Project

General

Profile

Actions

Bug #19699

closed

Non-static method RemoveXSS::RemoveXSS() cannot be called statically

Added by Markus Blaschke almost 16 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2008-12-15
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

MailformPlus will produce the fatal error (but it's not MailformPlus, it's in the TYPO3 Core):

PHP Fatal error: Non-static method RemoveXSS::RemoveXSS() cannot be called statically, assuming $this from incompatible context in TYPO3_SRC/t3lib/class.t3lib_div.php on line 383

t3lib_div:
public function removeXSS($string) {
require_once(PATH_typo3.'contrib/RemoveXSS/RemoveXSS.php');
$string = RemoveXSS::RemoveXSS($string);
return $string;
}

removeXSS.php:
class RemoveXSS {
function RemoveXSS($val) {
[...]
}
}
(issue imported from #M9945)


Files

php5_static_error_fix.patch (790 Bytes) php5_static_error_fix.patch Administrator Admin, 2008-12-15 22:52

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #20225: RemoveXSS is incompatible with PHP 5.2.9ClosedSteffen Kamper2009-03-21

Actions
Actions #1

Updated by Michael Leibenson almost 16 years ago

I have this issue as well. Functionality worked fine at PHP 5.2.5, but when I upgraded to 5.2.8 I got this error in scope of th_mailformplus and sr_freecap

Actions #2

Updated by Michael Leibenson almost 16 years ago

If you will run it on PHP4 everything will be fine, because every method in PHP4 is static by default if you do not use $this inside the method.

Also in our case RemoveXSS::RemoveXSS() it's constructor for php4 (compatible mode - if php5 can't find construct() it will search for function __CLASS), so it's can't be static.
So, we need to define default empty constructor for php5.

removeXSS.php:
class RemoveXSS {
function __construct() {}
static function RemoveXSS($val) {
[...]
}
}

but if we will use "static" keyword it wouldn't work fine for php4, so, we need to choose which version of php to use. I vote for PHP5. I think RemoveXSS and t3lid_div have a lot of legacy code and definitely need to be refactored. Also TYPO3 v4.2.x oriented to "GoPHP5" initiative, so, I think we need to forget about PHP4 support and use all power of PHP5.

Actions #3

Updated by Michael Leibenson almost 16 years ago

I made small patch on my working copy and my local svn, so, revision number is differ to real typo3 repository and this patch might not working for everyone.
sorry about that, but i have no ability to fix it with real revision number in patch text, but i hope moderators will review it and fix it a bit.

Actions #4

Updated by Paul Bartschi almost 16 years ago

I made a patch creating the object with "new" to match the PHP5 syntax. For some reasons it seems PHP 5.2.8 does not support the old style construction call. E.G.

Change -> RemoveXSS::RemoveXSS($string)
To -> new RemoveXSS($string)

This must be done in "class.t3lib_div.php" as well as in "class.tx_thmailformplus_pi1.php"

Someone responsible for the mentioned files please update this or use the fix Michael submitted if it seems more reasonable.

Actions #5

Updated by Michael Leibenson almost 16 years ago

Hi, Paul.
Your solution is pretty good. I like it. It's compatible with PHP4 and PHP5.
But seems it will be pretty hard to fix all calls of RemoveXSS constructor. For our case it's enough to fix only two files, but in case of more 3rd part extensions used RemoveXSS they should be fixed too.
Maybe core developers has any idea how to deal with it?

Actions #6

Updated by Marcus Krause almost 16 years ago

TYPO3 does not create new objects with "new" keyword!
So Paul's patch won't be accepted.

A fix should work across TYPO3 versions, e.g. running 4.1 an PHP5 and 4.2 on PHP5, too.

Actions #7

Updated by Michael Leibenson almost 16 years ago

I think my patch will work fine with TYPO3 4.x on PHP5 and wouldn't work on PHP4 because of "static" keyword.

Actions #8

Updated by Oliver Hader almost 16 years ago

  • integrate a method "public static process($val)" in class RemoveXSS for 4.2
  • use RemoveXSS($val) as wrapper for process($val) for 4.2 (like it's done for 4.3)
  • integrate the __constructor() hack and define it as @deprecated
  • use RemoveXSS::process($val) in t3lib_div
Actions #9

Updated by Steffen Kamper over 15 years ago

resolved in #20225

Actions #10

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF