search

tokkonopapa / WordPress-IP-Geo-Block

A WordPress plugin that will blocks any comment, pingback and trackback spams posted from outside your nation. And it will also protect against malicious access to the login form, admin area and XML-RPC from undesired countries.
http://www.ipgeoblock.com/
29 stars 14 forks source link

PHP 7 compatibility Version 2.2.9 #11

Closed ddur closed 7 years ago

ddur commented 7 years ago

https://wordpress.org/plugins/php-compatibility-checker/

FILE: /wp-content/plugins/ip-geo-block/wp-content/ip-geo-api/ip2location/bcmath.php

FOUND 2 ERRORS AFFECTING 2 LINES

156 | ERROR | Using 'break' outside of a loop or switch structure is invalid and will throw a fatal error since PHP 7.0 157 | ERROR | Using 'break' outside of a loop or switch structure is invalid and will throw a fatal error since PHP 7.0

FILE: /wp-content/plugins/ip-geo-block/classes/class-ip-geo-block-logs.php

FOUND 2 ERRORS AFFECTING 2 LINES

344 | ERROR | Global variable '$HTTP_RAW_POST_DATA' is deprecated since PHP 5.6 and removed since PHP 7.0 - use php://input instead. 348 | ERROR | Global variable '$HTTP_RAW_POST_DATA' is deprecated since PHP 5.6 and removed since PHP 7.0 - use php://input instead.

ddur commented 7 years ago

Actually, first one (above) is false positive. Anyway, I would replace

  // remove zeroes from beginning of numbers
  for($i=0;$i<strlen($Num1);$i++) if(@$Num1{$i}!='0') {$Num1=substr($Num1,$i);break;}
  for($i=0;$i<strlen($Num2);$i++) if(@$Num2{$i}!='0') {$Num2=substr($Num2,$i);break;}

with

  // check if they're both non-zero
  if(preg_match("/^0+$/",$Num1)||preg_match("/^0+$/",$Num2)) return (0);

  // remove zeroes from beginning of numbers
  $Num1=preg_replace("/^0+/",'',$Num1);
  $Num2=preg_replace("/^0+/",'',$Num2);
tokkonopapa commented 7 years ago

Hi @ddur , thank you for your proposal.

Well for the first one, how about this:

// remove zeroes from beginning of numbers
$Num1=preg_replace("/^0+/",'',$Num1);
$Num2=preg_replace("/^0+/",'',$Num2);

// check if they're both non-zero
if (empty($Num1) || empty($Num2)) return 0;

And about the second one, $HTTP_RAW_POST_DATA is assigned as a global variable in xmlrpc.php. This is a kind of fallback for compatibility.

// A bug in PHP < 5.2.2 makes $HTTP_RAW_POST_DATA not set by default,
// but we can do it ourself.
if ( !isset( $HTTP_RAW_POST_DATA ) ) {
    $HTTP_RAW_POST_DATA = file_get_contents( 'php://input' );
}

So I think we can safely use its value when the request comes to xmlrpc.php.

Anyway, I'll keep this issue until I finish to improve those in the next release. Thanks.

ddur commented 7 years ago

I see, php-compatibility-checker is not very reliable. Just string matching. But is only one I found. Unfortunately, most of WordPress users will never go deep into the code to check for "false positives". Your plugin will be marked as php7 incompatible, except for few "enlightened" ones. :)

tokkonopapa commented 7 years ago

Hi @ddur,

I'll take care of this issue to make you feel at ease.

tokkonopapa commented 7 years ago

Fixed in 13ec764