[Bug Report] Trying to access array offset on value of type bool wordfenceURLHoo

  • Resolved gmariani405

    (@gmariani405)


    1 year, 6 months ago

    Looks like it doesn’t handle bad URLs properly in wordfenceURLHoover.php. In the captureURL() function, it assumes that $url is always a valid URL. There needs to be a check to see if parse_url returns false otherwise the preg_match will try to access properties on a boolean. I ran into this when a spam url in some comments tripped it up:

    It tried to parse on the following URL and threw that error:

    http:///1?Q?rf??c???^[email protected]?
    [Sep 08 09:22:03:1694179323.147047:1:error] Trying to access array offset on value of type bool (2) File: /chroot/home/USER/ACCOUNT/html/wp-content/plugins/wordfence/lib/wordfenceURLHoover.php Line: 114
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @gmariani405, thanks for bringing this up.

    We have had a similar report of a URL like that, but the user at that time couldn’t supply us with the URL that caused it. If you’re able to email us the file that contains the bad URL (so that we don’t lose any characters that copy/pasting or posting here may strip out), that will help us address the issue.

    Simply add your username to the subject line, attach the file, send it to wftest @ wordfence . com, and reply here when you’ve sent it, our QA team can take a look.

    Many thanks,
    Peter.

    Thread Starter gmariani405

    (@gmariani405)

    I’ve sent the sample file as requested, hopefully that helps.

    Plugin Support wfpeter

    (@wfpeter)

    We have submitted that to the QA team to check over for our future developments. I appreciate you being able to send that to help us out!

    Peter.

    Thread Starter gmariani405

    (@gmariani405)

    For those finding this ticket in the future. There was an image file that in the raw data had some characters that mimicked the pattern of a URL by sheer chance.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Bug Report] Trying to access array offset on value of type bool wordfenceURLHoo’ is closed to new replies.