From 5bd94b4e120c97dc7db424fb01724510b386043c Mon Sep 17 00:00:00 2001 From: joelpittet Date: Thu, 16 Dec 2021 09:42:11 +0000 Subject: [PATCH 1/3] cast $text arg to string before passing to htmlspecialchars --- includes/bootstrap.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index e1f424d13ef5..212ae1f0daf2 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -1905,7 +1905,7 @@ function format_string($string, array $args = array()) { * @ingroup sanitization */ function check_plain($text) { - return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); + return htmlspecialchars((string) $text, ENT_QUOTES, 'UTF-8'); } /** -- GitLab From ef6debf9ffd2f6a99e4eaa42d7cc7e0d99e0bf14 Mon Sep 17 00:00:00 2001 From: joelpittet Date: Thu, 16 Dec 2021 09:56:12 +0000 Subject: [PATCH 2/3] check plain null and bool tests Tests --- modules/simpletest/tests/common.test | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test index b22c4a6f5cca..3b4d731da3ca 100644 --- a/modules/simpletest/tests/common.test +++ b/modules/simpletest/tests/common.test @@ -480,6 +480,11 @@ class CommonXssUnitTest extends DrupalUnitTestCase { * Check that invalid multi-byte sequences are rejected. */ function testInvalidMultiByte() { + // Ignore PHP 8.0+ null deprecatations. + $text = check_plain(NULL); + $this->assertEqual($text, '', 'check_plain() casts null to string'); + $text = check_plain(FALSE); + $this->assertEqual($text, '', 'check_plain() casts boolean to string'); // Ignore PHP 5.3+ invalid multibyte sequence warning. $text = @check_plain("Foo\xC0barbaz"); $this->assertEqual($text, '', 'check_plain() rejects invalid sequence "Foo\xC0barbaz"'); -- GitLab From e0615f0c3ad594adf14210d90c0a3bdffe8931dd Mon Sep 17 00:00:00 2001 From: Joel Pittet Date: Thu, 16 Dec 2021 02:03:56 -0800 Subject: [PATCH 3/3] Revert "cast $text arg to string before passing to htmlspecialchars" This reverts commit 5bd94b4e120c97dc7db424fb01724510b386043c. --- includes/bootstrap.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 212ae1f0daf2..e1f424d13ef5 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -1905,7 +1905,7 @@ function format_string($string, array $args = array()) { * @ingroup sanitization */ function check_plain($text) { - return htmlspecialchars((string) $text, ENT_QUOTES, 'UTF-8'); + return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); } /** -- GitLab