sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

REST API: Deliver parameters unadulterated instead of slashed.

Browse Source 
We goofed, and parameters accessed through the REST API's methods
were slashed (inconsistently, even). This unslashes the data, so
you get the un-messed-with data that was sent.

Props joehoyle.
Fixes #36419.

git-svn-id: https://develop.svn.wordpress.org/trunk@37163 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2016-04-06 21:01:11 +00:00
parent 28699803ee
commit 9deec9e723
3 changed files with 142 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-includes/rest-api/class-wp-rest-server.php
View File

@ -303,10 +303,10 @@ class WP_REST_Server {
$request = new WP_REST_Request( $_SERVER['REQUEST_METHOD'], $path ); $request = new WP_REST_Request( $_SERVER['REQUEST_METHOD'], $path );
$request->set_query_params( $_GET ); $request->set_query_params( wp_unslash( $_GET ) );
$request->set_body_params( $_POST ); $request->set_body_params( wp_unslash( $_POST ) );
$request->set_file_params( $_FILES ); $request->set_file_params( $_FILES );
$request->set_headers( $this->get_headers( $_SERVER ) ); $request->set_headers( $this->get_headers( wp_unslash( $_SERVER ) ) );
$request->set_body( $this->get_raw_data() ); $request->set_body( $this->get_raw_data() );
/* /*

12
tests/phpunit/includes/spy-rest-server.php
View File

@ -4,6 +4,7 @@ class Spy_REST_Server extends WP_REST_Server {
public $sent_headers = array(); public $sent_headers = array();
public $sent_body = ''; public $sent_body = '';
public $last_request = null;
/** /**
* Get the raw $endpoints data from the server * Get the raw $endpoints data from the server
@ -29,6 +30,17 @@ class Spy_REST_Server extends WP_REST_Server {
$this->sent_headers[ $header ] = $value; $this->sent_headers[ $header ] = $value;
} }
/**
* Override the dispatch method so we can get a handle on the request object.
*
* @param WP_REST_Request $request
* @return WP_REST_Response Response returned by the callback.
*/
public function dispatch( $request ) {
$this->last_request = $request;
return parent::dispatch( $request );
}
public function serve_request( $path = null ) { public function serve_request( $path = null ) {
ob_start(); ob_start();

127
tests/phpunit/tests/rest-api/rest-server.php
View File

@ -743,6 +743,133 @@ class Tests_REST_Server extends WP_Test_REST_TestCase {
} }
} }
public function test_serve_request_url_params_are_unslashed() {
$this->server->register_route( 'test', '/test/(?P<data>.*)', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => '__return_false',
'args' => array(
'data' => array(),
),
),
) );
$result = $this->server->serve_request( '/test/data\\with\\slashes' );
$url_params = $this->server->last_request->get_url_params();
$this->assertEquals( 'data\\with\\slashes', $url_params['data'] );
}
public function test_serve_request_query_params_are_unslashed() {
$this->server->register_route( 'test', '/test', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => '__return_false',
'args' => array(
'data' => array(),
),
),
) );
// WordPress internally will slash the superglobals on bootstrap
$_GET = wp_slash( array(
'data' => 'data\\with\\slashes',
) );
$result = $this->server->serve_request( '/test' );
$query_params = $this->server->last_request->get_query_params();
$this->assertEquals( 'data\\with\\slashes', $query_params['data'] );
}
public function test_serve_request_body_params_are_unslashed() {
$this->server->register_route( 'test', '/test', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => '__return_false',
'args' => array(
'data' => array(),
),
),
) );
// WordPress internally will slash the superglobals on bootstrap
$_POST = wp_slash( array(
'data' => 'data\\with\\slashes',
) );
$result = $this->server->serve_request( '/test/data' );
$body_params = $this->server->last_request->get_body_params();
$this->assertEquals( 'data\\with\\slashes', $body_params['data'] );
}
public function test_serve_request_json_params_are_unslashed() {
$this->server->register_route( 'test', '/test', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => '__return_false',
'args' => array(
'data' => array(),
),
),
) );
$_SERVER['HTTP_CONTENT_TYPE'] = 'application/json';
$GLOBALS['HTTP_RAW_POST_DATA'] = json_encode( array(
'data' => 'data\\with\\slashes',
) );
$result = $this->server->serve_request( '/test' );
$json_params = $this->server->last_request->get_json_params();
$this->assertEquals( 'data\\with\\slashes', $json_params['data'] );
}
public function test_serve_request_file_params_are_unslashed() {
$this->server->register_route( 'test', '/test', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => '__return_false',
'args' => array(
'data' => array(),
),
),
) );
// WordPress internally will slash the superglobals on bootstrap
$_FILES = array(
'data' => array(
'name' => 'data\\with\\slashes',
),
);
$result = $this->server->serve_request( '/test/data\\with\\slashes' );
$file_params = $this->server->last_request->get_file_params();
$this->assertEquals( 'data\\with\\slashes', $file_params['data']['name'] );
}
public function test_serve_request_headers_are_unslashed() {
$this->server->register_route( 'test', '/test', array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => '__return_false',
'args' => array(
'data' => array(),
),
),
) );
// WordPress internally will slash the superglobals on bootstrap
$_SERVER['HTTP_X_MY_HEADER'] = wp_slash( 'data\\with\\slashes' );
$result = $this->server->serve_request( '/test/data\\with\\slashes' );
$this->assertEquals( 'data\\with\\slashes', $this->server->last_request->get_header( 'x_my_header') );
}
public function filter_wp_rest_server_class() { public function filter_wp_rest_server_class() {
return 'Spy_REST_Server'; return 'Spy_REST_Server';
} }