Changeset View
Changeset View
Standalone View
Standalone View
src/infrastructure/javelin/markup.php
Show First 20 Lines • Show All 71 Lines • ▼ Show 20 Lines | |||||
function phabricator_form(PhabricatorUser $user, $attributes, $content) { | function phabricator_form(PhabricatorUser $user, $attributes, $content) { | ||||
$body = array(); | $body = array(); | ||||
$http_method = idx($attributes, 'method'); | $http_method = idx($attributes, 'method'); | ||||
$is_post = (strcasecmp($http_method, 'POST') === 0); | $is_post = (strcasecmp($http_method, 'POST') === 0); | ||||
$http_action = idx($attributes, 'action'); | $http_action = idx($attributes, 'action'); | ||||
$is_absolute_uri = 0; | |||||
if (phutil_nonempty_string($http_action)) { | |||||
$is_absolute_uri = preg_match('#^(https?:|//)#', $http_action); | $is_absolute_uri = preg_match('#^(https?:|//)#', $http_action); | ||||
} | |||||
valerio.bozzolan: Thanks. This fix for PHP 8.1 should be very OK since the default is NULL and nothing alien… | |||||
valerio.bozzolanUnsubmitted Not Done Inline ActionsIMPORTANT: This is causing issues reported in Q53: Diffusion Repository Landing Pages - Unhandled Exception ("InvalidArgumentException") valerio.bozzolan: IMPORTANT: This is causing issues reported in {Q53} | |||||
if ($is_post) { | if ($is_post) { | ||||
// NOTE: We only include CSRF tokens if a URI is a local URI on the same | // NOTE: We only include CSRF tokens if a URI is a local URI on the same | ||||
// domain. This is an important security feature and prevents forms which | // domain. This is an important security feature and prevents forms which | ||||
// submit to foreign sites from leaking CSRF tokens. | // submit to foreign sites from leaking CSRF tokens. | ||||
// In some cases, we may construct a fully-qualified local URI. For example, | // In some cases, we may construct a fully-qualified local URI. For example, | ||||
// we can construct these for download links, depending on configuration. | // we can construct these for download links, depending on configuration. | ||||
▲ Show 20 Lines • Show All 52 Lines • Show Last 20 Lines |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0
Thanks. This fix for PHP 8.1 should be very OK since the default is NULL and nothing alien (like false) should arrive causing the related crash from the phutil check.
If an alien value will arrive causing a crash, we can just discuss that specific case again.
Since preg_match returns zero for zero matches, this seems the most appropriate fix to me.