Opened 4 years ago
#53244 new defect (bug)
PHP Warning on non-existent multisite wp-cron.php
Reported by: | dd32 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Networks and Sites | Keywords: | |
Focuses: | multisite | Cc: |
Description
A PHP warning can be triggered when a HTTP request is made to wp-cron.php
on a non-existent multisite site.
For example:
GET https://foobar.example.org/wp-cron.php PHP Warning: Cannot modify header information - headers already sent in wp-includes/ms-settings.php on line 79 PHP Stack trace: PHP 1. {main}() wp-cron.php:0 PHP 2. require_once() wp-cron.php:44 PHP 3. require_once() wp-load.php:55 PHP 4. require_once() wp-config.php:125 PHP 5. require() wp-settings.php:141 PHP 6. header($header = 'Location: https://example.org/wp-signup.php?new=foobar') wp-includes/ms-settings.php:79
While the error doesn't define why it's being triggered, but it's because [44488] ends the request when wp-cron.php
is requested prior to the multisite bootstrap.
Initial thoughts say that this is probably a "good enough" fix:
-
wp-includes/ms-settings.php
73 73 74 74 if ( true === $bootstrap_result ) { 75 75 // `$current_blog` and `$current_site are now populated. 76 } elseif ( false === $bootstrap_result ) {76 } elseif ( false === $bootstrap_result || headers_sent() ) { 77 77 ms_not_installed( $domain, $path ); 78 78 } else { 79 79 header( 'Location: ' . $bootstrap_result );
While this warning will never be seen by users, it can end up in the PHP logs, especially when a vulnerability scanner is trying every subdomain under the sun.
Note: See
TracTickets for help on using
tickets.