[wp-trac] [WordPress Trac] #61061: PHP Warning with invalid JSON input
WordPress Trac
noreply at wordpress.org
Wed Apr 24 04:18:33 UTC 2024
#61061: PHP Warning with invalid JSON input
--------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: low | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Keywords:
Focuses: rest-api |
--------------------------+-----------------------------
A request such as the following will generate a PHP Warning:
{{{
curl https://example.org/wp-json/wp/v2/users/1 --data
'"+response.write(document.domain)+"' -H 'Content-Type: application/json'
}}}
The warning:
{{{
E_WARNING: Invalid argument supplied for foreach() in wp-includes/rest-api
/class-wp-rest-request.php:816
}}}
The relevant part of the backtrace:
{{{
[24-Apr-2024 04:11:35 UTC] PHP 10. WP_REST_Server->serve_request($path =
'/wp/v2/users/1') wp-includes/rest-api.php:428
[24-Apr-2024 04:11:35 UTC] PHP 11. WP_REST_Server->dispatch($request =
class WP_REST_Request { protected $method = 'POST'; protected $params =
['URL' => ['id' => '1'], 'GET' => [], 'POST' => [], 'FILES' => [], 'JSON'
=> '+response.write(document.domain)+', 'defaults' => []]; protected
$headers = ['content_type' => [0 => 'application/json'] ]; protected $body
= '"+response.write(document.domain)+"'; protected $route =
'/wp/v2/users/1'; protected $attributes = ['methods' => ['POST' => TRUE,
'PUT' => TRUE, 'PATCH' => TRUE], 'accept_json' => FALSE, 'accept_raw' =>
FALSE, 'show_in_index' => TRUE, [.......]; protected $parsed_json = TRUE;
protected $parsed_body = FALSE }) wp-includes/rest-api/class-wp-rest-
server.php:439
[24-Apr-2024 04:11:35 UTC] PHP 12. WP_REST_Request->sanitize_params() wp-
includes/rest-api/class-wp-rest-server.php:1056
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61061>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list