Make WordPress Core

Opened 8 months ago

Last modified 8 months ago

#59585 new defect (bug)

Unchecked variable creates fatal error in wp-includes/class-wp-user-query.php

Reported by: frederic-pilon's profile Frederic Pilon Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.3.2
Component: Role/Capability Keywords: has-patch needs-unit-tests
Focuses: Cc:

Description

Hello!

I've ran into a bug that had me need to modify core.

I have no clue why this bug happens in this setup in particular, i've got other WP websites running on the same server with no problem, but this one crashes with no plugins and twenty twenty two active.

Here is what I found; at line 483 there is an array_filter that passes a variable to the function... without verifying the variable is actually what is expected.

Bug is present in 6.3.2

<?php
[...]
foreach ( $available_roles as $role => $role_data ) {
                        $role_caps = array_keys( array_filter( $role_data['capabilities'] ) );

                        foreach ( $capabilities as $cap ) { [...]

I fixed it by checking the variable is something before doing the array_filter

<?php
foreach ( $available_roles as $role => $role_data ) {
                        $role_caps = '';
                        if(isset($role_data['capabilities'])){
                                $role_caps = array_keys( array_filter( $role_data['capabilities'] ) );
                        }else{
                                return false;
                        }

                        foreach ( $capabilities as $cap ) {

I would like this to be added to core, so it doesnt crash anymore and wont crash when I update WordPress next time.

Change History (2)

This ticket was mentioned in PR #5451 on WordPress/wordpress-develop by @Frederic Pilon.


8 months ago
#1

Found a bug where there a variable was not checked before it tries to do an operation on it, and for some reason, in this install, it crashes even with no plugins and twenty twenty.

Created a bit of code that checks for what the variable is before trying to do the array_filter, and if it doesn't exist, bail.

Trac ticket: https://core.trac.wordpress.org/ticket/59585#ticket

#2 @jrf
8 months ago

  • Component changed from General to Role/Capability
  • Focuses php-compatibility removed
  • Keywords needs-unit-tests added

@frederic-pilon Thanks for reporting this, but unfortunately your ticket contains too little information to be evaluated properly.

It should not be possible for $role_data['capabilities'] to not exist, though it could be an empty array, so something is interfering.

This needs a proper backtrace and reproduction scenario before it can be decided what the correct solution should be. Your patch may fix the immediate symptom of the issue, but not the actual problem, so is likely the wrong solution.

Note: See TracTickets for help on using tickets.