From 6ee8f33660f0271bded715e018e7cb6004dc269e Mon Sep 17 00:00:00 2001
From: Joe Hoyle <joehoyle@gmail.com>
Date: Mon, 31 Oct 2016 17:08:31 +0000
Subject: [PATCH] REST API: Sanitize arrays being sent as CSVs.

In #38586 the ability to parse arrays as csv was introduced, however it didn't add any support for validating csv arrays. This adds such sanitization, and also a good amount of unit tests for all sanitization baed off schema.

See #38586.

Built from https://develop.svn.wordpress.org/trunk@39061


git-svn-id: http://core.svn.wordpress.org/trunk@39003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/rest-api.php | 3 +++
 wp-includes/version.php  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/wp-includes/rest-api.php b/wp-includes/rest-api.php
index 988dd9c778..8642460dd8 100644
--- a/wp-includes/rest-api.php
+++ b/wp-includes/rest-api.php
@@ -1097,6 +1097,9 @@ function rest_sanitize_value_from_schema( $value, $args ) {
 		if ( empty( $args['items'] ) ) {
 			return (array) $value;
 		}
+		if ( ! is_array( $value ) ) {
+			$value = preg_split( '/[\s,]+/', $value );
+		}
 		foreach ( $value as $index => $v ) {
 			$value[ $index ] = rest_sanitize_value_from_schema( $v, $args['items'] );
 		}
diff --git a/wp-includes/version.php b/wp-includes/version.php
index fad2a068e7..a725fc9d98 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-beta1-39060';
+$wp_version = '4.7-beta1-39061';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.