Segfault in function admin_url when not using casting (string)

[dz0ny]

Hello,

there is unresolved bug with php 5.2.x(see ​http://bugs.php.net/bug.php?id=47522), which causes segfault in all distributions and with multiple frameworks(Zend, qubit-toolkit...), the solution so far is to cast return value as string.

Solution is:
in wp-includes/link-template.php

function admin_url( $path = '', $scheme = 'admin' ) {
	return (string)get_admin_url(null, $path, $scheme);
}

[nacin]

get_admin_url() should never return anything but a string that I know of. If it did, no WordPress objects have a toString() method and thus this bug does not apply.

I have edited out your phpinfo.php link. I would delete that file immediately.

[dz0ny]

Ok, but casting does solve the problem(php chrashing), when trying to access admin section of site, I can give you FTP access(shared hosting), an you could try it yourself. The wp 2.9.X works fine.

[hakre]

Replying to nacin:

get_admin_url() should never return anything but a string that I know of.

That's incorrect:

return apply_filters('admin_url', $url, $path, $blog_id);

The apply_filters() function does not have any specified return type. Since filters per se aren't properly documented, I think it's pretty valid to add a cast here in admin_url() so that at least admin_url() matches it's own specs.

That is obviously something usefull in PHP because PHP is not that strong typed. I'll add a patch and re-open.

My Milesonte suggestion is none but a simple and quick fix for such a easy to solve issue is preferable the commit right away.

[nacin]

dz0ny,

Can you intercept the return value of <span class="Apple-style-span" style="white-space: pre; ">get_admin_url() there and var_dump() it before it causes a fatal error? Then probably run a backtrace, var_dump( debug_backtrace() ).</span>

[nacin]

Looks like that got pasted in with some goofy browser formatting:

Can you intercept the return value of get_admin_url() there and var_dump() it before it causes a fatal error? Then probably run a backtrace, var_dump( debug_backtrace() ).

[hakre]

En contraire to the original fix-suggestion by the reporter, I ensured in the function above to return the right type by casting it in the patch.

Please let know if that solves the issue as well.

[nacin]

It's not the issue of casting it to a string as much as its *why* it's not a string. That usually screams bug.

[dz0ny]

@hakre, no patch doesn't work, I've even tried,

function get_admin_url( $blog_id = null, $path = '', $scheme = 'admin' ) {
	return "";
}

and it would still chrash the php process.

@nacin backlog before crash ​http://pastebin.org/250792
vardump of get_admin_url

string(61) "http://www.prirocnikporoka.si/wp-admin/css/colors-classic.css"
string(59) "http://www.prirocnikporoka.si/wp-admin/css/colors-fresh.css"

I can't give you the backlog after chrash, becouse even loading the page without casting chrashes the php process.

I think the problem lies somewhere in PHP stack, as php developer puts it

Analysis: 
When convert_to_string in function() is called to convert object to string,
function::__toString is called and on the course of the execution the
variable stack is reallocated. However haystack variable still points to the
old stack location, which means any access to it will produce the UMR.

[dz0ny]

Or maybe even with eAccelerator ​http://eaccelerator.net/ticket/307, as said I can't do real debuging because of shared hosting.

[dz0ny]

Proper patch

[hakre]

Can you still reproduce the crash on current trunk?