fixes

Author: jorgefilipecosta

src/wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-list-controller.php

@@ -215,6 +215,14 @@ private function normalize_schema_empty_object_defaults( array $schema ): array
 		return $schema;
 	}
 
+	/**
+	 * WordPress-internal schema keywords to strip from REST responses.
+	 *
+	 * @since 6.9.0
+	 * @var array<int, string>
+	 */
+	private const INTERNAL_SCHEMA_KEYWORDS = array( 'sanitize_callback', 'validate_callback', 'arg_options' );
+
 	/**
 	 * Recursively removes WordPress-internal keywords from a schema.
 	 *
@@ -228,13 +236,14 @@ private function normalize_schema_empty_object_defaults( array $schema ): array
 	 * @param array<string, mixed> $schema The schema array.
 	 * @return array<string, mixed> The schema without WordPress-internal keywords.
 	 */
-	private const INTERNAL_SCHEMA_KEYWORDS = array( 'sanitize_callback', 'validate_callback', 'arg_options' );
-
 	private function strip_internal_schema_keywords( array $schema ): array {
 		$schema = array_diff_key( $schema, array_flip( self::INTERNAL_SCHEMA_KEYWORDS ) );
 
 		// Sub-schema maps: keys are user-defined, values are sub-schemas.
-		foreach ( array( 'properties', 'patternProperties', 'definitions' ) as $keyword ) {
+		// Note: 'dependencies' values can also be property-dependency arrays
+		// (numeric arrays of strings), which is_array() will pass through
+		// harmlessly since array_diff_key won't match any denylist keys.
+		foreach ( array( 'properties', 'patternProperties', 'definitions', 'dependencies' ) as $keyword ) {
 			if ( isset( $schema[ $keyword ] ) && is_array( $schema[ $keyword ] ) ) {
 				foreach ( $schema[ $keyword ] as $key => $child_schema ) {
 					if ( is_array( $child_schema ) ) {

tests/phpunit/tests/rest-api/wpRestAbilitiesV1ListController.php

@@ -849,7 +849,7 @@ public function test_internal_schema_keywords_stripped_from_nested_sub_schemas()
 			'test/nested-internal-keywords',
 			array(
 				'label'               => 'Test Nested Keywords',
-				'description'         => 'Tests stripping from items, anyOf, and additionalProperties',
+				'description'         => 'Tests stripping from all sub-schema locations',
 				'category'            => 'general',
 				'input_schema'        => array(
 					'type'  => 'object',
@@ -869,6 +869,41 @@ public function test_internal_schema_keywords_stripped_from_nested_sub_schemas()
 							'arg_options' => array( 'sanitize_callback' => 'absint' ),
 						),
 					),
+					'oneOf' => array(
+						array(
+							'type'              => 'string',
+							'sanitize_callback' => 'sanitize_text_field',
+						),
+					),
+					'allOf' => array(
+						array(
+							'type'              => 'object',
+							'validate_callback' => 'rest_validate_request_arg',
+						),
+					),
+					'not' => array(
+						'type'        => 'null',
+						'arg_options' => array( 'sanitize_callback' => 'absint' ),
+					),
+					'patternProperties' => array(
+						'^S_' => array(
+							'type'              => 'string',
+							'sanitize_callback' => 'sanitize_text_field',
+						),
+					),
+					'dependencies' => array(
+						'bar' => array(
+							'type'              => 'object',
+							'validate_callback' => 'rest_validate_request_arg',
+							'properties'        => array(
+								'baz' => array(
+									'type'              => 'string',
+									'sanitize_callback' => 'sanitize_text_field',
+								),
+							),
+						),
+						'qux' => array( 'bar' ),
+					),
 					'additionalProperties' => array(
 						'type'              => 'string',
 						'sanitize_callback' => 'sanitize_text_field',
@@ -905,6 +940,35 @@ public function test_internal_schema_keywords_stripped_from_nested_sub_schemas()
 		$this->assertArrayNotHasKey( 'arg_options', $data['input_schema']['anyOf'][1] );
 		$this->assertSame( 'number', $data['input_schema']['anyOf'][1]['type'] );
 
+		// Verify internal keywords are stripped from oneOf sub-schemas.
+		$this->assertArrayHasKey( 'oneOf', $data['input_schema'] );
+		$this->assertArrayNotHasKey( 'sanitize_callback', $data['input_schema']['oneOf'][0] );
+		$this->assertSame( 'string', $data['input_schema']['oneOf'][0]['type'] );
+
+		// Verify internal keywords are stripped from allOf sub-schemas.
+		$this->assertArrayHasKey( 'allOf', $data['input_schema'] );
+		$this->assertArrayNotHasKey( 'validate_callback', $data['input_schema']['allOf'][0] );
+		$this->assertSame( 'object', $data['input_schema']['allOf'][0]['type'] );
+
+		// Verify internal keywords are stripped from not sub-schema.
+		$this->assertArrayHasKey( 'not', $data['input_schema'] );
+		$this->assertArrayNotHasKey( 'arg_options', $data['input_schema']['not'] );
+		$this->assertSame( 'null', $data['input_schema']['not']['type'] );
+
+		// Verify internal keywords are stripped from patternProperties sub-schemas.
+		$this->assertArrayHasKey( 'patternProperties', $data['input_schema'] );
+		$this->assertArrayNotHasKey( 'sanitize_callback', $data['input_schema']['patternProperties']['^S_'] );
+		$this->assertSame( 'string', $data['input_schema']['patternProperties']['^S_']['type'] );
+
+		// Verify internal keywords are stripped from dependencies schema values.
+		$this->assertArrayHasKey( 'dependencies', $data['input_schema'] );
+		$this->assertArrayNotHasKey( 'validate_callback', $data['input_schema']['dependencies']['bar'] );
+		$this->assertSame( 'object', $data['input_schema']['dependencies']['bar']['type'] );
+		$this->assertArrayNotHasKey( 'sanitize_callback', $data['input_schema']['dependencies']['bar']['properties']['baz'] );
+		$this->assertSame( 'string', $data['input_schema']['dependencies']['bar']['properties']['baz']['type'] );
+		// Property dependencies (numeric arrays) should pass through unchanged.
+		$this->assertSame( array( 'bar' ), $data['input_schema']['dependencies']['qux'] );
+
 		// Verify internal keywords are stripped from additionalProperties sub-schema.
 		$this->assertArrayHasKey( 'additionalProperties', $data['input_schema'] );
 		$this->assertArrayNotHasKey( 'sanitize_callback', $data['input_schema']['additionalProperties'] );