Make WordPress Core

Opened 4 months ago

Last modified 4 months ago

#61838 new defect (bug)

Uncaught TypeError in multiple REST API endpoints from a single bug

Reported by: mlf20's profile mlf20 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.2.2
Component: REST API Keywords: has-patch
Focuses: rest-api Cc:

Description (last modified by peterwilsoncc)

Upon creating a fresh instance of WordPress and setting up the REST API a
malformed requests to REST API endpoints results
in an exception multiple endpoints:

Request body:
'{"namespace": ["core/offset-text-with-a-brutalist-design-vibe", "core/offset-text-with-a-brutalist-design-vibe"]}'

Command to reproduce

curl -X GET "[WORDPRESSDOMAIN]/wp-json/wp-block-editor/v1?namespace=core/large-header-with-text-and-a-button&context=" -H 'Authorization: Basic [ACCESS_TOKEN]' -H 'Content-Type: application/json' -d '{"namespace": ["core/offset-text-with-a-brutalist-design-vibe", "core/offset-text-with-a-brutalist-design-vibe"]}'

curl -X PUT -d '{"date": "E1VFG9QQ", "date_gmt": "447E5S8V", "slug": "", "status": "IKQHKNFP", "password": "TX0QAG2M", "template": ["template is not one of hello-world, blank.", "template is not one of hello-world, blank."?}' -H 'Authorization: Basic [ACCESS_TOKEN]' -H 'Content-Type: application/json'

Stacktrace

Fatal error:  Uncaught TypeError: Illegal offset type in isset or empty in /var/www/html/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php:1529
Stack trace:
#0 /var/www/html/wp-includes/rest-api/class-wp-rest-request.php(911): WP_REST_Posts_Controller->check_template(Array, Object(WP_REST_Request), 'template')
#1 /var/www/html/wp-includes/rest-api/class-wp-rest-server.php(1018): WP_REST_Request->has_valid_params()
#2 /var/www/html/wp-includes/rest-api/class-wp-rest-server.php(443): WP_REST_Server->dispatch(Object(WP_REST_Request))
#3 /var/www/html/wp-includes/rest-api.php(410): WP_REST_Server->serve_request('/wp/v2/blocks/3...')
#4 /var/www/html/wp-includes/class-wp-hook.php(308): rest_api_loaded(Object(WP))
#5 /var/www/html/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters('', Array)
#6 /var/www/html/wp-includes/plugin.php(565): WP_Hook->do_action(Array)
#7 /var/www/html/wp-includes/class-wp.php(399): do_action_ref_array('parse_request', Array)
#8 /var/www/html/wp-includes/class-wp.php(780): WP->parse_request('')
#9 /var/www/html/wp-includes/functions.php(1334): WP->main('')
#10 /var/www/html/wp-blog-header.php(16): wp()
#11 /var/www/html/index.php(17): require('/var/www/html/w...')
#12 {main}
  thrown in /var/www/html/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php on line 529
{"code":"internal_server_error","message":"<p>There has been a critical error on this website.</p><p><a href="https://wordpress.org/documentation/article/faq-troubleshooting/">Learn more about troubleshooting WordPress.</a></p>","data":{"status":500},"additional_errors":[]}'

Change History (4)

#1 @devansh2002
4 months ago

The namespace should be a string instead of an array that's why we are getting this TypeError.

#2 @mlf20
4 months ago

Agreed.
Should there be a type check on the parameter that returns a 400 instead when it fails?

This ticket was mentioned in PR #7160 on WordPress/wordpress-develop by @devansh2002.


4 months ago
#3

  • Keywords has-patch added

Add check for namespace to be string only
Trac ticket: https://core.trac.wordpress.org/ticket/61838

#4 @peterwilsoncc
4 months ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.