Fatal error from does_user_have_multisite_capability function

  • Resolved chelseycontier

    (@chelseycontier)


    4 months, 2 weeks ago

    Hello,

    We’re getting a fatal error caused by the capability check in the does_user_have_multisite_capability function.

    We’re running a multi-multi-network setup, and super-admin users are unable to load the user list due to a critical error (https://smile.d.pr/i/13xXYk). Admins are able to view the user list because the 2FA status column is not available to them so doesn’t appear to trigger the error.

    In the error logs, we’ve gotten the following: “PHP message: PHP Fatal error: Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, bool given in /www/oursite/public/wp-content/plugins/wordfence/modules/login-security/classes/controller/permissions.php:443

    Stack trace:

    1. #0 /www/oursite/public/wp-content/plugins/wordfence/modules/login-security/classes/controller/permissions.php(443): array_key_exists(‘wf2fa_activate_…’, false)
    2. #1 /www/oursite/public/wp-content/plugins/wordfence/modules/login-security/classes/controller/users.php(195): WordfenceLS\Controller_Permissions->does_user_have_multisite_capability(Object(WP_User), ‘wf2fa_activate_…’)
    3. #2 /www/oursite/public/wp-content/plugins/wordfence/modules/login-security/classes/controller/users.php(651): WordfenceLS\Controller_Users->can_activate_2fa(Object(WP_User))
    4. #3 /www/oursite/public/wp-includes/class-wp-hook.php(324): WordfenceLS\Controller_”

    We’ve looked at the plugin code referenced in the public fuction does_user_have_multisite_capability($user, $capability). The line if (array_key_exists($capability, $capabilities) && $capabilities[$capability]) { return true; } is where our error originates because $capabilities is false so array_key_exists throws an exception. We believe that changing this line to if (is_array($capabilities) && array_key_exists($capability, $capabilities) && $capabilities[$capability]) { return true; } would resolve the issue we’re seeing.

    Are you able to help?

    Chelsey

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @chelseycontier,

    Thank you for reaching out. Can you provide more details on your multi-multi-network setup, please? Is this a WP Multi Network setup, or has this been set up another way?

    We’d also like you to run the following query in your database for us please:
    select * from wp_options where option_name like '%roles'

    You can send us the output here, or email us at wftest @ wordfence . com. If you email us, please use your forum username as the subject, and let us know when you’ve sent it.

    Thanks,
    Margaret

    Thread Starter chelseycontier

    (@chelseycontier)

    Hi Margaret,

    Thanks for getting back to me. Yes, it’s a WP Multi Network, so there’s one master network under which sit 2 WP Multisite networks.

    I’ve emailed the output of that query as you requested. Let me know if there’s anything else you need from me!

    Chelsey

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @chelseycontier,

    Thank you for sending the output. I appreciate your help with this. I have reported this to our development team who have created a case, but I can’t provide progress reports or potential release schedules here on the forums.

    Would it be possible to send us the output of that SELECT query for any subsite options tables as well, please? You can replace wp_options in the query select * from wp_options where option_name like '%roles' with the subsite options table names to query those. If you have too many subsites for this to be reasonable, please at least send us the output from any subsites throwing the critical error.

    You can send those to wftest @ wordfence . com with your forum username as the subject. Please let me know here when those are sent.

    Thanks,
    Margaret

    Thread Starter chelseycontier

    (@chelseycontier)

    Hi Margaret,

    I’ve just sent over what I could get for you. Let me know if there’s anything else you need.

    Chelsey

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @chelseycontier,

    Thank you for providing those! We tested Wordfence with a WP Multi Network, but weren’t able to reproduce the error you’re seeing. While we have a case to prevent the critical error, ideally we’d like to prevent the situation that led to it from happening altogether.

    We may not be able to make much more headway on this without reproducing it, but do you have access to WP-CLI on your hosting? We may need to ask you to run a few WP-CLI commands to give us more information.

