Paths

Table of Contentst

Fix PHP 8.1 "strlen(null)" exception which blocks rendering errors on Create Blueprint page
ClosedPublic
Actions

Authored by aklapper on May 23 2023, 19:25.

Details

Reviewers

valerio.bozzolan
speck

Group Reviewers

O1: Blessed Committers

Maniphest Tasks

T15413: PHP 8.1 "json_decode(null)" exception blocks creating Almanac Hosts blueprint in Drydock

Commits

rPc553692d452b: Fix PHP 8.1 "strlen(null)" exception which blocks rendering errors on Create…

Summary

strlen() was used in Phabricator to check if a generic value is a non-empty string.
This behavior is deprecated since PHP 8.1. Phorge adopts phutil_nonempty_string() as a replacement.

Note: this may highlight other absurd input values that might be worth correcting
instead of just ignoring. If phutil_nonempty_string() throws an exception in your
instance, report it to Phorge to evaluate and fix that specific corner case.

EXCEPTION: (RuntimeException) strlen(): Passing null to parameter #1 ($string) of type string is deprecated at [<arcanist>/src/error/PhutilErrorHandler.php:261]
arcanist(head=master, ref.master=e4fd31ec024e), phorge(head=D25240, ref.master=b1edfea09bad, ref.D25240=b1edfea09bad)
  #0 <#2> PhutilErrorHandler::handleError(integer, string, string, integer) called at [<phorge>/src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php:392]

Closes T15413

Test Plan

Applied this change on top of D25239. Afterwards, the "Create Blueprint" page on /drydock/blueprint/edit/form/default/ after pressing the "Create Blueprint" button the page correctly renders the expected error that some fields cannot be empty.

Enter a commit message. #
Changes: #
src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php

Also, try to create extra numeric fields (like in the User application) and try to send zero or 1 using Conduit user.edit.

Diff Detail

Repository

rP Phorge

Branch

arcpatch-D25240

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 488
Build 488: arc lint + arc unit

Event Timeline

aklapper created this revision.May 23 2023, 19:25

Owners added a reviewer: O1: Blessed Committers.May 23 2023, 19:25

Herald added subscribers: Cigaryno, Matthew, valerio.bozzolan and 2 others. · View Herald TranscriptMay 23 2023, 19:25

aklapper requested review of this revision.May 23 2023, 19:25

Harbormaster completed remote builds in B448: Diff 796.May 23 2023, 19:25

This is that kind of scary thing that deserves our phutil_string_cast() trick, since the incoming value from PhabricatorStandardCustomField is probably too much wild, probably an integer, probably a boolean, probably an object.

I will try to do some fuzzy tests to see any implosion

A programmer enters in a bar and orders a string

Order null

Order a "lizard"

Order the number 123...

shipit

Ouch sorry I was able to reproduce a crash creating an extra field of type numeric in an User:

echo '{
  "transactions": [
    {
      "type": "custom.mycompany:estimated-hours",
      "value": 123
    }
  ],
  "objectIdentifier": "@valerio.bozzolan"
}' | arc call-conduit --conduit-uri http://phorge.boz.local.reyboz.it/ --conduit-token <conduit-token> -- user.edit

This is my /config/edit/user.custom-field-definitions/ needed to be able to reproduce that crash:

{
  "mycompany:estimated-hours": {
    "name": "Estimated Hours",
    "type": "int",
    "instructions": "Estimated number of hours this user needs to sleep well.",
    "required": true
  }
}

Hoping to be useful see the inline comment for a proposal. I tested that proposal, without being able to cause a crash.

src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php
392–393	Proposed change: $is_empty = phutil_string_cast($value) === ''; return $is_empty;

This revision now requires changes to proceed.May 29 2023, 20:31

valerio.bozzolan edited the test plan for this revision. (Show Details)May 29 2023, 20:33

Uh neat. Thanks for that testing!

Harbormaster completed remote builds in B488: Diff 853.May 30 2023, 11:16

aklapper edited the summary of this revision. (Show Details)May 30 2023, 14:59

speck requested changes to this revision.Jun 8 2023, 00:51

speck added inline comments.

src/infrastructure/customfield/standard/PhabricatorStandardCustomField.php
392–393	Instead of casting to string please do a null check

This revision now requires changes to proceed.Jun 8 2023, 00:51

aklapper edited the summary of this revision. (Show Details)Jun 10 2023, 15:09

Add an additional null check instead of casting to string

Harbormaster completed remote builds in B528: Diff 918.Jun 10 2023, 15:10

Thanks speck and aklapper :)

Premising that strlen() does an implicit cast indeed. So, it's just a matter of having that visible or invisible. Premising that we are not interested in knowing the length of the string and I'm somehow not a fan of that.

Thanks!

For additional context the use of the phutil function would add the intent of the value being a string so my preference is to only use it if we’re sure the variable is intended to only be of type string. Here I think it’s less clear.

Admittedly we might assume the use of strlen means the intent is already there in it being a string but that doesn’t seem to always be the case.

This revision is now accepted and ready to land.Jun 10 2023, 19:50

Closed by commit rPc553692d452b: Fix PHP 8.1 "strlen(null)" exception which blocks rendering errors on Create…. · Explain WhyJun 10 2023, 20:58

This revision was automatically updated to reflect the committed changes.

aklapper added a commit: rPc553692d452b: Fix PHP 8.1 "strlen(null)" exception which blocks rendering errors on Create….