[wp-trac] [WordPress Trac] #40704: REST API request includes possibly unintended numeric parameters from regex parsing
WordPress Trac
noreply at wordpress.org
Wed Jul 19 14:40:15 UTC 2017
#40704: REST API request includes possibly unintended numeric parameters from regex
parsing
---------------------------------------------+-----------------------
Reporter: flixos90 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.9
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests commit | Focuses: rest-api
---------------------------------------------+-----------------------
Comment (by jnylen0):
I checked for potentially problematic code in the plugin directory and I
didn't see anything that made me hesitant to proceed with this change (in
4.9, with a dev note):
- Instances of `$request[index]` and `$req[index]` that appeared to be
related to REST API code. None use numeric indices.
- `register_rest_route` calls with non-named match parameters. All of
these are inside a named match expression (and there are no accesses to
parameters with numeric indices here either):
{{{
plugins/auto-video-youtube-poster/index.php:633:
register_rest_route('video-producer/v1',
'/images_from_post/(?P<post_id>(.*)+)', array(
plugins/auto-video-youtube-poster/index.php:638:
register_rest_route('video-producer/v1',
'/data_from_post/(?P<post_id>(.*)+)', array(
plugins/woo-infoplus-connect/includes/api/rest/class-wc-infoplus-rest-
orders-controller.php:56: register_rest_route( $this->namespace,
'/' . $this->rest_base . '/(?P<orderNo>[\d]+(\.[0-9][0-9][0-9])?)', array(
plugins/wp-rest-api-v2-menus/wp-rest-api-v2-menus.php:44:
register_rest_route( 'menus/v1', '/menus/(?P<id>[a-zA-Z(-]+)', array(
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40704#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list