stable
Clone or download
Read-only
request #13732: Incorrectly formatted access key should not generate a fatal error when a user tries to authenticate with it
Access keys without an even number of hexadecimal characters for the last part of the key generates a crash. \sodium_hex2bin() throws a SodiumException when the given string cannot be converted. This is a completely fine behavior but it's mostly undocumented: the information is not given in the PHP documentation and the stubs used by static analysis tools does not seem to know about it either. Change-Id: I27b472c2fe815485827e197b4e131459f79e92e8
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/gitlfs/include/Authorization/LFSAuthorizationTokenHeaderSerializer.php | +2 | −2 | Go to diff View file |
| M | plugins/gitlfs/phpunit/Authorization/LFSAuthorizationTokenHeaderSerializerTest.php | +14 | −3 | Go to diff View file |
| M | src/common/REST/RESTCurrentUserMiddleware.php | +3 | −1 | Go to diff View file |
| M | src/common/User/AccessKey/AccessKeySerializer.php | +1 | −1 | Go to diff View file |
| M | src/common/User/Password/Reset/ResetTokenSerializer.php | +6 | −3 | Go to diff View file |
| M | tests/phpunit/common/REST/RESTCurrentUserMiddlewareTest.php | +25 | −3 | Go to diff View file |
| M | tests/phpunit/common/User/AccessKey/AccessKeySerializerTest.php | +15 | −4 | Go to diff View file |
| M | tests/phpunit/common/User/Password/Reset/ResetTokenSerializerTest.php | +14 | −4 | Go to diff View file |