Fix PHP8 crash due to insufficient isset test #670
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Alkarex
commented
Jan 29, 2021
library/SimplePie/Item.php
Outdated
| { | ||
| $type = $this->sanitize($enclosure[0]['attribs']['']['type'], SIMPLEPIE_CONSTRUCT_TEXT); | ||
| } | ||
| if (isset($enclosure[0]['attribs']['']['length'])) | ||
| if (!empty($enclosure[0]['attribs']['']['length'])) | ||
| { | ||
| $length = ceil($enclosure[0]['attribs']['']['length']); |
There was a problem hiding this comment.
Here was the actual crash with PHP8+
There was a problem hiding this comment.
It will still crash when invalid enclosure="foo" attribute is provided. Perhaps rather than checking emptiness, we should check if the value is a number.
There was a problem hiding this comment.
intval() will cast any wrong value to 0, which is also the behaviour for ceil() in PHP7-
There was a problem hiding this comment.
That should work (with slightly different semantics for numbers with decimal point) but now the ceil is not longer necessary.
There was a problem hiding this comment.
Ah, right, on mobile now, but will simplify tomorrow
There was a problem hiding this comment.
Otherwise floatval() could be an option to keep ceil()
There was a problem hiding this comment.
intval() is probably better, since length and fileSize are both expressed in bytes anyway
Alkarex
changed the title
|
The Travis integration does not work, but I passed the tests manually, and they are unchanged before/after my PR: |
|
thanks for fixing the |
|
@mblaney I kept |
`ceil()` crashes in PHP8+ in case of invalid input such as empty string. `intval()` fixes the problem with almost identical beahviour than `ceil()` in PHP7- (except for flotting point values) #fix FreshRSS/FreshRSS#3401 (crash with PHP 8+) Example with feed http://podcast.hr2.de/derTag/podcast.xml ```xml <enclosure url="https://mp3podcasthr-a.akamaihd.net:443/mp3/podcast/derTag/derTag_20210129_87093232.mp3" length="" type="audio/mpeg"/> ``` `isset("")` passes and then `ceil("")` crashes due to wrong type in PHP8+: ``` Uncaught TypeError: ceil(): Argument #1 ($num) must be of type int|float, string given in ./SimplePie/SimplePie/Item.php:2871 ```
Alkarex
force-pushed
the
PHP8-fix_isset
branch
from
6abfae5
to
6323ec7
Compare
|
@mblaney I have reverted to address only the specific problem of |
Alkarex
added a commit
to FreshRSS/FreshRSS
that referenced
this pull request
Jan 31, 2021
#fix #3401 (crash with PHP 8+) `ceil()` crashes in PHP8+ in case of invalid input such as empty string. `intval()` fixes the problem with almost identical behaviour than `ceil()` in PHP7- (except for floating point values) #fix #3401 (crash with PHP 8+) Example with feed http://podcast.hr2.de/derTag/podcast.xml ```xml <enclosure url="https://mp3podcasthr-a.akamaihd.net:443/mp3/podcast/derTag/derTag_20210129_87093232.mp3" length="" type="audio/mpeg"/> ``` `isset("")` passes and then `ceil("")` crashes due to wrong type in PHP8+: ``` Uncaught TypeError: ceil(): Argument #1 ($num) must be of type int|float, string given in ./SimplePie/SimplePie/Item.php:2871 ``` Upstream patch simplepie/simplepie#670
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#fix FreshRSS/FreshRSS#3401 (crash with PHP 8+)
ceil()crashes in PHP8+ in case of invalid input such as empty string.intval()fixes the problem with almost identical behaviour thanceil()in PHP7- (except for floating point values)#fix FreshRSS/FreshRSS#3401 (crash with PHP 8+)
Example with feed http://podcast.hr2.de/derTag/podcast.xml
isset("")passes and thenceil("")crashes due to wrong type in PHP8+: