jwt-auth icon indicating copy to clipboard operation
jwt-auth copied to clipboard

Published 20 hours ago verified publisher icon usefulteam

Whitelist plugin "Illegal string offset 'slug'" in /wp-admin

Open polcats opened this issue 3 years ago • 5 comments

Hello @contactjavas,

We created a custom plugin for the whitelist filters like so:

<?php

if (!defined('WPINC')) {    die;    }
if ( ! defined( 'ABSPATH' ) ) die( 'restricted access' );

class CustomPlugin {

    public function __construct(){
        add_filter('jwt_auth_whitelist', function ( $endpoints ) {
            array_push($endpoints,'/wp-json/dummy/*');
            array_push($endpoints,'/wc-admin/*');
            array_push($endpoints,'/wc/*');
            array_push($endpoints,'/wc-auth/*');
            array_push($endpoints,'/wc-analytics/*');
            array_push($endpoints,'/wp-json/wc-admin/*');
            array_push($endpoints,'/wp-json/wc/*');
            array_push($endpoints,'/wp-json/wc-auth/*');
            array_push($endpoints,'/wp-json/wc-analytics/*');
            return $endpoints;
        });
    }
}

//======================================================
new CustomPlugin();

We were able to resolve this warning in the other areas:

[20-Apr-2021 08:46:03 UTC] PHP Warning:  Illegal string offset 'slug' in /home/dummyuser/repos/dummyproject/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php on line 149
[20-Apr-2021 08:46:03 UTC] PHP Warning:  Illegal string offset 'slug' in /home/dummyuser/repos/dummyproject/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php on line 149

The only remaining case that it appears is when we access /wp-admin, could you provide us some insight about this?

polcats avatar Apr 20 '21 09:04 polcats

Try to add */* if is_admin == true

pesseba avatar Apr 26 '21 17:04 pesseba

Try to add */* if is_admin == true

Thank you for the response @pesseba, we tried something like this but we are still getting the same error. Is this what you meant?

<?php

if (!defined('WPINC')) {    die;    }
if ( ! defined( 'ABSPATH' ) ) die( 'restricted access' );

class CustomPlugin {

    public function __construct(){
        add_filter('jwt_auth_whitelist', function ( $endpoints ) {
            array_push($endpoints,'/wp-json/dummy/*');
            array_push($endpoints,'/wc-admin/*');
            array_push($endpoints,'/wc/*');
            array_push($endpoints,'/wc-auth/*');
            array_push($endpoints,'/wc-analytics/*');
            array_push($endpoints,'/wp-json/wc-admin/*');
            array_push($endpoints,'/wp-json/wc/*');
            array_push($endpoints,'/wp-json/wc-auth/*');
            array_push($endpoints,'/wp-json/wc-analytics/*');
            
            if (is_admin()) {
                array_push($endpoints,'*/*');
            }
            
            return $endpoints;
        });
    }
}

//======================================================
new CustomPlugin();

polcats avatar Apr 30 '21 07:04 polcats

Hi @polcats, maybe I faced this problem already... The woocommerce call the rest api internally, and the jwt auth plugin has a bug for internal calls like this:

$request  = new \WP_REST_Request( 'GET', '/wc-analytics/reports' );
$response = rest_do_request( $request );

Try to change the line 94 at class-auth.php from:

if ( $enable_cors ) {

to

if ( $enable_cors && ! headers_sent() ) {

Tell me if it solved your problem... I will commit this bugfix soon.

pesseba avatar Apr 30 '21 12:04 pesseba

Hi @pesseba ,

Thank you for the response. Unfortunately, it did not resolve the issue.

We're you able to test the fix on your side?

polcats avatar May 19 '21 09:05 polcats

Closely related support thread with additional clues/pointers: https://wordpress.org/support/topic/conflict-with-woocommerce-77/

I've also experienced this issue myself. It seems like the PHP warnings are triggered when accessing a REST route that is not whitelisted.

In #33 I'm introducing a new route /token/refresh. Without the following change, each access to the new route would yield the mentioned PHP warnings in the REST response: https://github.com/usefulteam/jwt-auth/pull/33/files#diff-27e9d95354fe4c2d9eaba057b52568d7f4e1a3fed2e8bb4846f52815812396a9L481-L483

However, that change only fixes the problem for that particular PR / the plugin's own REST routes. It does not work for other routes.

You should be able to reproduce this by requesting a non-existing route within the plugin's REST namespace; e.g.:

/wp-json/jwt-auth/v1/token/example

$ curl -v -X POST -b 'refresh_token=...' https://example.com/wp-json/jwt-auth/v1/token/refresh

< HTTP/2 200 
< content-type: application/json; charset=UTF-8

<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Notice</b>:  Undefined index: slug in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Notice</b>:  Undefined index: slug in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Notice</b>:  Undefined index: slug in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Warning</b>:  Illegal string offset 'slug' in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />
<br />
<b>Notice</b>:  Undefined index: slug in <b>/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php</b> on line <b>149</b><br />

{"success":false,"statusCode":403,"code":"jwt_auth_no_auth_header","message":"Authorization header not found.","data":[]}

sun avatar Jun 29 '21 11:06 sun