WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #57670, comment 8


Ignore:
Timestamp:
05/14/2023 01:23:50 PM (2 years ago)
Author:
xknown
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #57670, comment 8

    initial v1  
    44
    55I didn't test it in core, but it took me less than five minutes to find an example:
    6 `'http://WP.site/wp-login.php?action=postpass&_wp_http_referer[]='`. And even if we can only reproduce it via security tools, I think this is something we need to fix.
     6`'http://WP.site/wp-login.php?action=postpass&_wp_http_referer[]='`.
     7
     8{{{
     9Fatal error: Uncaught TypeError: trim(): Argument #1 ($string) must be of type string, array given in /var/www/html/wp-includes/pluggable.php:1558
     10Stack trace:
     11#0 /var/www/html/wp-includes/pluggable.php(1558): trim(Array, ' \t\n\r\x00\x08\v')
     12#1 /var/www/html/wp-includes/functions.php(1962): wp_validate_redirect(Array, false)
     13#2 /var/www/html/wp-login.php(724): wp_get_referer()
     14#3 {main}
     15  thrown in /var/www/html/wp-includes/pluggable.php on line 1558
     16}}}
     17
     18And even if we can only reproduce it via security tools, I think this is something we need to fix.
    719
    820> What code produced the array for _wp_http_referer? (link if possible)