WordPress.org

Make WordPress Core

Ticket #44702: 44702.diff

File 44702.diff, 1.9 KB (added by andizer, 17 months ago)

Proposal for a possible fix

  • src/wp-includes/rest-api/class-wp-rest-server.php

     
    650650         * @param array  $route_args Route arguments.
    651651         * @param bool   $override   Optional. Whether the route should be overridden if it already exists.
    652652         *                           Default false.
     653         *
     654         * @return bool|WP_Error WP_Error in case when a invalid route method is given.
    653655         */
    654656        public function register_route( $namespace, $route, $route_args, $override = false ) {
    655657                if ( ! isset( $this->namespaces[ $namespace ] ) ) {
     
    673675                        );
    674676                }
    675677
     678                if ( ! $this->validate_route_methods( $route_args['methods'] ) ) {
     679                        return new WP_Error( 'rest_invalid_route_method', __( 'One of the methods for this route is invalid' ), array( 'status' => 500 ) );
     680                }
     681
    676682                // Associative to avoid double-registration.
    677683                $this->namespaces[ $namespace ][ $route ] = true;
    678684                $route_args['namespace']                  = $namespace;
     
    682688                } else {
    683689                        $this->endpoints[ $route ] = array_merge( $this->endpoints[ $route ], $route_args );
    684690                }
     691
     692                return true;
    685693        }
    686694
    687695        /**
     696         * Checks if the given route methods contains invalid ones.
     697         *
     698         * @param string $methods Comma separated string with methods.
     699         *
     700         * @return bool Whether the methods are valid or not.
     701         */
     702        protected function validate_route_methods( $methods ) {
     703                $valid_methods = array( 'GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'PATCH' );
     704                $given_methods = array_map( 'trim', explode( ',', $methods ) );
     705
     706                return empty( array_diff( $given_methods, $valid_methods ) );
     707        }
     708
     709        /**
    688710         * Retrieves the route map.
    689711         *
    690712         * The route map is an associative array with path regexes as the keys. The