Make WordPress Core


Ignore:
Timestamp:
09/27/2022 08:12:00 PM (2 years ago)
Author:
davidbaumwald
Message:

REST API: Ensure args is an array of arrays in register_rest_route().

When calling register_rest_route(), the args parameter for a route should be an array of arrays. However, some plugins/themes have passed an array of strings or key-value pairs which produces a PHP warning when array_intersect_key is used to filter the array keys based on an allowed list of schema keywords.

This change adds a check of the args parameter to ensure it's an array of arrays, presenting a _doing_it_wrong if any element of args is not an array and restructuring to an array of arrays. This change also adds a unit test for the incorrect usage described above, expecting that a _doing_it_wrong is produced.

Props slaFFik, desrosj, apermo, AndrewNZ, aristath, poena, dovyp, timothyblynjacobs, Hinjiriyo, johnmark8080, nateallen.
Fixes #51986.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r54133 r54339  
    15141514
    15151515                foreach ( $callback['args'] as $key => $opts ) {
     1516                    if ( is_string( $opts ) ) {
     1517                        $opts = array( $opts => 0 );
     1518                    } elseif ( ! is_array( $opts ) ) {
     1519                        $opts = array();
     1520                    }
    15161521                    $arg_data             = array_intersect_key( $opts, $allowed_schema_keywords );
    15171522                    $arg_data['required'] = ! empty( $opts['required'] );
Note: See TracChangeset for help on using the changeset viewer.