[wp-trac] [WordPress Trac] #38420: API Post status parameter does not accept multiple values
WordPress Trac
noreply at wordpress.org
Thu Oct 20 19:39:46 UTC 2016
#38420: API Post status parameter does not accept multiple values
--------------------------+-----------------------------
Reporter: kadamwhite | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
In the schema for the posts parameter we specify, "Limit result set to
posts assigned a specific status; can be comma-delimited list of status
types." However, the actual sanitization function we are using is
`sanitize_key`, which does not properly parse array or comma-delimited
values. This improper sanitization contributes to #38417
The change in the attached path switches this parameter to use
`wp_parse_slug_list` to properly interpret and sanitize arrays of stati,
whether provided `comma,separated` or `status[]=array&status[]=syntax` (or
plain string values).
I'm not sure how to best update the validation function to handle this
input.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38420>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list