Skip to content

Commit

Permalink
Target Hints: Add missing param sanitization (#65280)
Browse files Browse the repository at this point in the history
  • Loading branch information
swissspidy authored Sep 17, 2024
1 parent 893181e commit 6722990
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 11 deletions.
1 change: 1 addition & 0 deletions backport-changelog/6.7/7139.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
https://github.com/WordPress/wordpress-develop/pull/7139

* https://github.com/WordPress/gutenberg/pull/64504
* https://github.com/WordPress/gutenberg/pull/65280
38 changes: 27 additions & 11 deletions lib/compat/wordpress-6.7/class-gutenberg-rest-server.php
Original file line number Diff line number Diff line change
Expand Up @@ -95,17 +95,33 @@ public static function get_response_links( $response ) {
continue;
}

$match = $server->match_request_to_handler( $request );
if ( ! is_wp_error( $match ) ) {
$response = new WP_REST_Response();
$response->set_matched_route( $match[0] );
$response->set_matched_handler( $match[1] );
$headers = rest_send_allow_header( $response, $server, $request )->get_headers();

foreach ( $headers as $name => $value ) {
$name = WP_REST_Request::canonicalize_header_name( $name );
$attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) );
}
$matched = $server->match_request_to_handler( $request );

if ( is_wp_error( $matched ) ) {
$data[ $rel ][] = $attributes;
continue;
}

if ( is_wp_error( $request->has_valid_params() ) ) {
$data[ $rel ][] = $attributes;
continue;
}

if ( is_wp_error( $request->sanitize_params() ) ) {
$data[ $rel ][] = $attributes;
continue;
}

list( $route, $handler ) = $matched;

$response = new WP_REST_Response();
$response->set_matched_route( $route );
$response->set_matched_handler( $handler );
$headers = rest_send_allow_header( $response, $server, $request )->get_headers();

foreach ( $headers as $name => $value ) {
$name = WP_REST_Request::canonicalize_header_name( $name );
$attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) );
}

$data[ $rel ][] = $attributes;
Expand Down

0 comments on commit 6722990

Please sign in to comment.