WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REST API: Prevent error when passing invalid `type` parameter to search endpoint. 

In `WP_REST_Search_Controller`, the `type` parameter is accessed via the sanitization callback for the `subtype` parameter, which is too early for `type` itself to be already sanitized. This change adds a type check in the `get_search_handler()` method to prevent errors when the type doesn’t match.

Props swissspidy, timothyblynjacobs, dd32.
Fixes #60771.
Built from https://develop.svn.wordpress.org/trunk@57839


git-svn-id: http://core.svn.wordpress.org/trunk@57340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Pascal Birchler 2024-03-15 11:25:06 +00:00
parent 65099c4373
commit 6e516fe3cc
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/rest-api/endpoints/class-wp-rest-search-controller.php
View File

@ -395,7 +395,7 @@ class WP_REST_Search_Controller extends WP_REST_Controller {
protected function get_search_handler( $request ) { protected function get_search_handler( $request ) {
$type = $request->get_param( self::PROP_TYPE ); $type = $request->get_param( self::PROP_TYPE );
if ( ! $type || ! isset( $this->search_handlers[ $type ] ) ) { if ( ! $type || ! is_string( $type ) || ! isset( $this->search_handlers[ $type ] ) ) {
return new WP_Error( return new WP_Error(
'rest_search_invalid_type', 'rest_search_invalid_type',
__( 'Invalid type parameter.' ), __( 'Invalid type parameter.' ),

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.6-alpha-57836'; $wp_version = '6.6-alpha-57839';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.