Bug #14394: PHP error in CSRF Magic from invalid time value - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.07 Plus - All Closed Issues
24.07 Plus - All Open Issues
24.07 Plus - Feedback Issues
24.07 Plus - Needs Attention/Work
24.07 Plus - New/Confirmed/In Progress Issues
24.07 Plus - Pull Request Review
24.07 Plus - Waiting on Merge
24.07 Target - All Closed Issues
24.07 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #14394

closed

PHP error in CSRF Magic from invalid time value

Added by Danilo Zrenjanin about 1 year ago. Updated 7 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

Web Interface

Target version:

2.7.1

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

23.09

Release Notes:

Default

Affected Version:

Affected Architecture:

Description

[08-May-2023 10:36:37 Europe/Warsaw] PHP Fatal error:  Uncaught TypeError: Unsupported operand types: string + int in /usr/local/www/csrf/csrf-magic.php:307
Stack trace:
#0 /usr/local/www/csrf/csrf-magic.php(293): csrf_check_token('' eval(compile(...')
#1 /usr/local/www/csrf/csrf-magic.php(197): csrf_check_tokens(Array)
#2 /usr/local/www/csrf/csrf-magic.php(408): csrf_check()
#3 /usr/local/www/guiconfig.inc(48): require_once('/usr/local/www/...')
#4 /usr/local/www/index.php(46): require_once('/usr/local/www/...')
#5 {main}
  thrown in /usr/local/www/csrf/csrf-magic.php on line 307

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Jim Pingle about 1 year ago

Subject changed from PHP Fatal error: Uncaught TypeError: Unsupported operand types: string + int in /usr/local/www/csrf/csrf-magic.php:307 to PHP error in CSRF Magic
Description updated (diff)
Target version set to 2.7.0
Plus Target Version set to 23.09

This specific error appears to possibly come from bad/corrupted cookie data from the client. It's trying to extract a timestamp but not getting anything that casts to an integer automatically. We could work around the error by casting the variables involved on that line to (int) if nothing else as a safety measure.

There are also some PHP 8 style issues in the CSRF Magic code that should be taken care of. Not sure if there is an upstream update or if it's all our own code to maintain there.

Actions

Copy link