Bug #98515
closedUndefined array key with symfony expression results in log entries
0%
Description
Our typo3_error.log is full with PHP-Warnings like:
Exception: PHP Warning: Undefined array key "uid" in typo3_src-11.5.16/vendor/symfony/expression-language/Node/GetAttrNode.php line 97, {"expression":"page[\"uid\"] in [1209,1210,1208,5561,5005]", "exception":"TYPO3\\CMS\\Core\\Error\\Exception: PHP Warning: Undefined array key \"uid\" in typo3_src-11.5.16/vendor/symfony/expression-language/Node/GetAttrNode.php line 97
another example:
[(request.getQueryParams()['newsletter']) && (request.getQueryParams()['newsletter']) > 0]
Expression on not defined parameters should not result in an error log entry.
Updated by Frank Nägler over 1 year ago
- Status changed from New to In Progress
- Assignee set to Frank Nägler
Updated by Gerrit Code Review over 1 year ago
- Status changed from In Progress to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76003
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76003
Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76003
Updated by Chris Müller over 1 year ago
- Has duplicate Bug #95781: PHP Warning: Undefined array key "uid" in /app/vendor/symfony/expression-language/Node/GetAttrNode.php added
Updated by Stefan Bürk over 1 year ago
This is a known issue. You should take the effort to harden your TypoScript using the traverse() workaround to mitigate these errors.
So you should replace
[(request.getQueryParams()['newsletter']) && (request.getQueryParams()['newsletter']) > 0]
with
[(traverse(request.getQueryParams(), 'newsletter')) && (traverse(request.getQueryParams(), 'newsletter')) > 0]
Kudos to the TYPO3 Documentation Team, which startet to use traverse on several TypoScript options to cover this when simply copy&paste options, also the travese option has been around and documented quite a while, see for example:
https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Conditions/Index.html#page
https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Conditions/Index.html#traverse
https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Conditions/Index.html#request
Updated by Frank Nägler over 1 year ago
Stefan Bürk wrote in #note-6:
This is a known issue. You should take the effort to harden your TypoScript using the traverse() workaround to mitigate these errors.
This is an option, I agree. But it is also only a workaround. And blow up the conditions.
The example above is a simple example, but there are more complex conditions that blow up much more.
Userfriendly looks different to me ;)
Updated by Ralph Brugger over 1 year ago
Frank Nägler wrote in #note-7:
Stefan Bürk wrote in #note-6:
This is a known issue. You should take the effort to harden your TypoScript using the traverse() workaround to mitigate these errors.
This is an option, I agree. But it is also only a workaround. And blow up the conditions.
The example above is a simple example, but there are more complex conditions that blow up much more.
Userfriendly looks different to me ;)
I agree. We have many different conditions and it is a lot of work which are blowing up our log files.
Maybe we would rewrite them all, but it would be better - for newer user of TYPO3 - to get a them working without blowing up the logs.
Updated by Daniel Siepmann over 1 year ago
Well, this is an issue of the underlying library and how it works in combination with PHP.
There were issues on symfony itself where they don't like to "fix" that as that's how it is supposed to work. That's why TYPO3 added the extra function.
I also thought it would be cool to "fix" that, but I changed my mind. It's the same as if you'd write the same in PHP. You also won't complain PHP to become more strict, but you'll fix the issue within your code and e.g. add `??` operator.
I understand that re writing a lot of conditions the same way is stupid. But rector can already do that. In fact it already migrates old condition syntax to new one. Should be possible to add the check and traverse re write to TYPO3 rector to do the job for everyone.
Updated by Martin Weymayer over 1 year ago
Same problem for me typo3 11.5.17 and php 8 and 8.1. strange thing is, if I put setup typoscript to database instead of file, there is no warning. activating same setup in file inklude I get php warning ...!?
Updated by Felix Nagel over 1 year ago
- Related to Bug #94707: Undefined array key / Trying to access array offset on value of type null / PHP Version 8.0.8 added
Updated by Chris Müller about 1 year ago
- Related to Bug #100098: PHP Warning in Backend with php 8.2 added
Updated by Sybille Peters about 1 year ago
Updated by Gerrit Code Review about 1 year ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76003
Updated by Christian Kuhn 12 months ago
- Status changed from Under Review to Rejected
rejected. see patch.
use traverse() or ?? operator to sanitize conditions.