Title: rest_sanitize_value_from_schema Published: December 7, 2016 Last modified: May 20, 2026 --- # rest_sanitize_value_from_schema( mixed $value, array $args, string $param = '' ): mixed|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿 ## In this article * [Parameters](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#source) * [Related](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#wp--skip-link--target) Sanitize a value based on a schema. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#parameters)󠁿 `$value`mixedrequired The value to sanitize. `$args`arrayrequired Schema array to use for sanitization. `$param`stringoptional The parameter name, used in error messages. Default:`''` ## 󠀁[Return](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#return)󠁿 mixed|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) The sanitized value or a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) instance if the value cannot be safely sanitized. ## 󠀁[Source](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#source)󠁿 ```php function rest_sanitize_value_from_schema( $value, $args, $param = '' ) { if ( isset( $args['anyOf'] ) ) { $matching_schema = rest_find_any_matching_schema( $value, $args, $param ); if ( is_wp_error( $matching_schema ) ) { return $matching_schema; } if ( ! isset( $args['type'] ) ) { $args['type'] = $matching_schema['type']; } $value = rest_sanitize_value_from_schema( $value, $matching_schema, $param ); } if ( isset( $args['oneOf'] ) ) { $matching_schema = rest_find_one_matching_schema( $value, $args, $param ); if ( is_wp_error( $matching_schema ) ) { return $matching_schema; } if ( ! isset( $args['type'] ) ) { $args['type'] = $matching_schema['type']; } $value = rest_sanitize_value_from_schema( $value, $matching_schema, $param ); } $allowed_types = array( 'array', 'object', 'string', 'number', 'integer', 'boolean', 'null' ); if ( ! isset( $args['type'] ) ) { /* translators: %s: Parameter. */ _doing_it_wrong( __FUNCTION__, sprintf( __( 'The "type" schema keyword for %s is required.' ), $param ), '5.5.0' ); } if ( is_array( $args['type'] ) ) { $best_type = rest_handle_multi_type_schema( $value, $args, $param ); if ( ! $best_type ) { return null; } $args['type'] = $best_type; } if ( ! in_array( $args['type'], $allowed_types, true ) ) { _doing_it_wrong( __FUNCTION__, /* translators: 1: Parameter, 2: The list of allowed types. */ wp_sprintf( __( 'The "type" schema keyword for %1$s can only be one of the built-in types: %2$l.' ), $param, $allowed_types ), '5.5.0' ); } if ( 'array' === $args['type'] ) { $value = rest_sanitize_array( $value ); if ( ! empty( $args['items'] ) ) { foreach ( $value as $index => $v ) { $value[ $index ] = rest_sanitize_value_from_schema( $v, $args['items'], $param . '[' . $index . ']' ); } } if ( ! empty( $args['uniqueItems'] ) && ! rest_validate_array_contains_unique_items( $value ) ) { /* translators: %s: Parameter. */ return new WP_Error( 'rest_duplicate_items', sprintf( __( '%s has duplicate items.' ), $param ) ); } return $value; } if ( 'object' === $args['type'] ) { $value = rest_sanitize_object( $value ); foreach ( $value as $property => $v ) { if ( isset( $args['properties'][ $property ] ) ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['properties'][ $property ], $param . '[' . $property . ']' ); continue; } $pattern_property_schema = rest_find_matching_pattern_property_schema( $property, $args ); if ( null !== $pattern_property_schema ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $pattern_property_schema, $param . '[' . $property . ']' ); continue; } if ( isset( $args['additionalProperties'] ) ) { if ( false === $args['additionalProperties'] ) { unset( $value[ $property ] ); } elseif ( is_array( $args['additionalProperties'] ) ) { $value[ $property ] = rest_sanitize_value_from_schema( $v, $args['additionalProperties'], $param . '[' . $property . ']' ); } } } return $value; } if ( 'null' === $args['type'] ) { return null; } if ( 'integer' === $args['type'] ) { return (int) $value; } if ( 'number' === $args['type'] ) { return (float) $value; } if ( 'boolean' === $args['type'] ) { return rest_sanitize_boolean( $value ); } // This behavior matches rest_validate_value_from_schema(). if ( isset( $args['format'] ) && ( ! isset( $args['type'] ) || 'string' === $args['type'] || ! in_array( $args['type'], $allowed_types, true ) ) ) { switch ( $args['format'] ) { case 'hex-color': return (string) sanitize_hex_color( $value ); case 'date-time': return sanitize_text_field( $value ); case 'email': // sanitize_email() validates, which would be unexpected. return sanitize_text_field( $value ); case 'uri': return sanitize_url( $value ); case 'ip': return sanitize_text_field( $value ); case 'uuid': return sanitize_text_field( $value ); case 'text-field': return sanitize_text_field( $value ); case 'textarea-field': return sanitize_textarea_field( $value ); } } if ( 'string' === $args['type'] ) { return (string) $value; } return $value; } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/rest-api.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/7.0/src/wp-includes/rest-api.php#L2775) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/7.0/src/wp-includes/rest-api.php#L2775-L2925) ## 󠀁[Related](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#related)󠁿 | Uses | Description | | [rest_find_any_matching_schema()](https://developer.wordpress.org/reference/functions/rest_find_any_matching_schema/)`wp-includes/rest-api.php` | Finds the matching schema among the “anyOf” schemas. | | [rest_find_one_matching_schema()](https://developer.wordpress.org/reference/functions/rest_find_one_matching_schema/)`wp-includes/rest-api.php` | Finds the matching schema among the “oneOf” schemas. | | [rest_find_matching_pattern_property_schema()](https://developer.wordpress.org/reference/functions/rest_find_matching_pattern_property_schema/)`wp-includes/rest-api.php` | Finds the schema for a property using the patternProperties keyword. | | [rest_handle_multi_type_schema()](https://developer.wordpress.org/reference/functions/rest_handle_multi_type_schema/)`wp-includes/rest-api.php` | Handles getting the best type for a multi-type schema. | | [rest_sanitize_array()](https://developer.wordpress.org/reference/functions/rest_sanitize_array/)`wp-includes/rest-api.php` | Converts an array-like value to an array. | | [rest_validate_array_contains_unique_items()](https://developer.wordpress.org/reference/functions/rest_validate_array_contains_unique_items/)`wp-includes/rest-api.php` | Checks if an array is made up of unique items. | | [rest_sanitize_object()](https://developer.wordpress.org/reference/functions/rest_sanitize_object/)`wp-includes/rest-api.php` | Converts an object-like value to an array. | | [rest_sanitize_value_from_schema()](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/)`wp-includes/rest-api.php` | Sanitize a value based on a schema. | | [rest_sanitize_boolean()](https://developer.wordpress.org/reference/functions/rest_sanitize_boolean/)`wp-includes/rest-api.php` | Changes a boolean-like value into the proper boolean value. | | [sanitize_textarea_field()](https://developer.wordpress.org/reference/functions/sanitize_textarea_field/)`wp-includes/formatting.php` | Sanitizes a multiline string from user input or from the database. | | [sanitize_hex_color()](https://developer.wordpress.org/reference/functions/sanitize_hex_color/)`wp-includes/formatting.php` | Sanitizes a hex color. | | [wp_sprintf()](https://developer.wordpress.org/reference/functions/wp_sprintf/)`wp-includes/formatting.php` | WordPress’ implementation of PHP sprintf() with filters. | | [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` | Retrieves the translation of $text. | | [sanitize_text_field()](https://developer.wordpress.org/reference/functions/sanitize_text_field/)`wp-includes/formatting.php` | Sanitizes a string from user input or from the database. | | [sanitize_url()](https://developer.wordpress.org/reference/functions/sanitize_url/)`wp-includes/formatting.php` | Sanitizes a URL for database or redirect