search

bobbingwide / oik-bwtrace

debug trace for WordPress
https://www.oik-plugins.com/oik-plugins/oik-bwtrace-debug-trace-for-wordpress/
GNU General Public License v2.0
6 stars 1 forks source link

Notice after attempting to upload invalid .png file #115

Open bobbingwide opened 1 year ago

bobbingwide commented 1 year ago

While trying to understand why I was not allowed to update a .png file I attempted the upload on s.b/oikcom I got the same message as before "Sorry, you are not allowed to upload this file type" and also got this notice

Notice: Object of class WP_Error could not be converted to int in /home/customer/www/cwiccer.com/public_html/wp-content/plugins/oik-bwtrace/includes/bwtrace.php on line 275

image

The problem with the .png file wasn't that I was not allowed to update a .png file. It's just the the file wasn't actually a .png file. It was a 404 message that had been saved as a .png file by mistake.

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at plugins.svn.wordpress.org Port 80</address>
</body></html>
bobbingwide commented 2 months ago

Reproduced today in dev.s.b/cwiccer with lots of Notices. During problem determination I found that it was $GLOBALS['id'] which was not a post ID. This is a follow on to https://github.com/bobbingwide/oik-bwtrace/issues/39 which I'd already attempted to fix in 2016.

I assume PHP was less pernickety with the post ID comparison test in those days.

if ( $id <> $post_id ) {
bobbingwide commented 2 months ago

The WordPress error in the global $id variable is the "Sorry you are not allowed to upload this file type" message.

The action hooks which cause the ID to become set to this error are between "admin_init" and "shutdown"

[hook admin_init action 0 1 43]
[hook admin_bar_init action 0 1 0]
[hook add_admin_bar_menus action 0 1 0]
[hook current_screen action 1 1 11]
[hook load-async-upload.php action 0 1 0]
[hook check_admin_referer action 2 1 0]
[hook wp_error_added action 4 1 0]
[hook is_wp_error_instance action 1 1 0]
[hook wp_admin_notice action 2 1 0]
[hook shutdown action 0 1 11]
bobbingwide commented 2 months ago

The message is produced in _wp_handle_upload()

if ( ( ! $type || ! $ext ) && ! current_user_can( 'unfiltered_upload' ) ) {
            return call_user_func_array( $upload_error_handler, array( &$file, __( 'Sorry H , you are not allowed to upload this file type.' ) ) );
        }
bobbingwide commented 2 months ago

The global variable $id is set in line 114 of wp-admin\async-upload.php

$id = media_handle_upload( 'async-upload', $post_id );

async-upload checks if $id is a WordPress error. When it is, it produces the admin notice and exits. It's during shutdown processing that the oik-bwtrace code was seeing this unexpected value in $id. It had been written to cater for the other use of the global $id in class-wp-query.php.

The fix is to update bw_get_post_id() to check that the $GLOBALS['post'] and $GLOBALS['id'] variables are not WP Errors.
If they are we treat the IDs as 0.