1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 06:42:42 +01:00

Fix PhabricatorAuthCSRFEngine.php strncmp(null) PHP 8.1 error

Summary:
Update PhabricatorAuthCSRFEngine.php such that it doesn't fall over when provided with a null CSRF token under PHP 8.1

Fixes T15654

Test Plan: Do a POST request to phorge.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15654

Differential Revision: https://we.phorge.it/D25449
This commit is contained in:
sten 2023-10-25 09:40:36 +01:00
parent 7b0021a03c
commit 318d7a61fe

View file

@ -47,7 +47,10 @@ final class PhabricatorAuthCSRFEngine extends Phobject {
// We expect a BREACH-mitigating token. See T3684. // We expect a BREACH-mitigating token. See T3684.
$breach_prefix = $this->getBREACHPrefix(); $breach_prefix = $this->getBREACHPrefix();
$breach_prelen = strlen($breach_prefix); $breach_prelen = strlen($breach_prefix);
if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) { if (
$token === null ||
strncmp($token, $breach_prefix, $breach_prelen) !== 0
) {
return false; return false;
} }