[wp-trac] [WordPress Trac] #60261: Fatal error with invalid charset specified in Trackback
WordPress Trac
noreply at wordpress.org
Tue Jan 16 01:13:43 UTC 2024
#60261: Fatal error with invalid charset specified in Trackback
------------------------------+-----------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Pings/Trackbacks | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------+-----------------------------
wp-trackback.php accepts a `charset` parameter, but doesn't validate that
the site supports it.
Code is effectively this:
https://core.trac.wordpress.org/browser/trunk/src/wp-
trackback.php?marks=54-76#L53
{{{
$charset = isset( $_POST['charset'] ) ? $_POST['charset'] : '';
$title = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) :
'';
$title = mb_convert_encoding( $title, get_option( 'blog_charset' ),
$charset );
}}}
`charset` ''should be'' a charset that's commonly accepted, such as
`UTF-8`, but it could also be specified as `foobar`.
This would cause a PHP Warning in PHP 7.4:
> E_WARNING: mb_convert_encoding(): Illegal character encoding specified
in wp-trackback.php:76
and in PHP 8.1:
> Fatal error: Uncaught ValueError: mb_convert_encoding(): Argument #3
($from_encoding) contains invalid encoding "FOOBAR" in wp-trackback.php on
line 76
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60261>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list