Undefined index error when using WP-CLI (command line)

  • Resolved Ollie Treend

    (@ollietreend)


    9 years ago

    Hi,

    I get an undefined index error when using WP-CLI – however I suspect this will be the same for all command-line usage of WordPress. This is because $_SERVER[‘QUERY_STRING’] is not set when using WordPress via the command line.

    Here’s an example from WP-CLI which shows the error:

    root@7cfe97bb15e9:/bedrock# wp post list
PHP Notice:  Undefined index: QUERY_STRING in /bedrock/web/app/plugins/stop-user-enumeration/stop-user-enumeration.php on line 36
Notice: Undefined index: QUERY_STRING in /bedrock/web/app/plugins/stop-user-enumeration/stop-user-enumeration.php on line 36
+----+------------------------+------------------------+---------------------+-------------+
| ID | post_title             | post_name              | post_date           | post_status |
+----+------------------------+------------------------+---------------------+-------------+
| 1  | Hello world!           | hello-world            | 2016-02-15 12:27:08 | publish     |
+----+------------------------+------------------------+---------------------+-------------+

    Could you please add an isset() check before using the QUERY_STRING variable?

    Thanks

    https://www.ads-software.com/plugins/stop-user-enumeration/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Ollie Treend

    (@ollietreend)

    Hi,

    I’ve just looked a little further into this to help with the code fix.

    I propose that lines 28-41 of stop-user-enumeration.php are changed to:

    if ( ! is_admin() && isset($_SERVER['QUERY_STRING'])){
    if(preg_match('/(wp-comments-post)/', $_SERVER['REQUEST_URI']) === 0 ) {
        if (!empty($_POST['author'])) {
            ll_kill_enumeration();
        }
    }

    if(preg_match('/author=([0-9]*)/', $_SERVER['QUERY_STRING']) === 1)
    ll_kill_enumeration();
}

    I’ve made three changes here:

    • Add an isset() check at line 1 of the above snippet to avoid ‘undefined index’ error messages when there is no query string (e.g. we’re most likely running from CLI)
    • Remove duplicate nested is_admin() check – this shouldn’t be required.
    • Remove duplicate call to add_filter() – this is already performed outside of the if statement on line 43.

    Can you please review these changes and consider merging them into your plugin? I believe they’ll fix the CLI warnings bug, plus clean up the code by removing some duplication.

    Feedback welcome.

    Thanks

    Plugin Author fullworks

    (@fullworks)

    Thanks Ollie,

    I’m just wondering if it could be simplified further to remove the preg matches? As the $_POST check was added ‘later’ once WP-SCAN found a way around this plugin using POST. Perhaps it can be done with REQUEST.

    Alan

    Plugin Author fullworks

    (@fullworks)

    Thanks Ollie,

    I’m just wondering if it could be simplified further to remove the preg matches? As the $_POST check was added ‘later’ once WP-SCAN found a way around this plugin using POST. Perhaps it can be done with REQUEST.

    Alan

    Plugin Author fullworks

    (@fullworks)

    New release, the undefined index should have gone.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Undefined index error when using WP-CLI (command line)’ is closed to new replies.