Warm tip: This article is reproduced from serverfault.com, please click
json php schema wordpress

What is the proper way to validate and sanitize JSON response from REST API?

发布于 2020-12-04 11:30:40

I have read the wordpress page about this but didn't find a solution.

Here are my details:

register rest route:

        register_rest_route(
            '/jwt-auth/v1',
            '/user',
            array(
                'methods'             => array( 'GET', 'POST', 'PUT' ),
                'callback'            => array( $this, 'user_get_information' ),
                'permission_callback' => function() {
                    return is_user_logged_in();
                },
            ),
        );

user function :

public function user_get_information( $request ) {
    $user_id = get_current_user_id();
    $data    = array();
    if ( filter_input( INPUT_SERVER, 'REQUEST_METHOD' ) === 'POST' ) {
        $params = array(
            'nickname',
            'first_name',
            'last_name',
            'mobile',
            'favorites',
            'playtime',
        );

        $allreq = $request->get_params();

        foreach ( $allreq as $req => $val ) {
            if ( ! empty( $val ) && in_array( $req, $params, true ) ) {
                if ( 'favorites' === $req ) {
                    // do somthing
                } elseif ( 'playtime' === $req ) { 

// i want this json data validate and sanitize then add to database

                    $meta      = get_user_meta( $user_id, 'playtime', true );
                    $schema    = $this->user_playtime_meta_schema();
                    if ( rest_validate_value_from_schema( $val, $schema ) ) {
                        $sanitized = rest_sanitize_value_from_schema( $val, $schema );
                    }
                    if ( ! is_array( $meta ) ) {
                        $meta = array();
                    }
                    $meta[] = $sanitized;
                    // $meta = array();
                } else {
                    $meta = $val;
                }
                $user_meta = update_user_meta( $user_id, 'playtime', $meta );
            }
        }
    }
    if ( is_wp_error( $user_meta ) ) {
        $error_string = $user_meta->get_error_message();
        return $error_string;
    } else {
        $info   = get_user_by( 'ID', $user_id );
        $meta   = get_user_meta( $user_id );
        $img_id = $meta['image_select'][0];
        if ( $img_id ) {
            $img_url = wp_get_attachment_url( $img_id );
        }
        $data['id']           = $info->ID;
        $data['login']        = $info->user_login;
        $data['email']        = $info->user_email;
        $data['display_name'] = $info->display_name;
        $data['image']        = $img_url;
        $data['nickname']     = $meta['nickname'][0];
        $data['first_name']   = $meta['first_name'][0];
        $data['last_name']    = $meta['last_name'][0];
        $data['mobile']       = $meta['mobile'][0];
        $data['favorites']    = get_user_meta( $user_id, 'favorites', true );
        $data['playtime']     = get_user_meta( $user_id, 'playtime', true );
        return $data;
    }
}

schema :

public function user_playtime_meta_schema() {
    if ( $this->playtime_schema ) {
        return $this->playtime_schema;
    }
    $this->playtime_schema = array(
        'type' => array(
            'type'       => 'object',
            'properties' => array(
                'song'     => array(
                    'type'       => 'object',
                    'properties' => array(
                        'name'  => array(
                            'type' => 'string',
                        ),
                        'id'    => array(
                            'type' => 'number',
                        ),
                        'notes' => array(
                            'type' => 'number',
                        ),
                    ),
                ),
                'time'     => array(
                    'type' => 'string',
                ),
                'date'     => array(
                    'type' => 'string',
                ),
                'score'    => array(
                    'type' => 'string',
                ),
                'progress' => array(
                    'type' => 'string',
                ),
            ),
        ),
    );
    return $this->playtime_schema;
}

try send data like this:

{"playtime":{"song": {
        "name": "Training New",
        "id": 758,
        "notes": 65
    },
    "time": "10:27:19 PM",
    "score": "[[76,\"perfect\"],[74,\"perfect\"],[77,\"perfect\"],[76,\"perfect\"],[74,\"late\"],[72,\"late\"],[74,\"perfect\"],[76,\"perfect\"],[76,\"perfect\"],[76,\"perfect\"],[74,\"perfect\"],[77,\"perfect\"],[76,\"late\"],[74,\"late\"],[72,\"perfect\"],[74,\"perfect\"],[76,\"perfect\"],[76,\"perfect\"],[74,\"perfect\"],[72,\"perfect\"],[71,\"perfect\"],[67,\"perfect\"],[74,\"perfect\"],[72,\"perfect\"],[74,\"perfect\"],[71,\"perfect\"],[72,\"perfect\"],[74,\"late\"],[71,\"perfect\"],[72,\"perfect\"],[71,\"late\"],[67,\"perfect\"]]",
    "date": "8/17/2020",
    "progress": "4%"}
}

everything works , but if i send some bad information like this :

