I just updated one of my Drupal 7 sites to PHP 8, and I'm now seeing this error in the logs:
TypeError: trim(): Argument #1 ($string) must be of type string, array given in trim() (line 52 of drupal/sites/all/modules/contrib/username_enumeration_prevention/username_enumeration_prevention.module).
This is coming from a bot doing a penetration test (probably) via the password reset link:
?q=user/password&name[%23post_render][]=passthru&name[%23type]=markup&name[%23markup]=echo%20XrBa7RFwh5
For now, I've wrapped the entire contents of username_enumeration_prevention_pass_validate()
in a check for if (is_string($form_state['values']['name']))
I wonder, though, if the core password reset form should do better validation on values coming from the query string.
1.0
Code
The issue particularly affects sites running on PHP version 8.0.0 or later.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.