mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-04-01 18:52:34 +02:00
Code Issues Actions 22 Packages Projects Releases Wiki Activity

Widgets: Prevent infinite loop in PHP8+ if the URL for the widget instance is incorrectly defined

Browse Source 
This checks to make sure $link isn't empty before attempting to manipulate it.  A simple test to demonstrate this can be seen at https://3v4l.org/PgSZg. Unit tests for both what already works and what is fixed by this change.

Props hellofromTonya, dd32, peterwilsoncc.
Fixes #53278.



git-svn-id: https://develop.svn.wordpress.org/trunk@51107 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron Jorbin 2021-06-08 19:34:28 +00:00
parent d0daedb0ac
commit d5dcf8fab7
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/widgets.php
View File

@ -1565,7 +1565,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
echo '<ul>';
foreach ( $rss->get_items( 0, $items ) as $item ) {
$link = $item->get_link();
while ( stristr( $link, 'http' ) !== $link ) {
while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) {
$link = substr( $link, 1 );
}
$link = esc_url( strip_tags( $link ) );

4
src/wp-includes/widgets/class-wp-widget-rss.php
View File

@ -50,7 +50,7 @@ class WP_Widget_RSS extends WP_Widget {
}
$url = ! empty( $instance['url'] ) ? $instance['url'] : '';
while ( stristr( $url, 'http' ) !== $url ) {
while ( ! empty( $url ) && stristr( $url, 'http' ) !== $url ) {
$url = substr( $url, 1 );
}
@ -74,7 +74,7 @@ class WP_Widget_RSS extends WP_Widget {
$title = strip_tags( $rss->get_title() );
}
$link = strip_tags( $rss->get_permalink() );
while ( stristr( $link, 'http' ) !== $link ) {
while ( ! empty( $link ) && stristr( $link, 'http' ) !== $link ) {
$link = substr( $link, 1 );
}
}