Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

esc_html is not safe to use (exception loop) #418

Closed
yangm97 opened this issue May 12, 2023 · 3 comments · Fixed by #422
Closed

esc_html is not safe to use (exception loop) #418

yangm97 opened this issue May 12, 2023 · 3 comments · Fixed by #422

Comments

@yangm97
Copy link

yangm97 commented May 12, 2023

Not sure which wordpress version introduced this behavior but I'm using wordpress 6.2 and esc_html() calls wp_check_invalid_utf8() which calls get_option() that ends up making a wp_cache_get() call.

Not only does this bring the whole site down but it also ends up obfuscating whatever the real issue is.

You should be able to reproduce this with bad redis credentials/server down/whatever.

Stack trace:
#0 /var/www/html/web/wp/wp-includes/option.php(165): wp_cache_get('notoptions', 'options')
#1 /var/www/html/web/wp/wp-includes/formatting.php(1107): get_option('blog_charset')
#2 /var/www/html/web/wp/wp-includes/formatting.php(4577): wp_check_invalid_utf8('WP Redis: ERR A...')
#3 /var/www/html/web/app/plugins/wp-redis/object-cache.php(1471): esc_html('WP Redis: ERR A...')
#4 /var/www/html/web/app/plugins/wp-redis/object-cache.php(1205): WP_Object_Cache->_exception_handler(Object(Exception))
#5 /var/www/html/web/app/plugins/wp-redis/object-cache.php(1510): WP_Object_Cache->_connect_redis()
#6 /var/www/html/web/app/plugins/wp-redis/object-cache.php(215): WP_Object_Cache->__construct()
#7 /var/www/html/web/wp/wp-includes/load.php(750): wp_cache_init()
#8 /var/www/html/web/wp/wp-settings.php(131): wp_start_object_cache()
#9 /var/www/html/web/wp-config.php(9): require_once('/var/www/h in /var/www/html/web/app/plugins/wp-redis/object-cache.php on line 139"
@pwtyler
Copy link
Member

pwtyler commented May 12, 2023

Confirming, is the fatal error before the stack trace PHP Fatal error: Uncaught Error: Call to a member function get() on null in /app/wp-content/plugins/wp-redis/object-cache.php:139, or a different fatal error? This seems related, if not the same as #410.

@yangm97
Copy link
Author

yangm97 commented May 12, 2023

After removing esc_html from the exception handler I could see I got an authentication error because the password was blank (just like #359 but I'm using PHP 7.4.12 instead), so I worked around the issue by changing the redis configuration to require a password.

#410 seems like an issue on its own but the stack trace got messed up because of the exception loop reported here.

This was referenced May 12, 2023
Closed
Open
Merged
@pwtyler pwtyler linked a pull request May 15, 2023 that will close this issue
Release 1.4.2 #422
Merged
@pwtyler
Copy link
Member

pwtyler commented May 15, 2023

This is fixed in 1.4.2, now live on .org

@pwtyler pwtyler closed this as completed May 15, 2023
@roborourke roborourke mentioned this issue Apr 1, 2024
Open
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Release 1.4.2 pantheon-systems/wp-redis
2 participants
@yangm97 @pwtyler