From 9488fe2ed7841bffc322c6c9afeb9fc3e2bd0a42 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Wed, 1 Jun 2022 17:25:34 +0200 Subject: [PATCH] Avoid passing a null value to PHP functions where another type is expected. PHP 8.1 deprecates this feature. Closes pull-request #149 and closes #150 --- htdocs/cmd.php | 2 +- htdocs/export_form.php | 2 +- htdocs/login.php | 3 +-- htdocs/password_checker.php | 4 ++-- htdocs/schema.php | 6 +++--- lib/PLAAttribute.php | 4 ++-- lib/PageRender.php | 16 ++++++++-------- lib/Query.php | 2 +- lib/Template.php | 9 ++++++--- lib/TemplateRender.php | 2 +- lib/ds.php | 3 ++- lib/ds_ldap.php | 6 +++--- lib/functions.php | 9 +++++++++ lib/schema_functions.php | 14 +++++++------- lib/xmlTemplates.php | 4 ++-- 15 files changed, 49 insertions(+), 37 deletions(-) diff --git a/htdocs/cmd.php b/htdocs/cmd.php index 0ddf004..8a9d089 100644 --- a/htdocs/cmd.php +++ b/htdocs/cmd.php @@ -41,7 +41,7 @@ if (DEBUG_ENABLED) $www['page'] = new page($app['server']->getIndex()); # See if we can render the command -if (trim($www['cmd'])) { +if ($www['cmd'] && trim($www['cmd'])) { # If this is a READ-WRITE operation, the LDAP server must not be in READ-ONLY mode. if ($app['server']->isReadOnly() && ! in_array(get_request('cmd','REQUEST'),$app['readwrite_cmds'])) error(_('You cannot perform updates while server is in read-only mode'),'error','index.php'); diff --git a/htdocs/export_form.php b/htdocs/export_form.php index d0a82b0..64d856f 100755 --- a/htdocs/export_form.php +++ b/htdocs/export_form.php @@ -13,7 +13,7 @@ require './common.php'; require LIBDIR.'export_functions.php'; $request = array(); -$request['dn'] = get_request('dn','GET'); +$request['dn'] = get_request('dn','GET',false,''); $request['format'] = get_request('format','GET',false,get_line_end_format()); $request['scope'] = get_request('scope','GET',false,'base'); $request['exporter_id'] = get_request('exporter_id','GET',false,'LDIF'); diff --git a/htdocs/login.php b/htdocs/login.php index 06b7fa1..988dbcf 100644 --- a/htdocs/login.php +++ b/htdocs/login.php @@ -19,8 +19,7 @@ if ($_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-enable')) { if ($pass) { $user = array(); $user['login'] = get_request('login'); - $user['password'] = get_request('login_pass'); - $user['password'] = html_entity_decode($user['password'], ENT_QUOTES); + $user['password'] = get_request('login_pass', 'POST', false, ''); if ($user['login'] && !strlen($user['password'])) { system_message(array( diff --git a/htdocs/password_checker.php b/htdocs/password_checker.php index c616e2e..ce0cf0d 100644 --- a/htdocs/password_checker.php +++ b/htdocs/password_checker.php @@ -15,8 +15,8 @@ $www['page'] = new page(); $request = array(); $request['componentid'] = get_request('componentid','REQUEST'); -$request['hash'] = get_request('hash','REQUEST'); -$request['password'] = get_request('check_password','REQUEST'); +$request['hash'] = get_request('hash','REQUEST',false,''); +$request['password'] = get_request('check_password','REQUEST',false,''); $request['action'] = get_request('action','REQUEST'); $request['attribute'] = get_request('attr','REQUEST'); diff --git a/htdocs/schema.php b/htdocs/schema.php index aa4a749..e4ef14e 100644 --- a/htdocs/schema.php +++ b/htdocs/schema.php @@ -150,7 +150,7 @@ switch($entry['view']) { foreach ($sattrs as $attr) { if (isAjaxEnabled() || (is_null($entry['value']) || ! trim($entry['value']) || $entry['value']==$attr->getName())) { - if ((! is_null($entry['value']) && $entry['value']==$attr->getName()) || ! trim($entry['value'])) + if (!is_string($entry['value']) || $entry['value']==$attr->getName() || !trim($entry['value'])) $entry['viewed'] = true; if (isAjaxEnabled() && $entry['value']) @@ -380,7 +380,7 @@ switch($entry['view']) { $desc = $rule->getName(false); if (isAjaxEnabled() || (is_null($entry['value']) || ! trim($entry['value']) || $entry['value']==$rule->getName())) { - if ((! is_null($entry['value']) && $entry['value']==$rule->getName()) || ! trim($entry['value'])) + if (!is_string($entry['value']) || $entry['value']==$rule->getName() || !trim($entry['value'])) $entry['viewed'] = true; if (null != $rule->getDescription()) @@ -468,7 +468,7 @@ switch($entry['view']) { foreach ($socs as $name => $oclass) { if (isAjaxEnabled() || (is_null($entry['value']) || ! trim($entry['value']) || $entry['value']==$oclass->getName())) { - if ((! is_null($entry['value']) && $entry['value']==$oclass->getName()) || ! trim($entry['value'])) + if (!is_string($entry['value']) || $entry['value']==$oclass->getName() || !trim($entry['value'])) $entry['viewed'] = true; if (isAjaxEnabled() && $entry['value']) diff --git a/lib/PLAAttribute.php b/lib/PLAAttribute.php index 313b42a..a2f0091 100644 --- a/lib/PLAAttribute.php +++ b/lib/PLAAttribute.php @@ -258,14 +258,14 @@ class PLAAttribute { } } - public function getValue($i) { + public function getValue($i, $default=null) { if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',5,0,__FILE__,__LINE__,__METHOD__,$fargs); if (isset($this->values[$i])) return $this->values[$i]; else - return null; + return $default; } public function getOldValue($i) { diff --git a/lib/PageRender.php b/lib/PageRender.php index 42626c6..2527b12 100644 --- a/lib/PageRender.php +++ b/lib/PageRender.php @@ -538,7 +538,7 @@ class PageRender extends Visitor { final protected function drawHiddenValueAttribute($attribute,$i) { if (DEBUGTMP) printf('%s
',__METHOD__); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); printf('', htmlspecialchars($attribute->getName()),$i,htmlspecialchars($attribute->getName()),$i, @@ -607,7 +607,7 @@ class PageRender extends Visitor { protected function drawFormReadOnlyValueAttribute($attribute,$i) { if (DEBUGTMP) printf('%s
',__METHOD__); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); printf('', htmlspecialchars($attribute->getName()),$i,htmlspecialchars($attribute->getName()),$i,htmlspecialchars($val)); @@ -616,7 +616,7 @@ class PageRender extends Visitor { protected function drawFormReadWriteValueAttribute($attribute,$i) { if (DEBUGTMP) printf('%s
',__METHOD__); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); if ($attribute->getHelper() || $attribute->getVerify()) echo '
'; @@ -720,7 +720,7 @@ class PageRender extends Visitor { protected function drawFormReadWriteValueDateAttribute($attribute,$i) { if (DEBUGTMP) printf('%s
',__METHOD__); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); echo ''; printf(' ', @@ -738,7 +738,7 @@ class PageRender extends Visitor { protected function drawFormReadWriteValueDnAttribute($attribute,$i) { if (DEBUGTMP) printf('%s
',__METHOD__); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); if ($attribute->getHelper()) echo '
'; @@ -952,7 +952,7 @@ class PageRender extends Visitor { if (DEBUGTMP) printf('%s
',__METHOD__); $server = $this->getServer(); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); if (trim($val)) $enc_type = get_enc_type($val); @@ -974,7 +974,7 @@ class PageRender extends Visitor { if (DEBUGTMP) printf('%s
