invis.net

PHP Notice if WP_FAIL2BAN_PROXIES is defined but empty

If WP_FAIL2BAN_PROXIES is defined but empty, users get the following notice:

PHP Notice: Uninitialized string offset: 0 in /path/to/wp-content/plugins/wp-fail2ban/functions.php on line 209

This can be resolved by adding an additional ! empty($proxy[0]) check:

--- wp-fail2ban/functions.php
+++ wp-fail2ban-patched/functions.php
@@ -206,7 +206,7 @@
                             ? WP_FAIL2BAN_PROXIES
                             : explode(',', WP_FAIL2BAN_PROXIES);
                 foreach ($proxies as $proxy) {
-                    if ('#' == $proxy[0]) {
+                    if (! empty($proxy[0]) && '#' == $proxy[0]) {
                         continue;
                     } elseif (2 == count($cidr = explode('/', $proxy))) {
                         $net = ip2long($cidr[0]);

Thanks for the patch - you’re right, it does generate a warning. However, in this case I’m not going to patch it for two reasons:

  1. it’s already been fixed in the upcoming v4.3.4 while refactoring, and
  2. the (trivial) workaround for the existing release is “don’t do that” :wink:

That said, I’ll add a note in the docs.