Opened 5 months ago
Last modified 9 days ago
#58798 new defect (bug)
Fix possible PHP warning in /wp-includes/feed.php
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.2.2 |
Component: | Feeds | Keywords: | needs-patch |
Focuses: | Cc: |
Description
If some plugins or themes use "enclosure" meta field as a one-line string, it results in PHP warnings:
PHP Warning: Undefined array key 2 in /wp-includes/feed.php on line 484
PHP Warning: Undefined array key 1 in /wp-includes/feed.php on line 494
It happens because there is no check of string content there:
foreach ( (array) get_post_custom() as $key => $val ) { if ( 'enclosure' === $key && is_array( $val ) ) { foreach ( (array) $val as $enc ) { $enclosure = explode( "\n", $enc ); / Only get the first element, e.g. 'audio/mpeg' from 'audio/mpeg mpga mp2 mp3'. $t = preg_split( '/[ \t]/', trim( $enclosure[2] ) ); $type = $t[0]; /** * Filters the RSS enclosure HTML link tag for the current post. * * @since 2.2.0 * * @param string $html_link_tag The HTML link tag with a URI and other attributes. */ echo apply_filters( 'rss_enclosure', '<enclosure url="' . esc_url( trim( $enclosure[0] ) ) . '" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( $type ) . '" />' . "\n" ); } } }
Proposal:
Add checks if the enclosure is an array, and each item can be exploded into exactly 3 items:
if ( 'enclosure' === $key && is_array( $val ) ) {}
And this:
$enclosure = explode( "\n", $enc ); if ( 3 !== count( $enclosure ) ) { continue; }
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
Patch added