Bug #42921
closedt3lib_div->trimExplode fills database table sys_log
100%
Description
There are several uses of t3lib_div::trimExplode with wrong parameter types.
The second parameter must be a string, otherwise a php warning is stored to the sys_log database table, e.g. in tslib_fe::initFEuser (line 623) where the argument is null or in t3lib_userAuth::getAuthInfoArray (line 1299) where the argument is an integer...
This could be easily resolved by mapping the variable $string to string like this:
public static function trimExplode($delim, $string, $removeEmptyValues = FALSE, $limit = 0) { $explodedValues = explode($delim, (string)$string);
best regards
Christian
Updated by Markus Klein about 12 years ago
Hi Christian,
can you please post your PHP settings. Did you activate STRICT mode?
Usually the implicit conversion from integer to string should not issue a PHP warning.
Updated by Patrick Broens about 12 years ago
- Category set to Miscellaneous
- Status changed from New to Needs Feedback
Updated by Christian Finkemeier about 12 years ago
My PHP settings for error_reporting is "E_ALL & ~E_DEPRECATED"
Updated by Markus Klein about 12 years ago
That should be ok.
Can you please post the complete error message from the log and maybe a stack trace?
Updated by Christian Finkemeier about 12 years ago
This is the error message from sys_log:
Core: Error handler (FE): PHP Warning: explode() expects parameter 2 to be string, null given in /typo3_src-4.5.22/t3lib/class.t3lib_div.php on line 1950
And this is an backtrace from t3lib_div::trimExplode:
require(YPO3/typo3_src-4.5.22/typo3/sysext/cms/tslib/index_ts.php),YPO3/typo3_src-4.5.22/index.php#83 // tslib_fe->initFEuser#260 // t3lib_DB->cleanIntList#623 // t3lib_div::intExplode#856 // t3lib_div::trimExplode#1913
Updated by Alexander Opitz over 11 years ago
- Status changed from Needs Feedback to New
Updated by Gerrit Code Review over 11 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22327
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_6-1 has been pushed to the review server.
It is available at https://review.typo3.org/22338
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_6-0 has been pushed to the review server.
It is available at https://review.typo3.org/22339
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/22340
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/22341
Updated by Markus Klein over 11 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 28d8fae921a224e89c41657e0b8f44e195398405.
Updated by Christian Finkemeier over 11 years ago
Thanks for updating tslib_fe::initFEuser. But you forgot t3lib_userAuth::getAuthInfoArray :-)
It should be
@@ -1282,20 1282,24 @@ t3lib_userAuth::getAuthInfoArray function getAuthInfoArray() { $authInfo = array(); $authInfo['loginType'] = $this->loginType; $authInfo['refInfo'] = parse_url(t3lib_div::getIndpEnv('HTTP_REFERER')); $authInfo['HTTP_HOST'] = t3lib_div::getIndpEnv('HTTP_HOST'); $authInfo['REMOTE_ADDR'] = t3lib_div::getIndpEnv('REMOTE_ADDR'); $authInfo['REMOTE_HOST'] = t3lib_div::getIndpEnv('REMOTE_HOST'); $authInfo['security_level'] = $this->security_level; $authInfo['showHiddenRecords'] = $this->showHiddenRecords; // can be overidden in localconf by SVCONF: $authInfo['db_user']['table'] = $this->user_table; $authInfo['db_user']['userid_column'] = $this->userid_column; $authInfo['db_user']['username_column'] = $this->username_column; $authInfo['db_user']['userident_column'] = $this->userident_column; $authInfo['db_user']['usergroup_column'] = $this->usergroup_column; $authInfo['db_user']['enable_clause'] = $this->user_where_clause(); - $authInfo['db_user']['checkPidList'] = $this->checkPid ? $this->checkPid_value : ''; + $authInfo['db_user']['checkPidList'] = ($this->checkPid && $this->checkPid_value) + ? $this->checkPid_value + : ''; - $authInfo['db_user']['check_pid_clause'] = $this->checkPid ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')' : ''; + $authInfo['db_user']['check_pid_clause'] = ($this->checkPid && $this->checkPid_value) + ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')' + : ''; $authInfo['db_groups']['table'] = $this->usergroup_table; return $authInfo; }
Updated by Markus Klein over 11 years ago
@Christian: Indeed, I forgot about it.
Could you please file another forge issue and add this as related.
Feel free to add me as watcher as well.
Thanks.