Make WordPress Core


Ignore:
Timestamp:
09/27/2022 08:12:00 PM (17 months ago)
Author:
davidbaumwald
Message:

REST API: Ensure args is an array of arrays in register_rest_route().

When calling register_rest_route(), the args parameter for a route should be an array of arrays. However, some plugins/themes have passed an array of strings or key-value pairs which produces a PHP warning when array_intersect_key is used to filter the array keys based on an allowed list of schema keywords.

This change adds a check of the args parameter to ensure it's an array of arrays, presenting a _doing_it_wrong if any element of args is not an array and restructuring to an array of arrays. This change also adds a unit test for the incorrect usage described above, expecting that a _doing_it_wrong is produced.

Props slaFFik, desrosj, apermo, AndrewNZ, aristath, poena, dovyp, timothyblynjacobs, Hinjiriyo, johnmark8080, nateallen.
Fixes #51986.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r53877 r54339  
    102102                ),
    103103                '5.5.0'
     104            );
     105        }
     106
     107        if ( count( array_filter( $arg_group['args'], 'is_array' ) ) !== count( $arg_group['args'] ) ) {
     108            _doing_it_wrong(
     109                __FUNCTION__,
     110                sprintf(
     111                /* translators: %s: The REST API route being registered. */
     112                    __( 'REST API $args should be an array of arrays. Non-array value detected for %s.' ),
     113                    '<code>' . $clean_namespace . '/' . trim( $route, '/' ) . '</code>'
     114                ),
     115                '6.1.0'
    104116            );
    105117        }
Note: See TracChangeset for help on using the changeset viewer.