#56850 closed defect (bug) (fixed)
PHP 8.1 deprecation notices from wp_signon() with default parameters
Reported by: | lenasterg | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 6.2 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | has-patch php81 has-unit-tests commit |
Focuses: | Cc: |
Description
This fixes a
PHP Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated in wp-includes\pluggable.php on line 598
Attachments (1)
Change History (21)
#1
in reply to:
↑ description
@
2 years ago
This ticket was mentioned in PR #3491 on WordPress/wordpress-develop by @lenasterg.
2 years ago
#2
Fix for PHP Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated in app\wp-includes\pluggable.php on line 598
Trac ticket: [](https://core.trac.wordpress.org/ticket/56850)
#3
@
2 years ago
Hi @lenasterg,
thanks for looking into this!
When getting this deprecation warning, can you see where that null
value is coming from?
A password should only ever be a string, so it might make more sense to add a fix to the calling function.
With the suggested is_string()
check, the issue is essentially just shifted further down, when the next operation on the still-null
$password
happens -- but then this check might just make debugging and finding the origin a bit harder.
#5
@
2 years ago
Hi @TobiasBg
The null
comes from https://core.trac.wordpress.org/browser/trunk/src/wp-includes/user.php#L95 from inside the function wp_signon
.
The line 95
$user = wp_authenticate( $credentials['user_login'], $credentials['user_password'] );
where both $credentials['user_login'], &$credentials['user_password']
are NULL
when a user access the wp-login.php page for first time.
The wp_signon function
is called in https://core.trac.wordpress.org/browser/trunk/src/wp-login.php#L1231 with an empty array as $credentials argument.
Line 1231 is:
$user = wp_signon( array(), $secure_cookie );
#7
@
2 years ago
Thanks for the background on this, @lenasterg!
I'm not sure why the login form, needs to pass empty arguments here, but I assume that it would be "too late" to change this anyways, for backwards compatibility reasons (as the filter hooks that run during the request) might be overriding the calls to perform some custom authentication.
Your proposed changes do make sense, therefore.
It might be worth updating the function's docblock then as well, to clarify that null
is a possible parameter value/type.
#8
@
2 years ago
- Milestone changed from Awaiting Review to 6.2
- Summary changed from pluggable.php - Deprecated errors on PHP 8.1 to PHP 8.1 deprecation notices from wp_signon() with default parameters
Thanks for the ticket! I was able to reproduce the issue.
- It looks like there are actually two deprecation notices here:
- One from
preg_replace()
inwp_strip_all_tags()
viasanitize_user()
inwp_authenticate()
:Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
- One from
trim()
inwp_authenticate()
itself:Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
- One from
- The
$credentials['user_login']
and$credentials['user_password']
parameters are passed by reference to thewp_authenticate
action, and this is where they are created as `null` if they don't exist. - Since the parameters are documented as strings in various places (
wp_authenticate
action,secure_signon_cookie
filter,wp_authenticate()
function,authenticate
filter, etc.) is seems like a bug that they are created asnull
instead of an empty string. Documentingnull
as a possible value does not seem ideal, as it forces plugins to deal with the issue on their own instead of fixing it at the source.
I believe the correct solution would be to create these parameters as an empty string instead, along the lines of similar fixes in [54351] and [54368]. See 56850.diff, which also includes a unit test.
This ticket was mentioned in PR #3499 on WordPress/wordpress-develop by @SergeyBiryukov.
2 years ago
#9
- Keywords has-unit-tests added
Trac ticket: https://core.trac.wordpress.org/ticket/56850
#10
@
2 years ago
- Version 6.1 deleted
Another fix is in https://github.com/WordPress/wordpress-develop/pull/2804.
#14
@
21 months ago
What more needs to be done on this ticket to move it forward?
I can confirm that @SergeyBiryukov's PR fixes the issue.
This ticket was mentioned in Slack in #core by ipajen. View the logs.
20 months ago
This ticket was mentioned in Slack in #core by ipajen. View the logs.
20 months ago
@SergeyBiryukov commented on PR #3499:
20 months ago
#19
Merged in r55301.
@SergeyBiryukov commented on PR #3491:
20 months ago
#20
Thanks for the PR! Merged a slightly different solution in r55301.
Replying to lenasterg:
Pull request with the fix is the
https://github.com/WordPress/wordpress-develop/pull/3491