diff --git a/apps/dav/lib/Connector/Sabre/ServerFactory.php b/apps/dav/lib/Connector/Sabre/ServerFactory.php index a892565f22ef..4a361ff1744c 100644 --- a/apps/dav/lib/Connector/Sabre/ServerFactory.php +++ b/apps/dav/lib/Connector/Sabre/ServerFactory.php @@ -138,7 +138,7 @@ public function createServer( $config = $this->config; $server->on('beforeMethod:PROPFIND', function (Request $request) use ($config) { - $depthHeader = strtolower($request->getHeader('depth')); + $depthHeader = strtolower((string)$request->getHeader('depth')); if ($depthHeader === 'infinity' && !$config->getSystemValue('dav.propfind.depth_infinity', false)) { throw new PreconditionFailed('Depth infinity not supported'); diff --git a/changelog/unreleased/40944 b/changelog/unreleased/40944 new file mode 100644 index 000000000000..fdb20736efa2 --- /dev/null +++ b/changelog/unreleased/40944 @@ -0,0 +1,6 @@ +Bugfix: cast to string when string is expected + +The code now explicitly casts variables to string when they can be null and +are passed to functions that expect a string. + +https://github.com/owncloud/core/pull/40944 diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index d220feeccd1a..8628de683b05 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -418,7 +418,7 @@ protected function decodeContent() { $params = []; // 'application/json' must be decoded manually. - if (\strpos($this->getHeader('Content-Type'), 'application/json') !== false) { + if (\strpos($this->getHeader('Content-Type') ?? '', 'application/json') !== false) { $params = \json_decode(\file_get_contents($this->inputStream), true); if (\is_array($params) && \count($params) > 0) { $this->items['params'] = $params; diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php index cd98e1f4beca..cc530414071b 100644 --- a/lib/private/Security/Crypto.php +++ b/lib/private/Security/Crypto.php @@ -122,7 +122,7 @@ public function decrypt($authenticatedCiphertext, $password = '') { $password = $this->config->getSystemValue('secret'); } - $parts = \explode('|', $authenticatedCiphertext); + $parts = \explode('|', (string)$authenticatedCiphertext); // v2 uses stronger binary random iv if (\sizeof($parts) === 4 && $parts[0] === 'v2') { diff --git a/lib/private/Setup/AbstractDatabase.php b/lib/private/Setup/AbstractDatabase.php index 83490476f4d1..b216e3837f70 100644 --- a/lib/private/Setup/AbstractDatabase.php +++ b/lib/private/Setup/AbstractDatabase.php @@ -78,7 +78,7 @@ public function initialize($config) { $dbUser = $config['dbuser']; $dbPass = $config['dbpass']; $dbName = $config['dbname']; - $dbConnectionString = $config['dbconnectionstring']; + $dbConnectionString = $config['dbconnectionstring'] ?? ''; $dbHost = !empty($config['dbhost']) ? $config['dbhost'] : 'localhost'; $dbTablePrefix = isset($config['dbtableprefix']) ? $config['dbtableprefix'] : 'oc_'; diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 85b7742e1dd5..f20160b583c7 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -1072,7 +1072,7 @@ public function setNewRememberMeTokenForLoggedInUser() { public function clearRememberMeTokensForLoggedInUser($targetToken) { $user = $this->getUser(); $uid = $user->getUID(); - $hashedToken = \hash('snefru', $targetToken); + $hashedToken = \hash('snefru', (string)$targetToken); $keys = $this->config->getUserKeys($uid, 'login_token'); foreach ($keys as $key) { diff --git a/lib/private/legacy/helper.php b/lib/private/legacy/helper.php index 4bc5157aee16..ccac8217e055 100644 --- a/lib/private/legacy/helper.php +++ b/lib/private/legacy/helper.php @@ -509,7 +509,7 @@ public static function is_function_enabled($function_name) { if (\in_array($function_name, $disabled)) { return false; } - $disabled = \explode(',', $ini->get('suhosin.executor.func.blacklist')); + $disabled = \explode(',', (string)$ini->get('suhosin.executor.func.blacklist')); $disabled = \array_map('trim', $disabled); if (\in_array($function_name, $disabled)) { return false;