WordPress.org

Make WordPress Core

Opened 22 months ago

Last modified 12 months ago

#42961 new defect (bug)

Rest API doesnt handle empty arrays in querystring correctly

Reported by: steffanhalv Owned by:
Milestone: Awaiting Review Priority: normal
Severity: blocker Version: 4.7
Component: REST API Keywords:
Focuses: rest-api, coding-standards Cc:
PR Number:

Description

Sending empty arrays to endpoints through Rest API is not handled correctly by WP core.

Ex.
Querystring:
mysite.com/wp-json/...?my_empty_array[]=&... <- This works not

JSON:
data: { my_empty_array: [] } <- This works

When posting using json, empty array is handled correctly. When using querystring, it fails.

Please see https://github.com/woocommerce/woocommerce/issues/18249

Could also have a possible relationship with ticket:
https://core.trac.wordpress.org/ticket/42752 (https://github.com/woocommerce/woocommerce/issues/17954)

Change History (5)

#1 @dd32
22 months ago

  • Version changed from 4.9.1 to 4.7

This appears to be the correct behaviour, although an unexpected one at that.

Ex. Querystring:
mysite.com/wp-json/...?my_empty_array[]=&... <- This works not

In PHP applications, var[]= is always treated as being set to an empty string, that means that this is interpreted as array( '' ).

JSON:
data: { my_empty_array: [] } <- This works

When using JSON, you can pass more specific types than what you can in a PHP Query string, which results in this being a literal array()


All that being said, this feels a little awkward, and I'd prefer to see it standardised on the JSON behaviour, but I'm not sure it's really possible though.

One option would be to run array_filter() on any array items in the query string, but doing so also means moving away from standard PHP URL parsing quirks.

This ticket was mentioned in Slack in #core-restapi by schlessera. View the logs.


19 months ago

#3 @schlessera
19 months ago

One option would be to run array_filter() on any array items in the query string, but doing so also means moving away from standard PHP URL parsing quirks.

Going with "standard PHP URL parsing quirks" also seems wrong to me, though, as the URL should be parsed in a reliable way, no matter the language the server is written in. The code should implement whatever is the expected behavior from the URL alone, even if it differs from standard PHP behavior.

#4 @steffanhalv
19 months ago

Yes, I agree. Current handling of empty arrays in querystrings force apps to post using json, which is very stricted by same origin policy. It can be handled by using method override though, but it would be nice to accept this in querystrings to, as querystrings is actually supposed to be supported by the api.

#5 @steffanhalv
17 months ago

  • Focuses coding-standards added
  • Severity changed from normal to blocker

This makes it impossible to delete arrays completely using query string, so it becomes a blocker for my use case.

Any progress on this?

@dd32 Possible to get this fixed as well in WP 5.1 ?

Last edited 12 months ago by steffanhalv (previous) (diff)
Note: See TracTickets for help on using tickets.