Bug #19699
closed
Non-static method RemoveXSS::RemoveXSS() cannot be called statically
Added by Markus Blaschke almost 16 years ago.
Updated about 6 years ago.
Description
MailformPlus will produce the fatal error (but it's not MailformPlus, it's in the TYPO3 Core):
PHP Fatal error: Non-static method RemoveXSS::RemoveXSS() cannot be called statically, assuming $this from incompatible context in TYPO3_SRC/t3lib/class.t3lib_div.php on line 383
t3lib_div:
public function removeXSS($string) {
require_once(PATH_typo3.'contrib/RemoveXSS/RemoveXSS.php');
$string = RemoveXSS::RemoveXSS($string);
return $string;
}
removeXSS.php:
class RemoveXSS {
function RemoveXSS($val) {
[...]
}
}
(issue imported from #M9945)
Files
I have this issue as well. Functionality worked fine at PHP 5.2.5, but when I upgraded to 5.2.8 I got this error in scope of th_mailformplus and sr_freecap
If you will run it on PHP4 everything will be fine, because every method in PHP4 is static by default if you do not use $this inside the method.
Also in our case RemoveXSS::RemoveXSS() it's constructor for php4 (compatible mode - if php5 can't find construct() it will search for function __CLASS), so it's can't be static.
So, we need to define default empty constructor for php5.
removeXSS.php:
class RemoveXSS {
function __construct() {}
static function RemoveXSS($val) {
[...]
}
}
but if we will use "static" keyword it wouldn't work fine for php4, so, we need to choose which version of php to use. I vote for PHP5. I think RemoveXSS and t3lid_div have a lot of legacy code and definitely need to be refactored. Also TYPO3 v4.2.x oriented to "GoPHP5" initiative, so, I think we need to forget about PHP4 support and use all power of PHP5.
I made small patch on my working copy and my local svn, so, revision number is differ to real typo3 repository and this patch might not working for everyone.
sorry about that, but i have no ability to fix it with real revision number in patch text, but i hope moderators will review it and fix it a bit.
I made a patch creating the object with "new" to match the PHP5 syntax. For some reasons it seems PHP 5.2.8 does not support the old style construction call. E.G.
Change -> RemoveXSS::RemoveXSS($string)
To -> new RemoveXSS($string)
This must be done in "class.t3lib_div.php" as well as in "class.tx_thmailformplus_pi1.php"
Someone responsible for the mentioned files please update this or use the fix Michael submitted if it seems more reasonable.
Hi, Paul.
Your solution is pretty good. I like it. It's compatible with PHP4 and PHP5.
But seems it will be pretty hard to fix all calls of RemoveXSS constructor. For our case it's enough to fix only two files, but in case of more 3rd part extensions used RemoveXSS they should be fixed too.
Maybe core developers has any idea how to deal with it?
TYPO3 does not create new objects with "new" keyword!
So Paul's patch won't be accepted.
A fix should work across TYPO3 versions, e.g. running 4.1 an PHP5 and 4.2 on PHP5, too.
I think my patch will work fine with TYPO3 4.x on PHP5 and wouldn't work on PHP4 because of "static" keyword.
- integrate a method "public static process($val)" in class RemoveXSS for 4.2
- use RemoveXSS($val) as wrapper for process($val) for 4.2 (like it's done for 4.3)
- integrate the __constructor() hack and define it as @deprecated
- use RemoveXSS::process($val) in t3lib_div
- Status changed from Resolved to Closed
Also available in: Atom
PDF