[go: up one dir, main page]
Page MenuHomePhabricator
Create Task
Maniphest T318307

HTMLForm's validation-callback is given mixed values
Open, Needs TriagePublicBUG REPORT
Actions

Description

The HTMLFormField::validate() method is documented to accept string|array for the $value, but actually any valid user preference value can be passed, including null and int.

This passes through to form field definitions that use the 'validation-callback' key, where that callback is also expecting to get an input value in the same type as the form field being defined. This is a reasonable assumption in most cases (i.e. a text type is going to be given a string), but it can also be given null.

This bug surfaces in the case of DefaultPreferencesFactory::validateSignature() which is expecting a string and breaks in PHP 8.1 with null, which it passes to mb_strlen():

Deprecated: mb_strlen(): Passing null to parameter #1 ($string) of type string is deprecated in mediawiki/includes/preferences/DefaultPreferencesFactory.php on line 1711

MediaWiki version: 5c5d593c7cb2133866b266ec2c4407e5a77e0ef3

Details

SubjectRepoBranchLines +/-
Update docs for HTMLFormField::validate() to permit all data typesmediawiki/coreREL1_38+4 -4
Update docs for HTMLFormField::validate() to permit all data typesmediawiki/coreREL1_39+4 -4
Update docs for HTMLFormField::validate() to permit all data typesmediawiki/coreREL1_37+4 -4
Update docs for HTMLFormField::validate() to permit all data typesmediawiki/coreREL1_35+12 -3
Update docs for HTMLFormField::validate() to permit all data typesmediawiki/coremaster+4 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

Samwilson created this task.Sep 22 2022, 4:10 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 22 2022, 4:10 AM
gerritbot added a comment.Sep 22 2022, 4:12 AM

Change 833886 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/core@master] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/833886

gerritbot added a project: Patch-For-Review.Sep 22 2022, 4:12 AM
Samwilson added a parent task: T289926: Fix passing null to non-null param of PHP internal functions in MediaWiki core (PHP 8.1 warning).Sep 22 2022, 4:34 AM
gerritbot added a comment.Sep 23 2022, 12:13 AM

Change 833886 merged by jenkins-bot:

[mediawiki/core@master] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/833886

Maintenance_bot removed a project: Patch-For-Review.Sep 23 2022, 12:30 AM
ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.3; 2022-09-26).Sep 23 2022, 1:00 AM
gerritbot added a comment.Sep 24 2022, 6:17 PM

Change 834667 had a related patch set uploaded (by Reedy; author: Samwilson):

[mediawiki/core@REL1_39] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834667

gerritbot added a project: Patch-For-Review.Sep 24 2022, 6:17 PM
gerritbot added a comment.Sep 24 2022, 6:22 PM

Change 834668 had a related patch set uploaded (by Reedy; author: Samwilson):

[mediawiki/core@REL1_38] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834668

gerritbot added a comment.Sep 24 2022, 6:23 PM

Change 834669 had a related patch set uploaded (by Reedy; author: Samwilson):

[mediawiki/core@REL1_37] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834669

gerritbot added a comment.Sep 24 2022, 6:24 PM

Change 834670 had a related patch set uploaded (by Reedy; author: Samwilson):

[mediawiki/core@REL1_35] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834670

gerritbot added a comment.Sep 24 2022, 6:27 PM

Change 834670 abandoned by Reedy:

[mediawiki/core@REL1_35] Update docs for HTMLFormField::validate() to permit all data types

Reason:

https://gerrit.wikimedia.org/r/834670

gerritbot added a comment.Sep 24 2022, 8:33 PM

Change 834669 merged by jenkins-bot:

[mediawiki/core@REL1_37] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834669

gerritbot added a comment.Sep 24 2022, 8:34 PM

Change 834667 merged by jenkins-bot:

[mediawiki/core@REL1_39] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834667

ReleaseTaggerBot added projects: MW-1.39-notes, MW-1.37-notes.Sep 24 2022, 9:00 PM
gerritbot added a comment.Sep 28 2022, 7:24 PM

Change 834668 merged by Reedy:

[mediawiki/core@REL1_38] Update docs for HTMLFormField::validate() to permit all data types

https://gerrit.wikimedia.org/r/834668

Maintenance_bot removed a project: Patch-For-Review.Sep 28 2022, 7:30 PM
ReleaseTaggerBot added a project: MW-1.38-notes.Sep 28 2022, 8:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits