From 71030b161489414b3c1e5951c2cb44c49da282ae Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Fri, 1 Apr 2022 19:49:38 +1000 Subject: [PATCH 1/2] Add initial `WP::request()` & friends API method with unslashing, optional default, optional sanitization. --- src/wp-includes/class-wp.php | 49 ++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/wp-includes/class-wp.php b/src/wp-includes/class-wp.php index 23af2fff87c18..b72cbbf24ff9e 100644 --- a/src/wp-includes/class-wp.php +++ b/src/wp-includes/class-wp.php @@ -779,4 +779,53 @@ public function main( $query_args = '' ) { */ do_action_ref_array( 'wp', array( &$this ) ); } + + /** + * Retrieve a value from $_REQUEST according to a $path and/or $schama. + */ + public static function request( $path, $default = null, $schema = false ) { + return self::_superglobal_access_helper( 'request', $path, $default, $schema ); + } + + /** + * Retrieve a value from $_GET according to a $path and/or $schama. + */ + public static function get( $path, $default = null, $schema = false ) { + return self::_superglobal_access_helper( 'get', $path, $default, $schema ); + } + + /** + * Retrieve a value from $_POST according to a $path and/or $schama. + */ + public static function post( $path, $default = null, $schema = false ) { + return self::_superglobal_access_helper( 'post', $path, $default, $schema ); + } + + /** + * + * @param string $var The global to access, sans underscore prefix. + * @param string|array $path The path to the value to fetch. See _wp_array_get(). + * @param mixed|null $default The default value if $path is not set. + * @param string|arrau $schema The primitive type of the value to return, or a Schema defining the value of the item. See rest_sanitize_value_from_schema(). + * @return mixed|WP_Error The request value, and if a $schema is passed, the sanitized value or a WP_Error instance if the value cannot be safely sanitized. + */ + protected static function _superglobal_access_helper( $var, $path, $default = null, $schema = false ) { + $var = ltrim( $var, '_' ); + $path = is_array( $path ) ? $path : array( $path ); + $value = _wp_array_get( $GLOBALS[ strtoupper( "_{$var}" ) ], $path, null ); + + if ( is_null( $value ) ) { + return $default; + } + + $value = wp_unslash( $value ); + + // Coerce it into the appropriate type. + if ( $schema ) { + $schema = is_string( $schema ) ? array( 'type' => $schema ) : $schema; + $value = rest_sanitize_value_from_schema( $value, $schema, "WP::{$var}()" ); + } + + return $value; + } } From c74ee8f6c4b6820eceefa28c0310739a2f4ffe44 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Fri, 1 Apr 2022 19:55:35 +1000 Subject: [PATCH 2/2] Simplify the steps for getting to the global variable. --- src/wp-includes/class-wp.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/wp-includes/class-wp.php b/src/wp-includes/class-wp.php index b72cbbf24ff9e..807f3b2dfc6ea 100644 --- a/src/wp-includes/class-wp.php +++ b/src/wp-includes/class-wp.php @@ -784,35 +784,38 @@ public function main( $query_args = '' ) { * Retrieve a value from $_REQUEST according to a $path and/or $schama. */ public static function request( $path, $default = null, $schema = false ) { - return self::_superglobal_access_helper( 'request', $path, $default, $schema ); + return self::_superglobal_access_helper( '_REQUEST', $path, $default, $schema ); } /** * Retrieve a value from $_GET according to a $path and/or $schama. */ public static function get( $path, $default = null, $schema = false ) { - return self::_superglobal_access_helper( 'get', $path, $default, $schema ); + return self::_superglobal_access_helper( '_GET', $path, $default, $schema ); } /** * Retrieve a value from $_POST according to a $path and/or $schama. */ public static function post( $path, $default = null, $schema = false ) { - return self::_superglobal_access_helper( 'post', $path, $default, $schema ); + return self::_superglobal_access_helper( '_POST', $path, $default, $schema ); } /** * - * @param string $var The global to access, sans underscore prefix. + * @param string $var The global to access. * @param string|array $path The path to the value to fetch. See _wp_array_get(). * @param mixed|null $default The default value if $path is not set. * @param string|arrau $schema The primitive type of the value to return, or a Schema defining the value of the item. See rest_sanitize_value_from_schema(). * @return mixed|WP_Error The request value, and if a $schema is passed, the sanitized value or a WP_Error instance if the value cannot be safely sanitized. */ protected static function _superglobal_access_helper( $var, $path, $default = null, $schema = false ) { - $var = ltrim( $var, '_' ); + if ( ! isset( $GLOBALS[ $var ] ) ) { + return $default; + } + $path = is_array( $path ) ? $path : array( $path ); - $value = _wp_array_get( $GLOBALS[ strtoupper( "_{$var}" ) ], $path, null ); + $value = _wp_array_get( $GLOBALS[ $var ], $path, null ); if ( is_null( $value ) ) { return $default; @@ -823,7 +826,8 @@ protected static function _superglobal_access_helper( $var, $path, $default = nu // Coerce it into the appropriate type. if ( $schema ) { $schema = is_string( $schema ) ? array( 'type' => $schema ) : $schema; - $value = rest_sanitize_value_from_schema( $value, $schema, "WP::{$var}()" ); + $caller = strtolower( ltrim( $var, '_' ) ); + $value = rest_sanitize_value_from_schema( $value, $schema, "WP::{$caller}()" ); } return $value;