[wp-trac] [WordPress Trac] #54494: Malicious requests cause warnings and, in later PHP versions, fatal errors.
WordPress Trac
noreply at wordpress.org
Tue Nov 23 10:04:06 UTC 2021
#54494: Malicious requests cause warnings and, in later PHP versions, fatal errors.
--------------------------+-----------------------------
Reporter: kavelach | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.8.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Browsing logs I stumbled upon issues generated by visits to my website
with the following path:
{{{
/user/password?name[%23markup]=assert&name[%23post_render][0]=array_map&name[%23suffix]=eval(%24_POST[c])%3B%2F%2F&name[%23type]=markup&test=true
}}}
I've spun up a completely new WP instance to test it out without any
plugins and with one of the default themes, and sure enough, the issue
still happens. I've enabled WP_DEBUG so you can see the warning:
https://wp.yuno.kavela.ch/user/password?name[%23markup]=assert&name[%23post_render][0]=array_map&name[%23suffix]=eval(%24_POST[c])%3B%2F%2F&name[%23type]=markup&test=true
In later versions of PHP, this causes a full-on fatal error, not only a
warning.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54494>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list