[wp-trac] [WordPress Trac] #40704: REST API request includes possibly unintended numeric parameters from regex parsing

WordPress Trac noreply at wordpress.org
Tue May 9 18:04:11 UTC 2017


#40704: REST API request includes possibly unintended numeric parameters from regex
parsing
-------------------------+-------------------------------------------------
 Reporter:  flixos90     |      Owner:
     Type:  defect       |     Status:  new
  (bug)                  |  Milestone:  Awaiting Review
 Priority:  normal       |    Version:  4.7
Component:  REST API     |   Keywords:  needs-patch needs-unit-tests 2nd-
 Severity:  normal       |  opinion
  Focuses:  rest-api     |
-------------------------+-------------------------------------------------
 When processing a route such as `/wp/v2/users/(?P<id>[\d]+)`, the route is
 matched through a regular expression and its matches are stored in a
 variable `$args`. These `$args` are then passed to the request as URL
 parameters without any further processing. See the
 `WP_REST_Server::dispatch()` method.

 This means that some unnecessary parameters are included that naturally
 appear in a matches array when parsing a regular expression. In the above
 example the `$args` array would be `array( 'id' => 10, 1 => '10' )` due to
 the described bug.

 This isn't very problematic when accessing specific request parameters,
 but causes unexpected results when calling the
 `WP_REST_Request::get_params()` method, since the additional numeric
 parameters that are a result of regex parsing are included in there.

 I came across this bug while working on #40263, which uses
 `WP_REST_Request::get_params()`. Unless it was an intended decision to
 leave the regex result untouched, we should work on a fix soon.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40704>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list