summaryrefslogtreecommitdiffstatshomepage
path: root/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php')
-rw-r--r--src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php14
1 files changed, 13 insertions, 1 deletions
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
index 004f5851a2..f3c4295370 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
@@ -145,7 +145,19 @@ class WP_REST_Settings_Controller extends WP_REST_Controller {
public function update_item( $request ) {
$options = $this->get_registered_options();
- $params = $request->get_params();
+ $params = array_diff_key( $request->get_params(), $request->get_query_params() );
+
+ if ( empty( $params ) || ! empty( array_diff_key( $params, $options ) ) ) {
+ $message = empty( $params )
+ ? __( 'Request body cannot be empty.' )
+ : __( 'Invalid parameter(s) provided.' );
+
+ return new WP_Error(
+ 'rest_invalid_param',
+ $message,
+ array( 'status' => 400 )
+ );
+ }
foreach ( $options as $name => $args ) {
if ( ! array_key_exists( $name, $params ) ) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 11:53:08 +0000