[wp-trac] [WordPress Trac] #64291: REST API: null is accepted for every type
WordPress Trac
noreply at wordpress.org
Sat Nov 22 21:23:14 UTC 2025
#64291: REST API: null is accepted for every type
--------------------------+-----------------------------
Reporter: brandonxlf | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Because of [https://github.com/WordPress/wordpress-
develop/blob/095b5ede52d75bed3d6ee84b5dbc546e980cecb3/src/wp-includes
/rest-api/class-wp-rest-request.php#L928 line 928 of class-wp-rest-
request.php], parameters with the value `null` are never validated, so
they are accepted regardless of the schema type. However, they are still
sanitized, so they are converted to the correct type via the sanitization
functions. Since these parameters completely bypass the
`validate_callback`, and since it's not documented anywhere, this
behaviour seems unintentional.
As this behaviour does not conform to the JSON Schema, it should be
corrected by calling `validate_callback` for parameters with a value of
`null` that are present in the request. If keeping this behaviour by
default is desired for backwards compatibility, an opt-out flag should be
added to the WordPress schema definition to determine if
`rest_validate_value_from_schema` should ignore parameters with a value of
`null`.
At the very least, the documentation at https://developer.wordpress.org
/rest-api/extending-the-rest-api/adding-custom-endpoints/#arguments needs
to be updated to reflect that `validate_callback` is never called for
parameters with a `null` value, and https://developer.wordpress.org/rest-
api/extending-the-rest-api/schema/#type-juggling should be updated to
mention this behaviour.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64291>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list