revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 00:42:41 +01:00
Code Issues Releases Wiki Activity

Fix PhabricatorAuthCSRFEngine.php strncmp(null) PHP 8.1 error

Browse source 
Summary:
Update PhabricatorAuthCSRFEngine.php such that it doesn't fall over when provided with a null CSRF token under PHP 8.1

Fixes T15654

Test Plan: Do a POST request to phorge.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15654

Differential Revision: https://we.phorge.it/D25449
This commit is contained in:
sten 2023-10-25 09:40:36 +01:00
parent 7b0021a03c
commit 318d7a61fe
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/applications/auth/engine/PhabricatorAuthCSRFEngine.php
View file

@ -47,7 +47,10 @@ final class PhabricatorAuthCSRFEngine extends Phobject {
// We expect a BREACH-mitigating token. See T3684.
$breach_prefix = $this->getBREACHPrefix();
$breach_prelen = strlen($breach_prefix);
if (strncmp($token, $breach_prefix, $breach_prelen) !== 0) {
if (
$token === null ||
strncmp($token, $breach_prefix, $breach_prelen) !== 0
) {
return false;
}