Skip to content

Fix fatal in is_oversize_media when usage data is a string#1176

Open
PatelUtkarsh wants to merge 3 commits into
cloudinary:developfrom
PatelUtkarsh:bugfix/is-oversize-media-string-offset
Open

Fix fatal in is_oversize_media when usage data is a string#1176
PatelUtkarsh wants to merge 3 commits into
cloudinary:developfrom
PatelUtkarsh:bugfix/is-oversize-media-string-offset

Conversation

@PatelUtkarsh
Copy link
Copy Markdown
Contributor

@PatelUtkarsh PatelUtkarsh commented May 22, 2026

Error

PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
  in php/class-media.php:451

Triggered on PHP 8.x when any front-end request resolves an attachment URL (e.g. Elementor's get_the_post_thumbnail_url() during wp_head) while the plugin is not yet connected to Cloudinary, or when the usage API returns a non-array response. In those cases Connect::$usage['media_limits'] is a string, and is_oversize_media() dereferenced it without checking.

Approach

  • Resolve $connect->usage once and verify media_limits is an array containing the requested key before dereferencing.
  • When limits aren't available, treat the asset as not oversize and cache the result, matching the defensive pattern already used in Connect::get_usage_stat().
  • Reuse the resolved $limit for the size_format() message and drop the duplicate $max_size recompute.

QA notes

  1. On a PHP 8.1+ site, install and activate the plugin without entering Cloudinary credentials.
  2. Visit a front-end page that renders a post thumbnail (Elementor theme reproduces it most reliably).
  3. Before the fix: fatal Cannot access offset of type string on string in class-media.php:451.
  4. After the fix: page renders normally; attachments are served by WordPress.
  5. Connect the plugin to Cloudinary and confirm oversize detection still works (upload a file larger than the plan limit and confirm the sync_error post meta is set with the expected message).

@PatelUtkarsh
Fix fatal in is_oversize_media when usage data is a string
82ffa44 
When Cloudinary is not yet connected (or the usage API returns an
unexpected non-array response), Connect::$usage['media_limits'] can be
a string. PHP 8.x then fatals with 'Cannot access offset of type string
on string' as soon as any front-end request resolves an attachment URL
(e.g. Elementor's get_the_post_thumbnail_url during wp_head).

Guard the lookup and treat the asset as not oversize when limits are
unavailable, matching the defensive pattern already used in
Connect::get_usage_stat().
@PatelUtkarsh PatelUtkarsh changed the title Fix fatal in is_oversize_media when usage data is a string Fix fatal in is_oversize_media when usage data is a string May 22, 2026
@PatelUtkarsh
Guard remaining consumers of usage / last_usage against string values
c4e24b4 
When the Cloudinary usage API has never returned a valid response (fresh
install, expired credentials, or a transient API error), both
`Connect::$usage` and the persisted `last_usage` setting can be a string
rather than the expected array. PHP 8.x then fatals with 'Cannot access
offset of type string on string' in any code that dereferences these
without checking.

This adds defensive checks alongside the existing Media::is_oversize_media
fix:

- Plan_Details::plan() (php/ui/component/class-plan-details.php): bail
  to empty plan/requests values when last_usage is not an array.
- settings-sidebar.php Account status description: guard the plan name
  access.
- Special_Offer::is_special_offer_available(): return false when
  last_usage isn't a usable array.
- Connect::usage_stats(): only cache derived max image/video sizes when
  media_limits is actually an array, so a stringy API response doesn't
  poison the transient and last_usage option for the rest of the hour.
@PatelUtkarsh
Harden additional stored-state consumers against non-array values
44d6133 
Following the usage/last_usage fix, audit found the same PHP 8.x
'Cannot access offset of type string on string' / 'foreach on string'
hazard in other code paths that read from get_option / get_transient
and immediately dereference or iterate the result:

- Connect::history(): $history option may be a string; reset to array
  before doing $history[$plan][$date] lookups. Also defend the
  $plan resolution when $this->usage or $this->credentials is
  unexpected.
- Sync_Queue::get_thread_queue(): thread option may be a string;
  reset to defaults before array_merge.
- Cron::load_schedule(): cron schedule option may be a string;
  reset to array before foreach and guard inner item type.
- WPML::wp_generate_attachment_metadata(): transient may be a
  scalar; cast to array before the $data[$id] check.

These are defensive guards only - normal happy-path behaviour is
unchanged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PatelUtkarsh