PHP Notice: Undefined index

  • Resolved Droidism

    (@droidism)


    4 years, 2 months ago

    Hi,

    Installed Subresource Integrity (SRI) Manager on a fairly blank WP install and got the following:

    [17-Sep-2020 07:26:02 UTC] PHP Notice:  Undefined index: type in /Users/*****/Local Sites/*****/app/public/wp-content/plugins/wp-sri/wp-sri.php on line 151
[17-Sep-2020 07:26:02 UTC] PHP Stack trace:
[17-Sep-2020 07:26:02 UTC] PHP   1. {main}() /Users/*****/Local Sites/*****/app/public/wp-admin/options-general.php:0
[17-Sep-2020 07:26:02 UTC] PHP   2. require_once() /Users/*****/Local Sites/*****/app/public/wp-admin/options-general.php:10
[17-Sep-2020 07:26:02 UTC] PHP   3. require_once() /Users/*****/Local Sites/*****/app/public/wp-admin/admin.php:239
[17-Sep-2020 07:26:02 UTC] PHP   4. do_action() /Users/*****/Local Sites/*****/app/public/wp-admin/admin-header.php:116
[17-Sep-2020 07:26:02 UTC] PHP   5. WP_Hook->do_action() /Users/*****/Local Sites/*****/app/public/wp-includes/plugin.php:478
[17-Sep-2020 07:26:02 UTC] PHP   6. WP_Hook->apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:311
[17-Sep-2020 07:26:02 UTC] PHP   7. print_admin_styles() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:287
[17-Sep-2020 07:26:02 UTC] PHP   8. WP_Styles->do_items() /Users/*****/Local Sites/*****/app/public/wp-includes/script-loader.php:2018
[17-Sep-2020 07:26:02 UTC] PHP   9. WP_Styles->do_item() /Users/*****/Local Sites/*****/app/public/wp-includes/class.wp-dependencies.php:116
[17-Sep-2020 07:26:02 UTC] PHP  10. apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/class.wp-styles.php:251
[17-Sep-2020 07:26:02 UTC] PHP  11. WP_Hook->apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/plugin.php:206
[17-Sep-2020 07:26:02 UTC] PHP  12. WP_SRI_Plugin->filterTag() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:289
[17-Sep-2020 07:26:02 UTC] PHP Notice:  Trying to access array offset on value of type null in /Users/*****/Local Sites/*****/app/public/wp-content/plugins/wp-sri/wp-sri.php on line 151
[17-Sep-2020 07:26:02 UTC] PHP Stack trace:
[17-Sep-2020 07:26:02 UTC] PHP   1. {main}() /Users/*****/Local Sites/*****/app/public/wp-admin/options-general.php:0
[17-Sep-2020 07:26:02 UTC] PHP   2. require_once() /Users/*****/Local Sites/*****/app/public/wp-admin/options-general.php:10
[17-Sep-2020 07:26:02 UTC] PHP   3. require_once() /Users/*****/Local Sites/*****/app/public/wp-admin/admin.php:239
[17-Sep-2020 07:26:02 UTC] PHP   4. do_action() /Users/*****/Local Sites/*****/app/public/wp-admin/admin-header.php:116
[17-Sep-2020 07:26:02 UTC] PHP   5. WP_Hook->do_action() /Users/*****/Local Sites/*****/app/public/wp-includes/plugin.php:478
[17-Sep-2020 07:26:02 UTC] PHP   6. WP_Hook->apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:311
[17-Sep-2020 07:26:02 UTC] PHP   7. print_admin_styles() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:287
[17-Sep-2020 07:26:02 UTC] PHP   8. WP_Styles->do_items() /Users/*****/Local Sites/*****/app/public/wp-includes/script-loader.php:2018
[17-Sep-2020 07:26:02 UTC] PHP   9. WP_Styles->do_item() /Users/*****/Local Sites/*****/app/public/wp-includes/class.wp-dependencies.php:116
[17-Sep-2020 07:26:02 UTC] PHP  10. apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/class.wp-styles.php:251
[17-Sep-2020 07:26:02 UTC] PHP  11. WP_Hook->apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/plugin.php:206
[17-Sep-2020 07:26:02 UTC] PHP  12. WP_SRI_Plugin->filterTag() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:289
[17-Sep-2020 07:26:02 UTC] PHP Notice:  Undefined variable: url in /Users/*****/Local Sites/*****/app/public/wp-content/plugins/wp-sri/wp-sri.php on line 169
[17-Sep-2020 07:26:02 UTC] PHP Stack trace:
[17-Sep-2020 07:26:02 UTC] PHP   1. {main}() /Users/*****/Local Sites/*****/app/public/wp-admin/options-general.php:0
[17-Sep-2020 07:26:02 UTC] PHP   2. require_once() /Users/*****/Local Sites/*****/app/public/wp-admin/options-general.php:10
[17-Sep-2020 07:26:02 UTC] PHP   3. require_once() /Users/*****/Local Sites/*****/app/public/wp-admin/admin.php:239
[17-Sep-2020 07:26:02 UTC] PHP   4. do_action() /Users/*****/Local Sites/*****/app/public/wp-admin/admin-header.php:116
[17-Sep-2020 07:26:02 UTC] PHP   5. WP_Hook->do_action() /Users/*****/Local Sites/*****/app/public/wp-includes/plugin.php:478
[17-Sep-2020 07:26:02 UTC] PHP   6. WP_Hook->apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:311
[17-Sep-2020 07:26:02 UTC] PHP   7. print_admin_styles() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:287
[17-Sep-2020 07:26:02 UTC] PHP   8. WP_Styles->do_items() /Users/*****/Local Sites/*****/app/public/wp-includes/script-loader.php:2018
[17-Sep-2020 07:26:02 UTC] PHP   9. WP_Styles->do_item() /Users/*****/Local Sites/*****/app/public/wp-includes/class.wp-dependencies.php:116
[17-Sep-2020 07:26:02 UTC] PHP  10. apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/class.wp-styles.php:251
[17-Sep-2020 07:26:02 UTC] PHP  11. WP_Hook->apply_filters() /Users/*****/Local Sites/*****/app/public/wp-includes/plugin.php:206
[17-Sep-2020 07:26:02 UTC] PHP  12. WP_SRI_Plugin->filterTag() /Users/*****/Local Sites/*****/app/public/wp-includes/class-wp-hook.php:289
[17-Sep-2020 07:26:02 UTC] PHP Notice:  Undefined variable: url in /Users/*****/Local Sites/*****/app/public/wp-content/plugins/wp-sri/wp-sri.php on line 170
[17-Sep-2020 07:26:02 UTC] PHP Stack trace:

