[wp-trac] [WordPress Trac] #40704: REST API request includes possibly unintended numeric parameters from regex parsing
WordPress Trac
noreply at wordpress.org
Mon Jul 17 00:05:59 UTC 2017
#40704: REST API request includes possibly unintended numeric parameters from regex
parsing
---------------------------------------------+-----------------------
Reporter: flixos90 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.8.1
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests commit | Focuses: rest-api
---------------------------------------------+-----------------------
Comment (by rmccue):
Replying to [comment:4 jnylen0]:
> [attachment:40704.2.diff] adds a unit test and a minor cleanup to the
logic in the original patch. I think this is good to ship in 4.8.1.
The problem with this is that we're giving people full regular
expressions, and they might not necessarily expect that regular (numeric)
matches don't appear.
For example, they might be using behaviour like:
{{{
register_rest_route( '/ns', '/route/(\d+)/(\d+)', array(
'callback' => function ( $matches ) {
$post = $matches[1];
$page = $matches[2];
// ...
}
));
}}}
If we want to drop support for that, we should make sure we're doing so
intentionally, and that it's well-documented in the release notes. IMO, it
should also go into a major not a minor.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40704#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list