Alanaktion / phproject

A high performance full-featured project management system
https://www.phproject.org
GNU General Public License v3.0
390 stars 106 forks source link

Taskboard 500 Internal Server Error with PHP 8.1 #410

Closed modellbahn-anlage closed 2 years ago

modellbahn-anlage commented 2 years ago

Hi,

with PHP 8.1 I got a 500 Internal Server Error with PHP 8.1 on Taskboard:

"500 Internal Server Error strtotime(): Passing null to parameter #1 ($datetime) of type string is deprecated"

With PHP 7.4 it is fine.

Version from today from GIT.

lulcat commented 2 years ago

I am guessing all those issues are fixed with

diff --git a/app/controller/user.php b/app/controller/user.php
index c87103f9..5d90dc0a 100644
--- a/app/controller/user.php
+++ b/app/controller/user.php
@@ -181,7 +181,7 @@ class User extends \Controller
         } else {
             // Update profile
             if (!empty($post["name"])) {
-                $user->name = filter_var($post["name"], FILTER_SANITIZE_STRING);
+                $user->name = filter_var($post["name"], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
             } else {
                 $error = "Please enter your name.";
             }
Alanaktion commented 2 years ago

The taskboard issues should be fixed in the latest master branch (via commit 95ca979). I've applied a fix for that filter_var call as well today, I hadn't tried changing a user's name in a while. These should both be fixed in master now. If needed I can do a new full release.

lulcat commented 2 years ago

3600+ deletions, 3k additions? holy **** :D hmm, I downloaded the repo less than 3 weeks ago and I came across the above issue. Is that commit on the trunk?

EDIT: hmm, yes it is. Ok, I will try cloning a fresh repo and see if it works all kosher to let you know.

lulcat commented 2 years ago

Ok, so ye, my pull was that commit indeed. I had to change as per my patch in any case. I also got

500 Internal Server Error

implode(): Argument #1 ($pieces) must be of type array, string given [<snip>phproject/app/helper/dashboard.php:60]

After I manipulated the group access or so, and trying to 'add a project' or so with a [restricted] user. There might be more things under the bonnet, but I just found F3 and am writing my own website in it atm so I might get around to this although you might have ironed out any encountered bugs by then.

lulcat commented 2 years ago
500 Internal Server Error
array_merge(): Argument #1 must be of type array, null given [phproject/app/controller/issues.php:159]

$helper->getGroupIds() returns null then ahead of either an [empty] array or a default case which is compatible with arrays. This is the same as the above error and with the amount of array_merges you have, this might need quite a few fixes to make sure one doesn't get nullable returns where arrays are expected. I would probably open this as a side issue regarding php 8.1 or so.

lulcat commented 2 years ago

Ye, I pulled afresh and this isn't entirely done yet for 8.1... Upon a fresh install, I get a


500 Internal Server Error

strtotime(): Passing null to parameter #1 ($datetime) of type string is deprecated

Also, in install.html , change the input field for database password from text to password please.

diff --git a/app/view/install.html b/app/view/install.html
index 72d64bfe..fac71fec 100644
--- a/app/view/install.html
+++ b/app/view/install.html
@@ -117,7 +117,7 @@
                                             <div class="form-group form-group-sm">
                                                 <label for="db-pass" class="col-sm-3 control-label">Password</label>
                                                 <div class="col-sm-9">
-                                                    <input type="text" class="form-control" id="db-pass" name="db-pass">
+                                                    <input type="password" class="form-control" id="db-pass" name="db-pass">
                                                 </div>
                                             </div>
                                             <div class="form-group form-group-sm">

P.S. The reason these might not be dshowing up is that in production, one turns off depre warnings etc so this won't happen. (However, I do think they should be addressed). like e.g. fields yielding null in array vars? Anyway, you wil know best.