Context Navigation

← Previous Change
Next Change →

rest-api.php

Timestamp:

02/27/2025 11:17:38 PM (3 months ago)

Author:

peterwilsoncc

Message:

REST API: Exit gracefully for malformed URLs.

Exit gracefully for requests with a malformed rest_route query string parameter, ie anything that is not a string.

This prevents fatal errors from occurring with URLs such as example.com/?rest_route[]=array as the URL is user input so logging the data provides no benefit to developers as they are unable to resolve the issue.

Props geekofshire, dd32, timothyblynjacobs.
Fixes #62932.

File:

: 1 edited

trunk/src/wp-includes/rest-api.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-includes/rest-api.php

-                      r59457
+                      r59886
+    }
+    // Return an error message if query_var is not a string.
+    if ( ! is_string( $GLOBALS['wp']->query_vars['rest_route'] ) ) {
+        $rest_type_error = new WP_Error(
+            'rest_path_invalid_type',
+            __( 'The rest route parameter must be a string.' ),
+            array( 'status' => 400 )
+        );
+        wp_die( $rest_type_error );
+    }
     /**
      * Whether this is a REST Request.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 59886 for trunk/src/wp-includes/rest-api.php

Legend:

trunk/src/wp-includes/rest-api.php

Download in other formats: