WordPress.org

Make WordPress Core

Opened 2 months ago

Closed 2 months ago

#51146 closed defect (bug) (fixed)

Error message for a non-numeric 'json' parameter in REST API

Reported by: rtagliento Owned by: TimothyBlynJacobs
Milestone: 5.5.1 Priority: normal
Severity: normal Version: 5.5
Component: REST API Keywords: has-patch has-unit-tests fixed-major
Focuses: rest-api Cc:

Description

Hi, I updated WordPress to 5.5 and CiviCRM to 5.28.3 and I am getting a new strange error on rest API.

If I pass this url parameter ---> &json={"sequential":1}

https://www.yogapause.it/civicenter/wp-json/civicrm/v3/rest?entity=Contact&action=get&api_key=R3BrdHBic1dYUENlR3Vhc092dHBy&key=6d8984d9bc0f9c2c7121db065e094e51&json={%22sequential%22:1}

I got this error:
{"code":"rest_invalid_param","message":"Parametro(i) non valido(i): json","data":{"status":400,"params":{"json":"json non \u00e8 del tipo integer."}}}

in english must be somthing like
{"code":"rest_invalid_param","message":"Parameter(i) not valid(i): json","data":{"status":400,"params":{"json":"json is not an integer type."}}}

Using the parameter json=1 it works, but I use the JSON that isn't an integer :(

May you check what's going on?

Change History (10)

#1 @TimothyBlynJacobs
2 months ago

  • Milestone changed from Awaiting Review to 5.5.1
  • Owner set to TimothyBlynJacobs
  • Status changed from new to assigned

Hi @rtagliento,

Thanks for the report and welcome to trac!

For reference, this is the arg definition: https://github.com/civicrm/civicrm-wordpress/blob/e424123d720100ac105a9ec896be1d120f5c93e4/wp-rest/Controller/Rest.php#L435

This is due to [48306]. Specifically, rest_is_integer isn't strict enough. That logic is the same as was used in rest_validate_value_from_schema, but what I missed is that it was first validated to be is_numeric.

What is happening is that rest_is_integer is returning true for your value, which means that the validator thinks the correct type to validate against is an integer, but it is then rejected when the is_numeric check happens.

The fix is to add is_numeric() to rest_is_integer().

#2 @TimothyBlynJacobs
2 months ago

A question here is what should happen in the following case:

rest_validate_value_from_schema( '15.5', [ 'type' => ['integer', 'string'] ] );

Right now this passes validation because string is an accepted value. Part of me wonders if we should reject it because it is a numeric string which could be cast to a real float type. And then be rejected because it isn't an integer. But the more that I think about it, I think adding that level of complexity to the juggling system probably wouldn't be worth it and might lead to more weird behavior.

This ticket was mentioned in PR #499 on WordPress/wordpress-develop by TimothyBJacobs.


2 months ago

  • Keywords has-patch has-unit-tests added

This ticket was mentioned in Slack in #meta by timothybjacobs. View the logs.


2 months ago

This ticket was mentioned in Slack in #core by desrosj. View the logs.


2 months ago

#6 @SergeyBiryukov
2 months ago

  • Summary changed from After upgrade to WordPress 5.5 I got an error on using REST api to Error message for a non-numeric 'json' parameter in REST API

#7 @TimothyBlynJacobs
2 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 48881:

REST API: Fix multi-type schemas with integer fields.

In [48306] support for multi-typed schemas was improved to first detect the data type of the value before applying further validation. The integer data type was detected using the new rest_is_integer function. This function used logic, however, that assumed that the value had already passed an is_numeric check. This meant that if integer and string were both acceptable types, the value would always be considered an integer causing the later accurate type validation to fail.

This commit fixes the rest_is_integer logic to include an is_numeric check.

Props rtagliento.
Fixes #51146.

#8 follow-up: @TimothyBlynJacobs
2 months ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening for 5.5.1

#9 in reply to: ↑ 8 @rtagliento
2 months ago

Thank you all for your job.

Regards Roberto.

Replying to TimothyBlynJacobs:

Reopening for 5.5.1

#10 @SergeyBiryukov
2 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 48883:

REST API: Fix multi-type schemas with integer fields.

In [48306] support for multi-typed schemas was improved to first detect the data type of the value before applying further validation. The integer data type was detected using the new rest_is_integer function. This function used logic, however, that assumed that the value had already passed an is_numeric check. This meant that if integer and string were both acceptable types, the value would always be considered an integer causing the later accurate type validation to fail.

This commit fixes the rest_is_integer logic to include an is_numeric check.

Props rtagliento, TimothyBlynJacobs.
Merges [48881] to the 5.5 branch.
Fixes #51146.

Note: See TracTickets for help on using tickets.