From 6fb351336324a25d61ab5e820cf12f3122bfa2e0 Mon Sep 17 00:00:00 2001 From: Janis Kurpnieks Date: Sat, 7 Mar 2026 16:03:35 +0200 Subject: [PATCH] Fix PHP 8.1+ deprecations: null passed to string functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PHP 8.1 deprecated passing null to built-in string functions like strlen(), strpos(), strtolower(), preg_match(), explode(), etc. This will become a TypeError in PHP 9.0. Changes: - html.php: Cast $href and $email to (string) in anchor() and mail_to_safe() - input.php: Cast $index to (string) in server(), headers(), is_ajax() - str.php: Fix parenthesis bug in truncate() — strlen($string !== mb_strlen($string)) was comparing a boolean, now correctly: strlen($string) !== mb_strlen($string) Also cast $string in is_html() - security.php: Cast Input::method() return to (string) in CSRF check - format.php: Cast $string and $json to (string) in XML/JSON processing - validation.php: Cast $rules to (string) in add_field() - controller/rest.php: Cast HTTP_AUTHORIZATION header to (string) - request/driver.php: Cast $method and $mime to (string) Tested on PHP 8.4.8 with a production FuelPHP 1.9 application. --- classes/controller/rest.php | 4 ++-- classes/format.php | 4 ++-- classes/html.php | 6 +++--- classes/input.php | 6 +++--- classes/request/driver.php | 4 ++-- classes/security.php | 2 +- classes/str.php | 6 +++--- classes/validation.php | 2 +- 8 files changed, 17 insertions(+), 17 deletions(-) diff --git a/classes/controller/rest.php b/classes/controller/rest.php index e26ea7f7a..d0a17f4bb 100644 --- a/classes/controller/rest.php +++ b/classes/controller/rest.php @@ -437,9 +437,9 @@ protected function _prepare_basic_auth() // most other servers elseif (\Input::server('HTTP_AUTHORIZATION')) { - if (strpos(strtolower(\Input::server('HTTP_AUTHORIZATION')), 'basic') === 0) + if (strpos(strtolower((string) \Input::server('HTTP_AUTHORIZATION')), 'basic') === 0) { - list($username, $password) = explode(':', base64_decode(substr(\Input::server('HTTP_AUTHORIZATION'), 6))); + list($username, $password) = explode(':', base64_decode(substr((string) \Input::server('HTTP_AUTHORIZATION'), 6))); } } diff --git a/classes/format.php b/classes/format.php index 251eb52b8..0fa760673 100644 --- a/classes/format.php +++ b/classes/format.php @@ -404,7 +404,7 @@ protected function _from_xml($string, $recursive = false) static $escape_keys = array(); $recursive or $escape_keys = array('_xmlns' => 'xmlns'); - if ( ! $recursive and strpos($string, 'xmlns') !== false and preg_match_all('/(\<.+?\>)/s', $string, $matches)) + if ( ! $recursive and strpos((string) $string, 'xmlns') !== false and preg_match_all('/(\<.+?\>)/s', (string) $string, $matches)) { foreach ($matches[1] as $tag) { @@ -568,7 +568,7 @@ protected static function pretty_json($data) $new_json = ""; $indent_level = 0; $in_string = false; - $len = strlen($json); + $len = strlen((string) $json); for ($c = 0; $c < $len; $c++) { diff --git a/classes/html.php b/classes/html.php index dbc41f148..b39755133 100644 --- a/classes/html.php +++ b/classes/html.php @@ -39,7 +39,7 @@ class Html */ public static function anchor($href, $text = null, $attr = array(), $secure = null) { - if ( ! preg_match('#^(\w+://|javascript:|\#)# i', $href)) + if ( ! preg_match('#^(\w+://|javascript:|\#)# i', (string) $href)) { $urlparts = explode('?', $href, 2); $href = \Uri::create($urlparts[0], array(), isset($urlparts[1]) ? $urlparts[1] : array(), $secure); @@ -129,9 +129,9 @@ public static function mail_to($email, $text = null, $subject = null, $attr = ar */ public static function mail_to_safe($email, $text = null, $subject = null, $attr = array()) { - $text or $text = str_replace('@', '[at]', $email); + $text or $text = str_replace('@', '[at]', (string) $email); - $email = explode("@", $email); + $email = explode("@", (string) $email); $subject and $subject = '?subject='.$subject; diff --git a/classes/input.php b/classes/input.php index 149c51a28..e0448b904 100644 --- a/classes/input.php +++ b/classes/input.php @@ -167,7 +167,7 @@ public static function protocol() */ public static function is_ajax() { - return (static::server('HTTP_X_REQUESTED_WITH') !