Page MenuHomePhorge

Fix PHP 8.1 "strlen(null)" and "explode()" exceptions which block rendering Administrator Account Creation page

Authored by aklapper on May 2 2023, 18:55.
Referenced Files
Unknown Object (File)
Wed, May 22, 08:15
Unknown Object (File)
Fri, May 10, 13:14
Unknown Object (File)
Tue, May 7, 08:16
Unknown Object (File)
Sun, May 5, 22:41
Unknown Object (File)
Fri, May 3, 16:44
Unknown Object (File)
Thu, May 2, 22:17
Unknown Object (File)
Wed, May 1, 12:41
Unknown Object (File)
Tue, Apr 30, 06:18



strlen() was used in Phabricator to check if a generic value is a non-empty string.
This behavior is deprecated since PHP 8.1. Phorge adopts phutil_nonempty_string() as a replacement.

Note: this may highlight other absurd input values that might be worth correcting
instead of just ignoring. If phutil_nonempty_string() throws an exception in your
instance, report it to Phorge to evaluate and fix that specific corner case.

Similarly, explode(string $separator, string $string, int $limit) does not accept
passing null instead of an actual string as input parameter either anymore.

Closes T15284

Test Plan

Applied these two changes. Afterwards, admin user account was created and Phorge homepage rendered in web browser on a fresh installation.

Diff Detail

rP Phorge
Lint Not Applicable
Tests Not Applicable

Event Timeline

aklapper requested review of this revision.May 2 2023, 18:55

I am not sure about the assumption I made about the false return value of isRawCacheDataValid().

Thanks for this patch

To me it seems that your assumption is totally legit

I tested this locally and this does not introduce nuclear implosions

I accept as behalf of myself and not as O1 since I shared some strong positive facts but Phorge probably deserves a stronger opinion


✅ I logged this variable with phlog() to verify that $cookie just assumes values like null or strings like "1683107655,/" etc.

The function phutil_nonempty_string() will report any alien type, and that is OK.


Before PHP 8.1 this was happening, when $data was null:

$parts = explode(',', null, 2);                      // array('')
$version = reset($parts);                            // string(0) ""
return ($version === $this->getCacheVersion($user)); // false

Also note that $this->getCacheVersion($user) seems that it never returns an empty string so this is really always false when $data is null


Internal note: this method never returns an empty string or null

valerio.bozzolan retitled this revision from Fix PHP 8.1 "strlen(null)" and "explode" exceptions which block rendering Administrator Account Creation page to Fix PHP 8.1 "strlen(null)" and "explode()" exceptions which block rendering Administrator Account Creation page.May 4 2023, 12:34
valerio.bozzolan edited the summary of this revision. (Show Details)

Thanks. Also here maybe better a minimal strict short-circuit check like

if ($data === null) {
  return false;

To avoid type juggling with string "0" etc.

Add minimal strict short-circuit check as proposed by Valerio

Thanks for updating

I tested this intensively locally doing login / logout etc. without any nuclear implosion

Thanks for this patch that seems 100% legit to me


This revision is now accepted and ready to land.May 19 2023, 14:31