Merge pull request #447 from gnuheidix/comment_sanitized

some PHP functions expect strings and crash otherwise

include/compat.inc.php

@@ -497,6 +497,9 @@ function serendipity_die($html) {
  * native encoded strings containing umlauts. This wrapper should to be used in the core until PHP 5.6 fixes the bug.
  */
 function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
+    if (!is_string($string)) {
+        return '';
+    }
     if ($flags == null) {
         if (defined('ENT_HTML401')) {
             // Added with PHP 5.4.x
@@ -520,6 +523,9 @@ function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARS
  * see serendipity_specialchars
  */
 function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
+    if (!is_string($string)) {
+        return '';
+    }
     if ($flags == null) {
         if (defined('ENT_HTML401')) {
             // Added with PHP 5.4.x
@@ -539,6 +545,9 @@ function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET,
  * serendipity_specialchars
  */
 function serendipity_entity_decode($string, $flags = null, $encoding = LANG_CHARSET) {
+    if (!is_string($string)) {
+        return '';
+    }
     if ($flags == null) {
         # NOTE: ENT_SUBSTITUTE does not exist for this function, and the documentation does not specify that it will
         # ever echo empty strings on charset errors

include/functions_comments.inc.php

@@ -363,8 +363,8 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
         if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) {
             $i++;
 
-            $comment['comment'] = serendipity_specialchars(strip_tags($comment['body']));
-            $comment['url']     = strip_tags($comment['url']);
+            $comment['comment'] = (is_string($comment['body']) ? serendipity_specialchars(strip_tags($comment['body'])) : '');
+            $comment['url']     = (is_string($comment['url']) ? strip_tags($comment['url']) : '');
             $comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments&' . $formToken;
 
             /* Fix invalid cases in protocoll part */

include/functions_routing.inc.php

@@ -339,7 +339,7 @@ function serveEntry($matches) {
     if (!empty($serendipity['POST']['submit']) && !isset($_REQUEST['serendipity']['csuccess'])) {
 
         $comment['url']       = $serendipity['POST']['url'];
-        $comment['comment']   = trim($serendipity['POST']['comment']);
+        $comment['comment']   = (is_string($serendipity['POST']['comment']) ? trim($serendipity['POST']['comment']) : '');
         $comment['name']      = $serendipity['POST']['name'];
         $comment['email']     = $serendipity['POST']['email'];
         $comment['subscribe'] = $serendipity['POST']['subscribe'];