Make WordPress Core

Opened 6 weeks ago

Last modified 5 weeks ago

#62341 new defect (bug)

A bug in widgets.php - function wp_widget_rss_process

Reported by: korric's profile korric Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Widgets Keywords:
Focuses: Cc:

Description

Using a misconfigured Elementor plugin (most probably), we have experienced many "Execution time exceeded" errors. Finally, I was able to track the the function

function wp_widget_rss_process( $widget_rss, $check_feed = true ) {}

The function retrieves a $link (https://core.trac.wordpress.org/browser/tags/6.6.2/src/wp-includes/widgets.php#L1800)

$link = esc_url( strip_tags( $rss->get_permalink() ) );

And then it attempts to clean the link (https://core.trac.wordpress.org/browser/tags/6.6.2/src/wp-includes/widgets.php#L1801):

while ( stristr( $link, 'http' ) !== $link ) {
  $link = substr( $link, 1 );
}

When the $link does not contain the 'http' string, it ends in an endless loop. I do not know yet why the link did not contain the http string, but it happened. However the endless while loop is an obvious bug in the core of wordpress.

Proposed solution:

while ( strlen($link) > 0 && stristr( $link, 'http' ) !== $link ) {
  $link = substr( $link, 1 );
}

Change History (1)

#1 @abcd95
5 weeks ago

Hey korric, Thanks for bringing this up.

I've tried to replicate it in the latest WordPress version (6.8 alpha) but couldn't. It seems that even without the http string, esc_url() automatically adds it, as referenced here -
https://core.trac.wordpress.org/browser/tags/6.6.2/src/wp-includes/formatting.php#L4496

I would really appreciate it if you could maybe provide me with the faulty link. Moreover, It might indeed be related to the Elementor plugin configuration, as you suggested.

Let me know if there’s anything I might have missed. Thank you!

Last edited 5 weeks ago by abcd95 (previous) (diff)
Note: See TracTickets for help on using tickets.