[wp-trac] [WordPress Trac] #59234: Introduce a `wp_json_decode()` function, including validation when available
WordPress Trac
noreply at wordpress.org
Tue Jan 30 14:14:18 UTC 2024
#59234: Introduce a `wp_json_decode()` function, including validation when
available
-------------------------------+---------------------
Reporter: jrf | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 6.5
Component: General | Version: 6.4
Severity: normal | Resolution:
Keywords: php83 needs-patch | Focuses:
-------------------------------+---------------------
Comment (by nicomollet):
I checked every use of {{{json_decode()}}} and I only saw one that
requires protection from DOS attack vector: the REST API controller.
In {{{ WP_REST_Request }}} class, {{{parse_json_params()}}} method it
parses the body for every request to the REST API, so well exposed to
attacks.
I suggest adding a {{{json_validate()}}} just before.
Submitted a patch with it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59234#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list