[wp-trac] [WordPress Trac] #60261: Fatal error with invalid charset specified in Trackback

WordPress Trac noreply at wordpress.org
Tue Jun 11 02:11:51 UTC 2024 

#60261: Fatal error with invalid charset specified in Trackback
-------------------------------------------+---------------------
 Reporter:  dd32                           |       Owner:  (none)
     Type:  defect (bug)                   |      Status:  new
 Priority:  normal                         |   Milestone:  6.6
Component:  Pings/Trackbacks               |     Version:
 Severity:  normal                         |  Resolution:
 Keywords:  has-patch php81 needs-testing  |     Focuses:
-------------------------------------------+---------------------

Old description:

> wp-trackback.php accepts a `charset` parameter, but doesn't validate that
> the site supports it.
>
> Code is effectively this:
> https://core.trac.wordpress.org/browser/trunk/src/wp-
> trackback.php?marks=54-76#L53
> {{{
> $charset   = isset( $_POST['charset'] ) ? $_POST['charset'] : '';
> $title     = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) :
> '';
> $title     = mb_convert_encoding( $title, get_option( 'blog_charset' ),
> $charset );
> }}}
>
> `charset` ''should be'' a charset that's commonly accepted, such as
> `UTF-8`, but it could also be specified as `foobar`.
>
> This would cause a PHP Warning in PHP 7.4:
> > E_WARNING: mb_convert_encoding(): Illegal character encoding specified
> in wp-trackback.php:76
>
> and in PHP 8.1:
> > Fatal error: Uncaught ValueError: mb_convert_encoding(): Argument #3
> ($from_encoding) contains invalid encoding "FOOBAR" in wp-trackback.php
> on line 76

New description:

 wp-trackback.php accepts a `charset` parameter, but doesn't validate that
 the site supports it.

 Code is effectively this:
 https://core.trac.wordpress.org/browser/trunk/src/wp-
 trackback.php?marks=54-76#L53
 {{{
 $charset   = isset( $_POST['charset'] ) ? $_POST['charset'] : '';
 $title     = isset( $_POST['title'] ) ? wp_unslash( $_POST['title'] ) :
 '';
 $title     = mb_convert_encoding( $title, get_option( 'blog_charset' ),
 $charset );
 }}}

 `charset` ''should be'' a charset that's commonly accepted, such as
 `UTF-8`, but it could also be specified as `foobar`.

 This would cause a PHP Warning in PHP 7.4:
 > E_WARNING: mb_convert_encoding(): Illegal character encoding specified
 in wp-trackback.php:76

 and in PHP 8.0:
 > Fatal error: Uncaught ValueError: mb_convert_encoding(): Argument #3
 ($from_encoding) contains invalid encoding "FOOBAR" in wp-trackback.php on
 line 76

--

Comment (by dd32):

 @rajinsharwar Do you have the mbstring extension installed?

 Testing with https://3v4l.org/pQk0K confirms that this is a PHP8 fatal.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/60261#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list