Collaboration: Cap client_id at the storage column width.

Add a maxLength constraint to the client_id argument schema so
overlong values are rejected at the REST layer rather than being
silently truncated (or erroring) at the database. The 32-character
limit matches the client_id varchar(32) column in schema.php and
mirrors the approach already used for the room argument.

Also document why both minimum and minLength are present: client_id
has a union type (string|integer), and WordPress REST API validation
dispatches string values to minLength/maxLength and integer values to
minimum, so both keywords are required to bound each branch of the
union.

Author: josephfusco

src/wp-includes/collaboration/class-wp-http-polling-collaboration-server.php

@@ -151,9 +151,15 @@ public function register_routes(): void {
 				'required' => true,
 				'type'     => array( 'object', 'null' ),
 			),
+			/*
+			 * client_id accepts both string and integer values:
+			 *  - 'minimum' bounds the integer form.
+			 *  - 'minLength' / 'maxLength' bound the string form.
+			 */
 			'client_id' => array(
 				'minimum'           => 1,
 				'minLength'         => 1,
+				'maxLength'         => 32, // Matches the client_id column width in wp-admin/includes/schema.php.
 				'required'          => true,
 				'type'              => array( 'string', 'integer' ),
 				'sanitize_callback' => function ( $value ) {

tests/phpunit/tests/rest-api/rest-collaboration-server.php

@@ -512,6 +512,40 @@ public function test_collaboration_client_id_integer_coercion(): void {
 		$this->assertArrayHasKey( '42', $data['rooms'][0]['awareness'], 'Numeric client_id should be coerced to string key in awareness.' );
 	}
 
+	/**
+	 * Validates that REST accepts client IDs at the column width boundary (32 chars).
+	 *
+	 * @ticket 64696
+	 */
+	public function test_collaboration_client_id_accepts_string_at_max_length(): void {
+		wp_set_current_user( self::$editor_id );
+
+		$client_id = str_repeat( 'a', 32 );
+		$this->assertSame( 32, strlen( $client_id ), 'Client ID should be 32 characters.' );
+
+		$rooms    = array( $this->build_room( $this->get_post_room(), $client_id ) );
+		$response = $this->dispatch_collaboration( $rooms );
+
+		$this->assertSame( 200, $response->get_status(), 'REST should accept client IDs at 32 characters.' );
+	}
+
+	/**
+	 * Validates that REST rejects client IDs exceeding the column width (32 chars).
+	 *
+	 * @ticket 64696
+	 */
+	public function test_collaboration_client_id_rejects_string_over_max_length(): void {
+		wp_set_current_user( self::$editor_id );
+
+		$client_id = str_repeat( 'a', 33 );
+		$this->assertSame( 33, strlen( $client_id ), 'Client ID should be 33 characters.' );
+
+		$rooms    = array( $this->build_room( $this->get_post_room(), $client_id ) );
+		$response = $this->dispatch_collaboration( $rooms );
+
+		$this->assertSame( 400, $response->get_status(), 'REST should reject client IDs exceeding 32 characters.' );
+	}
+
 	/**
 	 * Verifies that dispatching with an empty rooms array returns HTTP 200.
 	 *