WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 4 months ago

#47733 reviewing defect (bug)

Undefined index HTTP_HOST in wp-includes/ms-settings.php on line 57

Reported by: JochenT Owned by: SergeyBiryukov
Milestone: Future Release Priority: normal
Severity: minor Version: 5.2.2
Component: Bootstrap/Load Keywords: has-patch dev-feedback
Focuses: multisite Cc:

Description

We get requests on our server of the form

175.143.12.??? - - [30/Jun/2019:10:22:45 +0200] "GET / HTTP/1.0" 500 73873 "-" "-" (dinse.eu)

This request uses HTTP/1.0 and results in a status code 500. The related entry in the PHP error log is

	[30-Jun-2019 08:22:45 UTC] PHP Notice:  Undefined index: HTTP_HOST in /usr/www/xxxx/wp-includes/ms-settings.php on line 57
  1. In ms-settings.php on line 57 it is not checked if
    $_SERVER['HTTP_HOST']
    
    is set.
  2. Also I've found that in the case of this specific request
    $_SERVER['SERVER_NAME']
    
    is defined and not empty and can be used as a replacement.

My suggestion is to first check if

$_SERVER['HTTP_HOST']

is set else check if

$_SERVER['SERVER_NAME']

is set and if both are not set to implement a graceful error handling.

This may be related to #34353.

WP 5.2.2
PHP 5.6.40
Server: Apache/2.4.25 (Debian)
WP_DEBUG = true

Attachments (1)

47733.diff (1.4 KB) - added by Mte90 8 weeks ago.
adding patch also here so I can find the ticket inside trac as contributor

Download all attachments as: .zip

Change History (7)

#1 @JochenT
2 years ago

Further info:
Apache sets HTTP_HOST to the correspondending value in the header of a HTTP request. As mentioned in the doc for the UseCanonicalName Directive ancient clients may do not provide a 'Host:...' header.

In such cases SERVER_NAME may be used to construct self-referential URLs. The question is if it still makes sense to support these ancient clients.

Nevertheless, in case HTTP_HOST is missing a convenient error handling should be added.

This ticket was mentioned in PR #195 on WordPress/wordpress-develop by Mte90.


21 months ago

Trac ticket: https://core.trac.wordpress.org/ticket/47733

A simple patch just to test also the new GitHub environment for contribution :-)

#3 @Mte90
18 months ago

  • Keywords has-patch dev-feedback added; needs-patch removed

Patch refreshed :-)

#4 @SergeyBiryukov
16 months ago

  • Milestone changed from Awaiting Review to 5.6
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing

#5 @helen
13 months ago

  • Milestone changed from 5.6 to Future Release

Feels a bit late to try this for 5.6 since we're into beta 3 and I worry about unforeseen side effects.

#6 @Mte90
4 months ago

I see that the code in 2 years isn't changed.

@Mte90
8 weeks ago

adding patch also here so I can find the ticket inside trac as contributor

Note: See TracTickets for help on using tickets.