Context Navigation

← Previous Change
Next Change →

class-wp-rest-search-controller.php

Timestamp:

03/15/2024 11:23:18 AM (14 months ago)

Author:

swissspidy

Message:

REST API: Prevent error when passing invalid type parameter to search endpoint.

In WP_REST_Search_Controller, the type parameter is accessed via the sanitization callback for the subtype parameter, which is too early for type itself to be already sanitized. This change adds a type check in the get_search_handler() method to prevent errors when the type doesn’t match.

Props swissspidy, timothyblynjacobs, dd32.
Fixes #60771.

File:

: 1 edited

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php

r57648	r57839
396	396	$type = $request->get_param( self::PROP_TYPE );
397	397
398		if ( ! $type \|\| ! isset( $this->search_handlers[ $type ] ) ) {
	398	if ( ! $type \|\| ! is_string( $type ) \|\| ! isset( $this->search_handlers[ $type ] ) ) {
399	399	return new WP_Error(
400	400	'rest_search_invalid_type',

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 57839 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php

Legend:

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php

Download in other formats: