Opened 5 weeks ago
Last modified 5 weeks ago
#63154 new defect (bug)
Fatal error when moderation hash is given as array
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | needs-testing-info has-patch |
| Focuses: | Cc: |
Description
A recent uncommissioned penetration test resulted in PHP Fatal errors
PHP Fatal error: Uncaught TypeError: hash_equals(): Argument #1 ($known_string) must be of type string, array given in /var/www/html/wp-includes/comment.php:1959
The request was
GET /page-with-comments/?moderation-hash[]=0cdbea79cf8fc31fe70f8d06581b06a8&unapproved=21 HTTP/1.1"
Which triggered a fatal error in using hash_equals() with an array.
if ( $comment && hash_equals( $_GET['moderation-hash'], wp_hash( $comment->comment_date_gmt ) ) ) {
I suggest testing against ! is_array() prior to hash_equals()
Attachments (1)
Change History (2)
#1
@
5 weeks ago
- Keywords needs-testing-info has-patch added
Reproduction Report
Description
This report can't validate that the issue can be reproduced.
Environment
- WordPress: 6.8-beta3-60042-src
- PHP: 8.2.28
- Server: nginx/1.27.4
- Database: mysqli (Server: 8.4.4 / Client: mysqlnd 8.2.28)
- Browser: Chrome 134.0.0.0
- OS: Windows 10/11
- Theme: My Twenty Twenty Child Theme 1.0
- MU Plugins: None activated
- Plugins:
- Test Reports 1.2.0
Testing Steps:
- Create a new page with comments enabled, called page with comments
- Do a GET request witht he following URL:
https://root_address/page-with-comments/
with the two following parameters
moderation-hash[] = 0cdbea79cf8fc31fe70f8d06581b06a8
unapproved = 21
- Nothing happens
Actual Results
- ❌ Error condition doesn't occur
Additional Information
@leedxw can you provide further and more detailed instructions to reproduce this bug?
Supplemental Artifacts
Note: See
TracTickets for help on using
tickets.
patch to test if moderation-hash is not an array