[wp-trac] [WordPress Trac] #64507: Fatal error when author_name is not a string
WordPress Trac
noreply at wordpress.org
Thu Jan 15 11:16:37 UTC 2026
#64507: Fatal error when author_name is not a string
--------------------------+-----------------------------
Reporter: leedxw | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Investigating 5XX errors, I see numerous fatal errors triggered because
user provided value author_name is not validated to be a string.
(HTTP-provided arguments are strings or arrays)
To reproduce:
{{{
curl -g "http://localhost/?author_name[x]=bob"
}}}
{{{
[15-Jan-2026 10:51:57 UTC] PHP Fatal error: Uncaught TypeError:
str_contains(): Argument #1 ($haystack) must be of type string, array
given in /var/www/html/wp-includes/class-wp-query.php:2422
Stack trace:
#0 /var/www/html/wp-includes/class-wp-query.php(2422): str_contains()
#1 /var/www/html/wp-includes/class-wp-query.php(3958):
WP_Query->get_posts()
#2 /var/www/html/wp-includes/class-wp.php(704): WP_Query->query()
#3 /var/www/html/wp-includes/class-wp.php(824): WP->query_posts()
#4 /var/www/html/wp-includes/functions.php(1343): WP->main()
#5 /var/www/html/wp-blog-header.php(16): wp()
#6 /var/www/html/index.php(17): require('...')
#7 {main}
thrown in /var/www/html/wp-includes/class-wp-query.php on line 2422
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64507>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list