Skip to:
Content

bbPress.org

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#3373 closed defect (bug) (fixed)

Avoid PHP warning on invalid input

Reported by: dd32's profile dd32 Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6.5 Priority: normal
Severity: normal Version: 2.1
Component: General Keywords: has-patch
Cc:

Description

I don't know why, but WordPress.org is getting a bunch of requests similar to this:

/support/search/the/?action[]=bbp-search-request&bbp_search=the

that triggers a PHP warning such as:

E_WARNING: wp-includes/formatting.php:2151 - strtolower() expects parameter 1 to be string, array given

that can be traced back to bbPress passing the action array to sanitize_key.

Attached patch just disregards the parameter if it's not a string.

Attachments (1)

3373.diff (996 bytes) - added by dd32 6 years ago.

Download all attachments as: .zip

Change History (4)

@dd32
6 years ago

#1 @johnjamesjacoby
6 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 2.6.5
  • Owner set to johnjamesjacoby
  • Status changed from new to assigned
  • Version set to 2.1

#2 @johnjamesjacoby
6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 7080:

Sub-Actions: add is_string() checks to bbp_get/post_request()` functions.

This commit prevents possible PHP warnings when action global variables are sent over as an array using the [] URI syntax, which is not supported.

Props dd32.

(In trunk, for 2.7.0.)

Fixes #3373.

Last edited 6 years ago by johnjamesjacoby (previous) (diff)

#3 @johnjamesjacoby
6 years ago

In 7081:

Sub-Actions: add is_string() checks to bbp_get/post_request()` functions.

This commit prevents possible PHP warnings when action global variables are sent over as an array using the [] URI syntax, which is not supported.

Props dd32.

(In branches/2.6, for 2.6.5.)

Fixes #3373.

Last edited 6 years ago by johnjamesjacoby (previous) (diff)
Note: See TracTickets for help on using tickets.