We have frequent requests from a crawler which uses untypical formed (but seemingly still valid) URLs like
144.76.166.xxx - - [13/Jan/2020:11:32:14 +0100] "GET ?utm_medium=link&utm_campaign=navigation_hp HTTP/1.1" 301 4656 "-" "Mozilla/5.0 (compatible; Molescrape Skyscraper; +http://www.molescrape.com/)"
The / of the path element after GET and before the ? is missing. This results in a PHP notice:
[13-Jan-2020 10:32:14 UTC] PHP Notice: Undefined index: path in /usr/www/xxxx/wp-content/plugins/advanced-access-manager/application/Service/Uri.php on line 101
Function authorizeUri() uses wp_parse_url() to separate the URL segments. But as the path is empty $uri['path'] is not set. This is not checked before using it. Would be nice to add the check, so the error log is not spammed by this error message.
Nevertheless WP core does fail to check this, too. There are several old threads which try to deal with this problem (https://core.trac.wordpress.org/ticket/39827 or https://core.trac.wordpress.org/ticket/34353#comment:14) but a proper solution would need to refactor the whole bootstrap process of WP as the returned values of PHP function parse_url() are not always checked if they exist.