[wp-trac] [WordPress Trac] #52458: WordPress version check is passing "false" value to "esc_url" causing errors (in the logs)
WordPress Trac
noreply at wordpress.org
Fri Feb 5 22:26:28 UTC 2021
#52458: WordPress version check is passing "false" value to "esc_url" causing
errors (in the logs)
--------------------------+-----------------------------
Reporter: jipmoors | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.3
Severity: normal | Keywords: has-patch
Focuses: |
--------------------------+-----------------------------
At least one code-path that leads to this situation is via the following
line: https://github.com/WordPress/wordpress-develop/blob/master/src/wp-
includes/update.php#L197
The response of WordPress.org for core does not return a value for all
"package" entries. Thus passing `false` to the `esc_url` array_map.
{{{#!php
Array
(
[full] => https://downloads.wordpress.org/release/wordpress-5.6.1.zip
[no_content] =>
https://downloads.wordpress.org/release/wordpress-5.6.1-no-content.zip
[new_bundled] =>
https://downloads.wordpress.org/release/wordpress-5.6.1-new-bundled.zip
[partial] =>
[rollback] =>
)
}}}
In the esc_url function, the value is checked for an empty string, but no
type safety is applied.
The subsequent logic calls `ltrim` which expects the input to be a string.
If this is not the case, there will be an error thrown about this.
This has been added on July 1st, 2019.
See: https://github.com/WordPress/wordpress-
develop/commit/78e096fe98531d0799c42705d1329f808e9ee944
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52458>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list