REST API: Sanitize block renderer attributes.
In [48069] the Block Renderer was changed to register a single route for all dynamic blocks. Validation was dynamically applied based on the requested block, but sanitization was not. This commit adds the same sanitization back to the block attributes. Props manooweb. Fixes #50620. See #48079. Built from https://develop.svn.wordpress.org/trunk@48437 git-svn-id: http://core.svn.wordpress.org/trunk@48206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7b61df725e
commit
a59fb4e50f
|
@ -70,6 +70,22 @@ class WP_REST_Block_Renderer_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
return rest_validate_value_from_schema( $value, $schema );
|
return rest_validate_value_from_schema( $value, $schema );
|
||||||
},
|
},
|
||||||
|
'sanitize_callback' => static function ( $value, $request ) {
|
||||||
|
$block = WP_Block_Type_Registry::get_instance()->get_registered( $request['name'] );
|
||||||
|
|
||||||
|
if ( ! $block ) {
|
||||||
|
// This will get rejected in ::get_item().
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$schema = array(
|
||||||
|
'type' => 'object',
|
||||||
|
'properties' => $block->get_attributes(),
|
||||||
|
'additionalProperties' => false,
|
||||||
|
);
|
||||||
|
|
||||||
|
return rest_sanitize_value_from_schema( $value, $schema );
|
||||||
|
},
|
||||||
),
|
),
|
||||||
'post_id' => array(
|
'post_id' => array(
|
||||||
'description' => __( 'ID of the post context.' ),
|
'description' => __( 'ID of the post context.' ),
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.5-beta1-48436';
|
$wp_version = '5.5-beta1-48437';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue