[wp-trac] [WordPress Trac] #63434: Warning logged if wp-login.php action is given as an array
WordPress Trac
noreply at wordpress.org
Mon May 12 09:52:20 UTC 2025
#63434: Warning logged if wp-login.php action is given as an array
------------------------------------+-----------------------------
Reporter: leedxw | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 6.8
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
An attacker has caused a warning to be logged by providing an array for
the login action
{{{
PHP Warning: Array to string conversion in /var/www/html/wp-login.php on
line 509
}}}
To reproduce
{{{
curl -F user_login=x "http://localhost/wp-login.php?action[]=lostpassword"
}}}
Suggested patch
{{{
--- wp-login.php.dist 2025-05-12 09:44:24.926044462 +0000
+++ wp-login.php 2025-05-12 09:51:03.969310149 +0000
@@ -480,5 +480,5 @@
*/
-$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login';
+$action = ( isset( $_REQUEST['action'] ) && is_string (
$_REQUEST['action'] ) ) ? $_REQUEST['action'] : 'login';
$errors = new WP_Error();
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63434>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list