Contrib.social

PHP warning trim() on Drupal\Core\Render\Element\Email::validateEmail

Open on Drupal.org →
Created on 18 May 2018, over 6 years ago
Updated 14 March 2023, over 1 year ago

Currently we get constant PHP trim warnings because of automated attack scripts trying the SA-CORE-2018-002 vulnerability. The warning is

Warning: trim() expects parameter 1 to be string, array given in Drupal\Core\Render\Element\Email::validateEmail() (line 73 of /var/www/drupal/core/lib/Drupal/Core/Render/Element/Email.php) #0 /var/www/drupal/core/includes/bootstrap.inc(582): _drupal_error_handler_real(2, 'trim() expects ...', '/opt/rh/httpd24...', 73, Array) #1 [internal function]: _drupal_error_handler(2, 'trim() expects ...', '/opt/rh/httpd24...', 73, Array) #2 /var/www/drupal/core/lib/Drupal/Core/Render/Element/Email.php(73): trim(Array) #3 [internal function]: Drupal\Core\Render\Element\Email::validateEmail(Array, Object(Drupal\Core\Form\FormState), Array) #4 /var/www/drupal/core/lib/Drupal/Core/Form/FormValidator.php(283): call_user_func_array(Array, Array) #5 /var/www/drupal/core/lib/Drupal/Core/Form/FormValidator.php(239): Drupal\Core\Form\FormValidator->doValidateForm(Array, Object(Drupal\Core\Form\FormState)) #6 /var/www/drupal/core/lib/Drupal/Core/Form/FormValidator.php(239): Drupal\Core\Form\FormValidator->doValidateForm(Array, Object(Drupal\Core\Form\FormState)) #7 /var/www/drupal/core/lib/Drupal/Core/Form/FormValidator.php(119): Drupal\Core\Form\FormValidator->doValidateForm(Array, Object(Drupal\Core\Form\FormState), 'user_register_f...') #8 /var/www/drupal/core/lib/Drupal/Core/Form/FormBuilder.php(571): Drupal\Core\Form\FormValidator->validateForm('user_register_f...', Array, Object(Drupal\Core\Form\FormState)) #9 /var/www/drupal/core/lib/Drupal/Core/Form/FormBuilder.php(314): Drupal\Core\Form\FormBuilder->processForm('user_register_f...', Array, Object(Drupal\Core\Form\FormState)) #10 /var/www/drupal/core/lib/Drupal/Core/Controller/FormController.php(74): Drupal\Core\Form\FormBuilder->buildForm(Object(Drupal\user\RegisterForm), Object(Drupal\Core\Form\FormState)) #11 [internal function]: Drupal\Core\Controller\FormController->getContentResult(Object(Symfony\Component\HttpFoundation\Request), Object(Drupal\Core\Routing\RouteMatch)) #12 /var/www/drupal/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(123): call_user_func_array(Array, Array) #13 /var/www/drupal/core/lib/Drupal/Core/Render/Renderer.php(582): Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() #14 /var/www/drupal/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(124): Drupal\Core\Render\Renderer->executeInRenderContext(Object(Drupal\Core\Render\RenderContext), Object(Closure)) #15 /var/www/drupal/core/lib/Drupal/Core/EventSubscriber/EarlyRenderingControllerWrapperSubscriber.php(97): Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) #16 [internal function]: Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() #17 /var/www/drupal/vendor/symfony/http-kernel/HttpKernel.php(151): call_user_func_array(Object(Closure), Array) #18 /var/www/drupal/vendor/symfony/http-kernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1) #19 /var/www/drupal/core/lib/Drupal/Core/StackMiddleware/Session.php(57): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #20 /var/www/drupal/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(47): Drupal\Core\StackMiddleware\Session->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #21 /var/www/drupal/core/modules/page_cache/src/StackMiddleware/PageCache.php(99): Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #22 /var/www/drupal/core/modules/page_cache/src/StackMiddleware/PageCache.php(78): Drupal\page_cache\StackMiddleware\PageCache->pass(Object(Symfony\Component\HttpFoundation\Request), 1, true) #23 /var/www/drupal/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(47): Drupal\page_cache\StackMiddleware\PageCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #24 /var/www/drupal/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(50): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #25 /var/www/drupal/vendor/stack/builder/src/Stack/StackedHttpKernel.php(23): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #26 /var/www/drupal/core/lib/Drupal/Core/DrupalKernel.php(664): Stack\StackedHttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #27 /var/www/drupal/index.php(19): Drupal\Core\DrupalKernel->handle(Object(Symfony\Component\HttpFoundation\Request)) #28 {main}.

The attack scripts are trying to pass in an array into the trim($element['#value']).
Attached is a patch for the Drupal\Core\Render\Element\Email class.

🐛 Bug report
Status

Needs work

Version

9.5

Component
Render 

Last updated 2 days ago

Created by

🇳🇱Netherlands dkarso

Live updates comments and jobs are added and updated live.
  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024