Fatal Error on Version 6.2.1

  • Resolved Jonathan Goldford

    (@jg-visual)


    1 year, 8 months ago

    Hi, we just upgraded to version 6.2.1 and we’re seeing a fatal error when a single website user with the Administrator role (not a super admin) on a multisite installation tries to visit a network-level page that they don’t have the capabilities to access.

    In case it’s helpful, we spotted this when one of our end-to-end Cypress tests failed because the server should have returned a 403 and instead returned a 500 response.

    Here’s the error:

    PHP Fatal error: ?Uncaught Error: Call to a member function count_plusones() on null in /var/www/html/wp-content/plugins/really-simple-ssl/class-multisite.php:277

Stack trace:

#0 /var/www/html/wp-includes/class-wp-hook.php(307): rsssl_multisite->add_multisite_menu()

#1 /var/www/html/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters()

#2 /var/www/html/wp-includes/plugin.php(476): WP_Hook->do_action()

#3 /var/www/html/wp-admin/includes/menu.php(135): do_action()

#4 /var/www/html/wp-admin/network/menu.php(118): require_once('/var/www/html/w...')

#5 /var/www/html/wp-admin/admin.php(154): require('/var/www/html/w...')

#6 /var/www/html/wp-admin/network/admin.php(13): require_once('/var/www/html/w...')

#7 /var/www/html/wp-admin/network/sites.php(11): require_once('/var/www/html/w...')

#8 {main}

? thrown in /var/www/html/wp-content/plugins/really-simple-ssl/class-multisite.php on line 277

    We’re curious to hear what you think. Thanks for looking into it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    @jg-visual thanks for reporting the issue, it seems a mismatch in capability checks between the called function and caller.

    Please check if this branch resolves your issue:
    https://github.com/Really-Simple-Plugins/really-simple-ssl/tree/fix-capability-mismatch

    It includes the check in the caller function as well.

    We’ll test this, and release soon.

    Thread Starter Jonathan Goldford

    (@jg-visual)

    Thanks for tackling this so quickly @rogierlankhorst. I ran your change through our end-to-end tests and it worked correctly. I also confirmed manually that super admins can still access the settings at the network level.

    We’d prefer to wait to update the plugin on production until you all have thoroughly tested it and verified everything looks good. In the meantime, do you think the existing code will cause any issues?

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    @jg-visual We’ve tested the new release, and haven’t encountered any further issues, we’ve released the update just now.

    We’re adding lower level users logging in on multisite to our automated tests to help prevent such issues in the future.

    Thread Starter Jonathan Goldford

    (@jg-visual)

    Awesome, thanks a ton for handling that so quickly.

    The newest version of the plugin passed our tests so we’ve upgraded to use it within our multisite installation.

    I’ll go ahead and mark this one as resolved. Take care!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Fatal Error on Version 6.2.1’ is closed to new replies.