Opened 2 years ago
Last modified 3 months ago
#52738 new defect (bug)
Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 6.3 | Priority: | normal |
Severity: | normal | Version: | 5.6.2 |
Component: | Posts, Post Types | Keywords: | has-patch has-unit-tests needs-testing |
Focuses: | Cc: |
Description (last modified by )
In places where get_object_vars is used to loop over an objects properties and then trying to access them null bytes are not handled.
There is an old bug-report (from me) for map_deep #47164 but now we are experience this in other places too; in sanitize_post and in the constructor of class-wp-post.
This is totally destroying our business and I don't know what to do. Since I reported the issue for map_deep I have had to manually patch formatting.php every time there is a WordPress update. But now, trying to handle all the places get_object_vars is used in hopeless.
Best approach to handle this would be to always filter the return values from get_object_vars. Something like:
<?php $properties = array_filter( fn( $var ) => ord( $var ) !== 0, get_object_vars( $object ));
Change History (10)
#2
@
8 months ago
- Component changed from General to Posts, Post Types
- Description modified (diff)
- Keywords needs-patch needs-unit-tests added
- Milestone changed from Awaiting Review to 6.2
- Summary changed from Use of get_object_vars does not handle null byte to Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
Hi there, welcome back to WordPress Trac!
Thanks for the ticket, sorry it took so long for someone to get back to you.
Moving to 6.2 along with #47164 to get more eyes on both tickets and hopefully resolve them.
#3
@
7 months ago
I've performed a test across various core functions and was able to reproduce the issue with multiple approaches:
<?php require_once ABSPATH . WPINC . '/class-wp-network.php'; require_once ABSPATH . WPINC . '/class-wp-site.php'; $test_array = array( 'post_title' => 'Post Title', 'post_type' => 'page', "\0" => 'Nullbyte', ); $test_object = (object) $test_array; /** * Each of these result in a Fatal Error: * Cannot access property starting with "\0" */ sanitize_post( $test_object ); new WP_Comment( $test_object ); new WP_Network( $test_object ); new WP_Post( $test_object ); new WP_Term( $test_object ); map_deep( $test_object, 'absint' ); new WP_Site( $test_object );
#4
@
7 months ago
Could be solved by replacing get_object_vars()
with a wrapper function
<?php function wp_get_object_vars( $object ) { return array_filter( get_object_vars( $object ), function( $key ) { return ord( $key ) !== 0; }, ARRAY_FILTER_USE_KEY ); }
This ticket was mentioned in PR #3607 on WordPress/wordpress-develop by @cadic.
7 months ago
#5
- Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.
3 months ago
#7
@
3 months ago
- Keywords needs-testing added
This ticket was discussed during the recent bug scrub. It looks like it's unlikely that work will be done on this during the 6.2 cycle.
needs-testing
added as PR need some testing.
#56690 was marked as a duplicate.