WP_REST_Request::sanitize_params()publicWP 4.4.0

Sanitizes (where possible) the params on the request.

This is primarily based off the sanitize_callback param on each registered argument.

Method of the class: WP_REST_Request{}

No Hooks.

Return

true|WP_Error. True if parameters were sanitized, WP_Error if an error occurred during sanitization.

Usage

$WP_REST_Request = new WP_REST_Request();
$WP_REST_Request->sanitize_params();

Changelog

Since 4.4.0 Introduced.

WP_REST_Request::sanitize_params() code WP 6.6.1

public function sanitize_params() {
	$attributes = $this->get_attributes();

	// No arguments set, skip sanitizing.
	if ( empty( $attributes['args'] ) ) {
		return true;
	}

	$order = $this->get_parameter_order();

	$invalid_params  = array();
	$invalid_details = array();

	foreach ( $order as $type ) {
		if ( empty( $this->params[ $type ] ) ) {
			continue;
		}

		foreach ( $this->params[ $type ] as $key => $value ) {
			if ( ! isset( $attributes['args'][ $key ] ) ) {
				continue;
			}

			$param_args = $attributes['args'][ $key ];

			// If the arg has a type but no sanitize_callback attribute, default to rest_parse_request_arg.
			if ( ! array_key_exists( 'sanitize_callback', $param_args ) && ! empty( $param_args['type'] ) ) {
				$param_args['sanitize_callback'] = 'rest_parse_request_arg';
			}
			// If there's still no sanitize_callback, nothing to do here.
			if ( empty( $param_args['sanitize_callback'] ) ) {
				continue;
			}

			/** @var mixed|WP_Error $sanitized_value */
			$sanitized_value = call_user_func( $param_args['sanitize_callback'], $value, $this, $key );

			if ( is_wp_error( $sanitized_value ) ) {
				$invalid_params[ $key ]  = implode( ' ', $sanitized_value->get_error_messages() );
				$invalid_details[ $key ] = rest_convert_error_to_response( $sanitized_value )->get_data();
			} else {
				$this->params[ $type ][ $key ] = $sanitized_value;
			}
		}
	}

	if ( $invalid_params ) {
		return new WP_Error(
			'rest_invalid_param',
			/* translators: %s: List of invalid parameters. */
			sprintf( __( 'Invalid parameter(s): %s' ), implode( ', ', array_keys( $invalid_params ) ) ),
			array(
				'status'  => 400,
				'params'  => $invalid_params,
				'details' => $invalid_details,
			)
		);
	}

	return true;
}