From 8915bd1b2109eb561e38752b6574b6ba5c266600 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 25 Feb 2021 18:21:48 +0300 Subject: [PATCH] fix crash caused by non-numeric non-null _SESSION[uid] passed to sql logger --- classes/logger.php | 2 +- classes/logger/sql.php | 6 +++++- classes/userhelper.php | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/classes/logger.php b/classes/logger.php index ef77c7a05..864b66743 100755 --- a/classes/logger.php +++ b/classes/logger.php @@ -38,7 +38,7 @@ class Logger { return self::get_instance()->_log($errno, $errstr, $context); } - private function _log($errno, $errstr, $context = "") { + private function _log(int $errno, string $errstr, $context = "") { if ($this->adapter) return $this->adapter->log_error($errno, $errstr, '', 0, $context); else diff --git a/classes/logger/sql.php b/classes/logger/sql.php index f88621fbe..d21934aa6 100755 --- a/classes/logger/sql.php +++ b/classes/logger/sql.php @@ -32,10 +32,14 @@ class Logger_SQL implements Logger_Adapter { $errstr = UConverter::transcode($errstr, 'UTF-8', 'UTF-8'); $context = UConverter::transcode($context, 'UTF-8', 'UTF-8'); + // can't use $_SESSION["uid"] ?? null because what if its, for example, false? or zero? + // this would cause a PDOException on insert below + $owner_uid = !empty($_SESSION["uid"]) ? $_SESSION["uid"] : null; + $sth = $this->pdo->prepare("INSERT INTO ttrss_error_log (errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES (?, ?, ?, ?, ?, ?, NOW())"); - $sth->execute([$errno, $errstr, $file, $line, $context, $_SESSION["uid"] ?? null]); + $sth->execute([$errno, $errstr, $file, (int)$line, $context, $owner_uid]); return $sth->rowCount(); } diff --git a/classes/userhelper.php b/classes/userhelper.php index 4edcaf368..998dec507 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -97,7 +97,8 @@ class UserHelper { startup_gettext(); self::load_user_plugins($_SESSION["uid"]); } else { - if (!\Sessions\validate_session()) $_SESSION["uid"] = false; + if (!\Sessions\validate_session()) + $_SESSION["uid"] = null; if (empty($_SESSION["uid"])) {