WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#33196 new defect (bug)

ssh2_auth_pubkey_file() call can cause a fatal error because of non-existing key error in $this->options['password']

Reported by: ehsanakhgari Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Filesystem API Keywords: has-patch
Focuses: Cc:
PR Number:

Description

This happens when the input args do not include a password. I debugged this on my production website.

Attachments (2)

x (751 bytes) - added by ehsanakhgari 4 years ago.
Patch
x.2 (1.0 KB) - added by ehsanakhgari 4 years ago.
Patch (v2)

Download all attachments as: .zip

Change History (7)

@ehsanakhgari
4 years ago

  • Attachment x added

Patch

#1 @ehsanakhgari
4 years ago

  • Focuses administration added
  • Keywords has-patch added

#2 follow-up: @dd32
4 years ago

  • Component changed from General to Filesystem API
  • Focuses administration removed
  • Milestone changed from Awaiting Review to Future Release
  • Version 4.2.3 deleted

Can you post the exact fatal error which occurs in this situation?

Looking at the patch, it can probably be rewritten slightly to set $this->options['password'] before the empty-password no-keys error checks (Assuming that the $opt['password'] key is always set, and won't cause a notice in the current patch)

#3 in reply to: ↑ 2 ; follow-up: @ehsanakhgari
4 years ago

Replying to dd32:

Can you post the exact fatal error which occurs in this situation?

In my local configuration, I got a "connection reset" error page in Firefox in all pages where WordPress was trying to update itself/plugins/themes. After manual debugging using set_error_handler, I got an error message about the non-existing 'password' key in the options array.

Looking at the patch, it can probably be rewritten slightly to set $this->options['password'] before the empty-password no-keys error checks (Assuming that the $opt['password'] key is always set, and won't cause a notice in the current patch)

OK, I'll do that!

@ehsanakhgari
4 years ago

Patch (v2)

#4 in reply to: ↑ 3 ; follow-up: @dd32
4 years ago

Replying to ehsanakhgari:

Replying to dd32:

Can you post the exact fatal error which occurs in this situation?

In my local configuration, I got a "connection reset" error page in Firefox in all pages where WordPress was trying to update itself/plugins/themes. After manual debugging using set_error_handler, I got an error message about the non-existing 'password' key in the options array.

Can you check your PHP Error logs at all for the PHP errors? The notices/warnings about the password key aren't really interesting in this case :)

#5 in reply to: ↑ 4 @ehsanakhgari
4 years ago

Replying to dd32:

Replying to ehsanakhgari:

Replying to dd32:

Can you post the exact fatal error which occurs in this situation?

In my local configuration, I got a "connection reset" error page in Firefox in all pages where WordPress was trying to update itself/plugins/themes. After manual debugging using set_error_handler, I got an error message about the non-existing 'password' key in the options array.

Can you check your PHP Error logs at all for the PHP errors? The notices/warnings about the password key aren't really interesting in this case :)

Sorry for the dumb question, but where do I find the said error logs? It's been ages since I have done anything with PHP. :-) (I run an Ubuntu server.)

Note: See TracTickets for help on using tickets.