Abilities API: Normalize input from schema

gziolo · gziolo · commit 09a96208a0c0 · 2025-10-22T10:20:30.000+02:00
diff --git a/src/wp-includes/abilities-api/class-wp-ability.php b/src/wp-includes/abilities-api/class-wp-ability.php
@@ -400,6 +400,31 @@ public function get_meta_item( string $key, $default_value = null ) {
 		return array_key_exists( $key, $this->meta ) ? $this->meta[ $key ] : $default_value;
 	}
 
+	/**
+	 * Normalizes the input for the ability, applying the default value from the input schema when needed.
+	 *
+	 * When no input is provided and the input schema is defined with a top-level `default` key, this method returns
+	 * the value of that key. If the input schema does not define a `default`, or if the input schema is empty,
+	 * this method returns null. If input is provided, it is returned as-is.
+	 *
+	 * @since 6.9.0
+	 *
+	 * @param mixed $input Optional. The raw input provided for the ability. Default `null`.
+	 * @return mixed The same input, or the default from schema, or `null` if default not set.
+	 */
+	public function normalize_input( $input = null ) {
+		if ( null !== $input ) {
+			return $input;
+		}
+
+		$input_schema = $this->get_input_schema();
+		if ( ! empty( $input_schema ) && array_key_exists( 'default', $input_schema ) ) {
+			return $input_schema['default'];
+		}
+
+		return null;
+	}
+
 	/**
 	 * Validates input data against the input schema.
 	 *
@@ -536,6 +561,7 @@ protected function validate_output( $output ) {
 	 * @return mixed|WP_Error The result of the ability execution, or WP_Error on failure.
 	 */
 	public function execute( $input = null ) {
+		$input    = $this->sanitize_input( $input );
 		$is_valid = $this->validate_input( $input );
 		if ( is_wp_error( $is_valid ) ) {
 			return $is_valid;
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php
@@ -159,6 +159,7 @@ public function check_ability_permissions( $request ) {
 		}
 
 		$input    = $this->get_input_from_request( $request );
+		$input	  = $ability->normalize_input( $input );
 		$is_valid = $ability->validate_input( $input );
 		if ( is_wp_error( $is_valid ) ) {
 			$is_valid->add_data( array( 'status' => 400 ) );

Original file line number	Diff line number	Diff line change
`@@ -159,6 +159,7 @@ public function check_ability_permissions( $request ) {`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`$input = $this->get_input_from_request( $request );`
	`162`	`+ $input = $ability->normalize_input( $input );`
`162`	`163`	`$is_valid = $ability->validate_input( $input );`
`163`	`164`	`if ( is_wp_error( $is_valid ) ) {`
`164`	`165`	`$is_valid->add_data( array( 'status' => 400 ) );`