VideoPress shortcode fatals due to unsanitized filtered input. #40766

zinigor · 2024-12-30T15:44:45Z

Impacted plugin

Jetpack

Quick summary

This is probably happening because of some filtered input that we're not expecting in the shortcode.

Steps to reproduce

Not sure how to reproduce it besides just adding a filer that uses the same data that's visible from error logs.

A clear and concise description of what you expected to happen.

No response

What actually happened

No response

Impact

Some (< 50%)

Available workarounds?

Yes, easy to implement

If the above answer is "Yes...", outline the workaround.

No response

Platform (Simple and/or Atomic)

Atomic, Self-hosted

Logs or notes

PHP Fatal error:  Uncaught TypeError: Unsupported operand types: string % int in /wordpress/plugins/jetpack/14.2-a.3/modules/videopress/shortcode.php:136
Stack trace:
#0 /wordpress/plugins/jetpack/14.2-a.3/modules/videopress/shortcode.php(249): VideoPress_Shortcode->shortcode_callback(Array)
#1 /wordpress/core/6.7.1/wp-includes/class-wp-hook.php(324): VideoPress_Shortcode->video_shortcode_override('', Array, '', 1)
#2 /wordpress/core/6.7.1/wp-includes/plugin.php(205): WP_Hook->apply_filters('', Array)
#3 /wordpress/core/6.7.1/wp-includes/media.php(3597): apply_filters('wp_video_shortc...', '', Array, '', 1)
#4 /wordpress/core/6.7.1/wp-includes/shortcodes.php(434): wp_video_shortcode(Array, '', 'video')
#5 [internal function]: do_shortcode_tag(Array)
#6 /wordpress/core/6.7.1/wp-includes/shortcodes.php(273): preg_replace_callback('/\\[(\\[?)(video)...', 'do_shortcode_ta...', '<blockquote>\n<p...')
#7 /wordpress/core/6.7.1/wp-includes/class-wp-hook.php(324): do_shortcode('<blockquote>\n<p...')
#8 /wordpress/core/6.7.1/wp-includes/plugin.php(205): WP_Hook->apply_filters('<blockquote>\n<p...', Array)
#9 /wordpress/core/6.7.1/wp-includes/formatting.php(3965): apply_filters('the_content', '<blockquote><p>...')
#10 /wordpress/core/6.7.1/wp-includes/class-wp-hook.php(324): wp_trim_excerpt('<blockquote><p>...', Object(WP_Post))
#11 /wordpress/core/6.7.1/wp-includes/plugin.php(205): WP_Hook->apply_filters('', Array)
#12 /wordpress/core/6.7.1/wp-includes/post-template.php(436): apply_filters('get_the_excerpt', '', Object(WP_Post))
#13 /srv/htdocs/wp-content/themes/alchemists/template-parts/content-blog-1.php(62): get_the_excerpt()
#14 /wordpress/core/6.7.1/wp-includes/template.php(812): require('/srv/htdocs/wp-...')
#15 /wordpress/core/6.7.1/wp-includes/template.php(745): load_template('/srv/htdocs/wp-...', false, Array)
#16 /wordpress/core/6.7.1/wp-includes/general-template.php(206): locate_template(Array, true, false, Array)
#17 /srv/htdocs/wp-content/themes/alchemists/index.php(379): get_template_part('template-parts/...', 'blog-1')
#18 /wordpress/core/6.7.1/wp-includes/template-loader.php(106): include('/srv/htdocs/wp-...')
#19 /wordpress/core/6.7.1/wp-blog-header.php(19): require_once('/wordpress/core...')
#20 /wordpress/core/6.7.1/index.php(17): require('/wordpress/core...')
#21 {main}
  thrown in /wordpress/plugins/jetpack/14.2-a.3/modules/videopress/shortcode.php on line 136

The text was updated successfully, but these errors were encountered:

github-actions · 2024-12-30T15:47:38Z

OpenAI suggested the following labels for this issue:

[Feature Group] Content Management: The issue relates to managing content through the Jetpack plugin, specifically with handling shortcodes.
[Feature] VideoPress: This issue is directly linked to the VideoPress feature, which is causing PHP fatal errors due to unsanitized filtered input.
[Feature] Error Reporting: There is a fatal error being reported in the logs, indicating a critical need for error handling related to the functionality affected.

github-actions · 2024-12-30T15:47:39Z

This issue could use some more labels, to help prioritize and categorize our work. Could you please add at least a [Type], a [Feature], and a [Pri] label?

zinigor added [Type] Bug When a feature is broken and / or not performing as intended Needs triage Ticket needs to be triaged labels Dec 30, 2024

matticbot added the [Status] Auto-allocated label Dec 30, 2024

matticbot added this to Automattic Prioritization: The One Board ™ Dec 30, 2024

matticbot moved this to Needs Triage in Automattic Prioritization: The One Board ™ Dec 30, 2024

github-actions bot added the [Experiment] AI labels added label Dec 30, 2024

tbradsha mentioned this issue Dec 31, 2024

Resolves #40766 - Prevent TypeError in VideoPress shortcode #40790

Merged

3 tasks

github-actions bot assigned tbradsha Dec 31, 2024

github-actions bot added the [Status] In Progress label Dec 31, 2024

tbradsha closed this as completed in #40790 Jan 1, 2025

tbradsha closed this as completed in 2052ac9 Jan 1, 2025

github-project-automation bot moved this from Needs Triage to Done 🎉 in Automattic Prioritization: The One Board ™ Jan 1, 2025

github-actions bot removed the [Status] In Progress label Jan 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VideoPress shortcode fatals due to unsanitized filtered input. #40766

VideoPress shortcode fatals due to unsanitized filtered input. #40766

zinigor commented Dec 30, 2024

github-actions bot commented Dec 30, 2024

github-actions bot commented Dec 30, 2024

VideoPress shortcode fatals due to unsanitized filtered input. #40766

VideoPress shortcode fatals due to unsanitized filtered input. #40766

Comments

zinigor commented Dec 30, 2024

Impacted plugin

Quick summary

Steps to reproduce

A clear and concise description of what you expected to happen.

What actually happened

Impact

Available workarounds?

If the above answer is "Yes...", outline the workaround.

Platform (Simple and/or Atomic)

Logs or notes

github-actions bot commented Dec 30, 2024

github-actions bot commented Dec 30, 2024