Our downstream Phorge installation enjoys folks accessing random fuzzy URIs, sometimes throwing errors in our logs.
- Go to https://phabricator.wikimedia.org/rPHAB5d4970d6b24ac98f50990cddd5151291c10855fa and go to https://phabricator.wikimedia.org/rPHAB5d4970d6b24ac98f50990cddd5151291c10855fa?service=oqkbu
- The latter triggers a bunch of ugly exceptions.
[2024-10-01 14:25:08] EXCEPTION: (RuntimeException) Trying to access array offset on value of type null at [<arcanist>/src/error/PhutilErrorHandler.php:273] arcanist(), ava(), phorge(), translations(), wmf-ext-misc() #0 <#2> PhutilErrorHandler::handleError(integer, string, string, integer, array) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:662] #1 <#2> DiffusionServeController::getRequestDirectoryPath(PhabricatorRepository) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:509] #2 <#2> DiffusionServeController::isReadOnlyRequest(PhabricatorRepository) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:284] #3 <#2> DiffusionServeController::serveRequest(AphrontRequest) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:99] #4 <#2> DiffusionServeController::handleRequest(AphrontRequest) called at [<phorge>/src/aphront/AphrontController.php:71] #5 <#2> AphrontController::delegateToController(DiffusionServeController) called at [<phorge>/src/applications/diffusion/controller/DiffusionController.php:27] #6 <#2> DiffusionController::willBeginExecution() called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:271] #7 phlog(RuntimeException) called at [<phorge>/src/aphront/handler/PhabricatorDefaultRequestExceptionHandler.php:41] #8 PhabricatorDefaultRequestExceptionHandler::handleRequestThrowable(AphrontRequest, RuntimeException) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:751] #9 AphrontApplicationConfiguration::handleThrowable(RuntimeException) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:296] #10 AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:204] #11 AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phorge>/webroot/index.php:35] [2024-10-01 14:25:08] EXCEPTION: (PhutilAggregateException) Encountered a processing exception, then another exception when trying to build a response for the first exception.\n - PhabricatorDataNotAttachedException: Attempting to access attached data on PhabricatorUser (via getAlternateCSRFString()), but the data is not actually attached. Before accessing attachable data on an object, you must load and attach it.\n \n Data is normally attached by calling the corresponding needX() method on the Query class when the object is loaded. You can also call the corresponding attachX() method explicitly.\n - RuntimeException: Trying to access array offset on value of type null at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:316] arcanist(), ava(), phorge(), translations(), wmf-ext-misc() #0 <#4> PhutilErrorHandler::handleError(integer, string, string, integer, array) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:662] #1 <#4> DiffusionServeController::getRequestDirectoryPath(PhabricatorRepository) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:509] #2 <#4> DiffusionServeController::isReadOnlyRequest(PhabricatorRepository) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:284] #3 <#4> DiffusionServeController::serveRequest(AphrontRequest) called at [<phorge>/src/applications/diffusion/controller/DiffusionServeController.php:99] #4 <#4> DiffusionServeController::handleRequest(AphrontRequest) called at [<phorge>/src/aphront/AphrontController.php:71] #5 <#4> AphrontController::delegateToController(DiffusionServeController) called at [<phorge>/src/applications/diffusion/controller/DiffusionController.php:27] #6 <#4> DiffusionController::willBeginExecution() called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:271] #7 <#3> PhabricatorLiskDAO::assertAttached(string) called at [<phorge>/src/applications/people/storage/PhabricatorUser.php:1000] #8 <#3> PhabricatorUser::getAlternateCSRFString() called at [<phorge>/src/applications/people/storage/PhabricatorUser.php:1012] #9 <#3> PhabricatorUser::newCSRFEngine() called at [<phorge>/src/applications/people/storage/PhabricatorUser.php:990] #10 <#3> PhabricatorUser::getCSRFToken() called at [<phorge>/src/infrastructure/javelin/markup.php:129] #11 <#3> phabricator_form(PhabricatorUser, array, array) called at [<phorge>/src/view/AphrontDialogView.php:478] #12 <#3> AphrontDialogView::render() called at [<phorge>/src/aphront/response/AphrontDialogResponse.php:17] #13 <#3> AphrontDialogResponse::buildResponseString() called at [<phorge>/src/applications/base/controller/PhabricatorController.php:275] #14 <#3> PhabricatorController::willSendResponse(AphrontDialogResponse) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:300] #15 <#2> AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:204] #16 <#2> AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phorge>/webroot/index.php:35] #17 phlog(PhutilAggregateException) called at [<phorge>/src/aphront/response/AphrontUnhandledExceptionResponse.php:32] #18 AphrontUnhandledExceptionResponse::setException(PhutilAggregateException) called at [<phorge>/webroot/index.php:46]
Code does if ($request->getExists('service')) { $service = $request->getStr('service'); } but lacks shielding against bogus data.