Fixed strip_tags(): Passing null to parameter #1 in Fulltext.php

[kiatng]

Description (*)

In the process of updating a couple of sites to PHP8.1. This was logged:

    [type] => 8192:E_DEPRECATED
    [message] => strip_tags(): Passing null to parameter #1 ($string) of type string is deprecated
    [file] => .../app/code/core/Mage/CatalogSearch/Model/Resource/Fulltext.php
    [line] => 764
    [uri] => /index.php/admin/catalog_product/save/back/edit/tab/product_info_tabs_group_30/store/0/id/13641/key/debdde05d306ac8c1ac92215807e895d/

[Sdfendor]

While this change solves the deprecation error it also changes the result of the code.
See this following example:

Currently in PHP 8.1/8.2 the deprecation is thrown but the built-in methods behave as before, so the result of strip_tags(null) is empty string, not null. Subsequently in cases where $value is null in line 764 it currently becomes empty string after this line is executed. With your change $value stays null when returning in line 768.

For BC sake and to avoid unforeseen consequences, I would therefore propose to set $value to empty string in the else branch of the condition:

if ($value !== null) {
	$value = preg_replace("#\s+#siu", ' ', trim(strip_tags($value)));
} else {
    $value = '';
}

[sreichel]

@kiatng i'd change it a bit to guarantee work with strict types turned on

https://onlinephp.io?s=PU_tCsIwDPy9Qt8hOKEbDnF__cAHUSmhxjnoZmlaQcR3t9ucEEhyyd0l-6O7OynyKxmLngoOvjVBh5cjPtTlTgoplk-0kRgOcOqjtRUEH6mCG1pOqU6x3lSganUZ128PT2juUMw8ZJjKEt5SZPnUJLmWNRtMvsU8P8J4Qd-Uv6UtKJVUsz_HeWq0J2fRULHIz7zKuY2L5A9quKztRgWnAzY865bDI9kTvb7Gzs1owj5SfAE%2C&v=8.2.12%2C8.1.25%2C8.0.30%2C7.4.33

simple: cast to string

	$value = preg_replace("#\s+#siu", ' ', trim(strip_tags((string)$value)));

or more strict:

	$value = is_scalar($value) ? (string)$value : '';
	if ($value !== '') {
		$value = preg_replace("#\s+#siu", ' ', trim(strip_tags($value)));
	}

or:

	if (!is_scalar($value)) {
		# throw some invalid value exeption
	}

	$value = (string)$value;
	if ($value !== '') {
		$value = preg_replace("#\s+#siu", ' ', trim(strip_tags($value)));
	}

[kiatng]

From googling, the idea of declaring strict typing is to get PHP to throw errors early on so that bugs can be avoided. I get it if it's a new class that we are coding. But for existing classes, doing something like

$value = preg_replace("#\s+#siu", ' ', trim(strip_tags((string)$value)));

seems to me, defeats the purpose of catching the bugs early on. Strict typing is bypassed, the directive is ignored. So, I would argue that this is better:

        $value = $value === null ? '' : preg_replace("#\s+#siu", ' ', trim(strip_tags($value)));

Let PHP throws the error when we have this declare(strict_types=1).

Taking a step back, is there a compelling reason to insert declare(strict_types=1) on existing classes?

[sreichel]

I dont like casting to (someting) too, thats why i'd prefer the more strict one.

In case of scalar value casting is pretty safe.

[sreichel]

Taking a step back, is there a compelling reason to insert declare(strict_types=1) on existing classes?

• Without php does that type casting internally - and with a later version maybe it is deprecated too.

• Strict types ensure to pass correct type to internal php methods and also validates @method annotations !!!

  @method $this doSomething(<validates-type> $value)
  

I'm working on this, b/c it seems to be a large benefit for better code - even if we do not have typed parameters/returns.