    WP Config:

    
### wp-core ###
version: 5.5.1
site_language: en_US
user_language: en_US
timezone: +00:00
permalink: /%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: open
environment_type: production
user_count: 1
dotorg_communication: true

### wp-paths-sizes ###
wordpress_path: /Users/*****/Local Sites/*****/app/public
wordpress_size: 43.02 MB (45106351 bytes)
uploads_path: /Users/*****/Local Sites/*****/app/public/wp-content/uploads
uploads_size: 7.95 MB (8340075 bytes)
themes_path: /Users/*****/Local Sites/*****/app/public/wp-content/themes
themes_size: 1.63 MB (1706636 bytes)
plugins_path: /Users/*****/Local Sites/*****/app/public/wp-content/plugins
plugins_size: 48.32 MB (50670715 bytes)
database_size: 3.47 MB (3637248 bytes)
total_size: 104.39 MB (109461025 bytes)

### wp-active-theme ###
name: Twenty Twenty (twentytwenty)
version: 1.5
author: the WordPress team
author_website: https://www.ads-software.com/
parent_theme: none
theme_features: core-block-patterns, widgets-block-editor, wc-product-gallery-zoom, wc-product-gallery-lightbox, wc-product-gallery-slider, woocommerce, post-thumbnails, automatic-feed-links, custom-background, custom-logo, title-tag, html5, align-wide, responsive-embeds, customize-selective-refresh-widgets, editor-color-palette, editor-font-sizes, editor-styles, widgets, menus, editor-style
theme_path: /Users/*****/Local Sites/*****/app/public/wp-content/themes/twentytwenty
auto_update: Disabled

### wp-plugins-active (6) ###
Advanced Custom Fields PRO: version: 5.9.1, author: Elliot Condon, Auto-updates disabled
Contact Form X: version: 2.0, author: Jeff Starr, Auto-updates disabled
Gutenberg: version: 9.0.0, author: Gutenberg Team, Auto-updates disabled
Subresource Integrity (SRI) Manager: author: (undefined), version: 0.3.0, Auto-updates disabled
WooCommerce: version: 4.5.2, author: Automattic, Auto-updates disabled
WordPress Importer: version: 0.7, author: wordpressdotorg, Auto-updates disabled

### wp-plugins-inactive (3) ###
Query Monitor: version: 3.6.4, author: John Blackbourn, Auto-updates disabled
Query Monitor Extend: version: 1.0, author: Caleb Stauffer, Auto-updates disabled
Show Current Template: version: 0.3.4, author: JOTAKI Taisuke, Auto-updates disabled

