[wp-trac] [WordPress Trac] #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings

WordPress Trac noreply at wordpress.org
Thu Sep 24 13:19:08 UTC 2020 

#51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings
--------------------------------+------------------------------
 Reporter:  litemotiv           |       Owner:  (none)
     Type:  defect (bug)        |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  External Libraries  |     Version:  5.5
 Severity:  normal              |  Resolution:
 Keywords:  has-patch           |     Focuses:
--------------------------------+------------------------------

Comment (by david.binda):

 I've been able to reproduce the issue as well. As it was already
 mentioned, the issue is easily reproducible when attempting to parse a
 category feed on a WordPress install.

 What happens is that WordPress sends 2 link HTTP headers in the response
 via `rest_output_link_header` function (one for the api.wp.org and one
 alternate for application/json leading to the rest api endpoint).

 SimplePie used by the `fetch_feed` function, however, expects the multiple
 headers of the same name being joined together and separated by a comma (
 a notation described by rfc8288 ). SimplePie itself handles this in
 https://github.com/simplepie/simplepie/blob/a72e1dfafe7870affdae3edf0d9a494e4fa31bc6/library/SimplePie/HTTP/Parser.php#L254,L263

 However the SimplePie's `SimplePie_File` class is being overloaded by
 `WP_SimplePie_File` via `SimplePie::set_file_class` in
 https://core.trac.wordpress.org/browser/trunk/src/wp-
 includes/feed.php?rev=48435#L805 , which does not handle the headers in
 the same way (multiple headers of the same name are being stored in an
 array).

 IMHO, it would be better to fix the issue in `WP_SimplePie_File`, not
 touching the wp-includes/class-simplepie.php file, which is a copy of an
 external project, which does not suffer from the issue.

 Further, the `SimplePie_File` class makes sure that only the last
 `content-type` header is being used. While this works as expected in the
 current implementation of the `WP_SimplePie_File` class, I believe that it
 might be a good idea to cover that with a unit test.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51056#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list