After PHP 8.1 the function rawurlencode() does not accept anymore the null value.
Thus return an empty string when the input parameter is null instead of passing the input parameter to rawurlencode().
Closes T15263
Details
Details
- Reviewers
valerio.bozzolan - Group Reviewers
O1: Blessed Committers - Maniphest Tasks
- T15263: PHP 8.1 "rawurlencode(null)" exception in phutil_escape_uri
- Commits
- rARCd47289622650: Fix PHP 8.1 "rawurlencode(null)" exception which blocks rendering a project page
Diff Detail
Diff Detail
- Repository
- rARC Arcanist
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
| src/utils/utils.php | ||
|---|---|---|
| 1890–1895 | Since this is a low-level function it's probably better to just check the exact null value and exclude that. Also, since this function always returned a string, it's probably better to just return a string. | |
Comment Actions
I would like to see a full stack trace for this thought, since the function is annotated to only receive a string, and null is not a string, so we should not pass null to it if possible.
Comment Actions
Makes sense! (This ticket was filed before I managed to get good traces.) Stacktrace added to T15263.
Comment Actions
Since my inline edit is probably too much confusing,
In short I just suggest this short-circuit that replicates the behavior before PHP 8.1:
function phutil_escape_uri($string) {
+ if($string === null) {
+ return '';
+ }
return str_replace('%2F', '/', rawurlencode($string));
}If you want easy extra points, maybe this can be even more nice, using phlog():
function phutil_escape_uri($string) {
+ if($string === null) {
+ phlog("Received phutil_escape_uri(NULL). Please share this stack trace in https://we.phorge.it/T15263");
+ return '';
+ }
return str_replace('%2F', '/', rawurlencode($string));
}Comment Actions
Also in this patch @aklapper feel free to update this, to maintain authorship
Or, feel free to say "yeah whatever, just update this with the proposed fix". In that case I will probably also "Commander" the revision in order to be the author since my "tip" here is too much invasive compared with the original (but in this case I will not be able to approve myself and see this landed quickly)
Comment Actions
If you want easy extra points, maybe this can be even more nice, using phlog():
As I reported in T15263, $string can be null and in my understanding being null is a valid situation. Thus I would not add phlog.
Comment Actions
Thanks aklapper for this change!
Yep I 100% agree with your assertion but I mean that some code may use this part in "unexpected ways", for example passing a PhutilURI object or something else.
So,
I accept this as myself since I honestly think this is 100% OK, as this 100% replicates the pre-deprecation expectations.
but, I cannot accept as behalf of O1 since very probably @avivey would like to suggest to put a nice phlog() (ihih) here to monitor incoming unexpected objects (like is happening in D25157).
Comment Actions
@valerio.bozzolan: Ah, thanks. If there is an assumption that string passed to phutil_escape_uri($string) shall never ever be null and in that case there is always an underlying bug to fix (that wasn't clear to me), then I'd say adding a phlog() makes sense if it automagically includes a stacktrace and has clear instructions what a random Phorge admin seeing that log entry is supposed to do (like "Unexpected null string passed to phutil_escape_uri. Please report a bug at https://we.phorge.it/maniphest/ and mention T15263 in your task.") Okay.
Comment Actions
Thanks for this patch and your semplification
Since this does not use phutil_nonempty_string() or phutil_nonempty_stringlike(), since this is just a reasonable strict NULL check, since this is the very minimal fix required for PHP 8.1 deprecation, since this has 100% backward compatibility, and since I tested this locally without nuclear implosions, even if it would be nice to understand who is calling this with NULL values, I think this is really too much to ask here from this low-level function used here and there.
Any person that would like to improve the calls is free to do that, with follow-up patches.
In the meanwhile, thanks.
Green light.
