[API] Một ví dụ về làm sạch dữ liệu sanitize (ok)
https://developer.wordpress.org/rest-api/extending-the-rest-api/routes-and-endpoints/
<?php
/**
* This is our callback function that embeds our resource in a WP_REST_Response.
*
* The parameter is already sanitized by this point so we can use it without any worries.
*/
function prefix_get_item($request) {
if (isset($request['data'])) {
return rest_ensure_response($request['data']);
}
return new WP_Error('rest_invalid', esc_html__('The data parameter is required.', 'my-text-domain'), array('status' => 400));
}
/**
* Validate a request argument based on details registered to the route.
*
* @param mixed $value Value of the 'filter' argument.
* @param WP_REST_Request $request The current request object.
* @param string $param Key of the parameter. In this case it is 'filter'.
* @return WP_Error|boolean
*/
function prefix_data_arg_validate_callback($value, $request, $param) {
// If the 'data' argument is not a string return an error.
if (!is_string($value)) {
return new WP_Error('rest_invalid_param', esc_html__('The filter argument must be a string.', 'my-text-domain'), array('status' => 400));
}
}
/**
* Sanitize a request argument based on details registered to the route.
*
* @param mixed $value Value of the 'filter' argument.
* @param WP_REST_Request $request The current request object.
* @param string $param Key of the parameter. In this case it is 'filter'.
* @return WP_Error|boolean
*/
function prefix_data_arg_sanitize_callback($value, $request, $param) {
// It is as simple as returning the sanitized value.
return sanitize_text_field($value);
}
/**
* We can use this function to contain our arguments for the example product endpoint.
*/
function prefix_get_data_arguments() {
$args = array();
// Here we are registering the schema for the filter argument.
$args['data'] = array(
// description should be a human readable description of the argument.
'description' => esc_html__('The data parameter is used to be sanitized and returned in the response.', 'my-text-domain'),
// type specifies the type of data that the argument should be.
'type' => 'string',
// Set the argument to be required for the endpoint.
'required' => true,
// We are registering a basic validation callback for the data argument.
'validate_callback' => 'prefix_data_arg_validate_callback',
// Here we register the validation callback for the filter argument.
'sanitize_callback' => 'prefix_data_arg_sanitize_callback',
);
return $args;
}
/**
* This function is where we register our routes for our example endpoint.
*/
function prefix_register_example_routes() {
// register_rest_route() handles more arguments but we are going to stick to the basics for now.
register_rest_route('my-plugin/v1', '/sanitized-data', array(
// By using this constant we ensure that when the WP_REST_Server changes our readable endpoints will work as intended.
'methods' => WP_REST_Server::READABLE,
// Here we register our callback. The callback is fired when this endpoint is matched by the WP_REST_Server class.
'callback' => 'prefix_get_item',
// Here we register our permissions callback. The callback is fired before the main callback to check if the current user can access the endpoint.
'args' => prefix_get_data_arguments(),
));
}
add_action('rest_api_init', 'prefix_register_example_routes');
?>Summary
Last updated