Make WordPress Core


Ignore:
Timestamp:
01/10/2019 09:05:50 PM (6 years ago)
Author:
flixos90
Message:

General: Fix problematic string to array parsing.

WordPress has historically often used code like preg_split( '/[\s,]+/', $var ) to parse a string of comma-separated values into an array. However, this approach was causing an empty string to not be parsed into an empty array as expected, but rather into an array with the empty string as its sole element.

This was among other areas causing problems in the REST API where passing an empty request parameter could cause that request to fail because, instead of it being ignored, that parameter would be compared against the valid values for it, which typically do not include an empty string.

Props david.binda, sstoqnov.
Fixes #43977.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r44173 r44546  
    680680    $data = $response->get_data();
    681681
    682     $fields = is_array( $request['_fields'] ) ? $request['_fields'] : preg_split( '/[\s,]+/', $request['_fields'] );
     682    $fields = wp_parse_list( $request['_fields'] );
    683683
    684684    if ( 0 === count( $fields ) ) {
     
    11101110function rest_validate_value_from_schema( $value, $args, $param = '' ) {
    11111111    if ( 'array' === $args['type'] ) {
    1112         if ( ! is_array( $value ) ) {
    1113             $value = preg_split( '/[\s,]+/', $value );
     1112        if ( ! is_null( $value ) ) {
     1113            $value = wp_parse_list( $value );
    11141114        }
    11151115        if ( ! wp_is_numeric_array( $value ) ) {
     
    12541254            return (array) $value;
    12551255        }
    1256         if ( ! is_array( $value ) ) {
    1257             $value = preg_split( '/[\s,]+/', $value );
    1258         }
     1256        $value = wp_parse_list( $value );
    12591257        foreach ( $value as $index => $v ) {
    12601258            $value[ $index ] = rest_sanitize_value_from_schema( $v, $args['items'] );
Note: See TracChangeset for help on using the changeset viewer.