Skip to content

Commit ad03579

Browse files
authored
fix: handle null ini values in phpini check (#10233)
* Fix phpini check for null ini values * test: cover phpini null ini values * docs: add phpini null value changelog
1 parent fa890c2 commit ad03579

3 files changed

Lines changed: 43 additions & 2 deletions

File tree

system/Security/CheckPhpIni.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -182,8 +182,8 @@ private static function checkIni(?string $argument = null): array
182182
foreach ($items as $key => $values) {
183183
$hasKeyInIni = array_key_exists($key, $ini);
184184
$output[$key] = [
185-
'global' => $hasKeyInIni ? $ini[$key]['global_value'] : 'disabled',
186-
'current' => $hasKeyInIni ? $ini[$key]['local_value'] : 'disabled',
185+
'global' => $hasKeyInIni ? (string) ($ini[$key]['global_value'] ?? '') : 'disabled',
186+
'current' => $hasKeyInIni ? (string) ($ini[$key]['local_value'] ?? '') : 'disabled',
187187
'recommended' => $values['recommended'] ?? '',
188188
'remark' => $values['remark'] ?? '',
189189
];

tests/system/Security/CheckPhpIniTest.php

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,14 @@
1717
use CodeIgniter\Test\StreamFilterTrait;
1818
use PHPUnit\Framework\Attributes\Group;
1919

20+
/**
21+
* @return array<string, array<string, mixed>>|false
22+
*/
23+
function ini_get_all(?string $extension = null, bool $details = true): array|false
24+
{
25+
return CheckPhpIniTest::$iniGetAllReturn ?? \ini_get_all($extension, $details);
26+
}
27+
2028
/**
2129
* @internal
2230
*/
@@ -25,6 +33,18 @@ final class CheckPhpIniTest extends CIUnitTestCase
2533
{
2634
use StreamFilterTrait;
2735

36+
/**
37+
* @var array<string, array<string, mixed>>|null
38+
*/
39+
public static ?array $iniGetAllReturn = null;
40+
41+
protected function tearDown(): void
42+
{
43+
parent::tearDown();
44+
45+
self::$iniGetAllReturn = null;
46+
}
47+
2848
public function testCheckIni(): void
2949
{
3050
$output = self::getPrivateMethodInvoker(CheckPhpIni::class, 'checkIni')();
@@ -51,6 +71,26 @@ public function testCheckIniOpcache(): void
5171
$this->assertSame($expected, $output['opcache.save_comments']);
5272
}
5373

74+
public function testCheckIniCastsNullIniValuesToString(): void
75+
{
76+
self::$iniGetAllReturn = [
77+
'default_charset' => [
78+
'global_value' => null,
79+
'local_value' => null,
80+
],
81+
];
82+
83+
$output = self::getPrivateMethodInvoker(CheckPhpIni::class, 'checkIni')();
84+
85+
$expected = [
86+
'global' => '',
87+
'current' => '',
88+
'recommended' => 'UTF-8',
89+
'remark' => '',
90+
];
91+
$this->assertSame($expected, $output['default_charset']);
92+
}
93+
5494
public function testRunCli(): void
5595
{
5696
CheckPhpIni::run(true);

user_guide_src/source/changelogs/v4.7.4.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ Bugs Fixed
4141
- **Filters:** Fixed a bug in ``InvalidChars`` filter where invalid UTF-8 or control characters in array keys were not checked.
4242
- **HTTP:** Fixed a bug where the User Agent library reported Safari's WebKit version instead of the browser version from the ``Version`` token.
4343
- **Model:** Fixed a bug in ``Model::objectToRawArray()`` where the ``$recursive`` parameter was ignored.
44+
- **Security:** Fixed a bug where ``CheckPhpIni`` could raise a type error when ``ini_get_all()`` returned ``null`` for a configured directive value.
4445
- **Session:** Fixed a bug in ``RedisHandler`` where the configured ``$lockMaxRetries`` and ``$lockRetryInterval`` values were not respected when acquiring session locks.
4546
- **Testing:** Fixed a bug where using ``MockInputOutput`` within a test that also uses ``StreamFilterTrait`` tore down the trait's stream filters, so CLI output produced after the ``MockInputOutput`` interaction (such as in ``tearDown()``) was no longer captured and leaked to the console.
4647
- **Validation:** Fixed bugs in the ``required_without`` rule logic where using array dot notation caused early exits ignoring subsequent fields and triggered an ``Undefined array key`` warning for missing keys.

0 commit comments

Comments
 (0)