 'string', + 'validate_callback' => function($param, $request, $key) { + return is_string( $param ); + }, 'sanitize_callback' => 'sanitize_text_field', ), 'orderby' => array( 'description' => 'Change how the collection is ordered.', 'type' => 'string', + 'validate_callback' => function($param, $request, $key) { + return is_string( $param ); + }, 'sanitize_callback' => 'sanitize_text_field', ), ), diff --git a/includes/get_posts.php b/includes/get_posts.php index bf56d7f..faa625c 100644 --- a/includes/get_posts.php +++ b/includes/get_posts.php @@ -14,7 +14,7 @@ function bwe_get_posts( WP_REST_Request $request ) { $page = $request['page']?: '1'; $category = $request['category']?: null; $tag = $request['tag']?: null; - $show_content = $request['content']?: 'true'; + $show_content = $request['content']?: true; // WP_Query arguments $args = array( @@ -47,7 +47,7 @@ function bwe_get_posts( WP_REST_Request $request ) { $bwe_post->excerpt = get_the_excerpt(); // show post content unless parameter is false - if( $show_content === 'true' ) { + if( $show_content == true ) { $bwe_post->content = apply_filters('the_content', get_the_content()); } @@ -147,19 +147,50 @@ function bwe_get_posts( WP_REST_Request $request ) { 'callback' => 'bwe_get_posts', 'args' => array( 'per_page' => array( - 'validate_callback' => 'is_numeric' + 'description' => 'Maxiumum number of items to show per page.', + 'type' => 'integer', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, + 'sanitize_callback' => 'absint', ), 'page' => array( - 'validate_callback' => 'is_numeric' + 'description' => 'Current page of the collection.', + 'type' => 'integer', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, + 'sanitize_callback' => 'absint' ), 'category' => array( - 'validate_callback' => 'is_numeric' + 'description' => 'Get a category from the collection.', + 'type' => 'integer', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, + 'sanitize_callback' => 'absint' ), 'tag' => array( - 'validate_callback' => 'is_numeric' + 'description' => 'Get a tag from the collection.', + 'type' => 'integer', + 'validate_callback' => function( $param, $request, $key ) { + return is_numeric( $param ); + }, + 'sanitize_callback' => 'absint' ), 'content' => array( - 'validate_callback' => 'is_boolean' + 'description' => 'Hide or show the_content from the collection.', + 'type' => 'boolean', + 'validate_callback' => function( $param, $request, $key ) { + + if ( $param == 'true' || $param == 'TRUE' ) { + $param = true; + } else if( $param == 'false' || $param == 'FALSE') { + $param = false; + } + + return is_bool( $param ); + } ), ), ) ); diff --git a/package-lock.json b/package-lock.json index b9c726a..7f172ab 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "better-wp-endpoints", - "version": "0.1.10", + "version": "0.1.11", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index a7c5b69..a45d19e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "better-wp-endpoints", - "version": "0.1.10", + "version": "0.1.11", "description": "Serves up slimmer WordPress Rest API endpoints.", "main": "index.js", "scripts": {