[wp-trac] [WordPress Trac] #40704: REST API request includes possibly unintended numeric parameters from regex parsing
WordPress Trac
noreply at wordpress.org
Tue May 9 18:04:11 UTC 2017
#40704: REST API request includes possibly unintended numeric parameters from regex
parsing
-------------------------+-------------------------------------------------
Reporter: flixos90 | Owner:
Type: defect | Status: new
(bug) | Milestone: Awaiting Review
Priority: normal | Version: 4.7
Component: REST API | Keywords: needs-patch needs-unit-tests 2nd-
Severity: normal | opinion
Focuses: rest-api |
-------------------------+-------------------------------------------------
When processing a route such as `/wp/v2/users/(?P<id>[\d]+)`, the route is
matched through a regular expression and its matches are stored in a
variable `$args`. These `$args` are then passed to the request as URL
parameters without any further processing. See the
`WP_REST_Server::dispatch()` method.
This means that some unnecessary parameters are included that naturally
appear in a matches array when parsing a regular expression. In the above
example the `$args` array would be `array( 'id' => 10, 1 => '10' )` due to
the described bug.
This isn't very problematic when accessing specific request parameters,
but causes unexpected results when calling the
`WP_REST_Request::get_params()` method, since the additional numeric
parameters that are a result of regex parsing are included in there.
I came across this bug while working on #40263, which uses
`WP_REST_Request::get_params()`. Unless it was an intended decision to
leave the regex result untouched, we should work on a fix soon.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40704>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list