From e0596b5835ddf4526e4851742ab84332794a185f Mon Sep 17 00:00:00 2001 From: "K. Adam White" Date: Mon, 9 Oct 2023 14:49:26 +0000 Subject: [PATCH] REST API: Correct parsing of password from Authorization header when processing Application Password credentials. Exit early when parsing Application Password credentials if Authorization header value does not contain at least one colon. The `Authorization` Basic header must use a colon to separate the username and password components per RFC 7617, so a username-only string is malformed and should not be processed. Split `Authorization` header only on the first colon, properly handling passwords containing colons. Resolves PHP 8.0 warning when `list()` was called on an exploded credentials array containing only one element. Props kalpeshh, shooper, sc0ttkclark, jrf, mukesh27, oglekler, nicolefurlan. Fixes #57512. Built from https://develop.svn.wordpress.org/trunk@56804 git-svn-id: http://core.svn.wordpress.org/trunk@56316 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/load.php | 7 ++++++- wp-includes/version.php | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/wp-includes/load.php b/wp-includes/load.php index 77e17b3f8b..520902cdd6 100644 --- a/wp-includes/load.php +++ b/wp-includes/load.php @@ -126,7 +126,12 @@ function wp_populate_basic_auth_from_authorization_header() { $token = substr( $header, 6 ); $userpass = base64_decode( $token ); - list( $user, $pass ) = explode( ':', $userpass ); + // There must be at least one colon in the string. + if ( ! str_contains( $userpass, ':' ) ) { + return; + } + + list( $user, $pass ) = explode( ':', $userpass, 2 ); // Now shove them in the proper keys where we're expecting later on. $_SERVER['PHP_AUTH_USER'] = $user; diff --git a/wp-includes/version.php b/wp-includes/version.php index 4d5d7c74e0..138443ba43 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.4-beta2-56803'; +$wp_version = '6.4-beta2-56804'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.