REST API pagination: Large INT passed to `paged` query arg doesn't fail properly
|Reported by:||morganestes||Owned by:||joehoyle|
|Component:||REST API||Keywords:||needs-patch needs-unit-tests|
When an absurdly large value is passed to the REST API (e.g. /wp/v2/pages?page=23924321212413345333), it returns the first page of results instead of an error. The problem is during validation and sanitization of the value, where the passed value is run through absint, which returns another absurdly large value, which then gets nullified by PHP, which becomes 1.
wp> print_r( rest_sanitize_value_from_schema( 23452345346346345456567356, array( 'type' => 'integer' ), 'page' ) ); 3481259413623275520 => bool(true) wp> print_r( rest_validate_value_from_schema( 23452345346346345456567356, array( 'type' => 'integer' ), 'page' ) ); 1 => bool(true) wp> absint(23924321212413345333); => int(5477577138703794176)
Edge case, but worth noting since smaller values that are larger than the number of pages return an empty array (like if there are only 2 pages of posts, but 3 are requested).
Change History (16)
4 months ago
- Keywords needs-patch needs-unit-tests added
- Milestone changed from Awaiting Review to Future Release
- Type changed from defect (bug) to enhancement
- Owner set to joehoyle
- Resolution set to fixed
- Status changed from new to closed