    Thanks,
    Margaret

    Thread Starter chelseycontier

    (@chelseycontier)

    Hi Margaret,

    Appreciate you trying to get to the root of the problem! We do have WP-CLI on our hosting – what commands would you need us to run?

    Chelsey

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @chelseycontier,

    Thanks. As a warning, we advise against running WP-CLI commands if you’re unsure what the command is doing. Please let me know if you’d like a detailed explanation of what this command does, but broadly, this command displays the output of various functions.

    We’d like you to run the following for us:

    wp eval '$user = get_user_by("id", 2); $p = \WordfenceLS\Controller_Permissions::shared(); $userRoles = $p->get_multisite_roles_for_user($user); echo "get_multisite_roles_for_user({$user->ID}): "; var_export($userRoles); echo "\nget_multisite_roles: "; var_export($p->get_multisite_roles(array_keys($userRoles))); echo "\nget_blogs_of_user: "; var_export(get_blogs_of_user($user->ID)); echo "\n";'

    You will need to replace the user ID 2 in get_user_by("id", 2) with the appropriate user ID for the user throwing a critical error. You can find a user’s user ID by hovering over their name and checking the link on the Users page in WordPress. The URL will be something like domain.com/wp-admin/user-edit.php?user_id=2.

    As always, please email that output to wftest @ wordfence . com and let me know once you’ve sent that. I really appreciate the help with this!

    Thanks,
    Margaret

    Thread Starter chelseycontier

    (@chelseycontier)

    Hi Margaret,

    Thanks for sending that command over. I’m happy to look into running that and getting you the output, but it’s not individual users where we’re seeing the critical error. Rather, it’s the user list: https://smile.d.pr/i/TYpgPs — apologies if I wasn’t clear about that before. I’ve loaded up a few user pages (e.g. https://oursite.com/wp-admin/network/user-edit.php?user_id=25), and they all display as expected. I can still get you the output of that CLI command if that’s helpful, just let me know what you’d like me to do.

    Chelsey

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @chelseycontier,

    From what we were able to replicate, the error was loading the first user, and then displayed the critical error and failed to load any others. Do you have a user on the site with the username “—” or something similar? If you hover over the link for the user in your screenshot, what URL does it lead to, and does the user it links to have a different username?

    Thank you for the additional details,
    Margaret

    Thread Starter chelseycontier

    (@chelseycontier)

    Hi Margaret,

    Apologies for the long delay in getting back to you. It does appear that there was a user with the username “_”. We’ve now removed this user, along with several other users with similarly strange usernames. Unfortunately the error persists: the first user on the list is the only one that loads before hitting the critical error I previously reported.

    I’ve emailed across the WP CLI output of the command you sent across previously, though I’ve done it for the first user on our staging site (where the same issue is present).

    Let me know if there’s anything else you need from me!

    Chelsey

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @chelseycontier,

    Thanks for following up! Just in case you need to contact us in the future, I wanted to let you know that we stop monitoring for responses if we haven’t heard back after 10 days or so. I’m happy to follow up with you here, but if you open a new topic in the future and there are any delays in following up with us, please keep this in mind and open a new topic rather than responding to the old one to ensure you get a response as soon as possible.

    The issue is coming from the user role that starts with pros in the output you sent us. For some reason, this use has capabilities set to false, leading to the critical error you reported. Normally, when a user without any capabilities is created, you’ll instead see an empty array, like this:

        array (
          'name' => 'Test Role',
          'capabilities' => 
          array (
          ),

    Do you have any idea how that role was created? We haven’t seen any similar cases, but it’s possible a plugin may have created the role.

    If you’re not using that role, you could update the user’s role to the “No role for this site” option and remove the role itself, or change it so that it has an empty array of capabilities.

    Thanks,
    Margaret

    Thread Starter chelseycontier

    (@chelseycontier)

    That sorted it, thanks so much for your help!

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.