From a53c8b0e9ec2deb7a18fe273fcd96f9c2f20e354 Mon Sep 17 00:00:00 2001 From: Pascal Birchler Date: Thu, 12 Sep 2024 13:17:30 +0200 Subject: [PATCH] Target Hints: Add missing param sanitization --- .../class-gutenberg-rest-server.php | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/lib/compat/wordpress-6.7/class-gutenberg-rest-server.php b/lib/compat/wordpress-6.7/class-gutenberg-rest-server.php index 8374e8dc1fa23..e8ed5973034f3 100644 --- a/lib/compat/wordpress-6.7/class-gutenberg-rest-server.php +++ b/lib/compat/wordpress-6.7/class-gutenberg-rest-server.php @@ -95,16 +95,22 @@ public static function get_response_links( $response ) { continue; } - $match = $server->match_request_to_handler( $request ); - if ( ! is_wp_error( $match ) ) { - $response = new WP_REST_Response(); - $response->set_matched_route( $match[0] ); - $response->set_matched_handler( $match[1] ); - $headers = rest_send_allow_header( $response, $server, $request )->get_headers(); - - foreach ( $headers as $name => $value ) { - $name = WP_REST_Request::canonicalize_header_name( $name ); - $attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) ); + $matched = $server->match_request_to_handler( $request ); + if ( ! is_wp_error( $matched ) ) { + if ( ! is_wp_error( $request->has_valid_params() ) ) { + if ( ! is_wp_error( $request->sanitize_params() ) ) { + list( $route, $handler ) = $matched; + + $response = new WP_REST_Response(); + $response->set_matched_route( $route ); + $response->set_matched_handler( $handler ); + $headers = rest_send_allow_header( $response, $server, $request )->get_headers(); + + foreach ( $headers as $name => $value ) { + $name = WP_REST_Request::canonicalize_header_name( $name ); + $attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) ); + } + } } }