Flyspray

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Backend/Core
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version 1.0-rc9
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray
Opened by HenryN - 09.03.2021

FS#2627 - checkLogin: Trying to access array offset on value of type bool, PHP 7.4

FS version: 1.0-rc9
PHP version: 7.4.15
database: mysql
php.ini: error_reporting = E_ALL | E_STRICT

Steps done to create the problem:
- Login as Admin or User, with name “Admin”, not with email.

Experienced behavior:
PHP Notice: Trying to access array offset on value of type bool in …/flyspray-1.0-rc9/includes/class.flyspray.php on line 812

A possible fix is attached as patch.

Think, it is this line in currend code:
https://github.com/Flyspray/flyspray/blob/5b0a3d80fc9612ca8e8743450fbf2c8243b5bf47/includes/class.flyspray.php#L836

simplify the patch

Project Manager

This was introduced with https://github.com/Flyspray/flyspray/commit/84b5e46a5ba67e489ed4172801a8c68e7b228d62

in 2013.

I think this is a problematic feature. At least at the moment without further code changes and checks.

Probably only allow against primary email address in users table, not user_emails table. This email address is used for account verification if email verification is setup.

Do you get same error notice with master branch?

Yes. With todays master branch 3a459a7, PHP Version 7.4.15, loggedin as "Admin":

PHP Notice: Trying to access array offset on value of type bool in …/flyspray-master/includes/class.flyspray.php on line 836

I do not full understand the contens of table `flyspray_user_emails`.
I have total 24 users. Only the last users 22, 23, 24 have an entry in this table.
There is no alternate email. In table `flyspray_user_emails` is the same email as in `flyspray_users`. fields oauth_uid and oauth_provider are all empty.

I'm using FS since 0.9.9.7, and updated to version 1.0-rc9 2 years ago.
I see, that the table `flyspray_user_emails` is filled only for users, where registered after version 1.0-rc9.

Is this a missing update process? May be to copy all email_address from table `flyspray_users` to table `flyspray_user_emails`? Or should the table `flyspray_user_emails` not fill, if oauth is not used?

Project Manager

I wondered about this too when I started contributing: In FS#1812 I added some thoughts in the comment section.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing