Email format sanitization in validate_schema_property #1912
Description
So if we have this property:
'author_email' => array(
'description' => 'Email address for the object author.',
'type' => 'string',
'format' => 'email',
'context' => array( 'edit' ),
),
The validate_callback (cf. WP_REST_Controller::validate_schema_property) checks to see if the value passes is_email, which is good.
The sanitize_callback (cf. WP_REST_Controller::sanitize_schema_property) executes sanitize_email on the value (possibly twice). Essentially (the logic here is), if the email value returns ok from sanitize_email and sanitize_email does not return an empty string, sanitize it again and return the doubly sanitized email. Else, if it returns an empty string (due to failing min length, missing @, or missing domain), sanitize_schema_property allows the value to still pass as sanitized via sanitize_text_field. The code notes that it really doesn't care if the value passes sanitize_email because it is "lossy". If that is the case, then why not just allow the validate_schema_property use of is_email do the sanitization work and only return the value through sanitize_text_field in sanitize_schema_property.