WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #64926, comment 15


Ignore:
Timestamp:
03/27/2026 05:42:29 AM (3 months ago)
Author:
liaison
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #64926, comment 15

    initial v1  
    11Subject: Update on #64926 - GitHub PR submitted
    2 
    32Hi @westonruter @zieladam,
    43
     
    1211DX & Consistency: JSON.stringify() is the standard lossless path for structured data in JS. Since REST API already supports this via parse_json_params() for POST bodies, GET requests should ideally mirror this behavior to provide a consistent developer experience.
    1312
    14 2. PR Philosophy
     132. PR Philosophy & Implementation
    1514The PR introduces JSON Coercion at the entry point of both rest_validate_value_from_schema() and rest_sanitize_value_from_schema():
    1615
    17 Validation: We decode the string early so it can pass the is_object or is_array checks. This prevents the rest_invalid_type (400) error that currently blocks these requests.
     16Validation & Sanitization: We decode the string early so it can pass the is_object or is_array checks, preventing the rest_invalid_type (400) error and ensuring the controller receives the correct PHP structured type.
    1817
    19 Sanitization: We perform the same decoding to ensure the data is returned as a proper PHP structured type to the controller callback.
     18Safety & Side-Effect Prevention:
    2019
    21 Safety: It uses json_last_error() to ensure we only touch valid JSON strings, leaving regular strings or malformed data to be handled by existing strict validation.
     20Used json_last_error() to ensure only valid JSON is coerced.
    2221
    23 GitHub PR:
    24 https://github.com/WordPress/wordpress-develop/pull/11371
     22Added a prefix check ({ or [). This is crucial to prevent unintended decoding of numeric strings (e.g., numeric slugs), which previously caused Undefined index errors in some Template Controller tests.
     23
     24Maintained compatibility by using 0 === strpos() for PHP 7.x environments.
     25
     26The PR is now passing all REST API unit tests and adheres to WP Coding Standards.
     27
     28GitHub PR: https://github.com/WordPress/wordpress-develop/pull/11371