[wp-trac] [WordPress Trac] #40704: REST API request includes possibly unintended numeric parameters from regex parsing
WordPress Trac
noreply at wordpress.org
Sun Jul 16 20:55:25 UTC 2017
#40704: REST API request includes possibly unintended numeric parameters from regex
parsing
---------------------------------------------+-----------------------
Reporter: flixos90 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.8.1
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests commit | Focuses: rest-api
---------------------------------------------+-----------------------
Changes (by jnylen0):
* keywords: 2nd-opinion has-patch needs-unit-tests => has-patch has-unit-
tests commit
* version: 4.7 => 4.4
Comment:
> This means that some unnecessary parameters are included that naturally
appear in a matches array when parsing a regular expression. In the above
example the `$args` array would be `array( 'id' => 10, 1 => '10' )` due to
the described bug.
This appears to happen whenever PCRE matches against a named subpattern
(in our case, any URL parameters), and it's documented in the
[http://php.net/manual/en/function.preg-match.php PHP docs] for
`preg_match`:
> Example !#4 Using named subpattern
{{{#!php
<?php
$str = 'foobar: 2008';
preg_match('/(?P<name>\w+): (?P<digit>\d+)/', $str, $matches);
print_r($matches);
?>
Array
(
[0] => foobar: 2008
[name] => foobar
[1] => foobar
[digit] => 2008
[2] => 2008
)
}}}
[attachment:40704.2.diff] adds a unit test and a minor cleanup to the
logic in the original patch. I think this is good to ship in 4.8.1.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40704#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list