[wp-trac] [WordPress Trac] #46445: Parameter must be an array or an object that implements Countable
WordPress Trac
noreply at wordpress.org
Tue Apr 2 14:01:10 UTC 2019
#46445: Parameter must be an array or an object that implements Countable
--------------------------+-----------------------
Reporter: sanjeevsetu | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 5.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Changes (by l3rady):
* status: closed => reopened
* resolution: invalid =>
Comment:
We are seeing our logs fill up with this error since moving to PHP 7.2
The error doesn't happen for normal circumstances but happens when we have
people probing our site for vulnerabilities where their query string
results in the global $pages being returned as null which isn't countable.
An example query string that triggered it for us is the following:
`index.php?s=%2Fmodule%2Faction%2Fparam1%2F%24%7B%40print%28eval%28%24_POST%5Bc%5D%29%29%7D`
decoded as `index.php?s=/module/action/param1/${@print(eval($_POST[c]))}`
It appears that certain conditions can get Wordpress to result in null for
$pages and so the code needs to check that $pages are countable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46445#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list