Opened 8 years ago
Last modified 4 years ago
#33196 new defect (bug)
ssh2_auth_pubkey_file() call can cause a fatal error because of non-existing key error in $this->options['password']
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Filesystem API | Keywords: | has-patch |
| Focuses: | Cc: |
Description
This happens when the input args do not include a password. I debugged this on my production website.
Attachments (2)
Change History (7)
#2
follow-up:
↓ 3
@
8 years ago
- Component changed from General to Filesystem API
- Focuses administration removed
- Milestone changed from Awaiting Review to Future Release
- Version 4.2.3 deleted
Can you post the exact fatal error which occurs in this situation?
Looking at the patch, it can probably be rewritten slightly to set $this->options['password'] before the empty-password no-keys error checks (Assuming that the $opt['password'] key is always set, and won't cause a notice in the current patch)
#3
in reply to:
↑ 2
;
follow-up:
↓ 4
@
8 years ago
Replying to dd32:
Can you post the exact fatal error which occurs in this situation?
In my local configuration, I got a "connection reset" error page in Firefox in all pages where WordPress was trying to update itself/plugins/themes. After manual debugging using set_error_handler, I got an error message about the non-existing 'password' key in the options array.
Looking at the patch, it can probably be rewritten slightly to set
$this->options['password']before the empty-password no-keys error checks (Assuming that the$opt['password']key is always set, and won't cause a notice in the current patch)
OK, I'll do that!
#4
in reply to:
↑ 3
;
follow-up:
↓ 5
@
8 years ago
Replying to ehsanakhgari:
Replying to dd32:
Can you post the exact fatal error which occurs in this situation?
In my local configuration, I got a "connection reset" error page in Firefox in all pages where WordPress was trying to update itself/plugins/themes. After manual debugging using set_error_handler, I got an error message about the non-existing 'password' key in the options array.
Can you check your PHP Error logs at all for the PHP errors? The notices/warnings about the password key aren't really interesting in this case :)
#5
in reply to:
↑ 4
@
8 years ago
Replying to dd32:
Replying to ehsanakhgari:
Replying to dd32:
Can you post the exact fatal error which occurs in this situation?
In my local configuration, I got a "connection reset" error page in Firefox in all pages where WordPress was trying to update itself/plugins/themes. After manual debugging using set_error_handler, I got an error message about the non-existing 'password' key in the options array.
Can you check your PHP Error logs at all for the PHP errors? The notices/warnings about the password key aren't really interesting in this case :)
Sorry for the dumb question, but where do I find the said error logs? It's been ages since I have done anything with PHP. :-) (I run an Ubuntu server.)
Patch