Closed Hr0bar closed 2 years ago
Based on the path in the log does not look like the latest master. However I did not find any evident cause in current code, is this replicable?
Its the latest release version 3.12.0
It was triggered by this request apparently by the logs:
"POST /?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=passthru&name%5B%23type%5D=markup&name%5B%23markup%5D=dir HTTP/1.1" 200
I could not replicate it. Its the only request from that IP, and its from an unusual location, could have been a bot/exploit scanner or something, so high chance for unusual requests
ok, I see.
Here there's a custom GET query var with the same name (name
) of an inbuilt query var used internally to query posts.
Several keys are defined in the custom query var, hence the resulting name
query var is an associative array looking like:
array(3) { ["#post_render"]=> array(1) { [0]=> string(8) "passthru" } ["#type"]=> string(6) "markup" ["#markup"]=> string(3) "dir" }
instead of the expected string, causing the php error.
QTX side is fixed with #1200, though it's a weird case, but note that you would still get a fatal error later upstream in WP, as some keys in the query vars array are not tested properly to cover this.
Fatal error: Uncaught TypeError: trim(): Argument #1 ($string) must be of type string, array given in wp-includes\class-wp-query.php:803
Hi, this is the first time we have seen this in the error log, not sure what caused it, but may be useful for you:
PHP Warning: urldecode() expects parameter 1 to be string, array given in /opt/bitnami/wordpress/wp-content/plugins/qtranslate-xt/modules/slugs/src/slugs-class-slugs.php on line 976'