PHP Warning

  • Resolved Mark Barnes

    (@mark8barnes)


    4 years, 9 months ago

    According to my error log, this morning I experienced the following PHP warning:

    Warning: preg_replace(): Compilation failed: unmatched closing parenthesis at offset 261 in /wp-content/plugins/relevanssi/lib/excerpts-highlights.php on line 531

    No stack trace, unfortunately. Around the same time, the relevannsi log shows that a hacker was searching for phpinfo(), so probably that search (or a similar one) triggered the warning. It doesn’t seem to have an adverse effect on my site, but I thought you would like to know. This is on PHP 7.3.14 and WordPress 5.3.2, and Relevannsi 4.6.0

    PS, the support page on your website links to https://www.ads-software.com/support/topic-tag/relevanssi/?forum_id=10, rather than https://www.ads-software.com/support/plugin/relevanssi/. The former doesn’t have a “Create Topic” button, so it takes a bit of work and knowledge to raise a support request this way. Perhaps that’s deliberate!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Mikko Saari

    (@msaari)

    That’s something to do with highlighting, and there’s probably some combination of characters that when searched might cause problems. The search terms are quoted for regexes, so they shouldn’t, but I guess it’s possible there’s something even preg_quote() can’t handle.

    In any case, unless I know what the search term is that causes this error, it’s hard to do anything about it. Offset 261 suggests the search term is something ridiculously long, so it’s probably nothing a regular user would come up with, and this error is not dangerous in any sense.

    PS, no, that’s just an old link that used to work. Fixed that.

    Thread Starter Mark Barnes

    (@mark8barnes)

    Thanks for the quick reply, Mikko. If I find out more I’ll update the thread.

    Thread Starter Mark Barnes

    (@mark8barnes)

    I increased the logging details, and I’ve discovered the search terms that are causing this problem:

    index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=phpinfo&vars%5B1%5D%5B%5D=1

    Home/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=phpinfo&vars%5B1%5D%5B%5D=1

    /Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP

    I presume these are from bad actors looking for this vulnerability.

    I haven’t looked at relevanssi’s code, but perhaps there’s no double-escaping when there should be?

    Plugin Author Mikko Saari

    (@msaari)

    The problem is those backslashes. Everything else works just fine. The escaped backslashes become single backslashes when Relevanssi adds the accent variants for the letters.

    In the end the fix required was very small: https://github.com/msaari/relevanssi/commit/2d33a3628eab06d328226de846f20ebc600ee8d3

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘PHP Warning’ is closed to new replies.