[wp-trac] [WordPress Trac] #61577: health check count display bug

Fri Jul 5 02:33:45 UTC 2024

#61577: health check count display bug
--------------------------+-----------------------------
 Reporter:  gqevu6bsiz    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  6.5.5
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 WP: 6.5.5
 PHP: 8.2

 I found this bug with using OWASP ZAP.

 I got this error

 {{{
 PHP Fatal error:  Uncaught TypeError: number_format(): Argument #1 ($num)
 must be of type float, string given in /wp-includes/functions.php:424
 Stack trace:
 #0 /wp-includes/functions.php(424): number_format()
 #1 /wp-admin/menu.php(368): number_format_i18n()
 #2 /wp-admin/admin.php(158): require('...')
 #3 /wp-admin/index.php(10): require_once('...')
 #4 {main}
   thrown in /wp-includes/functions.php on line 424
 }}}

 Then, I found that the error was in the below code.

 wp-admin/menu.php line 349 - 369
 {{{#!php
 $get_issues = get_transient( 'health-check-site-status-result' );

 $issue_counts = array();

 if ( false !== $get_issues ) {
         $issue_counts = json_decode( $get_issues, true );
 }

 if ( ! is_array( $issue_counts ) || ! $issue_counts ) {
         $issue_counts = array(
                 'good'        => 0,
                 'recommended' => 0,
                 'critical'    => 0,
         );
 }

 $site_health_count = sprintf(
         '<span class="menu-counter site-health-counter count-%s"><span
 class="count">%s</span></span>',
         $issue_counts['critical'],
         number_format_i18n( $issue_counts['critical'] )
 );
 }}}

 An error occurs when **critical** value is not a number.
 I think this values is usually only number but in my case was string.

 wp-admin/includes/ajax-actions.php line 5445 - 5455
 {{{#!php
 function wp_ajax_health_check_site_status_result() {
         check_ajax_referer( 'health-check-site-status-result' );

         if ( ! current_user_can( 'view_site_health_checks' ) ) {
                 wp_send_json_error();
         }

         set_transient( 'health-check-site-status-result', wp_json_encode(
 $_POST['counts'] ) );

         wp_send_json_success();
 }
 }}}

 I think probably that OWASP ZAP requests the string.
 I think that not enough validation when save for transient data(health-
 check-site-status-result).

 The error can be with the following code
 {{{#!php
 add_action( 'admin_footer' , 'example_admin_footer' );

 function example_admin_footer() {

   ?>
   <script>
   jQuery(function( $ ) {

     const _wpnonce = '<?php echo esc_js( wp_create_nonce( 'health-check-
 site-status-result' ) ); ?>';

     const counts = {
       'critical': 'test',
       'good': 3,
       'recommended': 8
     };

     $.ajax({
       type: 'post',
       url: ajaxurl,
       data: {
         'action': 'health-check-site-status-result',
         '_wpnonce': _wpnonce,
         'counts': counts
       }
     }).done( function( xhr ) {

       console.log(xhr);

     });

   });
   </script>
   <?php

 }

 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61577>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform