Make WordPress Core

Opened 2 weeks ago

Last modified 2 weeks ago

#54060 new defect (bug)

kses.php global $allowedxmlentitynames naming

Reported by: ovidiul Owned by:
Milestone: 5.9 Priority: normal
Severity: normal Version: trunk
Component: Formatting Keywords: has-patch needs-unit-tests
Focuses: Cc:


Hi all,

upon debugging this Notice on one of our client's site

NoticedError: in_array() expects parameter 2 to be array, null given
in newrelic_notice_error called at ? (?)
in in_array called at /chroot/var/www/wp-includes/kses.php (1863)
in wp_kses_xml_named_entities called at ? (?)
in preg_replace_callback called at /chroot/var/www/wp-includes/kses.php (1805)
in wp_kses_normalize_entities called at /chroot/var/www/wp-includes/formatting.php (981)
in _wp_specialchars called at /chroot/var/www/wp-includes/formatting.php (4574)
in{closure} called at ? (?)
in preg_replace_callback called at /chroot/var/www/wp-includes/formatting.php (4580)

I've found a small discrepancy in the namings used in core file wp-includes/kses.php , so the global $allowedxmlentitynames variable is actually used further as $allowedxmlnamedentities, I am guessing this might not be intentional?

I am lead to believe this might be the source of the issue, however, I was unable to actively duplicate the issue as it happens during a scheduled cron event.

Happy to submit a patch for this if it's confirmed.

Thank you

Change History (4)

#1 @ovidiul
2 weeks ago

To clarify this more,

I am referring to these [code lines]https://github.com/WordPress/WordPress/blob/master/wp-includes/kses.php#L715-L724 and [this]https://github.com/WordPress/WordPress/blob/master/wp-includes/kses.php#L50

         * @var string[] $allowedxmlentitynames Array of KSES allowed XML entitity names.
         * @since 5.5.0
        $allowedxmlnamedentities = array(
global $allowedposttags, $allowedtags, $allowedentitynames, $allowedxmlentitynames;

so the actual $allowedxmlnamedentities variable name is not being set as global in the file.

This ticket was mentioned in PR #1651 on WordPress/wordpress-develop by ovidiul.

2 weeks ago

  • Keywords has-patch added

This PR should address a naming mismatch and make the $allowedxmlnamedentities referenced on the kses.php file a global variable

Trac ticket: https://core.trac.wordpress.org/ticket/54060

#3 @SergeyBiryukov
2 weeks ago

  • Component changed from General to Formatting
  • Keywords needs-unit-tests added
  • Milestone changed from Awaiting Review to 5.9

Hi there, welcome to WordPress Trac! Thanks for the report.

Good catch, introduced in [48072] / #50117. This could use some unit tests.

#4 @ovidiul
2 weeks ago

Added unit test for the wp_kses_xml_named_entities function inside the patch, however, I fail to find a simple way to test if the global names are setup properly inside kses.php file to prevent similar issues, other than maybe plain syntax check.

I've been trying to do this through spl_autoload_register, but that seems to require a more isolated environment outside WordPress Unit Tests.

Any suggestions?


Note: See TracTickets for help on using tickets.