PHP Notice if WP_FAIL2BAN_PROXIES is defined but empty

stevegrunwell · 23 September 2020 20:40

If WP_FAIL2BAN_PROXIES is defined but empty, users get the following notice:

PHP Notice: Uninitialized string offset: 0 in /path/to/wp-content/plugins/wp-fail2ban/functions.php on line 209

This can be resolved by adding an additional ! empty($proxy[0]) check:

--- wp-fail2ban/functions.php
+++ wp-fail2ban-patched/functions.php
@@ -206,7 +206,7 @@
                             ? WP_FAIL2BAN_PROXIES
                             : explode(',', WP_FAIL2BAN_PROXIES);
                 foreach ($proxies as $proxy) {
-                    if ('#' == $proxy[0]) {
+                    if (! empty($proxy[0]) && '#' == $proxy[0]) {
                         continue;
                     } elseif (2 == count($cidr = explode('/', $proxy))) {
                         $net = ip2long($cidr[0]);

wp-fail2ban · 24 September 2020 04:55

Thanks for the patch - you’re right, it does generate a warning. However, in this case I’m not going to patch it for two reasons:

it’s already been fixed in the upcoming v4.3.4 while refactoring, and
the (trivial) workaround for the existing release is “don’t do that”

That said, I’ll add a note in the docs.