Make WordPress Core

Opened 5 years ago

Last modified 3 days ago

#47733 reviewing defect (bug)

Undefined index HTTP_HOST in wp-includes/ms-settings.php on line 57

Reported by: jochent's profile JochenT Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: Future Release Priority: normal
Severity: minor Version: 5.2.2
Component: Bootstrap/Load Keywords: has-patch dev-feedback
Focuses: multisite Cc:

Description

We get requests on our server of the form

175.143.12.??? - - [30/Jun/2019:10:22:45 +0200] "GET / HTTP/1.0" 500 73873 "-" "-" (dinse.eu)

This request uses HTTP/1.0 and results in a status code 500. The related entry in the PHP error log is

	[30-Jun-2019 08:22:45 UTC] PHP Notice:  Undefined index: HTTP_HOST in /usr/www/xxxx/wp-includes/ms-settings.php on line 57
  1. In ms-settings.php on line 57 it is not checked if
    $_SERVER['HTTP_HOST']
    
    is set.
  2. Also I've found that in the case of this specific request
    $_SERVER['SERVER_NAME']
    
    is defined and not empty and can be used as a replacement.

My suggestion is to first check if

$_SERVER['HTTP_HOST']

is set else check if

$_SERVER['SERVER_NAME']

is set and if both are not set to implement a graceful error handling.

This may be related to #34353.

WP 5.2.2
PHP 5.6.40
Server: Apache/2.4.25 (Debian)
WP_DEBUG = true

Attachments (1)

47733.diff (1.4 KB) - added by Mte90 2 years ago.
adding patch also here so I can find the ticket inside trac as contributor

Download all attachments as: .zip

Change History (11)

#1 @JochenT
5 years ago

Further info:
Apache sets HTTP_HOST to the correspondending value in the header of a HTTP request. As mentioned in the doc for the UseCanonicalName Directive ancient clients may do not provide a 'Host:...' header.

In such cases SERVER_NAME may be used to construct self-referential URLs. The question is if it still makes sense to support these ancient clients.

Nevertheless, in case HTTP_HOST is missing a convenient error handling should be added.

This ticket was mentioned in PR #195 on WordPress/wordpress-develop by Mte90.


4 years ago
#2

Trac ticket: https://core.trac.wordpress.org/ticket/47733

A simple patch just to test also the new GitHub environment for contribution :-)

#3 @Mte90
4 years ago

  • Keywords has-patch dev-feedback added; needs-patch removed

Patch refreshed :-)

#4 @SergeyBiryukov
4 years ago

  • Milestone changed from Awaiting Review to 5.6
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#5 @helen
3 years ago

  • Milestone changed from 5.6 to Future Release

Feels a bit late to try this for 5.6 since we're into beta 3 and I worry about unforeseen side effects.

#6 @Mte90
3 years ago

I see that the code in 2 years isn't changed.

@Mte90
2 years ago

adding patch also here so I can find the ticket inside trac as contributor

#7 @Mte90
18 months ago

Any hope for 6.1?

#8 @Mte90
13 months ago

@SergeyBiryukov there are some chances for 6.2?

#9 @walterebert
8 months ago

This error also occurs when calling wp-cron.php on the command line.

Tested with WordPress 6.2.2 and PHP 8.2.6.

#10 @Mte90
3 days ago

Any hope for the next versions?

Note: See TracTickets for help on using tickets.