Skip to content

Commit 4a9b6dd

Browse files
duncanjbrownduncanjbrown
committed
Robust query string encoding for multidimensional arrays
This previously relied on a hand-rolled function that tried to do its own urlencoding. This commit moves query string encoding to the standard function http_build_query.
1 parent bd6d869 commit 4a9b6dd

File tree

1 file changed

+15
-25
lines changed

1 file changed

+15
-25
lines changed

lib/class-wp-rest-oauth1.php

+15-25
Original file line numberDiff line numberDiff line change
@@ -711,31 +711,21 @@ protected function check_oauth_signature( $consumer, $oauth_params, $token = nul
711711
* @return string Signature string
712712
*/
713713
public function create_signature_string( $params ) {
714-
return implode( '%26', $this->join_with_equals_sign( $params ) ); // join with ampersand
715-
}
716-
717-
/**
718-
* Creates an array of urlencoded strings out of each array key/value pairs
719-
*
720-
* @since 0.1.0
721-
* @param array $params Array of parameters to convert.
722-
* @param array $query_params Array to extend.
723-
* @param string $key Optional Array key to append
724-
* @return string Array of urlencoded strings
725-
*/
726-
public function join_with_equals_sign( $params, $query_params = array(), $key = '' ) {
727-
foreach ( $params as $param_key => $param_value ) {
728-
if ( is_array( $param_value ) ) {
729-
$query_params = $this->join_with_equals_sign( $param_value, $query_params, $param_key );
730-
} else {
731-
if ( $key ) {
732-
$param_key = $key . '[' . $param_key . ']'; // Handle multi-dimensional array
733-
}
734-
$string = $param_key . '=' . $param_value; // join with equals sign
735-
$query_params[] = urlencode( $string );
736-
}
737-
}
738-
return $query_params;
714+
$query = http_build_query( $params );
715+
// http_build_query will attach numeric indices for array values, eg
716+
// filter[post__not_in][0]=1 instead of filter[post__not_in][]=1.
717+
//
718+
// Clients issue requests in the form filter[post__not_in][]=1 so
719+
// we should compare against that. This regex will strip out
720+
// the numeric indices.
721+
//
722+
// cf. http://php.net/manual/en/function.http-build-query.php
723+
// cf. http://stackoverflow.com/a/11996686/751089
724+
$replaced = preg_replace( '/%5B[0-9]+%5D/simU', '%5B%5D', $query );
725+
726+
// http_build_query has urlencoded the parameters, but our calling function
727+
// expects a double-encoded return value
728+
return urlencode( $replaced );
739729
}
740730

741731
/**

0 commit comments

Comments
 (0)