Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mb_check_encoding use can raise a fatal error in some environments #6524

Closed
aaemnnosttv opened this issue Feb 2, 2023 · 10 comments
Closed

mb_check_encoding use can raise a fatal error in some environments #6524

aaemnnosttv opened this issue Feb 2, 2023 · 10 comments
Labels
Exp: SP P0 High priority Type: Bug Something isn't working Type: Support Support request

Comments

@aaemnnosttv
Copy link
Collaborator

aaemnnosttv commented Feb 2, 2023
edited
Loading

Bug Description

In #5868 we implemented a fix which resolves redirect issues on sites using internationalized domain names (IDN). This involves the use of a core PHP multibyte string function which may not exist on some environments. While the mbstring module is commonly enabled, it is not enabled by default so we cannot rely on it to be generally available.

WordPress polyfills a few mb_* functions, (e.g. mb_substr, and mb_strlen) but not all of them.

Steps to reproduce

  • Reproducing this requires the mbstring PHP module to be disabled
  • Various actions could raise this error as the hooked function runs during wp_validate_redirect which itself is called by various functions, notably wp_safe_redirect()
  • E.g. disconnect your user in Site Kit and navigate to the splash page
  • Change the googlesitekit-splash in the URL to googlesitekit-dashboard and then attempt to navigate to that URL to invoke the redirect
  • See error

Support topics

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

Implementation Brief

  • Remove the allowed_redirect_hosts filter callback from Plugin
  • Reimplement the existing behavior from the Authentication::allowed_redirect_hosts method
    • Parse the site's hostname with URL::parse instead of (wp_)parse_url functions can have problems with multibyte hostnames (see Permuting site URLs can fail for some domains and environments #4776)
      • Note: we probably want to use admin_url as the URL to parse here rather than the home_url for accuracy. The hosts should be the same because SK does not support them being different but this is more accurate because SK only does redirects within WP admin
    • Replace the use of mb_check_encoding with the same is_ascii check we use in Module::permute_site_hosts

Test Coverage

  • Add test coverage for the behavior in AuthenticationTest perhaps by testing a number of redirects using wp_safe_redirect with ascii + unicode domains and ensure the destination location is as expected (see RedirectException in our tests for examples)

QA Brief

Changelog entry

  • Fix potential errors raised when the mbstring PHP extension is not loaded.
@aaemnnosttv aaemnnosttv added Type: Bug Something isn't working Type: Support Support request P0 High priority labels Feb 2, 2023
@aaemnnosttv
Copy link
Collaborator Author

One solution here would be to include the symfony/polyfill-mbstring package (v1.19 supports down to PHP 5.3) although if we can replace this with one of our other methods that don't rely on this, that may be better.

@felixarntz
Copy link
Member

IB ✅

@felixarntz felixarntz removed their assignment Feb 2, 2023
@jamesozzie
Copy link
Collaborator

jamesozzie commented Feb 3, 2023
edited
Loading

Just an update on the impacted site, reported via the WordPress support forums:

@aaemnnosttv For those who have the ability to configure PHP modules, would enabling mbstring be something worth checking?

@aaemnnosttv
Copy link
Collaborator Author

@aaemnnosttv For those who have the ability to configure PHP modules, would enabling mbstring be something worth checking?

@jamesozzie sure, that would fix the issue too, although I'm guessing most users wouldn't have that option.

@jamesozzie
Copy link
Collaborator

Good to know, thanks @aaemnnosttv.

@aaemnnosttv aaemnnosttv self-assigned this Feb 3, 2023
@aaemnnosttv aaemnnosttv mentioned this issue Feb 3, 2023
Merged
18 tasks
@aaemnnosttv aaemnnosttv removed their assignment Feb 3, 2023
@jaschawilcox
Copy link

@aaemnnosttv For those who have the ability to configure PHP modules, would enabling mbstring be something worth checking?

@jamesozzie sure, that would fix the issue too, although I'm guessing most users wouldn't have that option.

Confirming that installing php-mbstring in my Ubuntu 20.04 environment instantly resolved this issue.

sudo apt install php-mbstring

@bamnet
Copy link

bamnet commented Feb 5, 2023

Got paged my blog was down, presumably after a plugin auto update, and found this error. If you can't install mbstring quickly, you can bring your site back online by hacking in wp-content/plugins/google-site-kit/includes/Plugin.php

Look for mb_check_encoding and short-circuit it. I did this:

if ( true || mb_check_encoding( $wpp['host'], 'ASCII' ) ) {

@tofumatt tofumatt assigned tofumatt and unassigned tofumatt Feb 6, 2023
@wpdarren wpdarren self-assigned this Feb 6, 2023
@wpdarren
Copy link
Collaborator

wpdarren commented Feb 8, 2023
edited
Loading

QA Update: ⚠️

@aaemnnosttv I am trying to recreate the issue with the site you gave me access to. When I change the URL to wp-admin/admin.php?page=googlesitekit-dashboard and then navigate to that URL, I am redirected to wp-admin/admin.php?page=googlesitekit-splash and no error appears in the console or on screen. This is on the latest release (1.93.0)

I would ideally like to recreate it so I can verify that the issue is resolved.

I am assuming that the mbstring PHP module is disabled on this site?

c.c. @tofumatt

@aaemnnosttv
Copy link
Collaborator Author

@wpdarren it is disabled but I didn't realize the polyfill plugin was still active which fills the gap there. I've since disabled it so this should be ready to test again 👍

@aaemnnosttv aaemnnosttv removed their assignment Feb 8, 2023
@wpdarren
Copy link
Collaborator

wpdarren commented Feb 8, 2023
edited
Loading

QA Update: ✅

Verified:

  • I was able to recreate the issue when changing the googlesitekit-splash in the URL to googlesitekit-dashboard and then attempting to navigate to that URL.
  • When I switched to the main branch, and ran through the same steps, no error appeared. The URL redirected to googlesitekit-splash successfully. I also checked console and no new warnings or errors appeared.
  • Used a site with IDNs.
    • When setting up Site Kit without Analytics, I was redirected to Site Kit dashboard.
    • When setting up Site Kit with an Analytics account for the domain, I was redirected to the Site Kit dashboard.
    • When setting up AdSense, Tag Manager and Optimize, I was redirected to the Site Kit dashboard.

Related to the IDN. There were a few bugs discovered during testing #5868 and these are highlighted in #6435.

Screenshots

image
image

@wpdarren wpdarren removed their assignment Feb 8, 2023
@jamesozzie jamesozzie mentioned this issue Feb 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Exp: SP P0 High priority Type: Bug Something isn't working Type: Support Support request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@bamnet @tofumatt @aaemnnosttv @felixarntz @jaschawilcox @jamesozzie @wpdarren