WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 2 years ago

#21966 closed defect (bug) (fixed)

WordPress Bug - PHP Warning Message "Unable to parse URL"

Reported by: onetarek Owned by: ryan
Milestone: 3.5 Priority: normal
Severity: minor Version: 3.4.2
Component: Warnings/Notices Keywords: has-patch dev-feedback
Focuses: Cc:

Description

Today I was viewing the error_log. I found thousands thousands warning message like following.

[20-Sep-2012 09:33:46] PHP Warning: parse_url(:blogsearch.google.ae/ping/RPC2) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in /home/...../public_html/wp-includes/class-http.php on line 120

I found the issue. We have a list of blog directory to ping in this page http://example.com/wp-admin/options-writing.php

rpc.pingomatic.com
api.feedster.com/ping
http://api.moreover.com/ping
........and more......

Some of those are not started with http://
When a post is published/updated, WP pings those urls and the warning message is occurred. Any one can test this problem by adding urls with out http:// in your ping list.
When I added this missing http:// to all urls the problem was solved.
I opened the core file wp-includes/class-http.php on line 120
There is a function parse_url($url).
This function returns the warning message.

Wordpress should check if the $url contains http:// or not, before parsing.

Attachments (2)

21966.patch (991 bytes) - added by SergeyBiryukov 3 years ago.
21966.2.patch (843 bytes) - added by SergeyBiryukov 3 years ago.

Download all attachments as: .zip

Change History (18)

comment:1 follow-ups: @scribu3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

No, the correct course of action is for you to add the missing http://. A URL without a scheme is not a valid URL: http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

comment:2 follow-up: @scribu3 years ago

  • Keywords reporter-feedback added; needs-testing dev-feedback removed

Actually, I don't even see the field you mention in wp-admin/options-writing.php. Are you sure you're using WP 3.4.2?

comment:3 @scribu3 years ago

  • Component changed from HTTP to Administration
  • Keywords needs-patch added; reporter-feedback removed
  • Milestone set to Awaiting Review
  • Severity changed from major to minor

Nevermind, it's disabled on MultiSite.

We should validate the entered URLs before they're saved to the database. Currently, I can insert whatever I want in there.

comment:4 in reply to: ↑ 2 @onetarek3 years ago

Replying to scribu:

Actually, I don't even see the field you mention in wp-admin/options-writing.php. Are you sure you're using WP 3.4.2?

Screenshot of my /wp-admin/options-writing.php
http://productsummary.net/wp-content/uploads/2012/09/wp-writting-options.jpg

comment:5 in reply to: ↑ 1 @onetarek3 years ago

Replying to scribu:

No, the correct course of action is for you to add the missing http://. A URL without a scheme is not a valid URL: http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

Yes I know, But human can mistake and system should check before use.

comment:6 in reply to: ↑ 1 @Asif2BD3 years ago

  • Cc asif2bd@… added
  • Component changed from Administration to Warnings/Notices
  • Resolution wontfix deleted
  • Severity changed from minor to normal
  • Status changed from closed to reopened

You are correct. But as said by reporter, its possible to make mistake. But we should not let system save it without checking and keep making error with each update. Need to look into this matter. I am also getting GBs of error log mostly filled with this.

Replying to scribu:

No, the correct course of action is for you to add the missing http://. A URL without a scheme is not a valid URL: http://en.wikipedia.org/wiki/URI_scheme#Generic_syntax

comment:7 @scribu3 years ago

Hm... I had meant to reopen when I switched the milestone back. So yeah, needs patch.

@SergeyBiryukov3 years ago

comment:8 follow-up: @SergeyBiryukov3 years ago

  • Keywords has-patch added; needs-patch removed

comment:9 @scribu3 years ago

  • Milestone changed from Awaiting Review to 3.5
  • Severity changed from normal to minor

comment:10 in reply to: ↑ 8 @onetarek3 years ago

  • Keywords dev-feedback added
  • Severity changed from minor to normal

Replying to SergeyBiryukov:
I tested the patch.
It does not solve the problem. I am still getting that warning message.
I just edited wp-includes/formatting.php file with following codes from the patch file.

case 'ping_sites':
	$value = strip_tags( $value );
	$value = wp_kses_data( $value );
        	$ping_sites = array();
		$services = explode( "\n", $value );
		foreach ( (array) $services as $service ) {
			$service = esc_url_raw( trim( $service ) );
			if ( '' != $service )
			$ping_sites[] = $service;
			}
	$value = implode( "\n", $ping_sites );
	break;

I tested with wp 3.4.2

comment:11 @scribu3 years ago

Please set the severity back to minor. Getting a notice message isn't a big deal!

As for your testing, you need to go to wp-admin/options-writing and re-save the settings.

comment:12 @scribu3 years ago

Also, you probably forgot to remove the previous instance of case 'ping_sites':.

comment:13 @onetarek3 years ago

  • Severity changed from normal to minor

comment:14 follow-up: @scribu3 years ago

Sergey, I don't think running the previous filtering code adds any protection:

$value = strip_tags( $value ); 
$value = wp_kses_data( $value );

since it's then chopped up and ran through esc_url_raw() anyway.

@SergeyBiryukov3 years ago

comment:15 in reply to: ↑ 14 @SergeyBiryukov3 years ago

Replying to scribu:

Sergey, I don't think running the previous filtering code adds any protection

Agreed. 21966.2.patch is the simplified patch.

comment:16 @ryan2 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from reopened to closed

In [22255]:

Pass each url in ping_sites through esc_url_raw() upin save. This ensures the urls have a valid protocol and avoids "Unable to parse URL" warning in WP_Http. Props SergeyBiryukov. fixes #21966

Note: See TracTickets for help on using tickets.