make sure that parameters are a string when string is expected

apps/dav/lib/Connector/Sabre/ServerFactory.php

@@ -138,7 +138,7 @@ public function createServer(
 		$config = $this->config;
 
 		$server->on('beforeMethod:PROPFIND', function (Request $request) use ($config) {
-			$depthHeader = strtolower($request->getHeader('depth'));
+			$depthHeader = strtolower($request->getHeader('depth') ?? '');
 
 			if ($depthHeader === 'infinity' && !$config->getSystemValue('dav.propfind.depth_infinity', false)) {
 				throw new PreconditionFailed('Depth infinity not supported');

changelog/unreleased/40944

@@ -0,0 +1,6 @@
+Bugfix: make sure that parameters are a string when string is expected
+
+The code now checks for when variables are null are passed to functions that
+expect a string, and handles that correctly.
+
+https://github.com/owncloud/core/pull/40944

lib/private/AppFramework/Http/Request.php

@@ -418,7 +418,7 @@ protected function decodeContent() {
 		$params = [];
 
 		// 'application/json' must be decoded manually.
-		if (\strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
+		if (\strpos($this->getHeader('Content-Type') ?? '', 'application/json') !== false) {
 			$params = \json_decode(\file_get_contents($this->inputStream), true);
 			if (\is_array($params) && \count($params) > 0) {
 				$this->items['params'] = $params;

lib/private/Security/Crypto.php

@@ -122,7 +122,7 @@ public function decrypt($authenticatedCiphertext, $password = '') {
 			$password = $this->config->getSystemValue('secret');
 		}
 
-		$parts = \explode('|', $authenticatedCiphertext);
+		$parts = \explode('|', $authenticatedCiphertext ?? '');
 
 		// v2 uses stronger binary random iv
 		if (\sizeof($parts) === 4 && $parts[0] === 'v2') {

lib/private/Setup/AbstractDatabase.php

@@ -78,7 +78,7 @@ public function initialize($config) {
 		$dbUser = $config['dbuser'];
 		$dbPass = $config['dbpass'];
 		$dbName = $config['dbname'];
-		$dbConnectionString = $config['dbconnectionstring'];
+		$dbConnectionString = $config['dbconnectionstring'] ?? '';
 		$dbHost = !empty($config['dbhost']) ? $config['dbhost'] : 'localhost';
 		$dbTablePrefix = isset($config['dbtableprefix']) ? $config['dbtableprefix'] : 'oc_';
 

lib/private/User/Session.php

@@ -1072,7 +1072,11 @@ public function setNewRememberMeTokenForLoggedInUser() {
 	public function clearRememberMeTokensForLoggedInUser($targetToken) {
 		$user = $this->getUser();
 		$uid = $user->getUID();
-		$hashedToken = \hash('snefru', $targetToken);
+		if ($targetToken !== null) {
+			$hashedToken = \hash('snefru', $targetToken);
+		} else {
+			$hashedToken = "";
+		}
 
 		$keys = $this->config->getUserKeys($uid, 'login_token');
 		foreach ($keys as $key) {

lib/private/legacy/helper.php

@@ -509,7 +509,7 @@ public static function is_function_enabled($function_name) {
 		if (\in_array($function_name, $disabled)) {
 			return false;
 		}
-		$disabled = \explode(',', $ini->get('suhosin.executor.func.blacklist'));
+		$disabled = \explode(',', $ini->get('suhosin.executor.func.blacklist') ?? '');
 		$disabled = \array_map('trim', $disabled);
 		if (\in_array($function_name, $disabled)) {
 			return false;