[wp-trac] [WordPress Trac] #60771: PHP 8 Fatal error in WP_REST_Search_Controller
WordPress Trac
noreply at wordpress.org
Thu Mar 14 07:59:11 UTC 2024
#60771: PHP 8 Fatal error in WP_REST_Search_Controller
--------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 5.0
Severity: normal | Keywords: php8
Focuses: rest-api |
--------------------------+-----------------------------
`WP_REST_Search_Controller` does not properly sanitize the `type`
parameter before using it, leading to a PHP Warning / PHP Fatal error:
{{{
PHP 7.4 E_WARNING: Illegal offset type in isset or empty in wp-includes
/rest-api/endpoints/class-wp-rest-search-controller.php:398
PHP 8.1 Fatal error: Uncaught TypeError: Illegal offset type in isset or
empty in wp-includes/rest-api/endpoints/class-wp-rest-search-
controller.php:398
}}}
This happens with a rest-api request such as this:
{{{
/wp/v2/search?subtype=page&type[]=post
}}}
The schema correctly requires it to be a string, and under PHP 7.4 an
incorrect schema error will be thrown.
The issue is that the warning occurs within the sanitize handler:
{{{
#0 wp-includes/rest-api/endpoints/class-wp-rest-search-
controller.php(379):
WP_REST_Search_Controller->get_search_handler(Object(WP_REST_Request))
#1 wp-includes/rest-api/class-wp-rest-request.php(833):
WP_REST_Search_Controller->sanitize_subtypes(Array,
Object(WP_REST_Request), 'subtype')
#2 wp-includes/rest-api/class-wp-rest-server.php(1056):
WP_REST_Request->sanitize_params()
#3 wp-includes/rest-api/class-wp-rest-server.php(439):
WP_REST_Server->dispatch(Object(WP_REST_Request))
#4 wp-includes/rest-api.php(428):
WP_REST_Server->serve_request('/wp/v2/search')
}}}
Basically; causing `WP_REST_Search_Controller::get_search_handler()` to
run with `type` as an array, even though it's not acceptable according to
the schema.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60771>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list