Opened 7 years ago
Last modified 3 years ago
#40552 new defect (bug)
Calling wp_parse_args() early, with $args as empty string, may cause fatal error
Reported by: | johnjamesjacoby | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | 2nd-opinion needs-patch |
Focuses: | Cc: |
Description
When running the unit test suite while working on #31245, I ran into an edge-case fatal error:
Fatal error: Uncaught Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487 Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487
Anytime between functions.php
being loaded and formatting.php
being loaded, calling wp_parse_args()
with an empty string as the first parameter will trigger it, and I was doing this in the wp_load_alloptions()
stack with my test code.
It happens because wp_parse_args()
calls wp_parse_str()
when $args
is an empty string, and because formatting.php
is loaded well after functions.php
, the above fatal happens.
It's not a bug in core today, but it could be a problem later.
In my research, one place of relatively high risk is register_setting()
. You'd need to pass an empty string as the third parameter, and it would need to be early in the stack, but it calls wp_parse_args()
and is in functions.php
.
One potential solution is to move wp_parse_str()
out of formatting.php
and into functions.php
, alongside it's other wp_parse_
siblings. Another would be to load formatting.php
sooner.
I've found 28 places in core where
$args = ''
is used as a parameter definition. It's theoretically possible calling those functions without any parameter variables and beforeformatting.php
is included could also trigger the above fatal error.