Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: curl request crashes with params that give an int once hexed #9193

Open
GuylainK7 opened this issue Sep 16, 2024 · 1 comment
Open

Bug: curl request crashes with params that give an int once hexed #9193

GuylainK7 opened this issue Sep 16, 2024 · 1 comment
Labels
bug Verified issues on the current code behavior or pull requests that will fix them good first issue Good for newcomers

Comments

@GuylainK7
Copy link

PHP Version

8.2

CodeIgniter4 Version

4.5.x

CodeIgniter4 Installation Method

Composer (using codeigniter4/appstarter)

Which operating systems have you tested for this bug?

Linux

Which server did you use?

apache

Database

MySQL 8.0.34

What happened?

After updating from CodeIgniter 4.4.8 to 4.5.4, a curl call started throwing an exception

    "title": "TypeError",
    "code": 500,
    "message": "hex2bin(): Argument #1 ($string) must be of type string, int given",
    "file": "/var/www/html/api-id/vendor/codeigniter4/framework/system/HTTP/URI.php",
    "line": 1180,

Steps to Reproduce

try to make a curl request with the following code

        $curl = service('curlrequest');
        $curl->request('GET', '', ['baseURI' => 'http://localhost:8080?startAt=0&limit=10']);

Expected Output

The curl request should work if the baseURI provided is reachable

Anything else?

errorLog.txt

The problem comes from the code found in protected function parseStr(string $query): array since the addition of declare(strict_types=1); in the file /vendor/codeigniter4/framework/system/HTTP/URI.php
A parameter named startAt once hexed gives a hex value of 73746172744174 which is not interpreted as a string in the foreach found on line 1179

One way to avoid this problem is to fill the url parameter correctly with the url instead of passing through the options
ex: $curl->request('GET', 'http://localhost:8080?startAt=0&limit=10', []);

A possible fix would be to cast $key as a string on line 1180 $return[hex2bin((string)$key)] = $value;
Another would be to remove the declare(strict_types=1); (not recommended)
@GuylainK7 GuylainK7 added the bug Verified issues on the current code behavior or pull requests that will fix them label Sep 16, 2024
@kenjis kenjis added the good first issue Good for newcomers label Sep 17, 2024
@kenjis
Copy link
Member

kenjis commented Sep 17, 2024

I think the following is a way to go.

--- a/system/HTTP/URI.php
+++ b/system/HTTP/URI.php
@@ -1177,7 +1177,8 @@ class URI implements Stringable
         parse_str($params, $result);
 
         foreach ($result as $key => $value) {
-            $return[hex2bin($key)] = $value;
+            // Array key might be int
+            $return[hex2bin((string) $key)] = $value;
         }
 
         return $return;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Verified issues on the current code behavior or pull requests that will fix them good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kenjis @GuylainK7