usage. | | [_doing_it_wrong()](https://developer.wordpress.org/reference/functions/_doing_it_wrong/)`wp-includes/functions.php` | Marks something as being incorrectly called. | | [is_wp_error()](https://developer.wordpress.org/reference/functions/is_wp_error/)`wp-includes/load.php` | Checks whether the given variable is a WordPress Error. | | [WP_Error::__construct()](https://developer.wordpress.org/reference/classes/wp_error/__construct/)`wp-includes/class-wp-error.php` | Initializes the error. | [Show 13 more](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#) [Show less](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#) | Used by | Description | | [WP_REST_Widget_Types_Controller::prepare_item_for_response()](https://developer.wordpress.org/reference/classes/wp_rest_widget_types_controller/prepare_item_for_response/)`wp-includes/rest-api/endpoints/class-wp-rest-widget-types-controller.php` | Prepares a widget type object for serialization. | | [rest_validate_enum()](https://developer.wordpress.org/reference/functions/rest_validate_enum/)`wp-includes/rest-api.php` | Validates that the given value is a member of the JSON Schema “enum”. | | [WP_REST_Block_Types_Controller::prepare_item_for_response()](https://developer.wordpress.org/reference/classes/wp_rest_block_types_controller/prepare_item_for_response/)`wp-includes/rest-api/endpoints/class-wp-rest-block-types-controller.php` | Prepares a block type object for serialization. | | [WP_REST_Themes_Controller::prepare_theme_support()](https://developer.wordpress.org/reference/classes/wp_rest_themes_controller/prepare_theme_support/)`wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php` | Prepares the theme support value for inclusion in the REST API response. | | [WP_REST_Block_Renderer_Controller::register_routes()](https://developer.wordpress.org/reference/classes/wp_rest_block_renderer_controller/register_routes/)`wp-includes/rest-api/endpoints/class-wp-rest-block-renderer-controller.php` | Registers the necessary REST API routes, one for each dynamic block. | | [WP_Widget_Media::update()](https://developer.wordpress.org/reference/classes/wp_widget_media/update/)`wp-includes/widgets/class-wp-widget-media.php` | Sanitizes the widget form values as they are saved. | | [rest_sanitize_value_from_schema()](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/)`wp-includes/rest-api.php` | Sanitize a value based on a schema. | | [rest_sanitize_request_arg()](https://developer.wordpress.org/reference/functions/rest_sanitize_request_arg/)`wp-includes/rest-api.php` | Sanitize a request argument based on details registered to the route. | | [WP_REST_Meta_Fields::prepare_value()](https://developer.wordpress.org/reference/classes/wp_rest_meta_fields/prepare_value/)`wp-includes/rest-api/fields/class-wp-rest-meta-fields.php` | Prepares a meta value for output. | | [WP_REST_Meta_Fields::update_value()](https://developer.wordpress.org/reference/classes/wp_rest_meta_fields/update_value/)`wp-includes/rest-api/fields/class-wp-rest-meta-fields.php` | Updates meta values. | | [WP_REST_Settings_Controller::prepare_value()](https://developer.wordpress.org/reference/classes/wp_rest_settings_controller/prepare_value/)`wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php` | Prepares a value for output based off a schema array. | [Show 6 more](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#) [Show less](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#) ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/rest_sanitize_value_from_schema/?output_format=md#changelog)󠁿 | Version | Description | | [5.9.0](https://developer.wordpress.org/reference/since/5.9.0/) | Added `text-field` and `textarea-field` formats. | | [5.6.0](https://developer.wordpress.org/reference/since/5.6.0/) | Support the "anyOf" and "oneOf" keywords. | | [5.5.0](https://developer.wordpress.org/reference/since/5.5.0/) | Added the `$param` parameter. | | [4.7.0](https://developer.wordpress.org/reference/since/4.7.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Frest_sanitize_value_from_schema%2F) before being able to contribute a note or feedback.