[wp-trac] [WordPress Trac] #38420: API Post status parameter does not accept multiple values

WordPress Trac noreply at wordpress.org
Thu Oct 20 19:39:46 UTC 2016


#38420: API Post status parameter does not accept multiple values
--------------------------+-----------------------------
 Reporter:  kadamwhite    |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  REST API      |    Version:  trunk
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 In the schema for the posts parameter we specify, "Limit result set to
 posts assigned a specific status; can be comma-delimited list of status
 types." However, the actual sanitization function we are using is
 `sanitize_key`, which does not properly parse array or comma-delimited
 values. This improper sanitization contributes to #38417

 The change in the attached path switches this parameter to use
 `wp_parse_slug_list` to properly interpret and sanitize arrays of stati,
 whether provided `comma,separated` or `status[]=array&status[]=syntax` (or
 plain string values).

 I'm not sure how to best update the validation function to handle this
 input.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38420>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list