Various bots and crawlers are producing entries like the following in wp-05:/var/log/php8.2-fpm.log:
[15-Sep-2023 15:02:17] WARNING: [pool www] child 2355747 said into stderr:
PHP Fatal error: Uncaught TypeError: str_contains(): Argument #1 ($haystack) must be of type string, array given
in /srv/wordpress/sites/api_jquery_com/wp-login.php:1365
Stack trace:
#0 /srv/wordpress/sites/api_jquery_com/wp-login.php(1365): str_contains()
#1 {main}
thrown in /srv/wordpress/sites/api_jquery_com/wp-login.php on line 1365
Seems to be an upstream issue where a $_GET or $_REQUEST key is checked for existence but not for type, thus prone to misuse when crafting query parameters in the array-form that PHP supports.
Various bots and crawlers are producing entries like the following in wp-05:/var/log/php8.2-fpm.log:
Seems to be an upstream issue where a
$_GET
or$_REQUEST
key is checked for existence but not for type, thus prone to misuse when crafting query parameters in the array-form that PHP supports.https://github.com/WordPress/wordpress-develop/blob/6.3.1/src/wp-login.php#L1267-L1365