News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Banned User Causes "Trying to access array offset on value of type null" Error

Started by sah62, February 22, 2023, 12:14:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

sah62

February 22, 2023, 12:14:26 PM Last Edit: May 21, 2024, 09:25:36 PM by Diego Andrés
These errors appear in my forum's log fairly regularly as a result of a banned user sending direct HTTP requests to download an attachment. I'm using SMF 2.1.3 and PHP 8.1.2. The only mod installed is "Forum Width Setting".

Quotehttps://www.mysite.com/smf/index.php?action=dlattach;attach=110599
/var/www/mysite/smf/Sources/Security.php (Line 315)  Backtrace information

Type of error: General
Error messageSelect
2: Trying to access array offset on value of type null

Code Select
314: // 'Log' the user out.  Can't have any funny business... (save the name!)
==>315: $old_name = isset($user_info['name']) && $user_info['name'] != '' ? $user_info['name'] : $txt['guest_title'];
316: $user_info['name'] = '';

Quotehttps://www.mysite.com/smf/index.php?action=dlattach;attach=110599
/var/www/mysite/smf/Sources/Security.php (Line 325)  Backtrace information

Type of error: General
Error messageSelect
2: Trying to access array offset on value of type null

Code Select
322: $context['user'] = array(
323: 'id' => 0,
324: 'username' => '',
==>325: 'name' => $txt['guest_title'],
326: 'is_guest' => true,
327: 'is_logged' => false,
328: 'is_admin' => false,
329: 'is_mod' => false,
330: 'can_mod' => false,
331: 'language' => $user_info['language'],
332: );

Quotehttps://www.mysite.com/smf/index.php?action=dlattach;attach=110599
/var/www/mysite/smf/Sources/Security.php (Line 348)  Backtrace information

Type of error: General
Error messageSelect
2: Trying to access array offset on value of type null

Code Select
347: // You banned, sucka!
==>348: fatal_error(sprintf($txt['your_ban'], $old_name) . (empty($_SESSION['ban']['cannot_access']['reason']) ? '' : '<br>' . $_SESSION['ban']['cannot_access']['reason']) . '<br>' . (!empty($_SESSION['ban']['expire_time']) ? sprintf($txt['your_ban_expires'], timeformat($_SESSION['ban']['expire_time'], false)) : $txt['your_ban_expires_never']), false, 403);

The errors can be reproduced by having a banned user send a request to download an attachment as described in the above quotes.  The theme isn't loaded, so the values of the $txt array aren't set and the error occurs when trying to access those null values. It starts with this code in index.php in the forum's root directory:

Code Select
        // Attachments don't require the entire theme to be loaded.
        if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && empty($maintenance))
                detectBrowser();
        // Load the current theme.  (note that ?theme=1 will also work, may be used for guest theming.)
        else
                loadTheme();

        // Check if the user should be disallowed access.
        is_not_banned();

Note the "Attachments don't require the entire theme to be loaded" comment. The call to is_not_banned() produces the error. As suggested by @Arantor in this support request, "is_not_banned probably should call loadTheme() at line 314 if it notes that $txt is null".

Diego Andrés

#1
March 04, 2023, 12:03:09 PM
Just for reference, issue logged: #7685
Merged Pull Request: #7686

SMF Tricks - Free & Premium Responsive Themes for SMF.
Print
Go Up Pages1
User actions
Advertisement: