[wp-trac] [WordPress Trac] #56690: Fatal error: Uncaught Error: Cannot access property started with '\0' in /wp-includes/post.php:2701
WordPress Trac
noreply at wordpress.org
Thu Sep 29 11:19:13 UTC 2022
#56690: Fatal error: Uncaught Error: Cannot access property started with '\0' in
/wp-includes/post.php:2701
--------------------------+-----------------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version:
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
I've had a ticket up for ages regarding this issue in the map_deep method
of formatting.php, but instead of getting it fixed you've introduced the
same issue in post.php :(
{{{#!php
<?php
foreach ( array_keys( get_object_vars( $post ) ) as $field ) {
$post->$field = sanitize_post_field( $field,
$post->$field, $post->ID, $context );
}
}}}
This WILL trigger the fatal if the object i question has private/protected
members in the serialized data accessible.
This usually happens if you change the visibility of the member in the
class definition but have an older object of the class stored serialized.
The value SHOULD NOT be read or accessed in this case. And the simple
work-around is to check for the null byte.
This happens to us frequently and can potentially corrupt our data. Every
realease of wordpress forces us to add the check ourselves.
The check is as easy as:
{{{#!php
<?php
foreach ( array_keys( get_object_vars( $post ) ) as $field ) {
if (ord($field) === 0) {
continue;
}
$post->$field = sanitize_post_field( $field,
$post->$field, $post->ID, $context );
}
}}}
Please fix this both here and in formatting.php.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56690>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list