REST API: Guard against passing null as $prepared_args to WP_REST_Posts_Controller::prepare_items_query().

westonruter · westonruter · commit 105c7aab920c · 2026-02-28T00:41:31.000Z
The variable may get set to `null` by a filter or subclass. Developed in #7625 Follow-up to r38832. Props apermo, dmsnell, westonruter. Fixes #62287. git-svn-id: https://develop.svn.wordpress.org/trunk@61773 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -441,7 +441,10 @@ static function ( $format ) {
 		 * @param array           $args    Array of arguments for WP_Query.
 		 * @param WP_REST_Request $request The REST API request.
 		 */
-		$args       = apply_filters( "rest_{$this->post_type}_query", $args, $request );
+		$args = apply_filters( "rest_{$this->post_type}_query", $args, $request );
+		if ( ! is_array( $args ) ) {
+			$args = array();
+		}
 		$query_args = $this->prepare_items_query( $args, $request );
 
 		$posts_query  = new WP_Query();
@@ -1211,6 +1214,9 @@ public function delete_item( $request ) {
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
 		$query_args = array();
+		if ( ! is_array( $prepared_args ) ) {
+			$prepared_args = array();
+		}
 
 		foreach ( $prepared_args as $key => $value ) {
 			/**
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -298,7 +298,10 @@ public function get_items( $request ) {
 			}
 
 			/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
-			$args       = apply_filters( 'rest_revision_query', $args, $request );
+			$args = apply_filters( 'rest_revision_query', $args, $request );
+			if ( ! is_array( $args ) ) {
+				$args = array();
+			}
 			$query_args = $this->prepare_items_query( $args, $request );
 
 			$revisions_query = new WP_Query();
@@ -549,6 +552,9 @@ public function delete_item( $request ) {
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
 		$query_args = array();
+		if ( ! is_array( $prepared_args ) ) {
+			$prepared_args = array();
+		}
 
 		foreach ( $prepared_args as $key => $value ) {
 			/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
