Closed gbeezus closed 11 months ago
@tropicandid FYI, as we are working to start rolling out PHP 8.1 upgrade we need to get this fixed. I'm going to get WP-CFM back on my priority list and work on getting this mitigates as soon as possible.
PHP 8.1 upgrade visibility: https://forumone.atlassian.net/wiki/spaces/support/pages/3596943507/PHP+8.0+to+8.1+Compatibility#WP-CFM
Looks like another related item when doing a wp config pull all
:
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/html/web/wp-content/plugins/wp-cfm/vendor/symfony/yaml/Inline.php on line 86
For the original issue there is a "polyfill" function that can be used:
function filter_string_polyfill(string $string): string
{
$str = preg_replace('/\x00|<[^>]*>?/', '', $string);
return str_replace(["'", '"'], [''', '"'], $str);
}
@timnolte Willing to talk it out. I'm not convinced that the precise polyfill you provided is enough to replicate what was done previously with FILTER_SANITIZE_STRING
which also encoded a fair amount. Are we considering whether we need the same functionality for comparing input to environment variable strings? Maybe I am misunderstanding something here.
@gbeezus there is a goods rundown of why the polyfill function would be a direct drop-in replacement: https://stackoverflow.com/a/69207369
@gbeezus actually, looking at the code that was written I did discover that it is wrong as the original got was looking at INPUT_GET
& INPUT_POST
. The code that was implemented incorrectly use $_GET
twice.
@gbeezus just to be clear I wasn't "blindly" copying anything.
Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in /var/www/html/web/wp-content/plugins/wp-cfm/wp-cfm.php on line 121 after installing WP-CFM with PHP 8.1.
Also occurs on line 129 and 254 in wp-cfm.php.