[wp-trac] [WordPress Trac] #61061: PHP Warning with invalid JSON input

WordPress Trac noreply at wordpress.org
Thu Mar 20 06:10:13 UTC 2025 

#61061: PHP Warning with invalid JSON input
-------------------------------------------------+-------------------------
 Reporter:  dd32                                 |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  low                                  |   Milestone:  6.8
Component:  REST API                             |     Version:  trunk
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests needs-      |     Focuses:  rest-api
  testing has-testing-info                       |
-------------------------------------------------+-------------------------
Changes (by tusharaddweb):

 * keywords:  has-patch has-unit-tests needs-testing => has-patch has-unit-
     tests needs-testing has-testing-info
 * version:   => trunk


Comment:

 Test Environment:
         WordPress Version: 6.8
         PHP Version: 8.1
         Debug Mode: Enabled (WP_DEBUG_LOG set to true)


 Test Scenario

     Execute the following cURL request:

     curl https://example.org/wp-json/wp/v2/users/1 --data
 '"+response.write(document.domain)+"' -H 'Content-Type: application/json'

     Monitor the debug.log file (wp-content/debug.log) for any warnings or
 errors.
     Apply the patch: GitHub Pull Request #6491.
     Re-run the same cURL request.
     Verify that no warnings or errors are logged.

 Expected Result

     No PHP warnings or errors should be logged in debug.log when
 processing the request.

 Actual Result (Before Patch)

     PHP Warning appears in debug.log.
     The issue occurs due to improper input handling in the REST API
 request.

 Actual Result (After Patch Applied)

     ✅ No PHP warnings or errors in debug.log.
     The request is handled securely without generating unnecessary logs.

 Attachments

     [Attach relevant screenshots of debug.log before and after the patch]

 Test Conclusion

     Status: ✅ Issue Fixed After Patch
     Impact: Medium (Affects API request handling and debug logs)
     Recommendation:
         Ensure the patch is merged into future WordPress core updates.
         Perform further testing with other unexpected input payloads to
 confirm robustness.
         Verify compatibility with different PHP versions and REST API
 authentication methods.

 screenshots of debug.log before and after the patch :
 Before Patch: https://prnt.sc/Tbtg4znZfbNi
 After Patch:  https://prnt.sc/FHGcYJu9AorY

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61061#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list