Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: TypeError in form_open('') function #8729

Closed
bananacoffee opened this issue Apr 8, 2024 · 7 comments · Fixed by #8736
Closed

Bug: TypeError in form_open('') function #8729

bananacoffee opened this issue Apr 8, 2024 · 7 comments · Fixed by #8736
Labels
bug Verified issues on the current code behavior or pull requests that will fix them

Comments

@bananacoffee
Copy link

bananacoffee commented Apr 8, 2024
edited
Loading

PHP Version

8.2

CodeIgniter4 Version

4.5.0

CodeIgniter4 Installation Method

Composer (as dependency to an existing project)

Which operating systems have you tested for this bug?

Windows

Which server did you use?

cli

Database

MariaDB 10.4

What happened?

When CSRF Filter is On.
I encountered a TypeError when using the form_open('').
The error message is as follows:

TypeError
str_contains(): Argument #1 ($haystack) must be of type string, CodeIgniter\HTTP\SiteURI given
SYSTEMPATH\Helpers\form_helper.php at line 65

58         }
59 
60         $form = '<form action="' . $action . '"' . $attributes . ">\n";
61 
62         // Add CSRF field if enabled, but leave it out for GET requests and requests to external websites
63         $before = service('filters')->getFilters()['before'];
64 
65         if ((in_array('csrf', $before, true) || array_key_exists('csrf', $before)) && str_contains($action, base_url()) && ! stripos($form, 'method="get"')) {
66             $form .= csrf_field($csrfId ?? null);
67         }
68 
69         foreach ($hidden as $name => $value) {
70             $form .= form_hidden($name, $value);
71         }
72

Debug

// vendor\codeigniter4\framework\system\Helpers\form_helper.php line 65

var_dump(in_array('csrf', $before, true));       // true
var_dump(array_key_exists('csrf', $before));  // false
var_dump(str_contains($action, base_url()));  // error

if ((in_array('csrf', $before, true) || array_key_exists('csrf', $before)) && str_contains($action, base_url()) && !stripos($form, 'method="get"')) {
  $form .= csrf_field($csrfId ?? null);
}

Steps to Reproduce

  1. Upgrade CodeIgniter to 4.5.0 from 4.4.7.
  2. Use the form_open('') function in View.

Expected Output

<form action="current_url" method="post">

Anything else?

This issue did not occur when using CodeIgniter version 4.4.7.
Any help on this issue would be greatly appreciated.
@bananacoffee bananacoffee added the bug Verified issues on the current code behavior or pull requests that will fix them label Apr 8, 2024
@datamweb
Copy link
Contributor

datamweb commented Apr 8, 2024

I could not reproduce.

@kenjis
Copy link
Member

kenjis commented Apr 8, 2024

Cannot reproduce.

@bananacoffee
Copy link
Author

bananacoffee commented Apr 9, 2024
edited
Loading

@datamweb @kenjis

I was able to confirm the reproducibility.
An error occurs when using CSRF filter.

// app\Config\Filters.php line 70
    public array $globals = [
        'before' => [
            // 'honeypot',
            'csrf',
            // 'invalidchars',
        ],
        'after' => [
            'toolbar',
            // 'honeypot',
            // 'secureheaders',
        ],
    ];

Debug

// vendor\codeigniter4\framework\system\Helpers\form_helper.php line 65

var_dump(in_array('csrf', $before, true));       // true
var_dump(array_key_exists('csrf', $before));  // false
var_dump(str_contains($action, base_url()));  // error

if ((in_array('csrf', $before, true) || array_key_exists('csrf', $before)) && str_contains($action, base_url()) && !stripos($form, 'method="get"')) {
  $form .= csrf_field($csrfId ?? null);
}

@bananacoffee
Copy link
Author

bananacoffee commented Apr 9, 2024
edited
Loading

It works when change it to

str_contains((string)$action, base_url())

@kenjis kenjis mentioned this issue Apr 9, 2024
Merged
5 tasks
@kenjis
Copy link
Member

kenjis commented Apr 9, 2024

Check #8736

@bananacoffee
Copy link
Author

Resolved!
thank you.

@kenjis
Copy link
Member

kenjis commented Apr 9, 2024

No, not yet merged.
This issue will be closed automatically when merged.

@kenjis kenjis reopened this Apr 9, 2024
@datamweb datamweb mentioned this issue Apr 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Verified issues on the current code behavior or pull requests that will fix them
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: TypeError in form() kenjis/CodeIgniter4
3 participants
@kenjis @datamweb @bananacoffee