Opened 2 months ago
Last modified 8 weeks ago
#59373 new defect (bug)
TypeError: str_contains() argument must be of type string, array given in wp-login.php
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 6.3.1 |
| Component: | Login and Registration | Keywords: | |
| Focuses: | php-compatibility | Cc: |
Description
This seems to affect PHP 8.0 and higher.
Downstream report at https://github.com/jquery/infrastructure-puppet/issues/34
Seems to be an upstream issue where a
$_GETor$_REQUESTkey is checked for existence but not for type, thus prone to misuse when crafting query parameters in the array-form that PHP supports.
Easily reproduced, for example, at:
Note: See
TracTickets for help on using
tickets.
I have a patch at https://github.com/WordPress/wordpress-develop/pull/5227.
I've pinged this ticket three different ways, but I'm not seeing anything show up here as is implied by the above notice and the handbook at https://make.wordpress.org/core/handbook/contribute/git/github-pull-requests-for-code-review/.
The patch has a failing build due to End-to-end and Performance tests being flaky. I've re-run them a few times and they both pass at different times but not at the same time. I'm guessing that's common enough that it won't hinder the likelihood of code review, so I'll sit back and wait :)