Page MenuHomePhorge

Fix PHP 8.1 "strlen(null)" exception which blocks rendering errors on Create Blueprint page
ClosedPublic

Authored by aklapper on May 23 2023, 19:25.

Details

Summary

strlen() was used in Phabricator to check if a generic value is a non-empty string.
This behavior is deprecated since PHP 8.1. Phorge adopts phutil_nonempty_string() as a replacement.

Note: this may highlight other absurd input values that might be worth correcting
instead of just ignoring. If phutil_nonempty_string() throws an exception in your
instance, report it to Phorge to evaluate and fix that specific corner case.

EXCEPTION: (RuntimeException) strlen(): Passing null to parameter #1 ($string) of type string is deprecated at [<arcanist>/src/error/PhutilErrorHandler.php:261]
arcanist(head=master, ref.master=e4fd31ec024e), phorge(head=D25240, ref.master=b1edfea09bad, ref.D25240=b1edfea09bad)
  #0 <#2> PhutilErrorHandler::handleError(integer, string, string, integer) called at [<phorge>/src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php:392]

Closes T15413

Test Plan

Applied this change on top of D25239. Afterwards, the "Create Blueprint" page on /drydock/blueprint/edit/form/default/ after pressing the "Create Blueprint" button the page correctly renders the expected error that some fields cannot be empty.

  1. Enter a commit message. #
  2. Changes: #
  3. src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php

Also, try to create extra numeric fields (like in the User application) and try to send zero or 1 using Conduit user.edit.

Diff Detail

Repository
rP Phorge
Branch
arcpatch-D25240
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 488
Build 488: arc lint + arc unit

Event Timeline

This is that kind of scary thing that deserves our phutil_string_cast() trick, since the incoming value from PhabricatorStandardCustomField is probably too much wild, probably an integer, probably a boolean, probably an object.

I will try to do some fuzzy tests to see any implosion

valerio.bozzolan requested changes to this revision.EditedMay 29 2023, 20:31

A programmer enters in a bar and orders a string

Order null

Order a "lizard"

Order the number 123...

shipit

Ouch sorry I was able to reproduce a crash creating an extra field of type numeric in an User:

echo '{
  "transactions": [
    {
      "type": "custom.mycompany:estimated-hours",
      "value": 123
    }
  ],
  "objectIdentifier": "@valerio.bozzolan"
}' | arc call-conduit --conduit-uri http://phorge.boz.local.reyboz.it/ --conduit-token <conduit-token> -- user.edit

This is my /config/edit/user.custom-field-definitions/ needed to be able to reproduce that crash:

{
  "mycompany:estimated-hours": {
    "name": "Estimated Hours",
    "type": "int",
    "instructions": "Estimated number of hours this user needs to sleep well.",
    "required": true
  }
}

Hoping to be useful see the inline comment for a proposal. I tested that proposal, without being able to cause a crash.

src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php
392–393

Proposed change:

$is_empty = phutil_string_cast($value) === '';
return $is_empty;
This revision now requires changes to proceed.May 29 2023, 20:31

Uh neat. Thanks for that testing!

speck requested changes to this revision.Jun 8 2023, 00:51
speck added inline comments.
src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php
392–393

Instead of casting to string please do a null check

This revision now requires changes to proceed.Jun 8 2023, 00:51
aklapper edited the summary of this revision. (Show Details)

Add an additional null check instead of casting to string

Thanks speck and aklapper :)

Premising that strlen() does an implicit cast indeed. So, it's just a matter of having that visible or invisible. Premising that we are not interested in knowing the length of the string and I'm somehow not a fan of that.

Thanks!

For additional context the use of the phutil function would add the intent of the value being a string so my preference is to only use it if we’re sure the variable is intended to only be of type string. Here I think it’s less clear.

Admittedly we might assume the use of strlen means the intent is already there in it being a string but that doesn’t seem to always be the case.

This revision is now accepted and ready to land.Jun 10 2023, 19:50