',__METHOD__); $server = $this->getServer(); - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); $enc_type = get_enc_type($val); @@ -1102,7 +1102,7 @@ class PageRender extends Visitor { # This is a single value attribute } else { - $val = $attribute->getValue($i) ? $attribute->getValue($i) : $attribute->getDefault(); + $val = $attribute->getValue($i) ? $attribute->getValue($i) : (is_null($attribute->getDefault())? '': $attribute->getDefault()); if ($attribute->getHelper()) echo '
'; diff --git a/lib/Query.php b/lib/Query.php index 62a3d2b..cc2a4f3 100644 --- a/lib/Query.php +++ b/lib/Query.php @@ -136,7 +136,7 @@ class Query extends xmlTemplate { $bases = get_request('base','REQUEST',false,null); $query['filter'] = get_request('filter','REQUEST',false,'objectClass=*'); $query['scope'] = get_request('scope','REQUEST',false,'sub'); - $attrs = get_request('display_attrs','REQUEST'); + $attrs = get_request('display_attrs','REQUEST',false,''); $attrs = preg_replace('/\s+/','',$attrs); if ($attrs) diff --git a/lib/Template.php b/lib/Template.php index 4a0bcb2..2e4978f 100644 --- a/lib/Template.php +++ b/lib/Template.php @@ -56,7 +56,7 @@ class Template extends xmlTemplate { # Template RDN attributes private $rdn; - public function __construct($server_id,$name=null,$filename=null,$type=null,$id=null) { + public function __construct($server_id,$name='',$filename=null,$type=null,$id=null) { parent::__construct($server_id,$name,$filename,$type,$id); # If this is the default template, we might disable leafs by default. @@ -636,10 +636,13 @@ class Template extends xmlTemplate { public function getDNEncode($url=true) { // @todo Be nice to do all this in 1 location + $dn = $this->getDN(); + if (is_null($dn)) + $dn = ''; if ($url) - return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->getDN())); + return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$dn)); else - return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->getDN()); + return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$dn); } /** diff --git a/lib/TemplateRender.php b/lib/TemplateRender.php index a9f2649..b19d764 100644 --- a/lib/TemplateRender.php +++ b/lib/TemplateRender.php @@ -2156,7 +2156,7 @@ function fillRec(id,value) { if ($attribute->isMultiple() && $i > 0) return; - $val = $attribute->getValue($i); + $val = $attribute->getValue($i, ''); if ($attribute->isVisible()) { echo '
'; diff --git a/lib/ds.php b/lib/ds.php index 31700d3..d54099e 100644 --- a/lib/ds.php +++ b/lib/ds.php @@ -437,7 +437,8 @@ abstract class DS { if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs); - if (! trim($this->getLogin(null)) && $_SESSION[APPCONFIG]->getValue('appearance','anonymous_bind_implies_read_only')) + $login = $this->getLogin(null); + if (!($login && trim($login)) && $_SESSION[APPCONFIG]->getValue('appearance','anonymous_bind_implies_read_only')) return true; else return $this->getValue('server','read_only'); diff --git a/lib/ds_ldap.php b/lib/ds_ldap.php index 960a541..9bc2951 100644 --- a/lib/ds_ldap.php +++ b/lib/ds_ldap.php @@ -2318,7 +2318,7 @@ class ldap extends DS { if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs); - $type = ($sattr = $this->getSchemaAttribute($attr_name)) ? $sattr->getType() : null; + $type = ($sattr = $this->getSchemaAttribute($attr_name)) ? $sattr->getType() : ''; if (! strcasecmp('boolean',$type) || ! strcasecmp('isCriticalSystemObject',$attr_name) || @@ -2383,8 +2383,8 @@ class ldap extends DS { /* Strangely, some attributeTypes may not show up in the server * schema. This behavior has been observed in MS Active Directory.