Skip to content

Fix unsanitized $_GET params and missing null checks in REST API #1314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jbrejcha wants to merge 14 commits into
base: development
Choose a base branch
from
Open

Fix unsanitized $_GET params and missing null checks in REST API #1314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
542301f
Merge branch 'development'
jorostoyanov Nov 10, 2023
5692f66
Add bundles
jorostoyanov Nov 10, 2023
6859164
Add unminified bundles
jorostoyanov Nov 10, 2023
dd9d967
Merge branch 'development'
jorostoyanov Nov 13, 2023
ecf71b4
Add bundles
jorostoyanov Nov 13, 2023
bc26d30
Merge branch 'development'
htmlburger-git Nov 28, 2023
ca90629
Add bundles
htmlburger-git Nov 28, 2023
1b51f6e
Merge branch 'development'
atanas-vasilev-dev Jul 31, 2024
a590865
Add bundles.
atanas-vasilev-dev Jul 31, 2024
b18f8e2
Merge branch 'development'
atanas-vasilev-dev Jul 31, 2024
9cb536e
Merge branch 'development'
ikolarov Apr 17, 2025
6981efa
Merge branch 'development'
ikolarov May 7, 2025
f82e80e
Merge branch 'development'
ikolarov Jun 11, 2025
23508f6
Fix unsanitized $_GET params and missing null checks in REST API
jbrejcha Apr 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion core/REST_API/Decorator.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public function register_fields() {
"Carbon_Fields\Field\Image_Field"
];

if ( in_array( get_class( $field ), $attachments_class ) ) {
if ( in_array( get_class( $field ), $attachments_class, true ) ) {
$value = Helper::get_attachments_urls($value);
}
}
Expand Down
26 changes: 17 additions & 9 deletions core/REST_API/Router.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ protected function get_all_field_values( $container_type, $object_id = null ) {
"Carbon_Fields\Field\Image_Field"
];

if ( in_array( get_class( $field ), $attachments_class ) ) {
if ( in_array( get_class( $field ), $attachments_class, true ) ) {
$value = Helper::get_attachments_urls($value);
}
}
Expand Down Expand Up @@ -321,21 +321,25 @@ public function get_comment_meta( $data ) {
* @return array
*/
public function get_association_data() {
$container_id = $_GET['container_id'];
$field_id = $_GET['field_id'];
$container_id = isset( $_GET['container_id'] ) ? sanitize_text_field( $_GET['container_id'] ) : '';
$field_id = isset( $_GET['field_id'] ) ? sanitize_text_field( $_GET['field_id'] ) : '';
$options = isset( $_GET['options'] ) ? explode( ';', $_GET['options'] ) : array();
$return_value = array();

/** @var \Carbon_Fields\Field\Association_Field $field */
$field = Helper::get_field( null, $container_id, $field_id );

if ( ! $field ) {
return $return_value;
}

$options = array_map( function ( $option ) {
$option = explode( ':', $option );
$parts = array_pad( explode( ':', $option ), 3, '' );

return [
'id' => $option[0],
'type' => $option[1],
'subtype' => $option[2],
'id' => $parts[0],
'type' => $parts[1],
'subtype' => $parts[2],
];
}, $options );

Expand Down Expand Up @@ -367,12 +371,16 @@ public function get_association_options() {
$page = isset( $_GET['page'] ) ? absint( $_GET['page'] ) : 1;
$term = isset( $_GET['term'] ) ? sanitize_text_field( $_GET['term'] ) : '';

$container_id = $_GET['container_id'];
$field_id = $_GET['field_id'];
$container_id = isset( $_GET['container_id'] ) ? sanitize_text_field( $_GET['container_id'] ) : '';
$field_id = isset( $_GET['field_id'] ) ? sanitize_text_field( $_GET['field_id'] ) : '';

/** @var \Carbon_Fields\Field\Association_Field $field */
$field = Helper::get_field( null, $container_id, $field_id );

if ( ! $field ) {
return array();
}

return $field->get_options( array(
'page' => $page,
'term' => $term,
Expand Down