REST API: Remove deprecated schema sanitization functions and integrate logic into WP_REST_Server

himanshupathak95 · himanshupathak95 · commit f57bee46ec68 · 2025-12-06T23:05:12.000+05:30
diff --git a/src/wp-includes/rest-api.php b/src/wp-includes/rest-api.php
@@ -197,65 +197,6 @@ function register_rest_field( $object_type, $attribute, $args = array() ) {
 	}
 }
 
-/**
- * Sanitizes schema data ensuring empty properties arrays become objects for valid JSON Schema.
- *
- * The JSON Schema specification requires 'properties' to always be an object.
- * In PHP, empty associative arrays become empty arrays ([]) when JSON-encoded,
- * not empty objects ({}), which would make the schema invalid.
- *
- * This function only processes schema data from OPTIONS requests to avoid affecting
- * regular response data that may legitimately have a 'properties' field.
- *
- * @since 6.9.0
- *
- * @param array|object    $data    The response data to sanitize.
- * @param WP_REST_Server  $server  Server instance.
- * @param WP_REST_Request $request Request used to generate the response.
- * @return array|object The sanitized response data.
- */
-function rest_sanitize_schema_properties( $data, $server, $request ) {
-	if (
-		$request->get_method() === 'OPTIONS' &&
-		is_array( $data ) &&
-		isset( $data['schema'] ) &&
-		is_array( $data['schema'] )
-	) {
-		$data['schema'] = rest_sanitize_schema_properties_recursive( $data['schema'] );
-	}
-
-	return $data;
-}
-
-/**
- * Recursively sanitizes schema data ensuring empty properties arrays become objects.
- *
- * Helper function for rest_sanitize_schema_properties().
- *
- * @since 6.9.0
- *
- * @param array|object $data The schema data to sanitize.
- * @return array|object The sanitized schema data.
- */
-function rest_sanitize_schema_properties_recursive( $data ) {
-	$is_object  = is_object( $data );
-	$data_array = $is_object ? (array) $data : $data;
-
-	// Convert empty properties array to empty object.
-	if ( isset( $data_array['properties'] ) && is_array( $data_array['properties'] ) && empty( $data_array['properties'] ) ) {
-		$data_array['properties'] = (object) array();
-	}
-
-	// Process nested elements recursively.
-	foreach ( $data_array as $key => $value ) {
-		if ( is_array( $value ) || is_object( $value ) ) {
-			$data_array[ $key ] = rest_sanitize_schema_properties_recursive( $value );
-		}
-	}
-
-	return $is_object ? (object) $data_array : $data_array;
-}
-
 /**
  * Registers rewrite rules for the REST API.
  *
@@ -269,9 +210,6 @@ function rest_api_init() {
 
 	global $wp;
 	$wp->add_query_var( 'rest_route' );
-
-	// Ensure empty property arrays in schema are converted to objects.
-	add_filter( 'rest_pre_echo_response', 'rest_sanitize_schema_properties', 10, 3 );
 }
 
 /**
diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php
@@ -523,6 +523,14 @@ public function serve_request( $path = null ) {
 			$embed  = isset( $_GET['_embed'] ) ? rest_parse_embed_param( $_GET['_embed'] ) : false;
 			$result = $this->response_to_data( $result, $embed );
 
+			if (
+				$request->get_method() === 'OPTIONS' &&
+				isset( $result['schema'] ) &&
+				is_array( $result['schema'] )
+			) {
+				$result['schema'] = $this->sanitize_schema_properties_recursive( $result['schema'] );
+			}
+
 			/**
 			 * Filters the REST API response.
 			 *
@@ -1346,6 +1354,37 @@ protected function get_json_last_error() {
 		return json_last_error_msg();
 	}
 
+	/**
+	 * Recursively sanitizes schema data ensuring empty properties arrays become objects.
+	 *
+	 * The JSON Schema specification requires 'properties' to always be an object.
+	 * In PHP, empty associative arrays become empty arrays ([]) when JSON-encoded,
+	 * not empty objects ({}), which would make the schema invalid.
+	 *
+	 * @since 7.0.0
+	 *
+	 * @param array|object $data The schema data to sanitize.
+	 * @return array|object The sanitized schema data.
+	 */
+	protected function sanitize_schema_properties_recursive( $data ) {
+		$is_object  = is_object( $data );
+		$data_array = $is_object ? (array) $data : $data;
+
+		// Convert empty properties array to empty object.
+		if ( isset( $data_array['properties'] ) && is_array( $data_array['properties'] ) && empty( $data_array['properties'] ) ) {
+			$data_array['properties'] = (object) array();
+		}
+
+		// Process nested elements recursively.
+		foreach ( $data_array as $key => $value ) {
+			if ( is_array( $value ) || is_object( $value ) ) {
+				$data_array[ $key ] = $this->sanitize_schema_properties_recursive( $value );
+			}
+		}
+
+		return $is_object ? (object) $data_array : $data_array;
+	}
+
 	/**
 	 * Retrieves the site index.
 	 *
diff --git a/tests/phpunit/tests/rest-api/rest-schema-validation.php b/tests/phpunit/tests/rest-api/rest-schema-validation.php
@@ -2093,72 +2093,4 @@ public function data_combining_operation_error_message() {
 			),
 		);
 	}
-
-	/**
-	 * Test that an empty properties array is sanitized to an empty object in schema responses.
-	 *
-	 * @ticket 63186
-	 */
-	public function test_empty_properties_array_sanitized_to_object() {
-		$data = array(
-			'schema' => array(
-				'type'       => 'object',
-				'properties' => array(),
-			),
-		);
-
-		$request = new WP_REST_Request( 'OPTIONS', '/test' );
-		$server  = rest_get_server();
-
-		$sanitized_data = apply_filters( 'rest_pre_echo_response', $data, $server, $request );
-
-		$this->assertIsObject( $sanitized_data['schema']['properties'], 'Empty properties array should be converted to an object.' );
-		$this->assertEmpty( (array) $sanitized_data['schema']['properties'] );
-	}
-
-	/**
-	 * Test that a non-empty properties array remains unchanged.
-	 *
-	 * @ticket 63186
-	 */
-	public function test_non_empty_properties_array_remains_unchanged() {
-		$data = array(
-			'schema' => array(
-				'type'       => 'object',
-				'properties' => array(
-					'field' => array( 'type' => 'string' ),
-				),
-			),
-		);
-
-		$request = new WP_REST_Request( 'OPTIONS', '/test' );
-		$server  = rest_get_server();
-
-		$sanitized_data = apply_filters( 'rest_pre_echo_response', $data, $server, $request );
-
-		$this->assertNotEmpty( $sanitized_data['schema']['properties'] );
-		$this->assertIsArray( $sanitized_data['schema']['properties'], 'Non-empty properties should remain as an array.' );
-		$this->assertArrayHasKey( 'field', $sanitized_data['schema']['properties'] );
-	}
-
-	/**
-	 * Test that regular response data with empty properties field is not affected.
-	 *
-	 * @ticket 63186
-	 */
-	public function test_regular_response_properties_not_affected() {
-		$data = array(
-			'id'         => 123,
-			'title'      => 'Test Post',
-			'properties' => array(),
-		);
-
-		$request = new WP_REST_Request( 'GET', '/test' );
-		$server  = rest_get_server();
-
-		$result = apply_filters( 'rest_pre_echo_response', $data, $server, $request );
-
-		$this->assertIsArray( $result['properties'], 'Regular response data should not be affected.' );
-		$this->assertEmpty( $result['properties'] );
-	}
 }
