[wp-trac] [WordPress Trac] #64541: In GET requests, interfaces containing the `search` parameter can be vulnerable to logic errors triggered by the input `%2500`.
WordPress Trac
noreply at wordpress.org
Thu Jan 22 14:07:29 UTC 2026
#64541: In GET requests, interfaces containing the `search` parameter can be
vulnerable to logic errors triggered by the input `%2500`.
--------------------------+------------------------------
Reporter: nefelibata | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 6.9
Severity: major | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by suhan2411):
I can reproduce this issue. The %2500 value results in a decoded null byte
reaching REST search handling, which causes inconsistent query behavior
while still returning 200 responses.
Proposed approach: normalize invalid/null byte sequences in REST request
sanitization for search parameters, ensuring predictable behavior without
changing response codes. I plan to add a PHPUnit test covering %2500 vs
empty search equivalence.
Working on a patch + test.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64541#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list