Fixed issue #19230: Unable to create survey with debug = 2 and PHP8 (#…

…3613)
LimeSurvey · Nov 10, 2023 · e9dac42 · e9dac42
1 parent bd32d11
commit e9dac42
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/application/core/LSYii_Validators.php b/application/core/LSYii_Validators.php
@@ -119,11 +119,15 @@ public function fixCKeditor($value)
     /**
      * Remove any script or dangerous HTML
      *
-     * @param string $value
+     * @param null|string $value
      * @return string
      */
     public function xssFilter($value)
     {
+        /* No need to filter empty $value */
+        if (empty($value)) {
+            return strval($value);
+        }
         $filter = LSYii_HtmlPurifier::getXssPurifier();
 
         /** Start to get complete filtered value with  url decode {QCODE} (bug #09300). This allow only question number in url, seems OK with XSS protection **/
@@ -166,10 +170,14 @@ public function xssFilter($value)
      * Defines the customs validation rule for language string
      *
      * @param mixed $value
-     * @return mixed
+     * @return string
      */
     public function languageFilter($value)
     {
+        /* No need to filter empty $value */
+        if (empty($value)) {
+            return strval($value);
+        }
         // Maybe use the array of language ?
         return preg_replace('/[^a-z0-9-]/i', '', (string) $value);
     }
@@ -182,6 +190,10 @@ public function languageFilter($value)
      */
     public function multiLanguageFilter($value)
     {
+        /* No need to filter empty $value */
+        if (empty($value)) {
+            return strval($value);
+        }
         $aValue = explode(" ", trim((string) $value));
         $aValue = array_map("sanitize_languagecode", $aValue);
         return implode(" ", $aValue);
@@ -194,6 +206,10 @@ public function multiLanguageFilter($value)
      */
     public static function isXssUrl($url)
     {
+        /* No need to filter empty $value */
+        if (empty($url)) {
+            return false;
+        }
         $decodedUrl = self::treatSpecialChars($url);
         $clean = self::removeInvisibleChars($decodedUrl);
 

diff --git a/application/models/Survey.php b/application/models/Survey.php
@@ -632,6 +632,9 @@ public function permission($loginID)
      */
     public function getAdditionalLanguages()
     {
+        if (is_null($this->additional_languages)) {
+            return [];
+        }
         $sLanguages = trim($this->additional_languages);
         if ($sLanguages != '') {
             return explode(' ', $sLanguages);