search

10up / safe-svg

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
https://wordpress.org/plugins/safe-svg/
GNU General Public License v2.0
263 stars 31 forks source link

Fatal error in safe-svg/includes/blocks.php:51 when accessing the Wordpress Customizer #199

Closed cguidog closed 3 months ago

cguidog commented 4 months ago

Describe the bug

Wordpress returns a fatal error when trying to access the Customizer while having the SafeSVG plugin active.

Fatal error: Uncaught TypeError: array_merge(): Argument #1 must be of type array, null given in safe-svg/includes/blocks.php:51

Steps to Reproduce

  1. Make sure the SafeSVG plugin is active.
  2. Go to Appearance -> Customize.
  3. Wordpress return Fatal error (see issue description).
  4. Go to Plugins and deactivate SafeSVG plugin.
  5. Go to Appearance -> Customize.
  6. Customizer page loads and works as expected.

Screenshots, screen recording, code snippet

No response

Environment information

No response

WordPress information

`

wp-core

version: 6.5.3 site_language: en_US user_language: en_US timezone: America/New_York permalink: /blog/%postname%/ https_status: true multisite: false user_registration: 0 blog_public: 0 default_comment_status: undefined environment_type: local user_count: 1 dotorg_communication: true

wp-paths-sizes

wordpress_path: /Users/admin/Local Sites/my_website/app/public wordpress_size: 57.38 MB (60165411 bytes) uploads_path: /Users/admin/Local Sites/my_website/app/public/wp-content/uploads uploads_size: 7.98 MB (8368168 bytes) themes_path: /Users/admin/Local Sites/my_website/app/public/wp-content/themes themes_size: 151.79 MB (159160789 bytes) plugins_path: /Users/admin/Local Sites/my_website/app/public/wp-content/plugins plugins_size: 64.06 MB (67169499 bytes) database_size: 25.64 MB (26886144 bytes) total_size: 306.84 MB (321750011 bytes)

wp-active-theme

name: my_custom_theme (my_custom_theme) version: 1.2.0 author: my_custom_theme Data author_website: https://my_custom_theme.com parent_theme: Understrap (understrap) theme_features: core-block-patterns, widgets-block-editor, editor-color-palette, disable-custom-colors, automatic-feed-links, title-tag, menus, html5, post-thumbnails, customize-selective-refresh-widgets, post-formats, custom-background, custom-logo, responsive-embeds, editor-styles, align-wide, widgets, editor-style theme_path: /Users/admin/Local Sites/my_website/app/public/wp-content/themes/my_custom_theme auto_update: Disabled

wp-parent-theme

name: Understrap (understrap) version: 1.2.4 author: Howard Development & Consulting author_website: https://howarddc.com theme_path: /Users/admin/Local Sites/my_website/app/public/wp-content/themes/understrap auto_update: Disabled

wp-mu-plugins (1)

Local WP Live Link Helper: version: 2.0, author: Flywheel

wp-plugins-active (6)

Advanced Custom Fields PRO: version: 6.2.9, author: WP Engine, Auto-updates disabled Complianz | GDPR/CCPA Cookie Consent: version: 7.0.5, author: Really Simple Plugins, Auto-updates disabled my_custom_theme Migrate: version: 1.0, author: Your Name, Auto-updates disabled PublishPress Authors: version: 4.4.1, author: PublishPress, Auto-updates disabled Rank Math SEO with AI Best SEO Tools: version: 1.0.218, author: Rank Math, Auto-updates disabled Weglot Translate: version: 4.2.6, author: Weglot Translate team, Auto-updates disabled

wp-plugins-inactive (1)

Safe SVG: version: 2.2.4, author: 10up, Auto-updates disabled

wp-media

image_editor: WP_Image_Editor_Imagick imagick_module_version: 1808 imagemagick_version: ImageMagick 7.1.0-46 Q16 aarch64 5ef3d4d66:20220816 https://imagemagick.org imagick_version: 3.7.0 file_uploads: 1 post_max_size: 1000M upload_max_filesize: 300M max_effective_size: 300 MB max_file_uploads: 20 imagick_limits: imagick::RESOURCETYPE_AREA: 32 GB imagick::RESOURCETYPE_DISK: 9.2233720368548E+18 imagick::RESOURCETYPE_FILE: 7872 imagick::RESOURCETYPE_MAP: 32 GB imagick::RESOURCETYPE_MEMORY: 16 GB imagick::RESOURCETYPE_THREAD: 1 imagick::RESOURCETYPE_TIME: 9.2233720368548E+18 imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, ASHLAR, AVI, AVS, BAYER, BAYERA, BGR, BGRA, BGRO, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUBE, CUR, CUT, DATA, DCM, DCR, DCRAW, DCX, DDS, DFONT, DNG, DOT, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FARBFELD, FAX, FF, FILE, FITS, FL32, FLV, FRACTAL, FTP, FTS, FTXT, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, GV, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, JNG, JNX, JPE, JPEG, JPG, JPS, JSON, K25, KDC, KERNEL, LABEL, M2V, M4V, MAC, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, ORA, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PHM, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PS, PS2, PS3, PSB, PSD, PTIF, PWP, QOI, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGB565, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, STRIMG, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TM2, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMV, WPG, X3F, XBM, XC, XCF, XPM, XPS, XV, YAML, YCbCr, YCbCrA, YUV gd_version: bundled (2.1.0 compatible) gd_formats: GIF, JPEG, PNG, WebP, BMP ghostscript_version: 9.56.1

wp-server

server_architecture: Darwin 23.4.0 arm64 httpd_software: nginx/1.16.0 php_version: 8.1.23 64bit php_sapi: fpm-fcgi max_input_variables: 4000 time_limit: 1200 memory_limit: 256M max_input_time: 600 upload_max_filesize: 300M php_post_max_size: 1000M curl_version: 8.4.0 (SecureTransport) LibreSSL/3.3.6 suhosin: false imagick_availability: true pretty_permalinks: true htaccess_extra_rules: false current: 2024-05-10T13:06:37+00:00 utc-time: Friday, 10-May-24 13:06:37 UTC server-time: 2024-05-10T09:06:36-04:00

wp-database

extension: mysqli server_version: 8.0.16 client_version: mysqlnd 8.1.23 max_allowed_packet: 16777216 max_connections: 151

wp-constants

WP_HOME: undefined WP_SITEURL: undefined WP_CONTENT_DIR: /Users/admin/Local Sites/my_website/app/public/wp-content WP_PLUGIN_DIR: /Users/admin/Local Sites/my_website/app/public/wp-content/plugins WP_MEMORY_LIMIT: 40M WP_MAX_MEMORY_LIMIT: 256M WP_DEBUG: false WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: false SCRIPT_DEBUG: false WP_CACHE: false CONCATENATE_SCRIPTS: undefined COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_ENVIRONMENT_TYPE: local WP_DEVELOPMENT_MODE: undefined DB_CHARSET: utf8 DB_COLLATE: undefined

wp-filesystem

wordpress: writable wp-content: writable uploads: writable plugins: writable themes: writable mu-plugins: writable

publishpress-modules (11)

modules_settings: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/modules_settings] author_boxes: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/author_boxes] author_categories: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/author_categories] author_custom_fields: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/author_custom_fields] settings: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/settings] multiple_authors: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/multiple_authors] default_layouts: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/default_layouts] rest_api: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/rest_api] polylang_integration: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/polylang_integration] reviews: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/reviews] rank_math_seo_integration: on [/Users/admin/Local Sites/my_website/app/public/wp-content/plugins/publishpress-authors/src/modules//modules/rank_math_seo_integration]

`

Code of Conduct

kmgalanakis commented 3 months ago

Hello @cguidog

In the PHP file where the PHP fatal error is thrown, the plugin attempts to insert a new block category into the existing list of block categories. The WordPress hook (block_categories_all) that allows that is assuming that the filtered value (array of block categories) will always be an array.

For some reason, in your site, this value is eventually filtered to null, most probably because of some third-party plugin or theme. In #200 I'm attempting a fix for that by assuring that the filtered value will always be an array.

Thank you

dkotter commented 3 months ago

@cguidog Following on from the above ^ I also couldn't reproduce the problem though the PR we have up looks like it will fix things. If you have a second to test that PR and let us know if it addresses your issues, that would be great. Thanks!