diff --git a/wp-includes/rest-api/class-wp-rest-request.php b/wp-includes/rest-api/class-wp-rest-request.php index 73548d4f38..937b5684cd 100644 --- a/wp-includes/rest-api/class-wp-rest-request.php +++ b/wp-includes/rest-api/class-wp-rest-request.php @@ -858,13 +858,9 @@ class WP_REST_Request implements ArrayAccess { $attributes = $this->get_attributes(); $required = array(); - // No arguments set, skip validation. - if ( empty( $attributes['args'] ) ) { - return true; - } - - foreach ( $attributes['args'] as $key => $arg ) { + $args = empty( $attributes['args'] ) ? array() : $attributes['args']; + foreach ( $args as $key => $arg ) { $param = $this->get_param( $key ); if ( isset( $arg['required'] ) && true === $arg['required'] && null === $param ) { $required[] = $key; @@ -890,7 +886,7 @@ class WP_REST_Request implements ArrayAccess { */ $invalid_params = array(); - foreach ( $attributes['args'] as $key => $arg ) { + foreach ( $args as $key => $arg ) { $param = $this->get_param( $key ); @@ -919,8 +915,20 @@ class WP_REST_Request implements ArrayAccess { ); } - return true; + if ( isset( $attributes['validate_callback'] ) ) { + $valid_check = call_user_func( $attributes['validate_callback'], $this ); + if ( is_wp_error( $valid_check ) ) { + return $valid_check; + } + + if ( false === $valid_check ) { + // A WP_Error instance is preferred, but false is supported for parity with the per-arg validate_callback. + return new WP_Error( 'rest_invalid_params', __( 'Invalid parameters.' ), array( 'status' => 400 ) ); + } + } + + return true; } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index afcdee3ffa..2565d62a17 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.6-alpha-48944'; +$wp_version = '5.6-alpha-48945'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.