-
Notifications
You must be signed in to change notification settings - Fork 800
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow /sites/${site}/external-media/copy/pexels to insert post meta data #21659
Conversation
Caution: This PR has changes that must be merged to WordPress.com |
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available. Once your PR is ready for review, check one last time that all required checks (other than "Required review") appearing at the bottom of this PR are passing or skipped. Jetpack plugin:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I love the unit test you added!
// Only allow meta properties defined in the schema. | ||
// None of the validation or sanitization functions are doing this for me. | ||
$meta_allowed = array_keys( $this->media_schema['properties']['meta']['properties'] ); | ||
$meta_filtered = array_intersect_key( $item['meta'], array_flip( $meta_allowed ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's too bad additionalProperties
doesn't cover that. I wonder if it doesn't work recursively but only in a top-level object?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe that's the case.
'additionalProperties' => false, | ||
'properties' => array( | ||
'vertical_id' => array( | ||
'type' => 'string', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't look like string values are actually sanitized unless we add a format. Should we do that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added this, but after sending a vertical_id of test_id_with_spaces_at_end
(there are multiple spaces at the end of this that github is filtering out), it's saved that way to the database, which makes me think it's not working. (Expected to see: Multiple spaces collapsed to one)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe all of these sanitations don't work nested?
'type' => 'object', | ||
), | ||
'orientations' => array( | ||
'type' => 'array', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if defining an enum parameter would help with validation here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added this, but it doesn't actually seem to work. Probably because of the same nested level thing. Maybe I should keep it anyway just to be more explicit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah that is really too bad
299d48f
to
5686e66
Compare
Updated w/ additional validation. |
@mreishus New idea: Let's sanitize the meta part separately:
In
Does that work? |
No, it doesn't work. The closest I found was this:
That ends up replacing one of the sub-parts of
However, whatever is downstream/upstream of this and looking for errors doesn't find it, and the invalid orientations are saved anyway, and no error is passed to the user. For sanitization, neither
nor
changes vertical_id=
Additionally, I cannot find any instances of |
We figured out a way to get the schema validation working in slack chat; updated. |
bd7be1b
to
e9c3912
Compare
Reworked with adding a missing array layer and removing workarounds |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
e9c3912
to
a5aac22
Compare
Rebased, only need crew review I believe |
a5aac22
to
b1f7b36
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still working after rebase! 👍
@jeherve I can't seem to merge, only auto-merge. I see the required check |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's the message, I'm not sure if this is a new failure or an expected one:
I think that was a one-off. I've relaunched the test, it should be okay this time. 🤞
Great news! One last step: head over to your WordPress.com diff, D69692-code, and commit it. Thank you! |
r234959 |
* master: (22 commits) VideoPress: reload block on rating change (#21653) Assets: Changelog for package version 1.12.0 (#21744) assets: Add `wp_register_script` wrapper (and then use it everywhere) (#21689) eslint-config-target-es: Configure mirror repo (#21731) Use monorepo `validate-es` script to validate Webpack builds (#21729) Backup: Replace daily backup references/upsell links with new real-time products (#21715) Likes: reimplement non-admin portions without jQuery (#21726) Autoloader: Not activated autoload queue is false (#21517) Sync: add a new method, do_only_first_initial_sync (#21676) webpack-config: Configure minifier to preserve translator comments (#21667) webpack-config: Use `@automattic/babel-plugin-preserve-i18n` (#21700) Create eslint-config-target-es JS package (#21660) webpack-config: Fork calypso-build's mini-css-with-rtl plugin (#21595) Allow /sites/${site}/external-media/copy/pexels to insert post meta data (#21659) jetpack: Don't set Webpack's `output.pathinfo` in production builds (#21727) Boost: Implement support for loading stylesheets when JavaScript is disabled in the context Critical CSS being enabled (#21713) RNA: export the Connection store (#21388) Display notice when user has unactivated product license keys (#21474) Gardening: ensure it can use Composer (#21712) Nav Unification: Display the stats sparkline on WP Admin for Atomic sites (#21655) ...
* master: VideoPress: reload block on rating change (#21653) Assets: Changelog for package version 1.12.0 (#21744) assets: Add `wp_register_script` wrapper (and then use it everywhere) (#21689) eslint-config-target-es: Configure mirror repo (#21731) Use monorepo `validate-es` script to validate Webpack builds (#21729) Backup: Replace daily backup references/upsell links with new real-time products (#21715) Likes: reimplement non-admin portions without jQuery (#21726) Autoloader: Not activated autoload queue is false (#21517) Sync: add a new method, do_only_first_initial_sync (#21676) webpack-config: Configure minifier to preserve translator comments (#21667) webpack-config: Use `@automattic/babel-plugin-preserve-i18n` (#21700) Create eslint-config-target-es JS package (#21660) webpack-config: Fork calypso-build's mini-css-with-rtl plugin (#21595) Allow /sites/${site}/external-media/copy/pexels to insert post meta data (#21659) jetpack: Don't set Webpack's `output.pathinfo` in production builds (#21727)
Changes proposed in this Pull Request:
Does this pull request change what data or activity we track or use?
No
Testing instructions (Jetpack):
Testing Instructions (Unit Tests):
jetpack docker phpunit -- --filter=Endpoint_External_Media
Testing instructions (WPCOM):
around line 37, inside the
if ( $post_id ) {
blockhttps://<vertical site>/wp-admin/post.php?post=49&action=edit
) andtail -f /tmp/php-errors