revi-archive/phorge-arcanist
1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-11-24 07:42:39 +01:00
Code Issues Releases Wiki Activity

Fix PHP 8.1 "urlencode(null)" exception blocking account registration redirect for custom OAuth provider

Browse source 
Summary:
It seems that a `tokenSecret` is not always passed at this stage, and that PHP's `urlencode()` does not accept passing a `null` string since PHP 8.1 (I could not find any upstream note about this but bug reports across the web seem to confirm this).

Thus do not try to `urlencode($this->tokenSecret)` if it is `null`.

```
EXCEPTION: (RuntimeException) urlencode(): Passing null to parameter #1 ($string) of type string is deprecated at [<arcanist>/src/error/PhutilErrorHandler.php:261]
arcanist(), ava(), phorge(), wmf-ext-misc()
  #0 <#2> PhutilErrorHandler::handleError(integer, string, string, integer) called at [<arcanist>/src/error/PhutilErrorHandler.php:261]
  #1 <#2> urlencode(NULL) called at [<arcanist>/src/future/oauth/PhutilOAuth1Future.php:232]
```

Closes T15589

Test Plan:
* As an admin, set up custom "MediaWiki" OAuth provider from from https://gitlab.wikimedia.org/-/ide/project/repos/phabricator/extensions/edit/wmf/stable/-/src/oauth/
* As an admin, apply D25373
* As a user, go to `/auth/login/mediawiki:whatever/`
* Select login button

Redirect now works as expected: The URL redirect to allow access on
http://mediawiki.localhost/index.php?title=Special%3AOAuth%2Fauthorize&oauth_token=1234567890abcdef1234567890abcdef&oauth_consumer_key=1234567890abcdef1234567890abcdef works as expected, instead of showing a raw error page about `urlencode()` not accepting passing `null`. (After allowing authorization there are more issues in Phorge code but they are out of scope for this Arcanist patch.)

Reviewers: O1 Blessed Committers, valerio.bozzolan, speck

Reviewed By: O1 Blessed Committers, valerio.bozzolan, speck

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15589

Differential Revision: https://we.phorge.it/D25374
This commit is contained in:
Andre Klapper 2023-12-04 19:27:47 -08:00
parent 16a412b108
commit e46025f7a9
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/future/oauth/PhutilOAuth1Future.php
View file

@ -229,7 +229,10 @@ final class PhutilOAuth1Future extends FutureProxy {
$consumer_secret = $this->consumerSecret->openEnvelope(); $consumer_secret = $this->consumerSecret->openEnvelope();
} }
$key = urlencode($consumer_secret).'&'.urlencode($this->tokenSecret); $key = urlencode($consumer_secret).'&';
if ($this->tokenSecret !== null) {
$key .= urlencode($this->tokenSecret);
}
switch ($this->signatureMethod) { switch ($this->signatureMethod) {
case 'HMAC-SHA1': case 'HMAC-SHA1':