[wp-trac] [WordPress Trac] #45933: WSODs protection returns incorrect content type for JSON Requests

WordPress Trac noreply at wordpress.org
Mon Jan 21 15:17:29 UTC 2019 

#45933: WSODs protection returns incorrect content type for JSON Requests
------------------------------------------------+------------------------
 Reporter:  spacedmonkey                        |       Owner:  flixos90
     Type:  defect (bug)                        |      Status:  reviewing
 Priority:  normal                              |   Milestone:  5.1
Component:  Bootstrap/Load                      |     Version:  trunk
 Severity:  normal                              |  Resolution:
 Keywords:  servehappy needs-testing has-patch  |     Focuses:  multisite
------------------------------------------------+------------------------

Comment (by flixos90):

 Replying to [comment:35 schlessera]:
 Thanks for the review!

 > - Doing `empty()` checks on strings means that it is not possible to
 override a string like `$args['title']` to be an empty string. Just as
 well, doing `empty()` checks on integers means that it is not possible to
 override values like `$args['code']` to be `0`. `isset()` or
 `array_key_exists()` checks would be more explicit and still allow for
 empty strings and the value `0` as a valid input.

 That is intentional and needed for backward-compatibility. Existing code
 ensures already that the response code and title are never empty.

 > - `$args['response']` seems to have both `0` (line 3327) as well as
 `500` (line 3375) as default values. If it should be `0`, then some of the
 calls will be wrong, as setting of return code 500 is removed in some
 places by the patch (line 3024, line 3218, line 3257).

 The value is set to 0 specifically to allow overriding it. For example the
 `WP_Error` should only override the value if it wasn't manually set to
 something already. Since setting the value to 0 is not supported, we can
 rely on this. If the default value initially was 500, it would be more
 complicated to determine whether that 500 is the default or was actually
 passed.

 > - `'text_direction'` could default to `'ltr'` to simplify the code (line
 3332).

 Same here. The logic that sets a default (via `is_rtl()` check) should
 only kick in if no value has passed (as in the value is empty). If `'ltr'`
 was the default, this would be indistinguishable.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45933#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list