Opened 9 years ago
Last modified 13 months ago
#40552 new defect (bug)
Calling wp_parse_args() early, with $args as empty string, may cause fatal error
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Formatting | Keywords: | 2nd-opinion has-patch |
| Focuses: | Cc: |
Description
When running the unit test suite while working on #31245, I ran into an edge-case fatal error:
Fatal error: Uncaught Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487 Error: Call to undefined function wp_parse_str() in /srv/www/wordpress-develop/public_html/src/wp-includes/functions.php on line 3487
Anytime between functions.php being loaded and formatting.php being loaded, calling wp_parse_args() with an empty string as the first parameter will trigger it, and I was doing this in the wp_load_alloptions() stack with my test code.
It happens because wp_parse_args() calls wp_parse_str() when $args is an empty string, and because formatting.php is loaded well after functions.php, the above fatal happens.
It's not a bug in core today, but it could be a problem later.
In my research, one place of relatively high risk is register_setting(). You'd need to pass an empty string as the third parameter, and it would need to be early in the stack, but it calls wp_parse_args() and is in functions.php.
One potential solution is to move wp_parse_str() out of formatting.php and into functions.php, alongside it's other wp_parse_ siblings. Another would be to load formatting.php sooner.
Change History (2)
This ticket was mentioned in PR #7700 on WordPress/wordpress-develop by @geekofshire.
13 months ago
#2
- Keywords has-patch added; needs-patch removed
This PR addresses a potential fatal error in the wp_parse_args() function, which can occur if wp_parse_args() is called with an empty string as the first parameter before wp_parse_str() is defined. The issue arises because wp_parse_str(), which is required by wp_parse_args(), is located in formatting.php, which is loaded later in the WordPress load order than functions.php. This results in an undefined function fatal error when wp_parse_args() calls wp_parse_str() before formatting.php has been loaded.
Trac ticket: https://core.trac.wordpress.org/ticket/40552
I've found 28 places in core where
$args = ''is used as a parameter definition. It's theoretically possible calling those functions without any parameter variables and beforeformatting.phpis included could also trigger the above fatal error.