search

ltb-project / service-desk

Application for support team who need to check and reset user passwords
https://service-desk.readthedocs.io/
GNU General Public License v3.0
49 stars 19 forks source link

Replace deprecated FILTER_SANITIZE_STRING constant #107

Closed coudot closed 5 months ago

coudot commented 8 months ago

May close #106

cmaudoux commented 7 months ago

hi @coudot

I tested your patch with telnet and openssl. It seems OK but a warning is thrown if ACCEPT_LANGUAGE header is missing:

GET / HTTP/1.1
HOST: service-desk.qual.gendarmerie.fr

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 29 Nov 2023 11:31:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Expect-CT: enforce, max-age=604800

17de
<br />
<b>Warning</b>:  Undefined array key "HTTP_ACCEPT_LANGUAGE" in <b>/usr/share/service-desk/lib/detectbrowserlanguage.php</b> on line <b>19</b><br />
<br />
<b>Deprecated</b>:  htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated in <b>/usr/share/service-desk/lib/detectbrowserlanguage.php</b> on line <b>19</b><br />

This line could be protected with a IF statement.

if $_SERVER['HTTP_ACCEPT_LANGUAGE'])
      $acceptedLanguages = htmlspecialchars($_SERVER['HTTP_ACCEPT_LANGUAGE']);
else
      $acceptedLanguages  = '';

Cheers

coudot commented 7 months ago

It could be indeed an improvement, even if browsers always send this header.

coudot commented 7 months ago

@cmaudoux see my latest commit