WordPress.org

Make WordPress Core

Opened 22 months ago

Closed 21 months ago

Last modified 20 months ago

#45235 closed defect (bug) (fixed)

REST API: Setting _locale can cause fatal errors

Reported by: pento Owned by: danielbachhuber
Milestone: 5.0 Priority: high
Severity: major Version: 5.0
Component: I18N Keywords:
Focuses: rest-api Cc:

Description

determine_locale() calls is_user_logged_in() when the _locale parameter is set in a REST API request.

However, is_user_logged_in() is a pluggable function, which loads after plugins do, so if any plugins call __() as soon as they're loaded, it will cause a fatal error.

Related: #44758, [43776].

Attachments (2)

45235.1.diff (583 bytes) - added by danielbachhuber 22 months ago.
Check function_exists( 'is_user_logged_in' ) in case called before pluggable functions are loaded
45235.2.diff (518 bytes) - added by danielbachhuber 22 months ago.
Avoid calling is_user_logged_in() entirely, as get_user_locale() handles the scenario

Download all attachments as: .zip

Change History (11)

#1 @matt
22 months ago

This plugin with 200k active sites triggers this bug: https://wordpress.org/plugins/ga-google-analytics/

(I ran into it on ma.tt today.)

#3 @danielbachhuber
22 months ago

#45227 was marked as a duplicate.

@danielbachhuber
22 months ago

Check function_exists( 'is_user_logged_in' ) in case called before pluggable functions are loaded

@danielbachhuber
22 months ago

Avoid calling is_user_logged_in() entirely, as get_user_locale() handles the scenario

#4 @danielbachhuber
22 months ago

  • Owner set to danielbachhuber
  • Resolution set to fixed
  • Status changed from new to closed

In 43846:

l10n: Avoid calling is_user_logged_in() in determine_locale().

is_user_logged_in() is a pluggable function, and loaded after plugins are loaded. If a plugin calls __() too early, is_user_logged_in() is missing and WordPress will fatal. get_user_locale() already handles this scenario for us, so it's safe to rely on exclusively.

See #44758.
Fixes #45235.

#5 @pento
22 months ago

I've rebuilt the 5.0 nightly to include this fix, anyone using the Beta Tester plugin to test 5.0 can just click the update button. 🙂

#6 @SergeyBiryukov
21 months ago

  • Keywords fixed-5.0 added; needs-patch removed
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening for trunk.

#7 @danielbachhuber
21 months ago

@SergeyBiryukov FYI - the original ticket is still open, so I was planning to use that as the point of reference for backporting. We can keep this open too though, no worries.

#8 @SergeyBiryukov
21 months ago

  • Keywords fixed-5.0 removed
  • Resolution set to fixed
  • Status changed from reopened to closed

Ah, I missed that #44758 is still open.

Last edited 21 months ago by SergeyBiryukov (previous) (diff)

#9 @atimmer
20 months ago

In 44181:

l10n: Avoid calling is_user_logged_in() in determine_locale().

is_user_logged_in() is a pluggable function, and loaded after plugins are loaded. If a plugin calls () too early, is_user_logged_in() is missing and WordPress will fatal. get_user_locale() already handles this scenario for us, so it's safe to rely on exclusively.

Props danielbachhuber.
Merges [43846] to trunk.
See #44758.
Fixes #45235.

Note: See TracTickets for help on using tickets.