[wp-trac] [WordPress Trac] #58856: There is str_contains() in wp-login.php.

WordPress Trac noreply at wordpress.org
Thu Jul 20 04:52:20 UTC 2023 

#58856: There is str_contains() in wp-login.php.
------------------------------------+----------------------
 Reporter:  nendeb55                |       Owner:  (none)
     Type:  defect (bug)            |      Status:  closed
 Priority:  normal                  |   Milestone:
Component:  Login and Registration  |     Version:
 Severity:  normal                  |  Resolution:  invalid
 Keywords:                          |     Focuses:
------------------------------------+----------------------
Changes (by costdev):

 * status:  new => closed
 * component:  General => Login and Registration
 * version:  trunk =>
 * milestone:  Awaiting Review =>
 * keywords:  needs-patch =>
 * resolution:   => invalid
 * severity:  critical => normal


Old description:

> You should revert to strpos() since str_contains() is from php8.0.
>
> WordPress6.3 RC1
>
> wp-login.php
>
> {{{
>                         } elseif ( str_contains( $redirect_to,
> 'about.php?updated' ) ) {
>                                 $errors->add( 'updated', __( '<strong>You
> have successfully updated WordPress!</strong> Please log back in to see
> what’s new.' ), 'message' );
>                         } elseif (
> WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) {
>                                 $errors->add( 'enter_recovery_mode', __(
> 'Recovery Mode Initialized. Please log in to continue.' ), 'message' );
>                         } elseif ( isset( $_GET['redirect_to'] ) &&
> str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php'
> ) ) {
>
> }}}

New description:

 You should revert to `strpos()` since `str_contains()` is from php8.0.

 WordPress6.3 RC1

 wp-login.php

 {{{
                         } elseif ( str_contains( $redirect_to,
 'about.php?updated' ) ) {
                                 $errors->add( 'updated', __( '<strong>You
 have successfully updated WordPress!</strong> Please log back in to see
 what’s new.' ), 'message' );
                         } elseif (
 WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) {
                                 $errors->add( 'enter_recovery_mode', __(
 'Recovery Mode Initialized. Please log in to continue.' ), 'message' );
                         } elseif ( isset( $_GET['redirect_to'] ) &&
 str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' )
 ) {

 }}}

--

Comment:

 Hi @nendeb55, thanks for opening this ticket.

 `str_contains()` was polyfilled in WordPress 5.9 (changeset [52039]) along
 with several others such as `str_starts_with()`, `str_ends_with()`,
 `array_key_first()` and `array_key_last()`.

 These can all be used safely as long as `/wp-includes/compat.php` has been
 included somewhere in the callstack, which is the case with `wp-
 login.php`.

 As this is used safely in the mentioned file, I'll close this ticket as
 `invalid`.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58856#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list