From 606c9905ef3a53dc99e8a07796b0539c9b4948e5 Mon Sep 17 00:00:00 2001
From: Rachel Baker <rachel@rachelbaker.me>
Date: Thu, 1 Dec 2016 02:12:41 +0000
Subject: [PATCH] REST API: Fix incorrect uses of
 `rest_sanitize_value_from_schema()`.

In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing.
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.
Built from https://develop.svn.wordpress.org/trunk@39400


git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/rest-api.php                                      | 2 +-
 .../rest-api/endpoints/class-wp-rest-users-controller.php     | 4 ++--
 wp-includes/version.php                                       | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/wp-includes/rest-api.php b/wp-includes/rest-api.php
index 3d0b7ee6d5..e5efb74fbe 100644
--- a/wp-includes/rest-api.php
+++ b/wp-includes/rest-api.php
@@ -840,7 +840,7 @@ function rest_sanitize_request_arg( $value, $request, $param ) {
 	}
 	$args = $attributes['args'][ $param ];
 
-	return rest_sanitize_value_from_schema( $value, $args, $param );
+	return rest_sanitize_value_from_schema( $value, $args );
 }
 
 /**
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
index 7ede596c56..823e5d571e 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
@@ -1027,7 +1027,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 	 * @return WP_Error|string The sanitized username, if valid, otherwise an error.
 	 */
 	public function check_username( $value, $request, $param ) {
-		$username = (string) rest_sanitize_value_from_schema( $value, $request, $param );
+		$username = (string) $value;
 
 		if ( ! validate_username( $username ) ) {
 			return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) );
@@ -1056,7 +1056,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 	 * @return WP_Error|string The sanitized password, if valid, otherwise an error.
 	 */
 	public function check_user_password( $value, $request, $param ) {
-		$password = (string) rest_sanitize_value_from_schema( $value, $request, $param );
+		$password = (string) $value;
 
 		if ( empty( $password ) ) {
 			return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 89bd365d05..3a395358b9 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.8-alpha-39397';
+$wp_version = '4.8-alpha-39400';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.