WordPress.org
Get WordPress

Make WordPress Core

Opened 4 years ago

Last modified 2 months ago

#56539 new defect (bug)

Check if index in $args isset / ! empty before using it in Walker_Comment methods or create default $args in case if it is empty

Reported by: oglekler's profile oglekler Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Comments Keywords: has-patch needs-test-info has-unit-tests
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Taking into account the comments in #53449, I suggest local fix for the comments walker (wp-includes/class-walker-comment.php).

Class Walker_Comment uses some $args indexes without checking if they exist. And in my case, they don't exist, $args are empty array and I am getting notices. I will consider adding $args into the call, but they are commented as optional and don't suppose to be used in such way.

Examples:

public function start_el uses:

$args['short_ping']
$args['format']


And 

$args['style']

is used without checking that it exists in several methods - end_el, end_lvl, ping, comment, html5_comment, start_lvl.

Change History (6)

#1 @SergeyBiryukov
4 years ago

  • Description modified (diff)
  • Keywords needs-patch added

Hi there, thanks for the ticket!

It looks like the Walker_Comment class assumes that all the default arguments of wp_list_comments() would always be available, which may not necessarily be a correct assumption, so checking if they exist seems like a good idea.

To help move the ticket forward, could you share the steps to reproduce the issue on a clean install?

This ticket was mentioned in PR #4126 on WordPress/wordpress-develop by CrochetFeve0251.
3 years ago #2

  • Keywords has-patch added; needs-patch removed

I added default values to each methods from Walker_Comment using $args to prevent using values without being sure they were initialized.

Trac ticket: https://core.trac.wordpress.org/ticket/56539

#3 @oglekler
3 years ago

  • Keywords needs-testing added

#4 @sajib1223
3 months ago

  • Keywords needs-test-info added; needs-testing removed

Steps to reproduce the issue are needed to investigate further.

This ticket was mentioned in PR #11110 on WordPress/wordpress-develop by dan-zakirov.
2 months ago #5

  • Keywords has-unit-tests added

## Trac Ticket

https://core.trac.wordpress.org/ticket/56539

## Summary

Walker_Comment methods access $args keys (style, short_ping, format, avatar_size, max_depth) without verifying they exist. When called with an empty $args array (which is the documented default), this produces PHP warnings on PHP 8.0+.

## Changes

  • Added wp_parse_args() with defaults matching wp_list_comments() at the top of each affected method: start_lvl, end_lvl, start_el, end_el, ping, comment, html5_comment.
  • Added PHPUnit tests to verify no warnings when methods are called with empty args.

## Notes

This is a cleaner alternative to PR #4126, which mixes the fix with unrelated whitespace/indentation changes. This PR only adds the defaults with no other modifications.

#6 @alexodiy
2 months ago

Test Info & Reproduction Report

Steps to Reproduce

  1. Enable WP_DEBUG and WP_DEBUG_DISPLAY in wp-config.php.
  2. Have a post with at least one comment (default sample data works).
  3. Call Walker_Comment directly with empty $args: 
$comments = get_comments( array( 'number' => 1 ) );
$walker   = new Walker_Comment();
$output   = $walker->walk( $comments, -1, array() );

Actual Results (PHP 8.1)

Warning: Undefined array key "format" in class-walker-comment.php on line 196
Warning: Undefined array key "style" in class-walker-comment.php on lines 237, 300, 318, 392
Warning: Undefined array key "avatar_size" in class-walker-comment.php on lines 323, 324
Warning: Undefined array key "max_depth" in class-walker-comment.php on lines 371, 384

Methods start_lvl, end_lvl, start_el, end_el, ping, comment, html5_comment all access $args keys without isset(). The PHPDoc documents $args as optional with default array(), so this is a valid call.

Why a New Patch

PR #4126 has been open since 2022 with no merge activity. It also has a few issues:

  • Mixes the actual fix with unrelated whitespace and indentation changes, making review harder.
  • Uses array_merge() for defaults instead of wp_parse_args(), which is the standard WordPress approach.
  • Does not include PHPUnit tests.

I submitted a cleaner alternative: PR #11110

What the Patch Does

  • Adds wp_parse_args() with sensible defaults at the top of each affected method: start_lvl, end_lvl, start_el, end_el, ping, comment, html5_comment.
  • Default values match wp_list_comments(): style => 'ul', avatar_size => 32, format => 'xhtml', short_ping => false, max_depth => ''.
  • No whitespace or indentation changes — only the fix itself.
  • Includes 5 PHPUnit tests covering all affected methods with empty args.

All 9 warnings resolved after applying the patch.

Environment

  • WordPress: 7.0-beta2 (trunk)
  • PHP: 8.1.10
  • Server: Apache
  • OS: Windows 10
  • Theme: Twenty Twenty-Five

cc @oglekler

Note: See TracTickets for help on using tickets.