1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 06:42:42 +01:00

Fix PHP 8.1 "strlen(null)" exceptions which block adding 2FA factor

Summary:
`strlen()` was used in Phabricator to check if a generic value is a non-empty string.
This behavior is deprecated since PHP 8.1. Phorge adopts `phutil_nonempty_string()` as a replacement.

Note: this may highlight other absurd input values that might be worth correcting
instead of just ignoring. If phutil_nonempty_string() throws an exception in your
instance, report it to Phorge to evaluate and fix that specific corner case.

Closes T15388

Test Plan:
Applied these two changes; afterwards managed to add a 2FA factor and `/settings/user/username/page/multifactor/?id=1` correctly listed mys Authentication Factors.

Additional tests:

- Unset any eventual personal MFA
- Setup a personal MFA
- Login/Logout using the MFA
- Remove a personal MFA
- Setup a personal enroll message from /auth/mfa/1/
- Setup a personal MFA
- Login/Logout using the MFA
- (then cleanup removing your test MFA)

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15388

Differential Revision: https://we.phorge.it/D25219
This commit is contained in:
Andre Klapper 2023-05-23 11:53:14 +02:00
parent 10fae71a04
commit d95200da91
2 changed files with 3 additions and 3 deletions

View file

@ -413,8 +413,8 @@ abstract class PhabricatorAuthFactor extends Phobject {
$sync_type = PhabricatorAuthMFASyncTemporaryTokenType::TOKENTYPE;
$sync_token = null;
$sync_key = $request->getStr($this->getMFASyncTokenFormKey());
if (strlen($sync_key)) {
$sync_key = $request->getStr($this->getMFASyncTokenFormKey(), '');
if ($sync_key !== '') {
$sync_key_digest = PhabricatorHash::digestWithNamedKey(
$sync_key,
PhabricatorAuthMFASyncTemporaryTokenType::DIGEST_KEY);

View file

@ -257,7 +257,7 @@ final class PhabricatorMultiFactorSettingsPanel
// example, with SMS).
if (!$request->isFormPost() || !$request->getBool('mfa.start')) {
$enroll = $selected_provider->getEnrollMessage();
if (!strlen($enroll)) {
if (!phutil_nonempty_string($enroll)) {
$enroll = $selected_provider->getEnrollDescription($viewer);
}