fix crash caused by non-numeric non-null _SESSION[uid] passed to sql logger

master
Andrew Dolgov 4 years ago
parent 34c74400a4
commit 8915bd1b21

@ -38,7 +38,7 @@ class Logger {
return self::get_instance()->_log($errno, $errstr, $context); return self::get_instance()->_log($errno, $errstr, $context);
} }
private function _log($errno, $errstr, $context = "") { private function _log(int $errno, string $errstr, $context = "") {
if ($this->adapter) if ($this->adapter)
return $this->adapter->log_error($errno, $errstr, '', 0, $context); return $this->adapter->log_error($errno, $errstr, '', 0, $context);
else else

@ -32,10 +32,14 @@ class Logger_SQL implements Logger_Adapter {
$errstr = UConverter::transcode($errstr, 'UTF-8', 'UTF-8'); $errstr = UConverter::transcode($errstr, 'UTF-8', 'UTF-8');
$context = UConverter::transcode($context, 'UTF-8', 'UTF-8'); $context = UConverter::transcode($context, 'UTF-8', 'UTF-8');
// can't use $_SESSION["uid"] ?? null because what if its, for example, false? or zero?
// this would cause a PDOException on insert below
$owner_uid = !empty($_SESSION["uid"]) ? $_SESSION["uid"] : null;
$sth = $this->pdo->prepare("INSERT INTO ttrss_error_log $sth = $this->pdo->prepare("INSERT INTO ttrss_error_log
(errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES (errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES
(?, ?, ?, ?, ?, ?, NOW())"); (?, ?, ?, ?, ?, ?, NOW())");
$sth->execute([$errno, $errstr, $file, $line, $context, $_SESSION["uid"] ?? null]); $sth->execute([$errno, $errstr, $file, (int)$line, $context, $owner_uid]);
return $sth->rowCount(); return $sth->rowCount();
} }

@ -97,7 +97,8 @@ class UserHelper {
startup_gettext(); startup_gettext();
self::load_user_plugins($_SESSION["uid"]); self::load_user_plugins($_SESSION["uid"]);
} else { } else {
if (!\Sessions\validate_session()) $_SESSION["uid"] = false; if (!\Sessions\validate_session())
$_SESSION["uid"] = null;
if (empty($_SESSION["uid"])) { if (empty($_SESSION["uid"])) {

Loading…
Cancel
Save