[wp-trac] [WordPress Trac] #43977: Fix error-prone string to array parsing
WordPress Trac
noreply at wordpress.org
Sat May 5 11:28:01 UTC 2018
#43977: Fix error-prone string to array parsing
--------------------------+------------------------------------------
Reporter: flixos90 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.0
Component: General | Version:
Severity: normal | Keywords: needs-patch needs-unit-tests
Focuses: rest-api |
--------------------------+------------------------------------------
In the REST API (and sometimes in other areas of core too) it's a common
procedure to parse a string into an array, splitting at comma characters.
I noticed an issue that can easily lead to unexpected behavior when an
empty value is passed.
Several functions in core use this behavior: `$list = preg_split(
'/[\s,]+/', $list );`
However, it causes empty strings to be parsed into an array containing an
empty string, where I would expect it to just be an empty array. In the
REST API, this can cause strange behavior:
* If you call `wp/v2/posts/?include=`, WordPress will search for posts
with ID 0 (which won't change the response, but is still somewhat clunky).
* If you call `wp/v2/posts/?slug=`, WordPress will search for posts with
an empty slug (which won't change the response, but is still somewhat
clunky).
* More importantly though: If you call `wp/v2/posts/?status=`, you will
get a strange error saying "Status is forbidden". That is because it
validates the empty string in the parsed array against the enum whitelist,
with that check obviously failing. It's not a required parameter, so in
this case, it should instead just be ignored.
We should look for functions that perform the above parsing procedure and
fix them.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43977>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list