Make WordPress Core

Opened 5 months ago

Last modified 9 days ago

#58798 new defect (bug)

Fix possible PHP warning in /wp-includes/feed.php

Reported by: zahardoc's profile zahardoc Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.2.2
Component: Feeds Keywords: needs-patch
Focuses: Cc:

Description

If some plugins or themes use "enclosure" meta field as a one-line string, it results in PHP warnings:

PHP Warning: Undefined array key 2 in /wp-includes/feed.php on line 484
PHP Warning: Undefined array key 1 in /wp-includes/feed.php on line 494

It happens because there is no check of string content there:

foreach ( (array) get_post_custom() as $key => $val ) {
	if ( 'enclosure' === $key && is_array( $val ) ) {
		foreach ( (array) $val as $enc ) {
			$enclosure = explode( "\n", $enc );


			/ Only get the first element, e.g. 'audio/mpeg' from 'audio/mpeg mpga mp2 mp3'.
			$t    = preg_split( '/[ \t]/', trim( $enclosure[2] ) );
			$type = $t[0];

				/**
				 * Filters the RSS enclosure HTML link tag for the current post.
				 *
				 * @since 2.2.0
				 *
				 * @param string $html_link_tag The HTML link tag with a URI and other attributes.
				 */
		echo apply_filters( 'rss_enclosure', '<enclosure url="' . esc_url( trim( $enclosure[0] ) ) . '" length="' . absint( trim( $enclosure[1] ) ) . '" type="' . esc_attr( $type ) . '" />' . "\n" );
			}
		}
	}

Proposal:

Add checks if the enclosure is an array, and each item can be exploded into exactly 3 items:

if ( 'enclosure' === $key && is_array( $val ) ) {}

And this:

$enclosure = explode( "\n", $enc );

if ( 3 !== count( $enclosure ) ) {
	continue;
}

Attachments (1)

58798.patch (1.3 KB) - added by nihar007 5 months ago.
Patch added

Download all attachments as: .zip

Change History (3)

@nihar007
5 months ago

Patch added

#1 @rghedin
4 months ago

Any workaround while this isn't fixed on WP?

This ticket was mentioned in Slack in #core by yui. View the logs.


9 days ago

Note: See TracTickets for help on using tickets.