Merge branch 'B11666TryingToAccessArrayOffsetOnValueOfTypeInt' into 'develop'

B11666 trying to access array offset on value of type int See merge request !294

Merge branch 'B11666TryingToAccessArrayOffsetOnValueOfTypeInt' into 'develop'
B11666 trying to access array offset on value of type int See merge request !294
1e03320f · Carsten Rose · 9efb6e1e · 9e303003 · 1e03320f · 1e03320f
Commit 1e03320f authored Dec 16, 2020 by Carsten Rose
--- a/Documentation/Report.rst
+++ b/Documentation/Report.rst
@@ -1322,15 +1322,15 @@ Renders images. Allows to define an alternative text and a title attribute for t
    10.sql = SELECT "<path to image>|[<alt text>]|[<title text>]" AS _img


-+-------------+-------------------------------------------------------------------------------------------+---------------------------+
-|**Parameter**|**Description**                                                                            |**Default value/behaviour**|
-+=============+===========================================================================================+===========================+
-|<pathtoimage>|The path to the image file.                                                                |none                       |
-+-------------+-------------------------------------------------------------------------------------------+---------------------------+
-|<alttext>    |Alternative text. Will be displayed if image can't be loaded (alt attribute of img tag).   |empty string               |
-+-------------+-------------------------------------------------------------------------------------------+---------------------------+
-|<titletext>  |Text that will be set as image title in the title attribute of the img tag.                |no title attribute rendered|
-+-------------+-------------------------------------------------------------------------------------------+---------------------------+
+--------------+-------------------------------------------------------------------------------------------+-----------------------------+
+|**Parameter** |**Description**                                                                            | **Default value/behaviour** |
+==============+===========================================================================================+=============================+
+|<pathtoimage> |The path to the image file.                                                                | none                        |
+--------------+-------------------------------------------------------------------------------------------+-----------------------------+
+|<alttext>     |Alternative text. Will be displayed if image can't be loaded (alt attribute of img tag).   | empty string                |
+--------------+-------------------------------------------------------------------------------------------+-----------------------------+
+|<titletext>   |Text that will be set as image title in the title attribute of the img tag.                | no title attribute rendered |
+--------------+-------------------------------------------------------------------------------------------+-----------------------------+


 **Minimal Example** ::

--- a/Documentation/Variable.rst
+++ b/Documentation/Variable.rst
@@ -127,7 +127,7 @@ For QFQ variables and FormElements:
 +------------------+------+-------+-----------------------------------------------------------------------------------------+
 | Name             | Form | Query | Pattern                                                                                 |
 +==================+======+=======+=========================================================================================+
-| **alnumx**       | Form | Query | [A-Za-z][0-9]@-_.,;: /() ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿçß            |
+| **alnumx**       | Form | Query | [A-Za-z][0-9]@-_.,;: /() ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿçß           |
 +------------------+------+-------+-----------------------------------------------------------------------------------------+
 | **digit**        | Form | Query | [0-9]                                                                                   |
 +------------------+------+-------+-----------------------------------------------------------------------------------------+

--- a/extension/Classes/Core/Helper/Sanitize.php
+++ b/extension/Classes/Core/Helper/Sanitize.php
@@ -7,7 +7,6 @@
 */

 namespace IMATHUZH\Qfq\Core\Helper;
- 


 /**
@@ -289,14 +288,19 @@ class Sanitize {
     */
    public static function digitCheckAndCleanGet($key) {

-        if (isset($_GET[$key]) && !ctype_digit($_GET[$key])) {
-            if (!empty($_GET[$key]) && ctype_digit($_GET[$key][0])) {
-                $_GET[$key] = $_GET[$key][0];
-            } else {
-                $_GET[$key] = '';
-            }
+        if (!isset($_GET[$key])) {
+            $_GET[$key] = '';
+            return;
        }

-    }
+        if (ctype_digit($_GET[$key])) {
+            return;
+        }

+        if (ctype_digit($_GET[$key][0] ?? '')) {
+            $_GET[$key] = $_GET[$key][0];
+        } else {
+            $_GET[$key] = '';
+        }
+    }
 }
\ No newline at end of file
--- a/extension/Tests/Unit/Core/Helper/SanitizeTest.php
+++ b/extension/Tests/Unit/Core/Helper/SanitizeTest.php
@@ -349,7 +349,7 @@ class SanitizeTest extends TestCase {

        unset ($_GET[CLIENT_PAGE_LANGUAGE]);
        Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
-        $this->assertEquals(false, isset($_GET[CLIENT_PAGE_LANGUAGE]));
+        $this->assertEquals('', $_GET[CLIENT_PAGE_LANGUAGE]);

        $_GET[CLIENT_PAGE_LANGUAGE] = '';
        Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);