Get WordPress

Make WordPress Core

Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#58856 closed defect (bug) (invalid)

There is str_contains() in wp-login.php.

Reported by: nendeb55's profile nendeb55 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description (last modified by costdev)

You should revert to strpos() since str_contains() is from php8.0.

WordPress6.3 RC1

wp-login.php

			} elseif ( str_contains( $redirect_to, 'about.php?updated' ) ) {
				$errors->add( 'updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what&#8217;s new.' ), 'message' );
			} elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) {
				$errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' );
			} elseif ( isset( $_GET['redirect_to'] ) && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) {

Change History (3)

#1 @costdev
13 months ago

  • Component changed from General to Login and Registration
  • Description modified (diff)
  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Severity changed from critical to normal
  • Status changed from new to closed
  • Version trunk deleted

Hi @nendeb55, thanks for opening this ticket.

str_contains() was polyfilled in WordPress 5.9 (changeset [52039]) along with several others such as str_starts_with(), str_ends_with(), array_key_first() and array_key_last().

These can all be used safely as long as /wp-includes/compat.php has been included somewhere in the callstack, which is the case with wp-login.php.

As this is used safely in the mentioned file, I'll close this ticket as invalid.

#2 @nendeb55
13 months ago

Hi @costdev
Thanks for letting me know.

#3 @costdev
13 months ago

No problem @nendeb55! 🙂

Note: See TracTickets for help on using tickets.