Deprecation Warning: HtmLawed Editor 2.0.10

Deprecation Warning: HtmLawed Editor 2.0.10

James12345James12345 Posts: 13Questions: 5Answers: 0

I am in the process of upgrading to PHP 8.1.12 and I am receiving deprecation warnings. I have updated to Editor 2.0.10 and applied the latest fix for Format.php dated 10th October which resolved many of the errors, however I am still receiving the following for a few pages:

Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in .... Editor-PHP-2.0.10\lib\HtmLawed\Htmlawed.php on line 95

The table does not contain any null values, so I am confused why the error should suggest that it is caused by passing a null parameter?

I have narrowed the issue to page that utilise Upload and the error can be corrected by setting the field with
->xss( false )
as per another forum answer in May 22. https://datatables.net/forums/discussion/67011/is-datatable-editor-php-8-0-compatible#latest

From a security perspective I would prefer to leave it enabled. Does anyone know of a fix to resolve the issue or offer advice on how I can narrow down the cause of the issue?

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 57,737Questions: 1Answers: 9,204 Site admin

    Hi,

    Thanks for flagging this up. Could you try the latest file from here please? Just replace the contents of your local file with the code from there. That updates HTMLawed to the latest available version and it appears to be running okay on a quick check. Our nightly build will give it a proper test.

    Allan

  • James12345James12345 Posts: 13Questions: 5Answers: 0

    Thank you for the quick reply. I have updated and I receive the same error, however it is now line 189

  • allanallan Posts: 57,737Questions: 1Answers: 9,204 Site admin

    Thanks for letting me know. How odd that I'm not seeing it. Can you show me your Editor PHP initialisation please? I'll try to recreate it here with that. Is it on upload, or on submit after uploading a file?

    Allan

  • James12345James12345 Posts: 13Questions: 5Answers: 0

    Please see my editor PHP code below. The error is displayed on initial page load and the only way to render the page is to add xss(false).

    include( "../../php/Editor-PHP-2.0.10/lib/DataTables.php" );
    
    use
        DataTables\Editor,
        DataTables\Editor\Field,
        DataTables\Editor\Format,
        DataTables\Editor\Mjoin,
        DataTables\Editor\Options,
        DataTables\Editor\Upload,
        DataTables\Editor\Validate,
        DataTables\Editor\ValidateOptions;
    
    $editor = Editor::inst( $db, 'Log','Log.id' )
        ->fields(
                Field::inst( 'Log.id' )
                    ->set(False),
                Field::inst( 'files.filename' ),
                Field::inst( 'files.filesize' ),
                Field::inst( 'files.web_path' ),
                Field::inst( 'files.system_path' ),
                Field::inst( 'files.extension' ),
                Field::inst( 'Log.fileId' )
                    ->setFormatter( Format::ifEmpty( null ) )
                    ->upload( Upload::inst( DocLib.'__NAME__')
                        ->db( 'files', 'id', array(
                            'filename'    => Upload::DB_FILE_NAME,
                            'filesize'    => Upload::DB_FILE_SIZE,
                            'web_path'    => Upload::DB_FILE_NAME,
                            'system_path' => Upload::DB_SYSTEM_PATH,
                            'extension' => Upload::DB_EXTN,
                            'creationdate' => date("Y-m-d H:i:s") ,
                            'modificationdate' =>  date("Y-m-d H:i:s")
                        ) )
                    ),
                    //->xss( false ),
                Field::inst( 'Log.Type' ),
                Field::inst( 'Log.Id' ),
                Field::inst( 'Log.Dtg' )
                    ->getFormatter( Format::dateSqlToFormat('d-m-Y' ))
                    ->set( Field::SET_BOTH )
                    ->setFormatter(Format::dateFormatToSql('d-m-Y')),
                Field::inst( 'Log.description' ),
                Field::inst( 'Log.complete1Dtg' )
                    ->getFormatter( Format::dateTime( 'Y-m-d', 'd-m-Y' ))
                    ->set( Field::SET_EDIT )
                    ->setFormatter(Format::dateTime('d-m-Y','Y-m-d')),
                Field::inst( 'Log.complete2Dtg' )
                    ->getFormatter( Format::dateTime( 'Y-m-d', 'd-m-Y' ))
                    ->set( Field::SET_EDIT )
                    ->setFormatter(Format::dateTime('d-m-Y','Y-m-d')),
                Field::inst( 'Log.comments' ),
                Field::inst( 'Log.responseDtg' )
                    ->getFormatter( Format::dateTime( 'Y-m-d', 'd-m-Y' ))
                    ->set( Field::SET_EDIT )
                    ->setFormatter(Format::dateTime('d-m-Y','Y-m-d')),
                Field::inst( 'Log.responseAddr' ),
                Field::inst( 'Log.status')
                    ->options( Options::inst()
                        ->table( 'statusState' )
                        ->value( 'statusState.id' )
                        ->label( 'statusState.status' )
                        ->order( 'statusState.status ASC' )
                        ->where( function($q) {
                            $q
                            ->where( 'statusState.type', 'log%', 'LIKE' )
                             ->and_where( function ( $r ) {
                                $r ->where( 'statusState.enabled', 'True', '=');
                             });
                        } )
                    ),
                Field::inst( 'status.status')
                    ->set(Field::SET_NONE), 
                Field::inst( 'Log.creationdate')
                    ->getFormatter( Format::dateSqlToFormat( 'd-m-Y H:i:s' ) )
                    ->set( Field::SET_CREATE )
                    ->setValue( date("Y-m-d H:i:s")  ),
                Field::inst( 'Log.modificationdate')
                    ->getFormatter( Format::dateSqlToFormat( 'd-m-Y H:i:s' ) )
                    ->set( Field::SET_BOTH )
                    ->setValue( date("Y-m-d H:i:s")  ),
                Field::inst( 'Log.accountName' )
                    ->set( Field::SET_BOTH )
                    ->setValue( $_SERVER['LOGON_USER']   )
            )
    
            ->leftJoin( 'files', 'files.id' , '=',  'Log.fileId' )
            ->leftJoin( 'statusState as status' , 'Log.status' , '=', 'status.id' ) ;
    
            if(isset($_POST['dtStart']) )
            {
                $editor->where( function ( $q ) {
                    $q->where( 'Log.creationdate', "BETWEEN (:startDT) AND (:endDT)", "",false);
                    $q->bind( ':startDT', $_POST['dtStart'] );
                    $q->bind( ':endDT', $_POST['dtEnd'] );
                } );
            }
    
        $editor
        ->process( $_POST )
        ->json();
    
    
  • allanallan Posts: 57,737Questions: 1Answers: 9,204 Site admin

    Thank you - I'm a little surprised that it is happening on load since the XSS stuff doesn't kick in at that point - which suggests it is something to do with the initialisation in HTMLawed. I'll get back to you once I've set this up locally.

    Allan

  • allanallan Posts: 57,737Questions: 1Answers: 9,204 Site admin
    Answer ✓

    Got it now - thanks! I've committed the fix here. If you grab the latest copy of Field.php and replace your local file with the contents of the updated file it will spring back into action!

    Regards,
    Allan

  • James12345James12345 Posts: 13Questions: 5Answers: 0

    Thank you, that fixed it.

  • allanallan Posts: 57,737Questions: 1Answers: 9,204 Site admin

    Awesome - thanks for the confirmation :)

    Allan

Sign In or Register to comment.