Make WordPress Core

Opened 5 years ago

Last modified 2 years ago

#49286 new defect (bug)

Function get_core_updates() in update-core.php can return an empty array

Reported by: citizenrepresentative's profile citizenrepresentative Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords: needs-testing has-patch
Focuses: Cc:

Description

The function get_core_updates() in update-core.php can return an empty array.
The problem is mostly that in core_upgrade_preamble(), the array is immediately assumed to exist, e.g.:

$updates    = get_core_updates();
if ( ! isset( $updates[0]->response ) || 'latest' == $updates[0]->response ) {

The results show up in an error:

Notice: Trying to get property 'locale' of non-object in /usr/share/wordpress/wp-admin/update-core.php on line 40
Call Stack
# Time Memory Function Location
1 0.0027 404456 {main}( ) .../update-core.php:0
2 0.1087 2873240 core_upgrade_preamble( ) .../update-core.php:695
3 0.1117 2966944 list_core_update( ) .../update-core.php:230

I believe the assumption that get_core_updates() returns a non-empty array is made in other core files as well.

A check an empty variable seems useful and non-intrusive, since this is an update check and not a critical function.

Conditions: WordPress 5.2.2, Ubunutu 19, apache, mysql packaged install with multi-site active, with the wp-content and wp-config-*.php files located in outside directories.

Attachments (1)

49286.diff (1.2 KB) - added by costdev 2 years ago.
Check $updates before outputting list of Core updates.

Download all attachments as: .zip

Change History (3)

#1 @SergeyBiryukov
5 years ago

  • Component changed from Administration to Upgrade/Install

@costdev
2 years ago

Check $updates before outputting list of Core updates.

#2 @costdev
2 years ago

  • Keywords has-patch added; needs-patch removed
  • Milestone changed from Awaiting Review to Future Release

I have attached a patch that returns early from list_core_update() if $update is not an object.

For good measure, I've also wrapped the list output in core_upgrade_preamble in a if ( $updates ) check so that an empty list is not output when get_core_updates() returns either false or array().

Unfortunately, I can't add PHPUnit tests for these changes without moving list_core_update() and core_upgrade_preamble() to a separate file due to headers being sent.

Note: See TracTickets for help on using tickets.