← Back to team overview

mahara-contributors team mailing list archive

[Bug 1514275] [NEW] Add a minaccept to look for the "empty()" function called with a non-variable argument

 

Public bug reported:

We've had a few bugs now caused by people calling the PHP empty()
function with a parameter that is not a single variable. (And at least
one caused by putting empty() into a Dwoo template, where its argument
was parsed by Dwoo into an expression.)

This causes a problem because we support PHP 5.3+, and prior to PHP 5.5
it causes a fatal exception if you try to call empty() with an argument
that is not a single variable.

I think this should actually be a pretty easy one to check for,
fortunately. We just need to check for "empty(" followed by a character
that isn't "$", so a regex like this: /\bempty\(\s*[^$]/i

And in Dwoo templates, where empty() can't be used at all because
there's no guarantee of what Dwoo will parse it into, we'd check for it
in the form "empty()" or in the Dwoo tag pipe syntax "|empty":
/(\bempty\(|\|empty\b)/i

Note that any regex to check for this would need to be case-insensitive,
because PHP function calls are not case sensitive.

** Affects: mahara
     Importance: Medium
         Status: Confirmed


** Tags: devtools

** Description changed:

  We've had a few bugs now caused by people calling the PHP empty()
  function with a parameter that is not a single variable. (And at least
  one caused by putting empty() into a Dwoo template, where its argument
  was parsed by Dwoo into an expression.)
  
  This causes a problem because we support PHP 5.3+, and prior to PHP 5.5
  it causes a fatal exception if you try to call empty() with an argument
  that is not a single variable.
  
  I think this should actually be a pretty easy one to check for,
  fortunately. We just need to check for "empty(" followed by a character
  that isn't "$", so a regex like this: /\bempty\(\s*[^$]/
  
  And in Dwoo templates, where empty() can't be used at all because
  there's no guarantee of what Dwoo will parse it into, we'd check for it
  in the form "empty()" or in the Dwoo tag pipe syntax "|empty":
- /\b(empty\(|\|empty\b/
+ /(\bempty\(|\|empty\b)/

** Description changed:

  We've had a few bugs now caused by people calling the PHP empty()
  function with a parameter that is not a single variable. (And at least
  one caused by putting empty() into a Dwoo template, where its argument
  was parsed by Dwoo into an expression.)
  
  This causes a problem because we support PHP 5.3+, and prior to PHP 5.5
  it causes a fatal exception if you try to call empty() with an argument
  that is not a single variable.
  
  I think this should actually be a pretty easy one to check for,
  fortunately. We just need to check for "empty(" followed by a character
- that isn't "$", so a regex like this: /\bempty\(\s*[^$]/
+ that isn't "$", so a regex like this: /\bempty\(\s*[^$]/i
  
  And in Dwoo templates, where empty() can't be used at all because
  there's no guarantee of what Dwoo will parse it into, we'd check for it
  in the form "empty()" or in the Dwoo tag pipe syntax "|empty":
- /(\bempty\(|\|empty\b)/
+ /(\bempty\(|\|empty\b)/i
+ 
+ Note that any regex to check for this would need to be case-insensitive,
+ because PHP function calls are not case sensitive.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1514275

Title:
  Add a minaccept to look for the "empty()" function called with a non-
  variable argument

Status in Mahara:
  Confirmed

Bug description:
  We've had a few bugs now caused by people calling the PHP empty()
  function with a parameter that is not a single variable. (And at least
  one caused by putting empty() into a Dwoo template, where its argument
  was parsed by Dwoo into an expression.)

  This causes a problem because we support PHP 5.3+, and prior to PHP
  5.5 it causes a fatal exception if you try to call empty() with an
  argument that is not a single variable.

  I think this should actually be a pretty easy one to check for,
  fortunately. We just need to check for "empty(" followed by a
  character that isn't "$", so a regex like this: /\bempty\(\s*[^$]/i

  And in Dwoo templates, where empty() can't be used at all because
  there's no guarantee of what Dwoo will parse it into, we'd check for
  it in the form "empty()" or in the Dwoo tag pipe syntax "|empty":
  /(\bempty\(|\|empty\b)/i

  Note that any regex to check for this would need to be case-
  insensitive, because PHP function calls are not case sensitive.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1514275/+subscriptions


Follow ups