Bug #101525
closed
foreach() argument must be of type array|object, null given in MvcPropertyMappingConfigurationService.php
0%
Description
In our log files we see those erros a few times a day:
(1/1) #1476107295 TYPO3\CMS\Core\Error\Exception PHP Warning: foreach() argument must be of type array|object, null given in typo3_src/typo3_src-11.5.30/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php line 147
This is an extbase / fluid list view.
Here is a sample request.
?tx_rsmpress_list[__referrer][%40extension]=Rsmpress
&tx_rsmpress_list[__referrer][%40vendor]=RSM
&tx_rsmpress_list[__referrer][%40controller]=Message
&tx_rsmpress_list[__referrer][%40action]=list
&tx_rsmpress_list[__referrer][arguments]=YTowOnt9e040d2f4e53a183bc4dd114962f85091fb657230
&tx_rsmpress_list[__referrer][%40request]=a%3A4%3A{s%3A10%3A"%40extension"%3Bs%3A8%3A"Rsmpress"%3Bs%3A11%3A"%40controller"%3Bs%3A7%3A"Message"%3Bs%3A7%3A"%40action"%3Bs%3A4%3A"list"%3Bs%3A7%3A"%40vendor"%3Bs%3A3%3A"RSM"%3B}b25d2b7377de66bbe9b91df012987004255d09cd
&tx_rsmpress_list[__trustedProperties]=a%3A0%3A{}f7ef143576e2a243c81263679b9422dd99b931d0
&tx_rsmpress_list[search][keywords]=impfung
&tx_rsmpress_list[search][from]=
&tx_rsmpress_list[search][to]=
&tx_rsmpress_list[search][ministry]=0
PCP-Code:
MvcPropertyMappingConfigurationService.php : Line 145
$trustedProperties = json_decode($serializedTrustedProperties, true);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
In this case $trustedProperties is null
Maybe this should be checked before?
$trustedProperties = json_decode($serializedTrustedProperties, true);
if ($trustedProperties && is_array($trustedProperties)){
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
}
Updated by Christian Kuhn over 1 year ago
- Sprint Focus set to On Location Sprint
Updated by Max Frerichs over 1 year ago
I've taken a look at it and although I was not able to reproduce it but the string in __trustedProperties looks like it's serialized, but trustedProperties are actually JSON-encoded. Even if you remove everything from within a f:form ViewHelper, that could contain a property attribute, this should not happen.
The only two ways this could happen, that came into my mind:
1. Some bad guys saved an older version of the website (before switch from serialize to json_encode/json_decode for Extbase arguments) and tried to send this form (e.g. spammers).
2. Some custom property-mapping configuration that I don't understand, has been done.
Nevertheless, it's a good idea imo to catch this case. I think, checking for an array before foreach() should be sufficient.
Updated by Oliver Klee over 1 year ago
There already is a change that solves a similar problem - maybe we can use/continue that?
Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80322
Updated by Max Frerichs over 1 year ago
Oliver Klee wrote in #note-3:
There already is a change that solves a similar problem - maybe we can use/continue that?
Yes, we should use that. I agree with you and Benjamin, that throwing an exception is the cleanest solution.
Updated by Christian Kuhn over 1 year ago
- Is duplicate of Bug #97337: Empty $trustedProperties cause a PHP warning added