Only allow custom meta of types string, number and boolean

lib/fields/class-wp-rest-meta-fields.php

@@ -286,6 +286,12 @@ protected function get_registered_fields() {
 					continue;
 				}
 
+				// Whitelist the supported types for types, as we don't want invalid types
+				// to be updated with arbitrary values that we can't do decent sanitizing for.
+				if ( ! in_array( $args['type'], array( 'number', 'string', 'boolean' ), true ) ) {
+					continue;
+				}
+
 				if ( $rest_args['single'] ) {
 					$rest_args['schema']['type'] = $args['type'];
 				} else {
@@ -294,6 +300,10 @@ protected function get_registered_fields() {
 						'type' => $args['type'],
 					);
 				}
+			} else {
+				if ( ! in_array( $rest_args['schema']['type'], array( 'number', 'string', 'boolean' ), true ) ) {
+					continue;
+				}
 			}
 
 			$registered[ $rest_args['name'] ] = $rest_args;

tests/test-rest-post-meta-fields.php

@@ -43,9 +43,17 @@ public function setUp() {
 		));
 		register_meta( 'post', 'test_invalid_type', array(
 			'single' => true,
-			'type' => false,
+			'type' => 'mycomplexobject',
 			'show_in_rest' => true,
 		));
+		register_meta( 'post', 'test_invalid_type_in_schema', array(
+			'single' => true,
+			'show_in_rest' => array(
+				'schema' => array(
+					'type' => 'mycomplexobject',
+				),
+			),
+		));
 
 		/** @var WP_REST_Server $wp_rest_server */
 		global $wp_rest_server;
@@ -607,6 +615,7 @@ public function test_get_schema() {
 		$this->assertArrayNotHasKey( 'test_no_rest', $meta_schema );
 		$this->assertArrayNotHasKey( 'test_rest_disabled', $meta_schema );
 		$this->assertArrayNotHasKey( 'test_invalid_type', $meta_schema );
+		$this->assertArrayNotHasKey( 'test_invalid_type_in_schema', $meta_schema );
 	}
 
 	/**