WordPress.org
Get WordPress

Make WordPress Core

Opened 3 days ago

#61577 new defect (bug)

health check count display bug

Reported by: gqevu6bsiz's profile gqevu6bsiz Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.5.5
Component: General Keywords:
Focuses: Cc:

Description

WP: 6.5.5
PHP: 8.2

I found this bug with using OWASP ZAP.

I got this error

PHP Fatal error:  Uncaught TypeError: number_format(): Argument #1 ($num) must be of type float, string given in /wp-includes/functions.php:424
Stack trace:
#0 /wp-includes/functions.php(424): number_format()
#1 /wp-admin/menu.php(368): number_format_i18n()
#2 /wp-admin/admin.php(158): require('...')
#3 /wp-admin/index.php(10): require_once('...')
#4 {main}
  thrown in /wp-includes/functions.php on line 424

Then, I found that the error was in the below code.

wp-admin/menu.php line 349 - 369

$get_issues = get_transient( 'health-check-site-status-result' );

$issue_counts = array();

if ( false !== $get_issues ) {
        $issue_counts = json_decode( $get_issues, true );
}

if ( ! is_array( $issue_counts ) || ! $issue_counts ) {
        $issue_counts = array(
                'good'        => 0,
                'recommended' => 0,
                'critical'    => 0,
        );
}

$site_health_count = sprintf(
        '<span class="menu-counter site-health-counter count-%s"><span class="count">%s</span></span>',
        $issue_counts['critical'],
        number_format_i18n( $issue_counts['critical'] )
);

An error occurs when critical value is not a number.
I think this values is usually only number but in my case was string.

wp-admin/includes/ajax-actions.php line 5445 - 5455

function wp_ajax_health_check_site_status_result() {
        check_ajax_referer( 'health-check-site-status-result' );

        if ( ! current_user_can( 'view_site_health_checks' ) ) {
                wp_send_json_error();
        }

        set_transient( 'health-check-site-status-result', wp_json_encode( $_POST['counts'] ) );

        wp_send_json_success();
}

I think probably that OWASP ZAP requests the string.
I think that not enough validation when save for transient data(health-check-site-status-result).

The error can be with the following code

add_action( 'admin_footer' , 'example_admin_footer' );

function example_admin_footer() {

  ?>
  <script>
  jQuery(function( $ ) {

    const _wpnonce = '<?php echo esc_js( wp_create_nonce( 'health-check-site-status-result' ) ); ?>';

    const counts = {
      'critical': 'test',
      'good': 3,
      'recommended': 8
    };

    $.ajax({
      type: 'post',
      url: ajaxurl,
      data: {
        'action': 'health-check-site-status-result',
        '_wpnonce': _wpnonce,
        'counts': counts
      }
    }).done( function( xhr ) {

      console.log(xhr);

    });

  });
  </script>
  <?php

}

Change History (0)

Note: See TracTickets for help on using tickets.