Skip to content

Avoid PHP warnings about undefined array keys when sanitizing malformed PEMs #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 17, 2024
Merged

Avoid PHP warnings about undefined array keys when sanitizing malformed PEMs #556

merged 2 commits into from
Apr 17, 2024

Conversation

@crocodele
Copy link
Contributor

@crocodele crocodele commented Apr 15, 2024
edited
Loading

Target branch: 4.0.x 3.4.x

  • It is a Bug fix
  • It is a New feature
  • It is related to dependencies

Includes:

  • Breaks BC
  • Deprecations

When given a malformed PEM string, sanitizePEM() triggers two PHP warnings: Undefined array key 0 and Undefined array key 1.

@Spomky
Copy link
Member

Spomky commented Apr 15, 2024

Hi,

Many thanks for this PR.
The target branch should be 3.4.x.
Also, the result of preg_match_all should be verified in a similar way to line 400

@Spomky Spomky self-assigned this Apr 15, 2024
@Spomky Spomky added the bug label Apr 15, 2024
@Spomky Spomky added this to the 3.4.2 milestone Apr 15, 2024
@crocodele crocodele force-pushed the fix/AvoidUndefinedIndexWarning branch from ad2a33d to af17363 Compare April 15, 2024 20:49
@crocodele crocodele changed the base branch from 4.0.x to 3.4.x April 15, 2024 20:49
@crocodele
Copy link
Contributor Author

crocodele commented Apr 15, 2024

Hi,

Many thanks for this PR. The target branch should be 3.4.x. Also, the result of preg_match_all should be verified in a similar way to line 400

Switched the target branch to 3.4.x and changed to checking the result of preg_match_all() and throwing an exception instead of null coalescing $matches[0][0] and $matches[0][1], in af17363.

@Spomky
Add test for loading invalid PEM key
768c233 
A new test function was added in ECKeysTest.php to handle cases of loading invalid PEM keys. An InvalidArgumentException is expected to be thrown with a specific error message when an invalid private PEM key is loaded.
@Spomky
Copy link
Member

Spomky commented Apr 17, 2024

Perfect. Thanks 👍🏼
I added a test to cover this part.

@Spomky Spomky merged commit cdeb1f5 into web-token:3.4.x Apr 17, 2024
@crocodele crocodele deleted the fix/AvoidUndefinedIndexWarning branch April 17, 2024 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Spomky Spomky

Labels

bug in progress

Projects

None yet

Milestone

3.4.2

Development

Successfully merging this pull request may close these issues.

2 participants

@crocodele @Spomky