WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 4 weeks ago

#47733 new defect (bug)

Undefined index HTTP_HOST in wp-includes/ms-settings.php on line 57

Reported by: JochenT Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version: 5.2.2
Component: Bootstrap/Load Keywords: needs-patch
Focuses: multisite Cc:

Description

We get requests on our server of the form

175.143.12.??? - - [30/Jun/2019:10:22:45 +0200] "GET / HTTP/1.0" 500 73873 "-" "-" (dinse.eu)

This request uses HTTP/1.0 and results in a status code 500. The related entry in the PHP error log is

	[30-Jun-2019 08:22:45 UTC] PHP Notice:  Undefined index: HTTP_HOST in /usr/www/xxxx/wp-includes/ms-settings.php on line 57
  1. In ms-settings.php on line 57 it is not checked if
    $_SERVER['HTTP_HOST']
    
    is set.
  2. Also I've found that in the case of this specific request
    $_SERVER['SERVER_NAME']
    
    is defined and not empty and can be used as a replacement.

My suggestion is to first check if

$_SERVER['HTTP_HOST']

is set else check if

$_SERVER['SERVER_NAME']

is set and if both are not set to implement a graceful error handling.

This may be related to #34353.

WP 5.2.2
PHP 5.6.40
Server: Apache/2.4.25 (Debian)
WP_DEBUG = true

Change History (1)

#1 @JochenT
4 weeks ago

Further info:
Apache sets HTTP_HOST to the correspondending value in the header of a HTTP request. As mentioned in the doc for the UseCanonicalName Directive ancient clients may do not provide a 'Host:...' header.

In such cases SERVER_NAME may be used to construct self-referential URLs. The question is if it still makes sense to support these ancient clients.

Nevertheless, in case HTTP_HOST is missing a convenient error handling should be added.

Note: See TracTickets for help on using tickets.