Bug: Debug\Exceptions cannot handle null character

[itisjoby]

PHP Version

8.2

CodeIgniter4 Version

4.3.1

CodeIgniter4 Installation Method

Composer (using codeigniter4/appstarter)

Which operating systems have you tested for this bug?

Linux

Which server did you use?

apache

Database

Mongodb

What happened?

we encountered an issue in CodeIgniter\Debug\Exceptions->handleDeprecationError () of ci4..

the error was following

ValueError
realpath(): Argument #1 ($path) must not contain any null bytes

we found the issues is in CodeIgniter\Debug\Exceptions->renderBacktrace function

$args = implode(', ', array_map(static function ($value): string {
                        switch (true) {
                            case is_object($value):
                                return sprintf('Object(%s)', get_class($value));

                            case is_array($value):
                                return $value !== [] ? '[...]' : '[]';

                            case $value === null:
                                return 'null';

                            case is_resource($value):
                                return sprintf('resource (%s)', get_resource_type($value));

                            case is_string($value):
                                return var_export(clean_path($value), true);

                            default:
                                return var_export($value, true);
                        }
                    }, $frame['args']));

 case is_string($value):
                                return var_export(clean_path($value), true);

when we remove clean_path function call from above line the error disappears.

Steps to Reproduce

install mcrypt on the ubuntu machine.

function index() {
        $this->decrypt('abc');
    }
private function decrypt($code) {
        $code = $this->hex2bin('00401ff5a8dbb61a90e4e51d15d1eec4');
        $iv   = '1234';
        $td   = mcrypt_module_open('rijndael-128', '', 'cbc', $iv);
    }
    private function hex2bin($hexdata) {
        $bindata = '';
        for ($i = 0; $i < strlen($hexdata); $i += 2) {
            $bindata .= chr(hexdec(substr($hexdata, $i, 2)));
        }
        return $bindata;
    }

call index() https://prnt.sc/ygodahSWxVQy

Expected Output

no errors

Anything else?

5 FCPATH/index.php(67): CodeIgniter\CodeIgniter->run()
WARNING - 2023-02-16 11:47:47 --> [DEPRECATED] Creation of dynamic property App\Libraries\Mongo_db::$result is deprecated in APPPATH/Libraries/Mongo_db.php on line 2189.
 1 APPPATH/Libraries/Mongo_db.php(2364): App\Libraries\Mongo_db->document_to_array(Object(stdClass))
 2 APPPATH/Libraries/Mongo_db.php(2425): App\Libraries\Mongo_db->_get('client', [...], false, 'App\\Libraries\\Mongo_db::find_one')
 3 APPPATH/Controllers/BaseController.php(275): App\Libraries\Mongo_db->find_one('client')
 4 APPPATH/Controllers/BaseController.php(116): App\Controllers\BaseController->set_client_currency(Object(MongoDB\BSON\ObjectId))
 5 SYSTEMPATH/CodeIgniter.php(908): App\Controllers\BaseController->initController(Object(CodeIgniter\HTTP\IncomingRequest), Object(CodeIgniter\HTTP\Response), Object(CodeIgniter\Log\Logger))
 6 SYSTEMPATH/CodeIgniter.php(489): CodeIgniter\CodeIgniter->createController()
 7 SYSTEMPATH/CodeIgniter.php(367): CodeIgniter\CodeIgniter->handleRequest(null, Object(Config\Cache), false)
 8 FCPATH/index.php(67): CodeIgniter\CodeIgniter->run()
CRITICAL - 2023-02-16 11:47:47 --> realpath(): Argument #1 ($path) must not contain any null bytes
in SYSTEMPATH/Common.php on line 94.
 1 SYSTEMPATH/Common.php(94): realpath()
 2 SYSTEMPATH/Debug/Exceptions.php(508): clean_path()
 3 [internal function]: CodeIgniter\Debug\Exceptions::CodeIgniter\Debug\{closure}()
 4 SYSTEMPATH/Debug/Exceptions.php(493): array_map()
 5 SYSTEMPATH/Debug/Exceptions.php(354): CodeIgniter\Debug\Exceptions::renderBacktrace()
 6 SYSTEMPATH/Debug/Exceptions.php(164): CodeIgniter\Debug\Exceptions->handleDeprecationError()
 7 APPPATH/Controllers/Test/Dbchangeclear.php(27): CodeIgniter\Debug\Exceptions->errorHandler()
 8 APPPATH/Controllers/Test/Dbchangeclear.php(21): App\Controllers\Test\Dbchangeclear->decrypt()
 9 SYSTEMPATH/CodeIgniter.php(935): App\Controllers\Test\Dbchangeclear->index()
10 SYSTEMPATH/CodeIgniter.php(498): CodeIgniter\CodeIgniter->runController()
11 SYSTEMPATH/CodeIgniter.php(367): CodeIgniter\CodeIgniter->handleRequest()
12 FCPATH/index.php(67): CodeIgniter\CodeIgniter->run()

[itisjoby]

the path that raised issue is a nonutf8 character : @���۶���������

https://prnt.sc/YRdjnh-qlkju

[paulbalandan]

To be honest, when I added the clean_path() call it is because of one of the reviews. That is to make filenames, if filenames are given, to be clean. I do not see any harm in removing the function call.

[kenjis]

Thank you for reporting.

We don't support Mcrypt.

This function has been DEPRECATED as of PHP 7.1.0 and REMOVED as of PHP 7.2.0. Relying on this function is highly discouraged.
https://www.php.net/manual/en/function.mcrypt-module-open.php

[kenjis]

@paulbalandan What is the $value here? It may not be a file path?

return var_export(clean_path($value), true);

[paulbalandan]

Yes, it can be any arbitrary string. In the review since the bug to be fixed focuses on the string file path, it was suggested to use clean_path() for cleaner paths.

[kenjis]

That's a bug.
It would be better to clean_path() only if the value contains a file path.