Cannot get 'sanitize_callback' to work for rest parameters

I'm trying to sanitize my rest parameters using sanitize_callback:

register_rest_route( SoundSystem::$rest_namespace, '/playlist/new', array(
  'methods' = WP_REST_Server::CREATABLE,
  'callback' = array( __class__, 'rest_add_playlist' ),
  'permission_callback' = function () {
    return is_user_logged_in();
  },
  'playlist' = array(
    'description' = __( 'JSPF playlist data', 'soundsystem' ),
    'type'        = 'string',
    'required' = true,
    'sanitize_callback' = function($value, $request, $param) {
      return 'TESTING';
    },
  )
));

But it seems that the data is not sanitized: I get the initial value.

public static function rest_add_playlist(WP_REST_Request $request){
  $params = $request-get_params();
  $playlist = $params['playlist'];//does not returns 'TESTING'
}

What am I doing wrong ?

Topic rest-api sanitization Wordpress

Category Web

1
answered at

You're not getting the TESTING because your playlist argument should actually be in the args array like so: (reindented for brevity)

register_rest_route( SoundSystem::$rest_namespace, '/playlist/new', array(
    'methods'             => WP_REST_Server::CREATABLE,
    'callback'            => array( __class__, 'rest_add_playlist' ),
    'permission_callback' => function () {
        return is_user_logged_in();
    },
    'args'                => array(
        'playlist' => array(
            'description'       => __( 'JSPF playlist data', 'soundsystem' ),
            'type'              => 'string',
            'required'          => true,
            'sanitize_callback' => function($value, $request, $param) {
                return 'TESTING';
            },
        ),
    ), // end args
));

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.