Project

General

Profile

Actions

Bug #97337

closed

Empty $trustedProperties cause a PHP warning

Added by Marc Hirdes about 2 years ago. Updated 5 months ago.

Status:
Resolved
Priority:
Should have
Assignee:
Category:
Extbase
Start date:
2022-04-08
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

In extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php line 144

   $trustedProperties = json_decode($serializedTrustedProperties, true);
   foreach ($trustedProperties as $propertyName => $propertyConfiguration) {

We get a PHP warning in our error log:

Core: Error handler (FE): PHP Warning: Invalid argument supplied for foreach() in typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php line 154

This fills the error log of a customer page. The page is attacked weekly, but at the moment this is the only problem.

The solution would be to provide an empty array for the foreach loop.


Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #101525: foreach() argument must be of type array|object, null given in MvcPropertyMappingConfigurationService.phpClosed2023-08-02

Actions
Actions #1

Updated by Thomas Hohn about 1 year ago

  • Assignee set to Thomas Hohn
  • Target version set to Candidate for patchlevel
Actions #2

Updated by Gerrit Code Review about 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #3

Updated by Gerrit Code Review about 1 year ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #4

Updated by Thomas Hohn about 1 year ago

Hi @Marc Hirdes

We need more information about this issue.
Does it still occur?
Could the encryptionKey have been exposed - it could seem so since it has passed the various checks for if the HMAC
is valid?
How does the payload look?

You can email it to me at - If you are not interested in exposing it here

Actions #5

Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #6

Updated by Gerrit Code Review 12 months ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #7

Updated by Benjamin Franzke 9 months ago

The issue was reported against TYPO3 v10, which uses json encoded trusted properties.

TYPO3 v9 used (un)serialized content for extbase trusted properrties. This could be the reason for the invalid payload.

In combination with stuff like config.sendCacheHeaders it is likely that warning occured after the update, when a (user)cached page has been visited that contained serialized trusted properties.

Can you confirm, that the warning happened shortly after an update from TYPO3 v9 to v10 (and that you use browser caching via config.sendCacheHeaders (like for example bootstrap_package does))?

Actions #8

Updated by Gerrit Code Review 9 months ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #9

Updated by Christian Kuhn 9 months ago

  • Has duplicate Bug #101525: foreach() argument must be of type array|object, null given in MvcPropertyMappingConfigurationService.php added
Actions #10

Updated by Gerrit Code Review 8 months ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #11

Updated by Gerrit Code Review 6 months ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #12

Updated by Gerrit Code Review 5 months ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78002

Actions #13

Updated by Gerrit Code Review 5 months ago

Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/81718

Actions #14

Updated by Gerrit Code Review 5 months ago

Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/81719

Actions #15

Updated by Thomas Hohn 5 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF