Fatal error caused by posts_per_page being a non-integer

  • Resolved leedxw

    (@leedxw)


    3 months, 2 weeks ago

    I’ve been investigating a series of fatal errors on a site using the-events-calendar=6.6.0.2

    They appear to have been triggered by an attacker looking for the ability to inject code

    https://localhost/events/list/?posts_per_page=%2527

    When posts_per_page is not an integer, the following cause a php fatal error:

    PHP Fatal error:? Uncaught TypeError: Unsupported operand types: string + int in /var/www/html/wp-content/plugins/the-events-calendar/src/Tribe/Views/V2/View.php:1340

    PHP Fatal error:? Uncaught TypeError: Unsupported operand types: string * int in /var/www/html/wp-content/plugins/the-events-calendar/src/Tribe/Views/V2/View.php:1409

    PHP Fatal error:? Uncaught TypeError: array_slice(): Argument #3 ($length) must be of type ?int, string given in /var/www/html/wp-content/plugins/the-events-calendar/src/Tribe/Views/V2/Hooks.php:215
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Darian

    (@d0153)

    Hi @leedxw

    Thanks for reaching out. Let me help you with this one.

    I tried replicating the issue on my end, but it’s working as expected. If you haven’t done it yet, could you try updating your permalink to Post name, and see if that makes a difference?

    Also, it seems you’re not using the latest version of our plugins. Please try updating it to the latest version and see if that resolves the issue.

    Let me know how it goes.

    Plugin Support Darian

    (@d0153)

    Hi there,

    It appears that we haven’t heard back from you in a while, so I’ll assume that the matter has been resolved. If you need any more help, feel free to start a new thread and we’ll be happy to assist you.

    Thread Starter leedxw

    (@leedxw)

    I honestly don’t understand your reference to “permalink to post name”?

    Plugin Support Darian

    (@d0153)

    Hi @leedxw

    I’m really sorry about the mix-up.

    I tried replicating the issue that you’ve described using the latest The Events Calendar plugin and a Debug Log Manager plugin, but I could not see any Fatal errors on my end.

    I only see a warning message and not a Fatal errors when I access this URL mysite.com/events/list/?posts_per_page=%2527

    See- https://share.zight.com/12ujBoDW

    Please try updating your plugins to the latest version, and see if that makes a difference.

    If it doesn’t help, please provide steps on how I can replicate the issue further on our end and the PHP version you’re using. I want to check it further on my end.

    Looking forward to your reply.

    Plugin Support Darian

    (@d0153)

    Hi @leedxw

    I hope everything is going smoothly for you. I just wanted to touch base and inquire if you had the opportunity to review my previous response as it has been some time since we last heard from you.

    Looking forward to your reply.

    Plugin Support Darian

    (@d0153)

    Hi there,

    It seems like it has been some time since we received a response from you, therefore, I will consider this matter as resolved. If you require any further assistance, please do not hesitate to start a new thread.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.