[wp-trac] [WordPress Trac] #64666: REST API: Prevent fatal when font settings params are non-string in font faces and font families endpoints

WordPress Trac noreply at wordpress.org
Wed Feb 18 09:47:36 UTC 2026 

#64666: REST API: Prevent fatal when font settings params are non-string in font
faces and font families endpoints
---------------------------+-----------------------------
 Reporter:  deepaklalwani  |      Owner:  (none)
     Type:  defect (bug)   |     Status:  new
 Priority:  normal         |  Milestone:  Awaiting Review
Component:  REST API       |    Version:  trunk
 Severity:  normal         |   Keywords:
  Focuses:                 |
---------------------------+-----------------------------
 The endpoints for creating and updating fonts currently expect stringified
 JSON for the settings parameters when sent via multipart/form-data.

 However, when nested form fields (array/object style) are passed instead
 of a flat JSON string, the request handling reaches the JSON decoding
 stage with a non-string value. This triggers a Fatal TypeError rather than
 returning a standard REST validation error.

 **Affected Endpoints:**

 font_face_settings on /wp/v2/font-families/<id>/font-faces
 font_family_settings on /wp/v2/font-families (Create/Update)

 **Steps to Reproduce**
 Run the following curl command (updating the credentials and URL for your
 local environment). This uses nested form fields for the settings instead
 of a JSON string:

 {{{
 curl -i -u "<username>:<password>" \
   -X POST "https://your-site.local/wp-json/wp/v2/font-families" \
   -F "theme_json_version=3" \
   -F "font_family_settings[name]=Inter" \
   -F "font_family_settings[slug]=inter" \
   -F "font_family_settings[fontFamily]=Inter, sans-serif"
 }}}


 **Expected Behavior**
 The API should not trigger a fatal error. It should return a WP_Error
 object with:

 Code: rest_invalid_param

 Status: 400 Bad Request

 Message: A clear explanation that the settings parameter must be a valid
 JSON string.

 **Actual Behavior**
 A Fatal TypeError occurs during the JSON decoding process because the code
 receives an array/object where it strictly expects a string.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64666>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list