WordPress.org

Make WordPress Core

Opened 2 weeks ago

#43977 new defect (bug)

Fix error-prone string to array parsing

Reported by: flixos90 Owned by:
Milestone: 5.0 Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch needs-unit-tests
Focuses: rest-api Cc:

Description

In the REST API (and sometimes in other areas of core too) it's a common procedure to parse a string into an array, splitting at comma characters. I noticed an issue that can easily lead to unexpected behavior when an empty value is passed.

Several functions in core use this behavior: $list = preg_split( '/[\s,]+/', $list );

However, it causes empty strings to be parsed into an array containing an empty string, where I would expect it to just be an empty array. In the REST API, this can cause strange behavior:

  • If you call wp/v2/posts/?include=, WordPress will search for posts with ID 0 (which won't change the response, but is still somewhat clunky).
  • If you call wp/v2/posts/?slug=, WordPress will search for posts with an empty slug (which won't change the response, but is still somewhat clunky).
  • More importantly though: If you call wp/v2/posts/?status=, you will get a strange error saying "Status is forbidden". That is because it validates the empty string in the parsed array against the enum whitelist, with that check obviously failing. It's not a required parameter, so in this case, it should instead just be ignored.

We should look for functions that perform the above parsing procedure and fix them.

Change History (0)

Note: See TracTickets for help on using tickets.