Undefined array key “HTTP_HOST”

According to this support forum the issue is known, but for some reason I don’t understand, the topics are getting closed as resolved while it remains.

• Undefined array key “HTTP_HOST” by makkabi 2 years, 2 months ago
• PHP notice when running wp-cron by hakre (me) 1 year ago

Vendor replies are always friendly, but for what remains, only adding confusion what the fix release politics are.

Therefore just another report against WP Simple 301 Redirects Version 2.0.8. The script is parsed and executed by PHP 8.0.30 (cli).

When running in cron mode, this plugin spills a warning on the PHP SAPI diagnostic channel:

PHP Warning: Undefined array key “HTTP_HOST” in /var/www/…/wp-content/plugins/simple-301-redirects/wp-simple-301-redirects.php on line 173

Please note: In cron, any output, including the diagnostic channel, goes into reporting. Just mentioning this, because it would be really helpful if this will be fixed upstream, so that upgrading the plugin would not lead again into noise in reporting.

This correlates to the get_address() function that accesses the PHP SAPI dependent $_SERVER array unchecked (line 173):

    164                 /**
    165                  * getAddress function
    166                  * utility function to get the full address of the current request
    167                  * credit: https://www.phpro.org/examples/Get-Full-URL.html
    168                  * @access public
    169                  * @return void
    170                  */
    171                 public function get_address() {
    172                         // return the full address
    173                         return $this->get_protocol().'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
    174                 } // end function get_address

The fix is rather trivial in terms of warning suppression, just don’t access $_SERVER array members if they do not exist. The directly following get_protocol() is an example of how such an isset()-check could look like (line 180 in the same file):

    175 
    176                 public function get_protocol() {
    177                         // Set the base protocol to http
    178                         $protocol = 'http';
    179                         // check for https
    180                         if ( isset( $_SERVER["HTTPS"] ) && strtolower( $_SERVER["HTTPS"] ) == "on" ) {
    181                                 $protocol .= "s";
    182                         }
    183 
    184                         return $protocol;
    185                 } // end function get_protocol

As both functions (methods) follow each other, we could assume that at least one editor of that file – in past or present – did knew about a way to handle it (or at least were able by chance or accident). May I suggest to find out who it was and consult them if you need technical assistance with this?

If in case looking for an already reported fix, find the posting makkabi by 1 year, 10 months ago suggesting to insert isset() checks.

Another fix is to prefix the dollar signs ($) that follow the string concatenation operator (.) with the error suppression operator (@) on that line, here as a sed command line:

$ sed -i '173s/\.\$/\.@\$/g' wp-content/plugins/simple-301-redirects/wp-simple-301-redirects.php
# no output, sed (GNU sed) 4.2.2

As this continues to come up, it might require a plugin to patch this plugin, because it took now already more than two years and it seems that having Emojis in a plugin readme is of more importance and in the focus, perhaps on a level similar to friendly replies in the support forums. Which are nice, but it’s more than two years let alone reported in the Wordpess support forums.

Is there any intend to fix this? If so, how would the planning/scheduling of it look like in terms of blockers and an estimation of fix release version/date? Do you have any needs or requirements? Do you accept patches for this (with a more serious fix)? Which PHP versions do you need to support?