== null) and strtolower(static::server('HTTP_X_REQUESTED_WITH')) === 'xmlhttprequest'; + return (static::server('HTTP_X_REQUESTED_WITH') !== null) and strtolower((string) static::server('HTTP_X_REQUESTED_WITH')) === 'xmlhttprequest'; } /** @@ -225,7 +225,7 @@ public static function cookie($index = null, $default = null) */ public static function server($index = null, $default = null) { - return (func_num_args() === 0) ? $_SERVER : \Arr::get($_SERVER, strtoupper($index), $default); + return (func_num_args() === 0) ? $_SERVER : \Arr::get($_SERVER, strtoupper((string) $index), $default); } /** @@ -263,7 +263,7 @@ public static function headers($index = null, $default = null) } } - return empty($headers) ? $default : ((func_num_args() === 0) ? $headers : \Arr::get(array_change_key_case($headers), strtolower($index), $default)); + return empty($headers) ? $default : ((func_num_args() === 0) ? $headers : \Arr::get(array_change_key_case($headers), strtolower((string) $index), $default)); } /** diff --git a/classes/request/driver.php b/classes/request/driver.php index 61aabee12..7494abb27 100644 --- a/classes/request/driver.php +++ b/classes/request/driver.php @@ -138,7 +138,7 @@ public function __construct($resource, array $options, $method = null) */ public function set_method($method) { - $this->method = strtoupper($method); + $this->method = strtoupper((string) $method); return $this; } @@ -341,7 +341,7 @@ protected function mime_in_header($mime, $accept_header) } // match on generic mime type - $mime = substr($mime, 0, strpos($mime, '/')).'/*'; + $mime = substr((string) $mime, 0, strpos((string) $mime, '/')).'/*'; if (in_array($mime, $accept_mimes)) { return true; diff --git a/classes/security.php b/classes/security.php index 754957b3b..ae03f7b81 100644 --- a/classes/security.php +++ b/classes/security.php @@ -56,7 +56,7 @@ public static function _init() if (\Config::get('security.csrf_autoload', false)) { $check_token_methods = \Config::get('security.csrf_autoload_methods', array('post', 'put', 'delete')); - if (in_array(strtolower(\Input::method()), $check_token_methods) and ! static::check_token()) + if (in_array(strtolower((string) \Input::method()), $check_token_methods) and ! static::check_token()) { if (\Config::get('security.csrf_bad_request_on_fail', false)) { diff --git a/classes/str.php b/classes/str.php index 1e219189d..0e707e499 100644 --- a/classes/str.php +++ b/classes/str.php @@ -45,7 +45,7 @@ public static function truncate($string, $limit, $continuation = '...', $is_html // Handle special characters. preg_match_all('/&[a-z]+;/i', strip_tags($string), $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER); // fix preg_match_all broken multibyte support - if (MBSTRING and strlen($string !== mb_strlen($string))) + if (MBSTRING and strlen((string) $string) !== mb_strlen((string) $string)) { $correction = 0; foreach ($matches as $index => $match) @@ -66,7 +66,7 @@ public static function truncate($string, $limit, $continuation = '...', $is_html // Handle all the html tags. preg_match_all('/<[^>]+>([^<]*)/', $string, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER); // fix preg_match_all broken multibyte support - if (MBSTRING and strlen($string !== mb_strlen($string))) + if (MBSTRING and strlen((string) $string) !== mb_strlen((string) $string)) { $correction = 0; foreach ($matches as $index => $match) @@ -327,7 +327,7 @@ public static function is_serialized($string) */ public static function is_html($string) { - return strlen(strip_tags($string)) < strlen($string); + return strlen(strip_tags((string) $string)) < strlen((string) $string); } // multibyte functions diff --git a/classes/validation.php b/classes/validation.php index b5e14e466..c5c492bfa 100644 --- a/classes/validation.php +++ b/classes/validation.php @@ -173,7 +173,7 @@ public function add_field($name, $label, $rules) { $field = $this->add($name, $label); - is_array($rules) or $rules = explode('|', $rules); + is_array($rules) or $rules = explode('|', (string) $rules); foreach ($rules as $rule) {