WordPress.org
Get WordPress

Make WordPress Core

Changes between Version 2 and Version 3 of Ticket #64926


Ignore:
Timestamp:
03/24/2026 01:39:06 PM (3 months ago)
Author:
westonruter
Comment:

Thank you for the ticket.

When a REST endpoint declares a parameter with "type": "object" or "type": "array", GET requests cannot pass that parameter correctly. URLSearchParams has no native way to encode nested structures, so the only option is JSON.stringify(), producing ?input={"post_id":123}.

While URLSearchParams may not know how to encode that, doesn't PHP have a convention for this?

To pass an array as foo, you can do ?foo[]=1&foo[]=2&foo[]=3.

To pass an object:?user[name]=Bob&user[pet]=cat.

Does this not work?

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #64926

    • Property Keywords reporter-feedback added

  • Ticket #64926 – Description

    v2 v3  
    33When a REST endpoint declares a parameter with "type": "object" or "type": "array", GET requests cannot pass that parameter correctly. URLSearchParams has no native way to encode nested structures, so the only option is JSON.stringify(), producing ?input={"post_id":123}.
    44
    5 PHP populates $_GET['input'] as a raw string. rest_validate_value_from_schema() receives a string where the schema expects object, and returns a WP_Error, the request is rejected before rest_sanitize_value_from_schema() can coerce it.
     5PHP populates `$_GET['input']` as a raw string. rest_validate_value_from_schema() receives a string where the schema expects object, and returns a WP_Error, the request is rejected before rest_sanitize_value_from_schema() can coerce it.
    66
    77rest_sanitize_value_from_schema() already handles this case correctly (calls json_decode() on strings before validating type). The fix is to apply the same coercion in rest_validate_value_from_schema(), or to add a pre-validation JSON-decode pass for GET params that match an object/array schema, mirroring what parse_json_params() does for application/json body requests.