Target Hints: Add missing param sanitization

WordPress · Sep 12, 2024 · a53c8b0 · a53c8b0
1 parent 9bdfebf
commit a53c8b0
Showing 1 changed file with 16 additions and 10 deletions.
diff --git a/lib/compat/wordpress-6.7/class-gutenberg-rest-server.php b/lib/compat/wordpress-6.7/class-gutenberg-rest-server.php
@@ -95,16 +95,22 @@ public static function get_response_links( $response ) {
 					continue;
 				}
 
-				$match = $server->match_request_to_handler( $request );
-				if ( ! is_wp_error( $match ) ) {
-					$response = new WP_REST_Response();
-					$response->set_matched_route( $match[0] );
-					$response->set_matched_handler( $match[1] );
-					$headers = rest_send_allow_header( $response, $server, $request )->get_headers();
-
-					foreach ( $headers as $name => $value ) {
-						$name                               = WP_REST_Request::canonicalize_header_name( $name );
-						$attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) );
+				$matched = $server->match_request_to_handler( $request );
+				if ( ! is_wp_error( $matched ) ) {
+					if ( ! is_wp_error( $request->has_valid_params() ) ) {
+						if ( ! is_wp_error( $request->sanitize_params() ) ) {
+							list( $route, $handler ) = $matched;
+
+							$response = new WP_REST_Response();
+							$response->set_matched_route( $route );
+							$response->set_matched_handler( $handler );
+							$headers = rest_send_allow_header( $response, $server, $request )->get_headers();
+
+							foreach ( $headers as $name => $value ) {
+								$name                               = WP_REST_Request::canonicalize_header_name( $name );
+								$attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) );
+							}
+						}
 					}
 				}