Contrib.social

Don't assume a request has an authorization header

Open on Drupal.org β†’
Created on 3 May 2022, about 2 years ago
Updated 12 March 2024, 4 months ago

Problem/Motivation

If a request doesn't have an authorization header, the code in line 40 of src/OAuth2Helper triggers a warning.

Steps to reproduce

Checkout current 2.0.0 dev, don't configure oauth2 server but enable it. Visit a URL.

Proposed resolution

Modify to check for a NULL header value before using trim on it.

Remaining tasks

PR coming.

User interface changes

Nil

API changes

Nil

Data model changes

Nil

πŸ› Bug report
Status

Closed: outdated

Version

2.0

Component

Code

Created by

πŸ‡¦πŸ‡ΊAustralia Nigel Cunningham Geelong

Live updates comments and jobs are added and updated live.
  • PHP 8.0

    The issue particularly affects sites running on PHP version 8.0.0 or later.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Open on Drupal.org β†’
    Core: 9.5.x + Environment: PHP 7.4 & MySQL 8
    last update 6 months ago
    Waiting for branch to pass
  • Comment 6 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States hyperlinked San Jose, CA

    This assumption that the authorization header may not exist should also be applied further to the content-type header that comes in the next block of code. Because of this, I'm proposing an alternate patch rolled against the 2.x-dev branch.

    I've made a small adjustment to ensure that we don't perform a trim on a null value by using a null coalescing operator. I think this is also closer to the coding style of the original author.

    This change in this patch will pass an empty value directly to trim if no authorization or content-type header is passed.

  • Comment 6 months ago β†’
    πŸ‡¨πŸ‡¦Canada Liam Morland Ontario, CA πŸ‡¨πŸ‡¦
  • Status changed to Closed: outdated 4 months ago
  • Comment 4 months ago β†’
    πŸ‡¦πŸ‡ΊAustralia cafuego

    This seems to have been fixed as part of the giant Drupal 10 compat PR.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024