Opened 6 months ago
Last modified 5 months ago
#61268 new defect (bug)
PHP Deprecated: ltrim() in formatting esc_url.
Reported by: | neo2k23 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Formatting | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
I am getting constant these warnings in my error log file.
[22-May-2024 13:00:43 UTC] PHP Deprecated: ltrim(): Passing null to parameter #1 ($string) of type string is deprecated in /.../wp-includes/formatting.php on line 4482
it is caused by this code
<?php $original_url = $url; if ( '' === $url ) { return $url; } $url = str_replace( ' ', '%20', ltrim( $url ) );
The last line is line 4482
If i change line 4478 to this it does not happen anymore.
<?php $original_url = $url; if ( '' === $url || empty ($url)) { return $url; } $url = str_replace( ' ', '%20', ltrim( $url ) );
Since any information is missing on the location which is calling esc_url
it is hard to debug which theme code or plugin code is responsible for this.
Can someone please explain to me what is going on here?
Thank you
Change History (8)
#1
in reply to:
↑ description
@
6 months ago
#2
follow-up:
↓ 3
@
6 months ago
Thank you for the reply... i get these
[22-May-2024 15:09:38 UTC] Array ( [0] => Array ( [file] => /home/public_html/wp-content/plugins/maintenance/load/index.php [line] => 68 [function] => esc_url ) [1] => Array ( [file] => /home/public_html/wp-includes/template-loader.php [line] => 106 [args] => Array ( [0] => /home/public_html/wp-content/plugins/maintenance/load/index.php ) [function] => include ) [2] => Array ( [file] => /home/public_html/wp-blog-header.php [line] => 19 [args] => Array ( [0] => /home/public_html/wp-includes/template-loader.php ) [function] => require_once ) [3] => Array ( [file] => /home/public_html/index.php [line] => 17 [args] => Array ( [0] => /home/public_html/wp-blog-header.php ) [function] => require ) ) [22-May-2024 15:09:38 UTC] PHP Deprecated: ltrim(): Passing null to parameter #1 ($string) of type string is deprecated in /home/public_html/wp-includes/formatting.php on line 4486 [22-May-2024 15:09:41 UTC] Array ( [0] => Array ( [file] => /home/public_html/wp-content/plugins/maintenance/load/index.php [line] => 68 [function] => esc_url ) [1] => Array ( [file] => /home/public_html/wp-includes/template-loader.php [line] => 106 [args] => Array ( [0] => /home/public_html/wp-content/plugins/maintenance/load/index.php ) [function] => include ) [2] => Array ( [file] => /home/public_html/wp-blog-header.php [line] => 19 [args] => Array ( [0] => /home/public_html/wp-includes/template-loader.php ) [function] => require_once ) [3] => Array ( [file] => /home/public_html/index.php [line] => 17 [args] => Array ( [0] => /home/public_html/wp-blog-header.php ) [function] => require ) ) [22-May-2024 15:09:41 UTC] PHP Deprecated: ltrim(): Passing null to parameter #1 ($string) of type string is deprecated in /home/public_html/wp-includes/formatting.php on line 4486
But should formatting not deal with this so the issue does not occur at all? because now everybody calling esc_url has to check if the url does not contain null or is empty.
Please advice!
thank you
#3
in reply to:
↑ 2
;
follow-up:
↓ 5
@
6 months ago
Replying to neo2k23:
But should formatting not deal with this so the issue does not occur at all? because now everybody calling esc_url has to check if the url does not contain null or is empty.
Maybe, but I think it is generally considered best policy for bugs like this to fix the caller, as the caller should not be passing empty values to esc_url
. See, for example, ticket #59154, which is a similar issue to yours (where the fix was to fix the caller rather than change esc_url
).
However, your issue looks a bit more complicated as it seems that the caller is the Maintenance plugin but it looks like the caller is not really at fault here. I would guess you have some other plugin installed which disables XML-RPC?
It might be helpful to post a list of all active plugins on your site. (You can get this in the admin section by going to Tools → Site Health → Info → Active Plugins.)
#4
@
6 months ago
- Component changed from General to Formatting
- Description modified (diff)
- Version trunk deleted
This specific issue needs to be reported on the Maintenance plugin support forum (and others).
The pingback URL uses esc_url()
around bloginfo()
, the echo function, instead of using get_bloginfo()
like this (from Twenty Ten):
<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>
Additional plugins and themes have esc_url()
with bloginfo()
, too.
At least two security plugins replace 'pingback_url' with an empty string, which should avoid the deprecation warnings, but that can still result in an empty link href
.
The if ( '' == $url )
condition goes back to [1132], when the function was named clean_url()
, and the comparison became strict in [47808].
#5
in reply to:
↑ 3
;
follow-up:
↓ 6
@
6 months ago
Replying to siliconforks:
Replying to neo2k23:
However, your issue looks a bit more complicated as it seems that the caller is the Maintenance plugin but it looks like the caller is not really at fault here. I would guess you have some other plugin installed which disables XML-RPC?
It might be helpful to post a list of all active plugins on your site. (You can get this in the admin section by going to Tools → Site Health → Info → Active Plugins.)
There is no such plugin active but the hoster blocks calls to XML-RPC.php
I will report it to the maintanenance mode plugin developer.
I still believe that checking in the esc_url function for being null would not lead to all the plugins and theme developers to add their checks before calling esc_url. Which would be preferable.
Until php 8.1 there was no warning and the return would still be a empty url. What is against checking in the esc_url function?
Thank you for the replies and support.
#6
in reply to:
↑ 5
;
follow-up:
↓ 7
@
6 months ago
Replying to neo2k23:
Until php 8.1 there was no warning and the return would still be a empty url. What is against checking in the esc_url function?
The problem is that when a caller calls esc_url()
with an empty argument, it's almost always a bug in the caller, so it's better to fix it in the caller's code. In the case of the Maintenance plugin - their code is subtly wrong (I didn't notice this at first - thanks to @sabernhardt for pointing this out) - it's calling bloginfo()
instead of get_bloginfo()
. So that's an issue which needs to be fixed in their code. Modifying esc_url()
to eliminate the warning would really just be masking the issue - it wouldn't actually be fixing the source of the problem.
#7
in reply to:
↑ 6
@
5 months ago
Replying to siliconforks:
Modifying
esc_url()
to eliminate the warning would really just be masking the issue - it wouldn't actually be fixing the source of the problem.
It’s not just a warning, it’s a deprecation. If we don’t fix this, it will result in actual errors in a future PHP version.
Replying to neo2k23:
You could try adding some code like this:
if ( empty( $url ) ) { error_log( print_r( debug_backtrace( DEBUG_BACKTRACE_IGNORE_ARGS ), true ) ); }
That should record in the error log whoever is calling
esc_url()
with an empty argument.