Bug #42921

t3lib_div->trimExplode fills database table sys_log

Added by Christian Finkemeier over 8 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Miscellaneous
Target version:
-
Start date:
2012-11-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

There are several uses of t3lib_div::trimExplode with wrong parameter types.

The second parameter must be a string, otherwise a php warning is stored to the sys_log database table, e.g. in tslib_fe::initFEuser (line 623) where the argument is null or in t3lib_userAuth::getAuthInfoArray (line 1299) where the argument is an integer...

This could be easily resolved by mapping the variable $string to string like this:

public static function trimExplode($delim, $string, $removeEmptyValues = FALSE, $limit = 0) {
        $explodedValues = explode($delim, (string)$string);

best regards
Christian


Related issues

Related to TYPO3 Core - Bug #50913: t3lib_div->trimExplode fills database table sys_logClosed2013-08-08

Actions
#1

Updated by Markus Klein over 8 years ago

Hi Christian,

can you please post your PHP settings. Did you activate STRICT mode?
Usually the implicit conversion from integer to string should not issue a PHP warning.

#2

Updated by Patrick Broens over 8 years ago

  • Category set to Miscellaneous
  • Status changed from New to Needs Feedback
#3

Updated by Christian Finkemeier over 8 years ago

My PHP settings for error_reporting is "E_ALL & ~E_DEPRECATED"

#4

Updated by Markus Klein over 8 years ago

That should be ok.

Can you please post the complete error message from the log and maybe a stack trace?

#5

Updated by Christian Finkemeier over 8 years ago

This is the error message from sys_log:

Core: Error handler (FE): PHP Warning: explode() expects parameter 2 to be string, null given in /typo3_src-4.5.22/t3lib/class.t3lib_div.php on line 1950

And this is an backtrace from t3lib_div::trimExplode:
require(YPO3/typo3_src-4.5.22/typo3/sysext/cms/tslib/index_ts.php),YPO3/typo3_src-4.5.22/index.php#83 // tslib_fe->initFEuser#260 // t3lib_DB->cleanIntList#623 // t3lib_div::intExplode#856 // t3lib_div::trimExplode#1913

#6

Updated by Alexander Opitz almost 8 years ago

  • Status changed from Needs Feedback to New
#7

Updated by Gerrit Code Review almost 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22327

#8

Updated by Gerrit Code Review almost 8 years ago

Patch set 1 for branch TYPO3_6-1 has been pushed to the review server.
It is available at https://review.typo3.org/22338

#9

Updated by Gerrit Code Review almost 8 years ago

Patch set 1 for branch TYPO3_6-0 has been pushed to the review server.
It is available at https://review.typo3.org/22339

#10

Updated by Gerrit Code Review almost 8 years ago

Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/22340

#11

Updated by Gerrit Code Review almost 8 years ago

Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/22341

#12

Updated by Markus Klein almost 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#13

Updated by Christian Finkemeier almost 8 years ago

Thanks for updating tslib_fe::initFEuser. But you forgot t3lib_userAuth::getAuthInfoArray :-)
It should be

@@ -1282,20 1282,24 @@ t3lib_userAuth::getAuthInfoArray
    function getAuthInfoArray() {
        $authInfo = array();
        $authInfo['loginType'] = $this->loginType;
        $authInfo['refInfo'] = parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
        $authInfo['HTTP_HOST'] = t3lib_div::getIndpEnv('HTTP_HOST');
        $authInfo['REMOTE_ADDR'] = t3lib_div::getIndpEnv('REMOTE_ADDR');
        $authInfo['REMOTE_HOST'] = t3lib_div::getIndpEnv('REMOTE_HOST');
        $authInfo['security_level'] = $this->security_level;
        $authInfo['showHiddenRecords'] = $this->showHiddenRecords;
            // can be overidden in localconf by SVCONF:
        $authInfo['db_user']['table'] = $this->user_table;
        $authInfo['db_user']['userid_column'] = $this->userid_column;
        $authInfo['db_user']['username_column'] = $this->username_column;
        $authInfo['db_user']['userident_column'] = $this->userident_column;
        $authInfo['db_user']['usergroup_column'] = $this->usergroup_column;
        $authInfo['db_user']['enable_clause'] = $this->user_where_clause();
-        $authInfo['db_user']['checkPidList'] = $this->checkPid ? $this->checkPid_value : '';
+        $authInfo['db_user']['checkPidList'] = ($this->checkPid && $this->checkPid_value)
+            ? $this->checkPid_value
+            : '';
-        $authInfo['db_user']['check_pid_clause'] = $this->checkPid ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')' : '';
+        $authInfo['db_user']['check_pid_clause'] = ($this->checkPid && $this->checkPid_value)
+            ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')'
+            : '';
        $authInfo['db_groups']['table'] = $this->usergroup_table;
        return $authInfo;
    }

#14

Updated by Markus Klein almost 8 years ago

@Christian: Indeed, I forgot about it.

Could you please file another forge issue and add this as related.
Feel free to add me as watcher as well.
Thanks.

#15

Updated by Benni Mack over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF