From a931a3f7a65753f71b73306a115fd3fbb28bd59d Mon Sep 17 00:00:00 2001
From: Christoph Daum <christoph.daum@coding-pioneers.com>
Date: Wed, 23 Oct 2024 13:06:37 +0200
Subject: [PATCH 1/5] fix(rest-api): handle null in prepare_items_query()

Use null coalescing to default to an empty array
instead of wrapping the loop in an is_array() check
in WP_REST_Posts_Controller and
WP_REST_Revisions_Controller.
---
 .../rest-api/endpoints/class-wp-rest-posts-controller.php      | 3 ++-
 .../rest-api/endpoints/class-wp-rest-revisions-controller.php  | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
index fa8eb1251e4c5..918303d25d7e1 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -1210,7 +1210,8 @@ public function delete_item( $request ) {
 	 * @return array Items query arguments.
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
-		$query_args = array();
+		$query_args    = array();
+		$prepared_args = $prepared_args ?? array();
 
 		foreach ( $prepared_args as $key => $value ) {
 			/**
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
index b218cc3ec1d46..0f0b635088175 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -548,7 +548,8 @@ public function delete_item( $request ) {
 	 * @return array Items query arguments.
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
-		$query_args = array();
+		$query_args    = array();
+		$prepared_args = $prepared_args ?? array();
 
 		foreach ( $prepared_args as $key => $value ) {
 			/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */

From 36530f08a47035efac39e917652e04313e84be7d Mon Sep 17 00:00:00 2001
From: Dennis Snell <dennis.snell@automattic.com>
Date: Wed, 25 Feb 2026 12:07:14 -0600
Subject: [PATCH 2/5] Type-check filter results at call-sites to avoid type
 errors.

---
 .../rest-api/endpoints/class-wp-rest-posts-controller.php        | 1 +
 .../rest-api/endpoints/class-wp-rest-revisions-controller.php    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
index 918303d25d7e1..2b0b1189db6b4 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -442,6 +442,7 @@ static function ( $format ) {
 		 * @param WP_REST_Request $request The REST API request.
 		 */
 		$args       = apply_filters( "rest_{$this->post_type}_query", $args, $request );
+		$args       = is_array( $args ) ? $args : array();
 		$query_args = $this->prepare_items_query( $args, $request );
 
 		$posts_query  = new WP_Query();
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
index 0f0b635088175..2daa21bfdd429 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -299,6 +299,7 @@ public function get_items( $request ) {
 
 			/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
 			$args       = apply_filters( 'rest_revision_query', $args, $request );
+			$args       = is_array( $args ) ? $args : array();
 			$query_args = $this->prepare_items_query( $args, $request );
 
 			$revisions_query = new WP_Query();

From 35606cfd2db5ca90e3369007e3a7e7c6abf89f3e Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@ruter.net>
Date: Wed, 25 Feb 2026 10:50:44 -0800
Subject: [PATCH 3/5] Account for value not being null (nor an array)

---
 .../rest-api/endpoints/class-wp-rest-posts-controller.php   | 6 ++++--
 .../endpoints/class-wp-rest-revisions-controller.php        | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
index 2b0b1189db6b4..c610866c9b29e 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -1211,8 +1211,10 @@ public function delete_item( $request ) {
 	 * @return array Items query arguments.
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
-		$query_args    = array();
-		$prepared_args = $prepared_args ?? array();
+		$query_args = array();
+		if ( is_array( ! $prepared_args ) ) {
+			$prepared_args = array();
+		}
 
 		foreach ( $prepared_args as $key => $value ) {
 			/**
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
index 2daa21bfdd429..9a220d1f4d7fb 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -549,8 +549,10 @@ public function delete_item( $request ) {
 	 * @return array Items query arguments.
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
-		$query_args    = array();
-		$prepared_args = $prepared_args ?? array();
+		$query_args = array();
+		if ( is_array( ! $prepared_args ) ) {
+			$prepared_args = array();
+		}
 
 		foreach ( $prepared_args as $key => $value ) {
 			/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */

From e54f258ea1a23c5be7e89220e8c752a0776bb9e6 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@ruter.net>
Date: Wed, 25 Feb 2026 10:50:59 -0800
Subject: [PATCH 4/5] Use conditional for ensuring args is array

---
 .../rest-api/endpoints/class-wp-rest-posts-controller.php   | 6 ++++--
 .../endpoints/class-wp-rest-revisions-controller.php        | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
index c610866c9b29e..720f122aed440 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -441,8 +441,10 @@ static function ( $format ) {
 		 * @param array           $args    Array of arguments for WP_Query.
 		 * @param WP_REST_Request $request The REST API request.
 		 */
-		$args       = apply_filters( "rest_{$this->post_type}_query", $args, $request );
-		$args       = is_array( $args ) ? $args : array();
+		$args = apply_filters( "rest_{$this->post_type}_query", $args, $request );
+		if ( ! is_array( $args ) ) {
+			$args = array();
+		}
 		$query_args = $this->prepare_items_query( $args, $request );
 
 		$posts_query  = new WP_Query();
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
index 9a220d1f4d7fb..cc483edacf20f 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -298,8 +298,10 @@ public function get_items( $request ) {
 			}
 
 			/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
-			$args       = apply_filters( 'rest_revision_query', $args, $request );
-			$args       = is_array( $args ) ? $args : array();
+			$args = apply_filters( 'rest_revision_query', $args, $request );
+			if ( ! is_array( $args ) ) {
+				$args = array();
+			}
 			$query_args = $this->prepare_items_query( $args, $request );
 
 			$revisions_query = new WP_Query();

From 15f956a971f2bbd82986c4501ff4077cfad1d7d6 Mon Sep 17 00:00:00 2001
From: Weston Ruter <westonruter@gmail.com>
Date: Wed, 25 Feb 2026 11:17:07 -0800
Subject: [PATCH 5/5] Fix incorrect placement of operator

---
 .../rest-api/endpoints/class-wp-rest-posts-controller.php       | 2 +-
 .../rest-api/endpoints/class-wp-rest-revisions-controller.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
index 720f122aed440..8e343d2447141 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
@@ -1214,7 +1214,7 @@ public function delete_item( $request ) {
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
 		$query_args = array();
-		if ( is_array( ! $prepared_args ) ) {
+		if ( ! is_array( $prepared_args ) ) {
 			$prepared_args = array();
 		}
 
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
index cc483edacf20f..99282e6d3e986 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -552,7 +552,7 @@ public function delete_item( $request ) {
 	 */
 	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
 		$query_args = array();
-		if ( is_array( ! $prepared_args ) ) {
+		if ( ! is_array( $prepared_args ) ) {
 			$prepared_args = array();
 		}