FS#2627 : checkLogin: Trying to access array offset on value of type bool, PHP 7.4

Quick Actions

View Dependency Graph

Status Unconfirmed
Percent Complete
0%
Task Type Bug Report
Category Backend/Core
Assigned To No-one
Operating System All
Severity Low
Priority Very Low
Reported Version 1.0-rc9
Due in Version Undecided
Due Date Undecided
Votes
Private

Attached to Project: Flyspray
Opened by HenryN - 09.03.2021

FS#2627 - checkLogin: Trying to access array offset on value of type bool, PHP 7.4

FS version: 1.0-rc9
PHP version: 7.4.15
database: mysql
php.ini: error_reporting = E_ALL | E_STRICT

Steps done to create the problem:
- Login as Admin or User, with name “Admin”, not with email.

Experienced behavior:
PHP Notice: Trying to access array offset on value of type bool in …/flyspray-1.0-rc9/includes/class.flyspray.php on line 812

A possible fix is attached as patch.

Think, it is this line in currend code:
https://github.com/Flyspray/flyspray/blob/5b0a3d80fc9612ca8e8743450fbf2c8243b5bf47/includes/class.flyspray.php#L836

checkLogin_array_offset_of_bo... (0.8 KiB)

Comments (5)
Related Tasks (0/0)

HenryN commented on 09.03.2021 16:31

simplify the patch

checkLogin_array_offset_of_bo... (0.8 KiB)

peterdd commented on 09.03.2021 19:57

This was introduced with https://github.com/Flyspray/flyspray/commit/84b5e46a5ba67e489ed4172801a8c68e7b228d62

in 2013.

I think this is a problematic feature. At least at the moment without further code changes and checks.

Probably only allow against primary email address in users table, not user_emails table. This email address is used for account verification if email verification is setup.

Do you get same error notice with master branch?

HenryN commented on 10.03.2021 10:44

Yes. With todays master branch 3a459a7, PHP Version 7.4.15, loggedin as "Admin":

PHP Notice: Trying to access array offset on value of type bool in …/flyspray-master/includes/class.flyspray.php on line 836

HenryN commented on 10.03.2021 14:14

I do not full understand the contens of table `flyspray_user_emails`.
I have total 24 users. Only the last users 22, 23, 24 have an entry in this table.
There is no alternate email. In table `flyspray_user_emails` is the same email as in `flyspray_users`. fields oauth_uid and oauth_provider are all empty.

I'm using FS since 0.9.9.7, and updated to version 1.0-rc9 2 years ago.
I see, that the table `flyspray_user_emails` is filled only for users, where registered after version 1.0-rc9.

Is this a missing update process? May be to copy all email_address from table `flyspray_users` to table `flyspray_user_emails`? Or should the table `flyspray_user_emails` not fill, if oauth is not used?

peterdd commented on 11.03.2021 14:17

I wondered about this too when I started contributing: In FS#1812 I added some thoughts in the comment section.

	Tasks related to this task (0)

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task