### wp-media ###
image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1691
imagemagick_version: ImageMagick 6.9.11-24 Q16 x86_64 2020-07-18 https://imagemagick.org
file_uploads: File uploads is turned off
post_max_size: 1000M
upload_max_filesize: 300M
max_effective_size: 300 MB
max_file_uploads: 20
imagick_limits:
    imagick::RESOURCETYPE_AREA: 24 GB
    imagick::RESOURCETYPE_DISK: 9.2233720368548E+18
    imagick::RESOURCETYPE_FILE: 6144
    imagick::RESOURCETYPE_MAP: 24 GB
    imagick::RESOURCETYPE_MEMORY: 12 GB
    imagick::RESOURCETYPE_THREAD: 1
gd_version: bundled (2.1.0 compatible)
ghostscript_version: not available

### wp-server ###
server_architecture: Darwin 17.7.0 x86_64
httpd_software: Apache/2.4.43 (Unix)
php_version: 7.4.1 64bit
php_sapi: fpm-fcgi
max_input_variables: 4000
time_limit: 1200
memory_limit: 256M
max_input_time: 600
upload_max_filesize: 300M
php_post_max_size: 1000M
curl_version: 7.54.0 LibreSSL/2.6.5
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: false

### wp-database ###
extension: mysqli
server_version: 8.0.16
client_version: mysqlnd 7.4.1

### wp-constants ###
WP_HOME: undefined
WP_SITEURL: undefined
WP_CONTENT_DIR: /Users/*****/Local Sites/*****/app/public/wp-content
WP_PLUGIN_DIR: /Users/*****/Local Sites/*****/app/public/wp-content/plugins
WP_MAX_MEMORY_LIMIT: 256M
WP_DEBUG: true
WP_DEBUG_DISPLAY: false
WP_DEBUG_LOG: true
SCRIPT_DEBUG: true
WP_CACHE: false
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_LOCAL_DEV: undefined
DB_CHARSET: utf8
DB_COLLATE: undefined

### wp-filesystem ###
wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable
mu-plugins: writable
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Meitar

    (@meitar)

    Yeah, and?

    You’ve enabled debugging output for your WordPress site and are showing me output where WP-SRI says it was given a tag without a URL to filter. There’s nothing interesting about any of this.

    Thread Starter Droidism

    (@droidism)

    What I did is install the plugin. After activation the error log appeared. That, to me at least, was interesting enough to post it in your support section.

    Anyway, thanks for your reply.

    Ciao!

    Plugin Author Meitar

    (@meitar)

    By design, the plugin begins filtering tags the moment it’s activated. Also by design, it hooks all instances where a call to the standard WordPress themeing functions produce HTML output that might need to be augmented with SRI attributes. Not all of those HTML elements should (or even could) be usefully augmented. For the ones that could be but shouldn’t be, nothing is done. For the ones that are impossible (usually because it’s being inserted in a strange or unexpected way by whatever upstream theming function is triggering the hook), we see a debug message like the ones you’re looking at. So this is pretty much normal when a site has WP_DEBUG enabled.

    I do thank you for the thought and initiative to report, though.

    As an aside, in case it’s not clear, you should absolutely disable WP_DEBUG output on any production or publicly-visible WordPress site. Leaving debug code enabled on a production site is a pretty glaring information leak vulnerability.

    Thread Starter Droidism

    (@droidism)

    Hi Meitar,

    Thanks for your feedback and your point about wp-debug. Should come in handy for folks who are not aware if this.

    Where wp-debug is used, its output isn’t saved in the normal location (wp-content/). The logs are moved to something like site/domain/logs. Public access is then denied with the help of a location block in either NGINX or Apache. Sometimes the access is denied in .htaccess, depending on the level of server access. ??

    I.e.

    <FilesMatch "\.(htaccess|htpasswd|ini|log)$">
   Order Allow, Deny
   Deny from all
</FilesMatch>

    (note to other readers: never copy blindly, but do check and confirm before adding stuff…)

    After that rotation of log files is configured to compress and remove log files after N days with the help of logrotate.

    But even with this config it is always important to know when the constants should be enabled or disabled. Sometimes cloning production to staging or even dev can help answer the “why” and “how” question.

    In the near future I will give Subresource Integrity Manager another try. There are always projects where a plugin like yours adds great value.

    Thanks again for your help!

    Ciao

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘PHP Notice: Undefined index’ is closed to new replies.