From 318d7a61feab3f632febb76e915c4e19dabf53f4 Mon Sep 17 00:00:00 2001
From: sten <OrcusMaximus@gmail.com>
Date: Wed, 25 Oct 2023 09:40:36 +0100
Subject: [PATCH] Fix PhabricatorAuthCSRFEngine.php strncmp(null) PHP 8.1 error

Summary:
Update PhabricatorAuthCSRFEngine.php such that it doesn't fall over when provided with a null CSRF token under PHP 8.1

Fixes T15654

Test Plan: Do a POST request to phorge.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15654

Differential Revision: https://we.phorge.it/D25449
---
 src/applications/auth/engine/PhabricatorAuthCSRFEngine.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php b/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
index fcb8c13ab7..856b334039 100644
--- a/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
+++ b/src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
@@ -47,7 +47,10 @@ final class PhabricatorAuthCSRFEngine extends Phobject {
     // We expect a BREACH-mitigating token. See T3684.
     $breach_prefix = $this->getBREACHPrefix();
     $breach_prelen = strlen($breach_prefix);
-    if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) {
+    if (
+      $token === null ||
+      strncmp($token, $breach_prefix, $breach_prelen) !== 0
+    ) {
       return false;
     }