WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#9638 closed defect (bug) (duplicate)

add_magic_quotes() fails on objects

Reported by: misterbisson Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.7
Component: General Keywords: needs-patch reporder-feedback
Focuses: Cc:

Description

objects passed to add_magic_quotes() are assumed to be strings and passed along to wpdb::escape(), causing PHP to die with the following error:

Catchable fatal error: Object of class stdClass could not be converted to string in /web/ven/wp-includes/wp-db.php on line 472

http://core.trac.wordpress.org/browser/trunk/wp-includes/functions.php

This probably wouldn't be a problem, but wp_update_user() blindly calls add_magic_quotes() on all user meta, some of which might be an object.

http://core.trac.wordpress.org/browser/trunk/wp-includes/registration.php

Change History (11)

comment:1 @Denis-de-Bernardy6 years ago

  • Milestone changed from Unassigned to 2.8
  • Version set to 2.7

Can you add a dump of the object? It should normally get serialized before getting quoted.

comment:2 @misterbisson6 years ago

Agreed, it _should_. It's not getting serialized because wp_update_user() doesn't bother:

// First, get all of the original fields
$user=get_userdata($ID);

// Escape data pulled from DB.
$user=add_magic_quotes(get_object_vars($user));

If $user contains an object somewhere, it gets blindly passed to add_magic_quotes().

wp_update_user() clearly needs a fix (thus #9640), but add_magic_quotes() also needs some bulletproofing.

comment:3 @Denis-de-Bernardy6 years ago

  • Keywords needs-patch added

comment:4 follow-up: @anmari6 years ago

  • Cc anmari added

I am having this problem when users try to update their passwords or when admin tries to update password or in fact any other user data. The users were "converted", ie: not created normally, but all other functioning seems fine.

Some converted users do not seem to have this problem.
I would love a patch for this please as I have to reset their passwords manually and it is embarrassing that it does not work. Any ideas would be appreciated.

On any user update I get
Catchable fatal error: Object of class stdClass could not be converted to string in /...../wp-includes/wp-db.php on line 429

comment:5 follow-up: @hakre6 years ago

  • Keywords reporder-feedback added

patch added http://core.trac.wordpress.org/attachment/ticket/9640/9640.patch

please test that patch with this bug as well and report if you still get the error.

comment:6 @Denis-de-Bernardy6 years ago

  • Milestone 2.8 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

closing this one as a dup of #9640, since it's really the same issue.

comment:7 in reply to: ↑ 5 @anmari6 years ago

Replying to hakre:

patch added http://core.trac.wordpress.org/attachment/ticket/9640/9640.patch

please test that patch with this bug as well and report if you still get the error.

9640 did fix the problem, still intrigued as to why only happened with converted users - I checked thoroughly and same fields were populated in user and user-meta

comment:8 @hakre6 years ago

I can imagine that converted users data was saved as object instead of array. when deserialized and passed to the function, errors were thrown.

comment:9 in reply to: ↑ 4 @frenchtowner6 years ago

  • Cc frenchtowner added

I am having this problem with a WP 2.7.1 install and nobody knows what to do with it. I was considering a complete blog deletion and restoration. I have all the backups ready to go, but I was trying to avoid this.

I am not a techie and I am sorry if I have come to the wrong place but my error is almost the same one as posted above:

Catchable fatal error: Object of class PHP_Incomplete_Class could not be converted to string in /..../wp-includes/wp-db.php on line 429

This happens whenever I try to do most any admin function and I am experiencing strange fckeditor behaviors, (like question marks appearing for any place in a text that has two spaces together.

I have no idea what to do with a patch.

comment:10 @frenchtowner6 years ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

comment:11 @ryan6 years ago

  • Resolution set to duplicate
  • Status changed from reopened to closed

Please use #9640.

Note: See TracTickets for help on using tickets.