Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#56690 closed defect (bug) (duplicate)

Fatal error: Uncaught Error: Cannot access property started with '\0' in /wp-includes/post.php:2701

Reported by: bitcomplex's profile bitcomplex Owned by:
Milestone: Priority: normal
Severity: critical Version:
Component: Posts, Post Types Keywords:
Focuses: Cc:

Description

I've had a ticket up for ages regarding this issue in the map_deep method of formatting.php, but instead of getting it fixed you've introduced the same issue in post.php :(

<?php
foreach ( array_keys( get_object_vars( $post ) ) as $field ) {
                        $post->$field = sanitize_post_field( $field, $post->$field, $post->ID, $context );
                }

This WILL trigger the fatal if the object i question has private/protected members in the serialized data accessible.

This usually happens if you change the visibility of the member in the class definition but have an older object of the class stored serialized.

The value SHOULD NOT be read or accessed in this case. And the simple work-around is to check for the null byte.

This happens to us frequently and can potentially corrupt our data. Every realease of wordpress forces us to add the check ourselves.

The check is as easy as:

<?php
foreach ( array_keys( get_object_vars( $post ) ) as $field ) {
                        if (ord($field) === 0) {
                                continue;
                        }
                        $post->$field = sanitize_post_field( $field, $post->$field, $post->ID, $context );
                }


Please fix this both here and in formatting.php.

Change History (3)

#1 @bitcomplex
2 years ago

Also applies to the constructor of class-wp-post

#2 @bitcomplex
2 years ago

Further investigation into what can cause this. We rolled out a feature adding two protected members to a class. An object was created based on this class and got serialized. We then had to do a roll back of the new feature cause an serialized object in the database with two non-existing protected values in it.

This CAN'T be hard to reproduce

#3 @SergeyBiryukov
2 years ago

  • Component changed from Formatting to Posts, Post Types
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, welcome back to WordPress Trac!

It looks like this was previously reported in #52738, let's continue the discussion there.

Note: See TracTickets for help on using tickets.