Co-Authors-Plus icon indicating copy to clipboard operation
Co-Authors-Plus copied to clipboard
verified publisher icon Automattic

Warnings when author page somehow treated as category

Open leedxw opened this issue 9 months ago • 2 comments

Note that this issue relates to warnings generated via abnormal and unexpected requests.

We had a number of PHP warnings following someone using a vulnerability scanner against a site we run.

PHP Warning:  Undefined property: stdClass::$name in /var/www/html/wp-includes/general-template.php on line 1610
PHP Deprecated:  strip_tags(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/html/wp-includes/class-wp-hook.php on line 324
PHP Warning:  Undefined property: stdClass::$name in /var/www/html/wp-includes/general-template.php on line 3284
PHP Warning:  Undefined property: stdClass::$term_id in /var/www/html/wp-includes/general-template.php on line 3287

I could eventually reproduce the issue by appending ?x=&cat=1 to an author page for a guest author (using co-authors-plus) but not a system author. I suspect the cat= argument is causing is_category() to return true, but I can't see where the logic issue is, so I don't know if this is a bug in core or the plugin.

http://localhost/author/guest/?x=&cat=1

Triggering a stack dump:

#0 /var/www/html/wp-includes/general-template.php(1610):  errHandle()
#1 /var/www/html/wp-includes/general-template.php(1229): single_term_title()
#2 /var/www/html/wp-includes/general-template.php(1311): wp_get_document_title()
#3 /var/www/html/wp-includes/class-wp-hook.php(324): _wp_render_title_tag()
#4 /var/www/html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters()
#5 /var/www/html/wp-includes/plugin.php(517): WP_Hook->do_action()
#6 /var/www/html/wp-includes/general-template.php(3064): do_action()
#7 /var/www/html/wp-content/themes/example/layouts/main.php(18): wp_head()
#8 /var/www/html/wp-includes/template-loader.php(106): include('...')
#9 /var/www/html/wp-blog-header.php(19): require_once('...')
#10 /var/www/html/index.php(17): require('...')

leedxw avatar Mar 28 '25 12:03 leedxw

This was originally reported to https://core.trac.wordpress.org/ticket/63406

It is still occurring with 3.6.6

leedxw avatar Aug 06 '25 09:08 leedxw

wordress:63406

I believe this should be fixed in the Co-Authors Plus plugin. The plugin modifies the $wp_query in the fix_author_page method in class-coauthors-plus.php when querying guest authors, and the warnings appear only for guest authors, not for normal users. When we visit http://localhost:8889/author/guest_author/?cat=1, the initial queried_object represents cat=1 and is_category is true, but the plugin changes it to author. Therefore, setting is_category to false inside the function should resolve the issue.

leedxw avatar Aug 06 '25 09:08 leedxw