Skip to content

Commit 755b68b

Browse files
gziologziolo
committed
Promote validate_input to public method and refactor usage
1 parent b426b85 commit 755b68b

3 files changed

Lines changed: 24 additions & 24 deletions

File tree

src/wp-includes/abilities-api/class-wp-ability.php

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -408,7 +408,7 @@ public function get_meta_item( string $key, $default_value = null ) {
408408
* @param mixed $input Optional. The input data to validate. Default `null`.
409409
* @return true|WP_Error Returns true if valid or the WP_Error object if validation fails.
410410
*/
411-
protected function validate_input( $input = null ) {
411+
public function validate_input( $input = null ) {
412412
$input_schema = $this->get_input_schema();
413413
if ( empty( $input_schema ) ) {
414414
if ( null === $input ) {
@@ -462,23 +462,20 @@ protected function invoke_callback( callable $callback, $input = null ) {
462462
/**
463463
* Checks whether the ability has the necessary permissions.
464464
*
465-
* The input is validated against the input schema before it is passed to to permission callback.
465+
* Please note that input is not automatically validated against the input schema.
466+
* Use `validate_input()` method to validate input before calling this method if needed.
466467
*
467468
* @since 6.9.0
468469
*
469-
* @param mixed $input Optional. The input data for permission checking. Default `null`.
470+
* @see validate_input()
471+
*
472+
* @param mixed $input Optional. The valid input data for permission checking. Default `null`.
470473
* @return bool|WP_Error Whether the ability has the necessary permission.
471474
*/
472475
public function check_permissions( $input = null ) {
473-
$is_valid = $this->validate_input( $input );
474-
if ( is_wp_error( $is_valid ) ) {
475-
return $is_valid;
476-
}
477-
478476
return $this->invoke_callback( $this->permission_callback, $input );
479477
}
480478

481-
482479
/**
483480
* Executes the ability callback.
484481
*
@@ -539,12 +536,14 @@ protected function validate_output( $output ) {
539536
* @return mixed|WP_Error The result of the ability execution, or WP_Error on failure.
540537
*/
541538
public function execute( $input = null ) {
539+
$is_valid = $this->validate_input( $input );
540+
if ( is_wp_error( $is_valid ) ) {
541+
return $is_valid;
542+
}
543+
542544
$has_permissions = $this->check_permissions( $input );
543545
if ( true !== $has_permissions ) {
544546
if ( is_wp_error( $has_permissions ) ) {
545-
if ( 'ability_invalid_input' === $has_permissions->get_error_code() ) {
546-
return $has_permissions;
547-
}
548547
// Don't leak the permission check error to someone without the correct perms.
549548
_doing_it_wrong(
550549
__METHOD__,
@@ -561,7 +560,7 @@ public function execute( $input = null ) {
561560
}
562561

563562
/**
564-
* Fires before an ability gets executed and after permission check.
563+
* Fires before an ability gets executed, after input validation and permissions check.
565564
*
566565
* @since 6.9.0
567566
*

src/wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -92,9 +92,6 @@ public function execute_ability( $request ) {
9292
$input = $this->get_input_from_request( $request );
9393
$result = $ability->execute( $input );
9494
if ( is_wp_error( $result ) ) {
95-
if ( 'ability_invalid_input' === $result->get_error_code() ) {
96-
$result->add_data( array( 'status' => 400 ) );
97-
}
9895
return $result;
9996
}
10097

@@ -161,12 +158,16 @@ public function check_ability_permissions( $request ) {
161158
return $is_valid;
162159
}
163160

164-
$input = $this->get_input_from_request( $request );
161+
$input = $this->get_input_from_request( $request );
162+
$is_valid = $ability->validate_input( $input );
163+
if ( is_wp_error( $is_valid ) ) {
164+
$is_valid->add_data( array( 'status' => 400 ) );
165+
return $is_valid;
166+
}
167+
165168
$result = $ability->check_permissions( $input );
166169
if ( is_wp_error( $result ) ) {
167-
if ( 'ability_invalid_input' === $result->get_error_code() ) {
168-
$result->add_data( array( 'status' => 400 ) );
169-
}
170+
$result->add_data( array( 'status' => rest_authorization_required_code() ) );
170171
return $result;
171172
}
172173
if ( ! $result ) {

tests/phpunit/tests/abilities-api/wpRegisterAbility.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -357,16 +357,16 @@ public function test_execute_ability_no_output_schema_match(): void {
357357
}
358358

359359
/**
360-
* Tests permission callback receiving input not matching schema.
360+
* Tests input validation failing due to schema mismatch.
361361
*
362362
* @ticket 64098
363363
*/
364-
public function test_permission_callback_no_input_schema_match(): void {
364+
public function test_validate_input_no_input_schema_match(): void {
365365
do_action( 'wp_abilities_api_init' );
366366

367367
$result = wp_register_ability( self::$test_ability_name, self::$test_ability_args );
368368

369-
$actual = $result->check_permissions(
369+
$actual = $result->validate_input(
370370
array(
371371
'a' => 2,
372372
'b' => 3,
@@ -376,7 +376,7 @@ public function test_permission_callback_no_input_schema_match(): void {
376376

377377
$this->assertWPError(
378378
$actual,
379-
'Permission check should fail due to input not matching schema.'
379+
'Input validation should fail due to input not matching schema.'
380380
);
381381
$this->assertSame( 'ability_invalid_input', $actual->get_error_code() );
382382
$this->assertSame(

0 commit comments

Comments
 (0)