Changeset 54339

Timestamp:

09/27/2022 08:12:00 PM (23 months ago)

Author:

davidbaumwald

Message:

REST API: Ensure args is an array of arrays in register_rest_route().

When calling register_rest_route(), the args parameter for a route should be an array of arrays. However, some plugins/themes have passed an array of strings or key-value pairs which produces a PHP warning when array_intersect_key is used to filter the array keys based on an allowed list of schema keywords.

This change adds a check of the args parameter to ensure it's an array of arrays, presenting a _doing_it_wrong if any element of args is not an array and restructuring to an array of arrays. This change also adds a unit test for the incorrect usage described above, expecting that a _doing_it_wrong is produced.

Props slaFFik, desrosj, apermo, AndrewNZ, aristath, poena, dovyp, timothyblynjacobs, Hinjiriyo, johnmark8080, nateallen.
Fixes #51986.

Location:

trunk

Files:

• src/wp-includes/rest-api.php (modified) (1 diff)
• src/wp-includes/rest-api/class-wp-rest-server.php (modified) (1 diff)
• tests/phpunit/tests/rest-api.php (modified) (1 diff)

trunk/src/wp-includes/rest-api.php

@@ -102 +102 @@
                 ),
                 '5.5.0'
+
+
+
+
+
+
+
+
+
+
+
+
             );
         }

trunk/src/wp-includes/rest-api/class-wp-rest-server.php

@@ -1514 +1514 @@
 
                 foreach ( $callback['args'] as $key => $opts ) {
+
+
+
+
+
                     $arg_data             = array_intersect_key( $opts, $allowed_schema_keywords );
                     $arg_data['required'] = ! empty( $opts['required'] );

trunk/tests/phpunit/tests/rest-api.php

@@ -2519 +2519 @@
         );
     }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }