Opened 6 weeks ago
Last modified 5 weeks ago
#61842 new defect (bug)
Uncaught TypeError in /wp-json/wp/v2/menu-items REST API POST operation
Reported by: | mlf20 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.2.2 |
Component: | REST API | Keywords: | has-patch has-unit-tests reporter-feedback |
Focuses: | rest-api | Cc: |
Description
Upon creating a fresh instance of WordPress and setting up the REST API a malformed post request REST API endpoint /wp-json/wp/v2/menu-items results in an exception in the endpoint.
Arises from an array being given in request when a string is expected. Would expect a 400 Bad Request for any unexpected types.
Command to reproduce
curl -X POST "http://[WORDPRESSDOMAIN]/wp-json/wp/v2/menu-items" -d '{"title":"fuzzstring","type":"fuzzstring","status":"fuzzstring","parent":0,"attr_title":"fuzzstring","classes":fuzzstring?,"description":"fuzzstring","menu_order":0,"object":"fuzzstring","object_id":0,"target":"fuzzstring","url":{ "fuzz" : false },"xfn":fuzzstring?,"menus":0}' -H 'Content-Type: application/json'
Stacktrace
<b>Fatal error</b>: Uncaught TypeError: ltrim(): Argument #1 ($string) must be of type string, array given in /var/www/html/wp-includes/formatting.php:4415 Stack trace: #0 /var/www/html/wp-includes/formatting.php(4415): ltrim(Array) #1 /var/www/html/wp-includes/formatting.php(4540): esc_url(Array, NULL, 'db') #2 /var/www/html/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php(856): sanitize_url(Array) #3 /var/www/html/wp-includes/rest-api/class-wp-rest-request.php(911): WP_REST_Menu_Items_Controller::{closure}(Array, Object(WP_REST_Request), 'url') #4 /var/www/html/wp-includes/rest-api/class-wp-rest-server.php(1018): WP_REST_Request->has_valid_params() #5 /var/www/html/wp-includes/rest-api/class-wp-rest-server.php(443): WP_REST_Server->dispatch(Object(WP_REST_Request)) #6 /var/www/html/wp-includes/rest-api.php(410): WP_REST_Server->serve_request('/wp/v2/menu-ite...') #7 /var/www/html/wp-includes/class-wp-hook.php(308): rest_api_loaded(Object(WP)) #8 /var/www/html/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters('', Array) #9 /var/www/html/wp-includes/plugin.php(565): WP_Hook->do_action(Array) #10 /var/www/html/wp-includes/class-wp.php(399): do_action_ref_array('parse_request', Array) #11 /var/www/html/wp-includes/class-wp.php(780): WP->parse_request('') #12 /var/www/html/wp-includes/functions.php(1334): WP->main('') #13 /var/www/html/wp-blog-header.php(16): wp() #14 /var/www/html/index.php(17): require('/var/www/html/w...') #15 {main} thrown in <b>/var/www/html/wp-includes/formatting.php</b> on line <b>4415</b><br />
Change History (2)
This ticket was mentioned in PR #7173 on WordPress/wordpress-develop by @mi5t4n.
6 weeks ago
#1
- Keywords has-patch has-unit-tests added
#2
@
5 weeks ago
- Keywords reporter-feedback added
Reproduction Report
Environment
- WordPress: 6.7-alpha-58576-src
- PHP: 7.3.33
- Server: Apache/2.4.57 (Unix) PHP/7.3.33
- Database: mysqli (Server: 5.7.43 / Client: mysqlnd 5.0.12-dev)
- Browser: Safari 17.6 (macOS)
- Theme: Twenty Twenty-Four 1.2
- MU-Plugins: None activated
- Plugins:
- JSON Basic Authentication 0.1
Actual Results
- ❌ Issue cannot be reproduced.
Additional Notes
I get proper HTTP 400 response code and no fatal errors/warnings in debug.log
.
Trac ticket: https://core.trac.wordpress.org/ticket/61842