invis.net

Patch Exception: Undefined index: author

I am not sure if bug patches belong in this category. Please move it around as needed.

On line 58 of plugins/wp-fail2ban/feature/user-enum.php XDebug catches the following error:
Exception has occurred. Notice: Undefined index: author

/**
 * @since 4.0.5 Guard
 */

if (!function_exists(__NAMESPACE__ . '\\parse_request')) {
    /**
     * Catch traditional user enum
     *
     * @see \WP::parse_request()
     *
     * @since 3.5.0 Refactored for unit testing
     * @since 2.1.0
     *
     * @param \WP   $query
     *
     * @return \WP
     */
    function parse_request($query)
    {
        if (!current_user_can('list_users') && intval(@$query->query_vars['author'])) {
            _log_bail_user_enum();
        }
        return $query;
    }

    add_filter(
        'parse_request',
        __NAMESPACE__ . '\\parse_request',
        1,
        2
    );
}

intval(@$query->query_vars['author']) should be array_key_exists('author', @$query->query_vars)

https://www.php.net/manual/en/function.array-key-exists.php

It’s not really a bug as much as XDebug being over-enthusiastic with its reporting. The worst I’d call it is some lazy (but harmless) code from way back; the @ suppresses the warning about the missing index, XDebug displays it.

Still, I may as well fix that, so 4.2.8 will have:

function parse_request($query)
{
    if (!current_user_can('list_users') &&
        array_key_exists('author', $query->query_vars) &&
        intval($query->query_vars['author']))
    {
        _log_bail_user_enum();
    }

    return $query;
}

(4.3.0 will have something a little nicer :wink: )

Note the check for an integer author query var: it breaks filtering by author name otherwise.

Thank you for the clarifications.

Thank you very much for making XDebug users’ life easier!

It’s really a great debugging tool (particularly when auto set up as in Trellis :angel:) but sometimes plugins let if fire off for, as you say, questions of quick coding.