[wp-trac] [WordPress Trac] #40704: REST API request includes possibly unintended numeric parameters from regex parsing

WordPress Trac noreply at wordpress.org
Mon Jul 17 00:05:59 UTC 2017


#40704: REST API request includes possibly unintended numeric parameters from regex
parsing
---------------------------------------------+-----------------------
 Reporter:  flixos90                         |       Owner:
     Type:  defect (bug)                     |      Status:  new
 Priority:  normal                           |   Milestone:  4.8.1
Component:  REST API                         |     Version:  4.4
 Severity:  normal                           |  Resolution:
 Keywords:  has-patch has-unit-tests commit  |     Focuses:  rest-api
---------------------------------------------+-----------------------

Comment (by rmccue):

 Replying to [comment:4 jnylen0]:
 > [attachment:40704.2.diff] adds a unit test and a minor cleanup to the
 logic in the original patch.  I think this is good to ship in 4.8.1.

 The problem with this is that we're giving people full regular
 expressions, and they might not necessarily expect that regular (numeric)
 matches don't appear.

 For example, they might be using behaviour like:
 {{{
 register_rest_route( '/ns', '/route/(\d+)/(\d+)', array(
         'callback' => function ( $matches ) {
                 $post = $matches[1];
                 $page = $matches[2];
                 // ...
         }
 ));
 }}}

 If we want to drop support for that, we should make sure we're doing so
 intentionally, and that it's well-documented in the release notes. IMO, it
 should also go into a major not a minor.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40704#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list