Changeset 54339 for trunk/src/wp-includes/rest-api.php

Timestamp:

09/27/2022 08:12:00 PM (3 years ago)

Author:

davidbaumwald

Message:

REST API: Ensure args is an array of arrays in register_rest_route().

When calling register_rest_route(), the args parameter for a route should be an array of arrays. However, some plugins/themes have passed an array of strings or key-value pairs which produces a PHP warning when array_intersect_key is used to filter the array keys based on an allowed list of schema keywords.

This change adds a check of the args parameter to ensure it's an array of arrays, presenting a _doing_it_wrong if any element of args is not an array and restructuring to an array of arrays. This change also adds a unit test for the incorrect usage described above, expecting that a _doing_it_wrong is produced.

Props slaFFik, desrosj, apermo, AndrewNZ, aristath, poena, dovyp, timothyblynjacobs, Hinjiriyo, johnmark8080, nateallen.
Fixes #51986.

File:

• trunk/src/wp-includes/rest-api.php (modified) (1 diff)

trunk/src/wp-includes/rest-api.php

@@ -102 +102 @@
                 ),
                 '5.5.0'
+            );
+        }
+
+        if ( count( array_filter( $arg_group['args'], 'is_array' ) ) !== count( $arg_group['args'] ) ) {
+            _doing_it_wrong(
+                __FUNCTION__,
+                sprintf(
+                /* translators: %s: The REST API route being registered. */
+                    __( 'REST API $args should be an array of arrays. Non-array value detected for %s.' ),
+                    '<code>' . $clean_namespace . '/' . trim( $route, '/' ) . '</code>'
+                ),
+                '6.1.0'
             );
         }