[wp-trac] [WordPress Trac] #61113: WP_REST_Templates_Revisions_Controller not checking parent ID correctly
WordPress Trac
noreply at wordpress.org
Wed May 1 13:20:39 UTC 2024
#61113: WP_REST_Templates_Revisions_Controller not checking parent ID correctly
--------------------------+-----------------------------
Reporter: rockfire | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.5
Severity: normal | Keywords:
Focuses: rest-api |
--------------------------+-----------------------------
When doing a call to the
{{{WP_REST_Templates_Revisions_Controller->get_items_permission_check()}}}
with an empty {{{WP_REST_Request}}} (so without a parent parameter) I get
a Deprecation notice:
{{{
Deprecated: explode(): Passing null to parameter #2 ($string) of type
string is deprecated in [..]\wp-includes\block-template-utils.php on line
1074
}}}
This is because the {{{get_items_permission_check()}}} does a call to
{{{get_parent( $request['parent'] )}}}, which means the parameter is
{{{null}}}. The function uses this parameter for a call to
{{{get_block_template()}}} without checking if it is even valid.
Other Revision Controllers do actually check if the parent parameter is
valid. So in my opinion a check should be added to the
WP_REST_Template_Revisions_Controller.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61113>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list