search

codeigniter4 / CodeIgniter4

Open Source PHP Framework (originally from EllisLab)
https://codeigniter.com/
MIT License
5.31k stars 1.89k forks source link

Bug: curl request crashes with params that give an int once hexed #9193

Open GuylainK7 opened 1 week ago

GuylainK7 commented 1 week ago

PHP Version

8.2

CodeIgniter4 Version

4.5.x

CodeIgniter4 Installation Method

Composer (using codeigniter4/appstarter)

Which operating systems have you tested for this bug?

Linux

Which server did you use?

apache

Database

MySQL 8.0.34

What happened?

After updating from CodeIgniter 4.4.8 to 4.5.4, a curl call started throwing an exception 

    "title": "TypeError",
    "code": 500,
    "message": "hex2bin(): Argument #1 ($string) must be of type string, int given",
    "file": "/var/www/html/api-id/vendor/codeigniter4/framework/system/HTTP/URI.php",
    "line": 1180,

Steps to Reproduce

try to make a curl request with the following code

        $curl = service('curlrequest');
        $curl->request('GET', '', ['baseURI' => 'http://localhost:8080?startAt=0&limit=10']);

Expected Output

The curl request should work if the baseURI provided is reachable

Anything else?

errorLog.txt

The problem comes from the code found in protected function parseStr(string $query): array since the addition of declare(strict_types=1); in the file /vendor/codeigniter4/framework/system/HTTP/URI.php A parameter named startAt once hexed gives a hex value of 73746172744174 which is not interpreted as a string in the foreach found on line 1179

One way to avoid this problem is to fill the url parameter correctly with the url instead of passing through the options ex: $curl->request('GET', 'http://localhost:8080?startAt=0&limit=10', []);

A possible fix would be to cast $key as a string on line 1180 $return[hex2bin((string)$key)] = $value; Another would be to remove the declare(strict_types=1); (not recommended)

kenjis commented 1 week ago

I think the following is a way to go.

--- a/system/HTTP/URI.php
+++ b/system/HTTP/URI.php
@@ -1177,7 +1177,8 @@ class URI implements Stringable
         parse_str($params, $result);

         foreach ($result as $key => $value) {
-            $return[hex2bin($key)] = $value;
+            // Array key might be int
+            $return[hex2bin((string) $key)] = $value;
         }

         return $return;