Argument #1 ($string) must be of type string, array given in trim()

Created on 9 September 2022, about 2 years ago

Updated 13 August 2024, 3 months ago

Problem/Motivation

I just updated one of my Drupal 7 sites to PHP 8, and I'm now seeing this error in the logs:

TypeError: trim(): Argument #1 ($string) must be of type string, array given in trim() (line 52 of drupal/sites/all/modules/contrib/username_enumeration_prevention/username_enumeration_prevention.module).

This is coming from a bot doing a penetration test (probably) via the password reset link:
?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=echo%20XrBa7RFwh5

For now, I've wrapped the entire contents of username_enumeration_prevention_pass_validate() in a check for if (is_string($form_state['values']['name']))

I wonder, though, if the core password reset form should do better validation on values coming from the query string.

🐛 Bug report

Status

Closed: won't fix

Version

1.0

Component

Code

Created by

🇺🇸United States jenlampton

Live updates comments and jobs are added and updated live.

PHP 8.0
The issue particularly affects sites running on PHP version 8.0.0 or later.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Status changed to Closed: won't fix 3 months ago8:44pm 13 August 2024
Comment 3 months ago →
🇺🇸United States japerry KVUO
No need for this module anymore.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024