REST API: Correct error handling in WP_REST_Server::serve_batch_request_v1().

SergeyBiryukov · SergeyBiryukov · commit 880bb48c1865 · 2025-08-14T21:14:18.000Z
This aims to avoid a fatal error when hitting the batch request endpoint with a malformed URL. Follow-up to [49252]. Props bor0, SirLouen, SergeyBiryukov. Fixes #63502. git-svn-id: https://develop.svn.wordpress.org/trunk@60635 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php
@@ -1747,6 +1747,12 @@ public function serve_batch_request_v1( WP_REST_Request $batch_request ) {
 		$has_error  = false;
 
 		foreach ( $requests as $single_request ) {
+			if ( is_wp_error( $single_request ) ) {
+				$has_error    = true;
+				$validation[] = $single_request;
+				continue;
+			}
+
 			$match     = $this->match_request_to_handler( $single_request );
 			$matches[] = $match;
 			$error     = null;
@@ -1817,6 +1823,12 @@ public function serve_batch_request_v1( WP_REST_Request $batch_request ) {
 		}
 
 		foreach ( $requests as $i => $single_request ) {
+			if ( is_wp_error( $single_request ) ) {
+				$result      = $this->error_to_response( $single_request );
+				$responses[] = $this->envelope_response( $result, false )->get_data();
+				continue;
+			}
+
 			$clean_request = clone $single_request;
 			$clean_request->set_url_params( array() );
 			$clean_request->set_attributes( array() );
diff --git a/tests/phpunit/tests/rest-api/rest-server.php b/tests/phpunit/tests/rest-api/rest-server.php
@@ -2329,6 +2329,30 @@ static function () {
 		$this->assertSame( 400, $response->get_status() );
 	}
 
+	/**
+	 * @ticket 63502
+	 */
+	public function test_batch_request_with_malformed_url() {
+		$request = new WP_REST_Request( 'POST', '/batch/v1' );
+		$request->set_header( 'Content-Type', 'application/json' );
+		$request->set_body_params(
+			array(
+				'requests' => array(
+					array(
+						'method' => 'POST',
+						'path'   => 'http://user@:80',
+					),
+				),
+			)
+		);
+
+		$response = rest_get_server()->dispatch( $request );
+		$data     = $response->get_data()['responses'][0]['body'] ?? null;
+
+		$this->assertIsArray( $data );
+		$this->assertSame( 'parse_path_failed', $data['code'] );
+	}
+
 	/**
 	 * @ticket 51020
 	 */
