Make WordPress Core

Changeset 51107


Ignore:
Timestamp:
06/08/2021 07:34:28 PM (4 years ago)
Author:
jorbin
Message:

Widgets: Prevent infinite loop in PHP8+ if the URL for the widget instance is incorrectly defined

This checks to make sure $link isn't empty before attempting to manipulate it. A simple test to demonstrate this can be seen at https://3v4l.org/PgSZg. Unit tests for both what already works and what is fixed by this change.

Props hellofromTonya, dd32, peterwilsoncc.
Fixes #53278.

Location:
trunk/src/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/widgets.php

    r51065 r51107  
    15661566    foreach ( $rss->get_items( 0, $items ) as $item ) {
    15671567        $link = $item->get_link();
    1568         while ( stristr( $link, 'http' ) !== $link ) {
     1568        while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) {
    15691569            $link = substr( $link, 1 );
    15701570        }
  • trunk/src/wp-includes/widgets/class-wp-widget-rss.php

    r51007 r51107  
    5151
    5252        $url = ! empty( $instance['url'] ) ? $instance['url'] : '';
    53         while ( stristr( $url, 'http' ) !== $url ) {
     53        while ( ! empty( $url ) && stristr( $url, 'http' ) !== $url ) {
    5454            $url = substr( $url, 1 );
    5555        }
     
    7575            }
    7676            $link = strip_tags( $rss->get_permalink() );
    77             while ( stristr( $link, 'http' ) !== $link ) {
     77            while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) {
    7878                $link = substr( $link, 1 );
    7979            }
Note: See TracChangeset for help on using the changeset viewer.