Fixes: Error PHP Array to string conversion at .../oc/lib/private/template/functions.php#36

[zyrill]

See #17468 for bug description.

[scrutinizer-notifier]

A new inspection was created.

[karlitschek]

Shouldn't this be print(implode( ?

[MorrisJobke]

Yep.

[MorrisJobke]

Maybe something like:

if(is_array($string)) {
   $string = implode($string);
}
print(OC_Util::sanitizeHTML($string));

[RobinMcCorkell]

👍 to @MorrisJobke 's improvement, otherwise implode() will eat the input string and return null.

[zyrill]

like it. 👍 :)

[zyrill]

print(implode( doesn't work by the way. don't do it! will break everything... end of the world stuff. you know, hellfire raining from the skies. think sulfur burning. or that fat guy after having a lot of onions...

[RobinMcCorkell]

@zyrill Can you fix your PR with the suggested improvements?

[zyrill]

yes, I will. I'm in a meeting now, give me a few hours.

[zyrill]

@MorrisJobke anything else I need to do? I'm rather new to the github experience...

[szepeviktor]

👍

[szepeviktor]

sanitizeHTML() is prepared for an array.

function p($string) {
    $sanitized = OC_Util::sanitizeHTML($string);
    if (is_array($sanitized)) {
        $sanitized = implode($sanitized);
    }
    print $sanitized;
 }

[MorrisJobke]

Sorry for nitpicking: can you please add brackets after print? For coding guidelines compliance ;)

Thanks.

[szepeviktor]

I was the one who left it out. Sorry.

[crazybadger]

I've just applied this to 8.1.3 and it doesn't work!

Get an error message:

Error occurred while checking server setup

[MorrisJobke]

I've just applied this to 8.1.3 and it doesn't work!

It is still in development.

[widac]

Hello, I am not familar with how this works on this page.

I just want to say I've tested this to 8.1.3 and this code works for me

function p($string) {
        $sanitized = OC_Util::sanitizeHTML($string);  
 if (is_array($sanitized)) {  
        $sanitized = implode($sanitized);  
    }  
    print ($sanitized);  

Thanks.

[ronniehd]

The above fix by @widac doesn't work for me on 8.1.3, i got blank page accessing to owncloud webui after that.
Reverting back to:

function p($string) {
    print(OC_Util::sanitizeHTML($string));
}

[zyrill]

Alright, got the brackets in. Any more comments?

[MorrisJobke]

Alright, got the brackets in. Any more comments?

Can we get the 11 commits squashed into 1 because it only changes 5 lines. ;)

Then I think this is fine for review. If you need help by juggling with git feel free to ping me in IRC (#owncloud-dev on freenode)

[szepeviktor]

git reset HEAD~11

[szepeviktor]

:hurray:

[zyrill]

Puh, wär hätte gedacht, dass squashen so schwierig ist. Danke, @MorrisJobke. :)

[MorrisJobke]

@zyrill Because you asked about CI - I created a local branch and PR to trigger CI: #19612

@DeepDiver1975 We need to focus on CI for forks after the release ;)

[PVince81]

@LukasReschke what do you think ?

[LukasReschke]

Fair enough from my PoV. Though I'd vote only for master and no backport.

[mmattel]

Any update on this? I also got this error on a fresh install on stable 8.2

[EtienneBruines]

The checks are failing; that's not good.

But I'm here to confirm that it (=changing that 1 function) did fix the error I had on fresh install (stable 8.2.0).

[MorrisJobke]

@nickvergessen @PVince81 @LukasReschke Lets get this in :)

[MorrisJobke]

Please review ;)

[mmattel]

👍 I tested on stable 8.2 and the error did not raise again

[nickvergessen]

I'm not sure, when it's an array it still fails to implode.
So my suggestion would be to throw a real error when it is called with an array?

[szepeviktor]

It is meant to be called with an array:
https://github.com/zyrill/core/blob/master/lib/private/template/functions.php#L33

[MorrisJobke]

It is meant to be called with an array:
https://github.com/zyrill/core/blob/master/lib/private/template/functions.php#L33

This is the weird thing ... The problem here is that it is kind of public API ... cc @DeepDiver1975

[MorrisJobke]

This is the weird thing ... The problem here is that it is kind of public API ... cc @DeepDiver1975

Should we change the PHPDoc - it doesn't work before anyways.

[zyrill]

Anything needed that I can help with?

[MorrisJobke]

Anything needed that I can help with?

We first need a consensus ;)

[PVince81]

Do we actually know where the original error comes from ? Which template/app is calling this function with an array ?

[MorrisJobke]

Do we actually know where the original error comes from ? Which template/app is calling this function with an array ?

I activated contacts and calendar. Both don't throw the error on the admin page anymore.

I guess we should simply fix the PHPDoc to only accept string and then fix malicious usage of p() with an array as parameter. Otherwise we will get into the "black magic coding" again. @PVince81 @nickvergessen Opinions on this?

[nickvergessen]

yes, agreeed

[MorrisJobke]

yes, agreeed

#20679

[MorrisJobke]

Sorry for saying this: We will close this here and need to check where this method is called in the wrong way.

If you have still this problem it would be nice to get a stack trace or at least all installed apps including their versions.

Thanks

[bcutter]

Hi, this is definitely not fixed. I need to manually apply the fix in functions.php now since 2015-11-19 after every single Owncloud update.

sudo -u www-data php /var/www/owncloud/occ status
  - installed: true
  - version: 9.0.4.1
  - versionstring: 9.0.4
  - edition:

sudo -u www-data php /var/www/owncloud/occ app:list
Enabled:
  - activity: 2.2.1
  - calendar: 1.3.2
  - comments: 0.2
  - contacts: 1.3.1.0
  - dav: 0.1.6
  - direct_menu: 0.8.1
  - documents: 0.12.1
  - federatedfilesharing: 0.1.0
  - federation: 0.0.4
  - files: 1.4.4
  - files_external: 0.5.2
  - files_locking: true
  - files_pdfviewer: 0.8.1
  - files_share_qr: 0.1
  - files_sharing: 0.9.1
  - files_texteditor: 2.1
  - files_trashbin: 0.8.0
  - files_versions: 1.2.0
  - files_videoplayer: 0.9.8
  - files_videoviewer: 0.1.3
  - firstrunwizard: 1.1
  - gallery: 14.5.0
  - logreader: 1.1.5
  - notifications: 0.2.3
  - ownbackup: 0.3.8
  - provisioning_api: 0.3.0
  - systemtags: 0.2
  - templateeditor: 0.1
  - updatenotification: 0.1.0
Disabled:
  - encryption
  - external
  - ocusagecharts
  - storagecharts2
  - storagecharts2_new
  - updater
  - user_external
  - user_ldap
  - user_otp
  - user_webdavauth

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.