search

jquery / infrastructure-puppet

Puppet configuration for jQuery Infrastructure servers.
MIT License
7 stars 9 forks source link

TypeError: str_contains() argument must be of type string, array given in wp-login.php #34

Open Krinkle opened 1 year ago

Krinkle commented 1 year ago

Various bots and crawlers are producing entries like the following in wp-05:/var/log/php8.2-fpm.log:

[15-Sep-2023 15:02:17] WARNING: [pool www] child 2355747 said into stderr:
  PHP Fatal error:  Uncaught TypeError: str_contains(): Argument #1 ($haystack) must be of type string, array given
  in /srv/wordpress/sites/api_jquery_com/wp-login.php:1365
  Stack trace:
  #0 /srv/wordpress/sites/api_jquery_com/wp-login.php(1365): str_contains()
  #1 {main}
  thrown in /srv/wordpress/sites/api_jquery_com/wp-login.php on line 1365

Seems to be an upstream issue where a $_GET or $_REQUEST key is checked for existence but not for type, thus prone to misuse when crafting query parameters in the array-form that PHP supports.

https://github.com/WordPress/wordpress-develop/blob/6.3.1/src/wp-login.php#L1267-L1365

Krinkle commented 1 year ago

Filed upstream ticket at https://core.trac.wordpress.org/ticket/59373

Krinkle commented 3 months ago

Upstream has merged my patch at https://github.com/WordPress/wordpress-develop/pull/5227. I guess it will become part of WordPress 6.6.