Page MenuHomePhorge
Differential D25748

Fix PHP 8.1 "strlen(null)" exception on LDAP login without password
ClosedPublic
Actions

Authored by aklapper on Jul 26 2024, 14:46.
Tags
None
Referenced Files
F3313693: D25748.1743220978.diff
Fri, Mar 28, 04:02
F3309505: D25748.1743185584.diff
Thu, Mar 27, 18:13
F3300675: D25748.1743044783.diff
Wed, Mar 26, 03:06
F3300071: D25748.1743033128.diff
Tue, Mar 25, 23:52
F3294833: D25748.1742944871.diff
Mon, Mar 24, 23:21
F3291129: D25748.1742876768.diff
Mon, Mar 24, 04:26
F3287256: D25748.1742818523.diff
Sun, Mar 23, 12:15
F3285310: D25748.1742798651.diff
Sun, Mar 23, 06:44
View All 22 Files
Subscribers
Cigaryno
Matthew
tobiaswiese
valerio.bozzolan

Details

Reviewers
valerio.bozzolan
Group Reviewers
O1: Blessed Committers
Maniphest Tasks
T15893: PHP 8.1 "strlen(null)" exception for LDAP login without password
Commits
rP7909f6a91937: Fix PHP 8.1 "strlen(null)" exception on LDAP login without password
Summary

strlen() was used in Phabricator to check if a generic value is a non-empty string.
This behavior is deprecated since PHP 8.1. Phorge adopts phutil_nonempty_string() as a replacement.

Note: this may highlight other absurd input values that might be worth correcting
instead of just ignoring. If phutil_nonempty_string() throws an exception in your
instance, report it to Phorge to evaluate and fix that specific corner case.

Note: This patch also corrects two further strlen() occurrences with the same pattern.

ERROR 8192: strlen(): Passing null to parameter #1 ($string) of type string is deprecated at [/var/www/html/phorge/phorge/src/applications/auth/provider/PhabricatorLDAPAuthProvider.php:145]

Closes T15893

Test Plan

Create an LDAP user without setting their password; try to log into Phabricator with that user via the LDAP auth provider.

Diff Detail

Repository
rP Phorge
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

aklapper created this revision.Jul 26 2024, 14:46
Owners added a reviewer: O1: Blessed Committers.Jul 26 2024, 14:46
Herald added subscribers: Cigaryno, Matthew, valerio.bozzolan, tobiaswiese. · View Herald TranscriptJul 26 2024, 14:46
aklapper requested review of this revision.Jul 26 2024, 14:46
Harbormaster completed remote builds in B1458: Diff 2275.Jul 26 2024, 14:46
valerio.bozzolan accepted this revision.Jul 26 2024, 16:09

Thaaaanks. I wonder why $has_password has a dedicated variable, and instead $has_username has not 🤔

Feel free to introduce $has_username if your moon isn't full right now 👍 both for readability and micro-optimization.

This revision is now accepted and ready to land.Jul 26 2024, 16:09
aklapper added a comment.Jul 26 2024, 19:31

The $password variable is not a string anymore in the line after. I guess it's not much more expensive to check if the string $username is nonempty versus comparing to a boolean value

valerio.bozzolan added a comment.Jul 26 2024, 20:37

Yup. Laaaand

Closed by commit rP7909f6a91937: Fix PHP 8.1 "strlen(null)" exception on LDAP login without password. · Explain WhyJul 27 2024, 04:47
This revision was automatically updated to reflect the committed changes.
aklapper added a commit: rP7909f6a91937: Fix PHP 8.1 "strlen(null)" exception on LDAP login without password.

Revision Contents
Changeset List

PathSizePackages
src/
applications/
auth/
provider/
6 linesO1: Blessed Committers

Diff 2276

View Options

src/applications/auth/provider/PhabricatorLDAPAuthProvider.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0