*/ - $type = null; - $syntax = null; + $type = ''; + $syntax = ''; } else { $type = $sattr->getType(); diff --git a/lib/functions.php b/lib/functions.php index 367385c..cdfcecd 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1270,6 +1270,9 @@ function is_mail_string($str) { if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); + if (is_null($str)) + return false; + $mail_regex = "/^[_A-Za-z0-9-]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*$/"; if (preg_match($mail_regex,$str)) @@ -1288,6 +1291,9 @@ function is_url_string($str) { if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); + if (is_null($str)) + return false; + $url_regex = '/^(ftp|https?):\/\/+[\w\.\-\/\?\=\&]*\w+/'; if (preg_match($url_regex,$str)) @@ -2649,6 +2655,9 @@ function pla_explode_dn($dn,$with_attributes=0) { global $CACHE; + if (is_null($dn)) + $dn = ''; + if (isset($CACHE['explode'][$dn][$with_attributes])) { if (DEBUG_ENABLED) debug_log('Return CACHED result (%s) for (%s)',1,0,__FILE__,__LINE__,__METHOD__, diff --git a/lib/schema_functions.php b/lib/schema_functions.php index efa0cbc..6218064 100644 --- a/lib/schema_functions.php +++ b/lib/schema_functions.php @@ -18,11 +18,11 @@ */ abstract class SchemaItem { # The schema item's name. - protected $name = null; + protected $name = ''; # The OID of this schema item. private $oid = null; # The description of this schema item. - protected $description = null; + protected $description = ''; # Boolean value indicating whether this objectClass is obsolete private $is_obsolete = false; @@ -703,7 +703,7 @@ class ObjectClass_ObjectClassAttribute { */ class AttributeType extends SchemaItem { # The attribute from which this attribute inherits (if any) - private $sup_attribute = null; + private $sup_attribute = ''; # The equality rule used private $equality = null; # The ordering of the attributeType @@ -711,8 +711,8 @@ class AttributeType extends SchemaItem { # Boolean: supports substring matching? private $sub_str = null; # The full syntax string, ie 1.2.3.4{16} - private $syntax = null; - private $syntax_oid = null; + private $syntax = ''; + private $syntax_oid = ''; # boolean: is single valued only? private $is_single_value = false; # boolean: is collective? @@ -726,7 +726,7 @@ class AttributeType extends SchemaItem { # The max number of characters this attribute can be private $max_length = null; # A string description of the syntax type (taken from the LDAPSyntaxes) - private $type = null; + private $type = ''; # An array of objectClasses which use this attributeType (must be set by caller) private $used_in_object_classes = array(); # A list of object class names that require this attribute type. @@ -1327,7 +1327,7 @@ class Syntax extends SchemaItem { */ class MatchingRule extends SchemaItem { # This rule's syntax OID - private $syntax = null; + private $syntax = ''; # An array of attribute names who use this MatchingRule private $used_by_attrs = array(); diff --git a/lib/xmlTemplates.php b/lib/xmlTemplates.php index f55e876..68725f8 100644 --- a/lib/xmlTemplates.php +++ b/lib/xmlTemplates.php @@ -230,7 +230,7 @@ abstract class xmlTemplates { return clone $template; # If we get here, the template ID didnt exist, so return a blank template, which be interpreted as the default template - $object = new $class['name']($this->server_id,null,null,'default'); + $object = new $class['name']($this->server_id,'',null,'default'); return $object; } @@ -272,7 +272,7 @@ abstract class xmlTemplate { # The TEMPLATE attributes as per the template definition, or the DN entry protected $attributes = array(); - public function __construct($server_id,$name=null,$filename=null,$type=null,$id=null) { + public function __construct($server_id,$name='',$filename=null,$type=null,$id=null) { if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',5,0,__FILE__,__LINE__,__METHOD__,$fargs);