REST API: Ensure args is an array of arrays in register_rest_route().

dream-encode · dream-encode · commit 6c17b0335fe0 · 2022-09-27T20:12:00.000Z
When calling `register_rest_route()`, the `args` parameter for a route should be an array of arrays. However, some plugins/themes have passed an array of strings or key-value pairs which produces a PHP warning when `array_intersect_key` is used to filter the array keys based on an allowed list of schema keywords. This change adds a check of the `args` parameter to ensure it's an array of arrays, presenting a `_doing_it_wrong` if any element of `args` is not an array and restructuring to an array of arrays. This change also adds a unit test for the incorrect usage described above, expecting that a `_doing_it_wrong` is produced. Props slaFFik, desrosj, apermo, AndrewNZ, aristath, poena, dovyp, timothyblynjacobs, Hinjiriyo, johnmark8080, nateallen. Fixes #51986. git-svn-id: https://develop.svn.wordpress.org/trunk@54339 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/rest-api.php b/src/wp-includes/rest-api.php
@@ -103,6 +103,18 @@ function register_rest_route( $namespace, $route, $args = array(), $override = f
 				'5.5.0'
 			);
 		}
+
+		if ( count( array_filter( $arg_group['args'], 'is_array' ) ) !== count( $arg_group['args'] ) ) {
+			_doing_it_wrong(
+				__FUNCTION__,
+				sprintf(
+				/* translators: %s: The REST API route being registered. */
+					__( 'REST API $args should be an array of arrays. Non-array value detected for %s.' ),
+					'<code>' . $clean_namespace . '/' . trim( $route, '/' ) . '</code>'
+				),
+				'6.1.0'
+			);
+		}
 	}
 
 	$full_route = '/' . $clean_namespace . '/' . trim( $route, '/' );
diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php
@@ -1513,6 +1513,11 @@ public function get_data_for_route( $route, $callbacks, $context = 'view' ) {
 				$endpoint_data['args'] = array();
 
 				foreach ( $callback['args'] as $key => $opts ) {
+					if ( is_string( $opts ) ) {
+						$opts = array( $opts => 0 );
+					} elseif ( ! is_array( $opts ) ) {
+						$opts = array();
+					}
 					$arg_data             = array_intersect_key( $opts, $allowed_schema_keywords );
 					$arg_data['required'] = ! empty( $opts['required'] );
 
diff --git a/tests/phpunit/tests/rest-api.php b/tests/phpunit/tests/rest-api.php
@@ -2518,4 +2518,23 @@ public function test_rest_preload_api_request_fields() {
 			array( 'description', '_links' )
 		);
 	}
+
+	/**
+	 * @ticket 51986
+	 */
+	public function test_route_args_is_array_of_arrays() {
+		$this->setExpectedIncorrectUsage( 'register_rest_route' );
+
+		$registered = register_rest_route(
+			'my-ns/v1',
+			'/my-route',
+			array(
+				'callback'            => '__return_true',
+				'permission_callback' => '__return_true',
+				'args'                => array( 'pattern' ),
+			)
+		);
+
+		$this->assertTrue( $registered );
+	}
 }
