PHP Warning: Undefined array key “HTTP_HOST” in template-functions.php

  • EncodeDotHost

    (@encodedothost)


    8 months ago

    Plugin Version: 10.6.0
    WordPress Version: 6.8.2
    PHP Version: 8.3

    Issue Description:
    The WP Travel plugin is generating PHP warnings due to unsafe access of the $_SERVER['HTTP_HOST'] superglobal variable in the wptravel_posts_filter() function.

    Error Message:

    PHP Warning: Undefined array key "HTTP_HOST" in /wp-content/plugins/wp-travel/inc/template-functions.php on line 2388

    Problem Location:
    File: wp-content/plugins/wp-travel/inc/template-functions.php
    Function: wptravel_posts_filter()
    Line: 2388

    Problematic Code:

    $current_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

    Root Cause:
    The code directly accesses $_SERVER['HTTP_HOST'] without checking if it exists first using isset(). The HTTP_HOST key may not be available in certain environments such as:

    • CLI/WP-CLI execution
    • Cron jobs
    • Certain server configurations
    • API requests without proper headers

    Impact:

    • PHP warnings appearing in error logs
    • Potential issues in CLI environments or automated tasks
    • Poor user experience due to warnings

    Suggested Fix:
    Replace the unsafe variable access with proper isset() checks:

    // Current problematic code:
$current_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

// Suggested secure fix:
$protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https' : 'http';
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost';
$uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
$current_url = $protocol . '://' . $host . $uri;

    Steps to Reproduce:

    1. Run WordPress in a CLI environment (WP-CLI commands)
    2. Execute cron jobs
    3. Check error logs for the warning

    Expected Behavior:
    No PHP warnings should be generated, and the function should handle missing server variables gracefully.

    Additional Notes:
    This follows WordPress and PHP best practices for safely accessing superglobal variables. The fix maintains all existing functionality while preventing the warning.

    • This topic was modified 8 months ago by EncodeDotHost. Reason: Typo
Viewing 1 replies (of 1 total)
  • Plugin Author WP Travel

    (@wptravel)

    8 months ago

    Hello @encodedothost,

    Thank you for reaching out to the WP Travel team and for sharing such a detailed report of the issue.

    We have forwarded the information you provided to our development team, and they are already working on a fix. This issue will be addressed in the upcoming update, and we will notify you as soon as the release is available.

    We truly appreciate you bringing this to our attention. If you have any further questions or concerns in the meantime, please don’t hesitate to reach out we’re always here to help.

    Thank you again for your patience and understanding.

Viewing 1 replies (of 1 total)

The topic ‘PHP Warning: Undefined array key “HTTP_HOST” in template-functions.php’ is closed to new replies.