-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fatal error when integer cookie key is added for loggedin user #985
Comments
Wow, great catch...
... And a great question. It's not obvious, because it doesn't live in the vendor directory, but we're actually using a third party library here (WP Background Processing). So, it feels like we should fix this upstream. I'm a little unsure, though, if in this case that means WP Background Processing or if it means WordPress, but I can see a bug report has already been logged for WordPress so perhaps we should wait on the outcome there. We could also patch this ourselves, as a temporary measure, but that's less ideal. May I ask, did you find this by accident/after exploration of your own, or are real-world users encountering the problem? |
Many thanks @barryhughes (u r the best)
Yes I know that and we already used this package before using Action Scheduler, and I was thinking of opening an issue there.
We solved it temporary using the following helper code:
I will open an issue and even create a PR there at https://github.com/deliciousbrains/wp-background-processing hope things go faster there and then will notify you here so we can update that here too. Thanks. |
Excellent, thank you @engahmeds3ed 👍🏼 |
Placing on hold while we watch for the outcome of the following upstream reports: |
Real-world users are encountering the problem, my team and I are an example of users in the wild seeing this problem, our Wordpress website uses third-party plugins that are bundled with ActionScheduler. New Relic alerted us to a series of daily intermittent 500 fatal errors, some identical to the one posted to this thread by @engahmeds3ed and some referencing other plugins bundled with ActionScheduler. We contacted the plugins' support teams and @engahmeds3ed was kind enough to raise the issue here, thank you @engahmeds3ed and @barryhughes |
@engahmeds3ed should we add this helper code to our Wordpress functions.php file? |
@tdmkld After doing some tests, I found that removing those integer keys will be better so you can try using the following snippet:
Plz try testing it in a staging site before going live. |
@engahmeds3ed thank you for the updated snippet, much appreciated.
|
@engahmeds3ed I have created an alternative filter that converts any cookie key or value that is not a string into a string representation of that value. I have been testing it in our staging environment:
|
@engahmeds3ed I've added the hook above as a custom plugin, we've been monitoring our sites' logs all afternoon, the fatal errors involving cookies with integer keys have not resurfaced and as far as I can tell this solution has not introduced any new errors, well done and many thanks! |
Looks like a fix should land in WP 6.5. Let's keep this open (for visibility) until then—after that we can close. |
Steps to reproduce:
Root cause:
This is happening because we pass the cookies as it without any sanitization here:
action-scheduler/lib/WP_Async_Request.php
Line 154 in 44b4fde
Do u think that we need to sanitize it here? or it's out of AS responsibility?
Thanks.
The text was updated successfully, but these errors were encountered: