WordPress.org

Make WordPress Core

Changeset 41223


Ignore:
Timestamp:
08/03/17 19:54:56 (7 weeks ago)
Author:
jnylen0
Message:

REST API: Exclude numeric parameters from regex parsing

The list of endpoint parameters should only include explicitly named and requested parameters.

Props flixos90, rmccue, jnylen0.
Fixes #40704.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r41162 r41223  
    825825 
    826826        foreach ( $this->get_routes() as $route => $handlers ) { 
    827             $match = preg_match( '@^' . $route . '$@i', $path, $args ); 
     827            $match = preg_match( '@^' . $route . '$@i', $path, $matches ); 
    828828 
    829829            if ( ! $match ) { 
    830830                continue; 
     831            } 
     832 
     833            $args = array(); 
     834            foreach ( $matches as $param => $value ) { 
     835                if ( ! is_int( $param ) ) { 
     836                    $args[ $param ] = $value; 
     837                } 
    831838            } 
    832839 
  • trunk/tests/phpunit/tests/rest-api/rest-server.php

    r40805 r41223  
    161161        $response = $this->server->dispatch( $request ); 
    162162        $this->assertEquals( 200, $response->get_status() ); 
     163    } 
     164 
     165    public function test_url_params_no_numeric_keys() { 
     166 
     167        $this->server->register_route( 'test', '/test/(?P<data>.*)', array( 
     168            array( 
     169                'methods'  => WP_REST_Server::READABLE, 
     170                'callback' => '__return_false', 
     171                'args'     => array( 
     172                    'data' => array(), 
     173                ), 
     174            ), 
     175        ) ); 
     176 
     177        $request = new WP_REST_Request( 'GET', '/test/some-value' ); 
     178        $this->server->dispatch( $request ); 
     179        $this->assertEquals( array( 'data' => 'some-value' ), $request->get_params() ); 
    163180    } 
    164181 
Note: See TracChangeset for help on using the changeset viewer.