    {"playtime":{"wrong": {
        "number": "1",
        "notes": 525
    },
    "time": "10:27:19 PM",
    "progress": "4%"}
}

also works and wrong data would be saved in database!

Any help thanks in advance.

Questioner
b3hr4d
Viewed
0
分享
GTsvetanov 2020-12-09 05:35:15

I've checked your example and there is a problem with your schema and in the way you've worked with.

First let me show you the correct schema for your example:

function testSchema() 
{
    return [
        'type' => 'object',
        'required' => [
            'playtime',
        ],
        'properties' => [
            'playtime' => [
                'type' => 'object',
                'required' => [
                    'song',
                    'time',
                    'score',
                    'date',
                    'progress',
                ],
                'properties' => [
                    'song' => [
                        'type' => 'object',
                        'required' => [
                            'name',
                            'id',
                            'notes',
                        ],
                        'properties' => [
                            'name' => [
                                'type' => 'string',
                            ],
                            'id' => [
                                'type' => 'integer',
                                'required' => true,
                            ],
                            'notes' => [
                                'type' => 'integer',
                            ],
                        ],
                    ],
                    'time' => [
                        'type' => 'string',
                    ],
                    'score' => [
                        'type' => 'string',
                    ],
                    'date' => [
                        'type' => 'string',
                    ],
                    'progress' => [
                        'type' => 'progress',
                    ],
                ],
            ],
        ],
    ];
}

To validate and sanitize your input your callback method have to look like this:

function testCallback(WP_REST_Request $request)
{
    $values = $request->get_json_params();
    $schema = testSchema();
    
    $result = rest_validate_value_from_schema($values, $schema);
    if (is_wp_error($result)) {
        var_dump($result);
        die('error');
    } else {
        $values = rest_sanitize_value_from_schema($values, $schema);
        var_dump($values);
        die('success');
    }
}

First you have to validate input data against your schema and if input pass it then you have to sanitize the values as you describe them in your schema - that's it.

b3hr4d 2020-12-09 06:11:46

Thank you so much sir, u made my day :).I think the key thing is $request->get_json_params(); , and your schema just work super good.

GTsvetanov 2020-12-09 07:03:02

As far I know this is the proper way to get the body of JSON request :)

热门帖子

1
有什么不错的口粮茶推荐吗
2
BT 真的死了吗
3
Win11 绕过 TPM2.0 安装后能否正常更新
4
MES给制造业带来看得见的效益
5
Casvisor:带 Web UI 的开源堡垒机,支持 RDP、VNC、SSH 远程桌面、主机和数据库管理、批量执行命令、单点登录
6
App Store (iOS) 能不能赠送“内购项目”给别人?
7
移动芒果卡 59 月租升到 79,到处都不能办?!
8
电信千兆宽带快到期了, 1000M 价格从 139 涨到了 199,有没有什么方法转到更便宜的套餐?
9
请问大家有什么全屋定制推荐的,品牌或者工厂店都行?
10
深圳这不考虑通勤的情况下,哪里租金最便宜呢。

热门github

1
Implementation of paper - YOLOv9: Learning What You Want to Learn Using Programmable Gradient Information
2
A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
3
Get up and running with Llama 2, Mistral, Gemma, and other large language models.
4
该项目可以让你通过订阅的方式使用Cloudflare WARP+,自动获取流量。This project enables you to use Cloudflare WARP+ through subscription, automatically acquiring traffic.
5
Multi functional app to find duplicates, empty folders, similar images etc.
6
Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard)
7
The Free Software Media System
8
lightweight, standalone C++ inference engine for Google's Gemma models.
9
📚 Freely available programming books
10
A collective list of free APIs
11
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
12
🎓 Path to a free self-taught education in Computer Science!
13
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
14
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
15
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.