Opened 6 years ago
Closed 6 years ago
#44832 closed defect (bug) (fixed)
Lack of null check in wp-embed.js causes uncaught error to be thrown under certain circumstances.
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.9.9 | Priority: | normal |
| Severity: | minor | Version: | 4.4 |
| Component: | Embeds | Keywords: | good-first-bug has-patch needs-testing |
| Focuses: | javascript | Cc: |
Description
The file and lines in question can be seen here: https://github.com/WordPress/WordPress/blob/5bbb3b38d96eb0aac29d3b368d541039a3b1fbb8/wp-includes/js/wp-embed.js#L31-L33
The issue specifically is that currently the script assumes there will always be a data parameter on message. This is not true in the case of Google ReCAPTCHA (and I assume many other 3rd party scripts).
In these cases, data is null and when attempting to access properties on null, an error is thrown.
This all can be fixed by changing the if statement from what it is currently to:
if ( data && ! ( data.secret || data.message || data.value ) ) {
return;
}
Attachments (2)
Change History (17)
#1
follow-up:
↓ 12
@
6 years ago
- Keywords needs-patch good-first-bug added
- Milestone changed from Awaiting Review to Future Release
- Severity changed from normal to minor
- Version changed from trunk to 4.4
#3
@
6 years ago
- Milestone changed from Future Release to 4.9.9
Just stumbled upon this while setting up reCAPTCHA. Moving to 4.9.9 for visibility.
#6
@
6 years ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 43593:
#7
@
6 years ago
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened
Reopening for 4.9.9 consideration.
Good catch! Although your proposed change wouldn't actually return early when
datais null.It would be more something like
if ( ! data || ! ( data.secret || data.message || data.value ) ) { return; }