CIL-1778 Add checks for undefined array key

In multiple locations, add checks for is_null and array_key_exists before trying to get an array element.
cilogon · Jul 11, 2023 · 6b1a536 · 6b1a536
1 parent 1bd1398
commit 6b1a536
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 29 deletions.
diff --git a/src/Service/Bypass.php b/src/Service/Bypass.php
@@ -143,7 +143,10 @@ public function getAllowBypassArray()
 
         if (defined('ALLOW_BYPASS_ARRAY')) {
             $retarr = ALLOW_BYPASS_ARRAY;
-        } elseif (!empty($this->bypassarray)) {
+        } elseif (
+            (!empty($this->bypassarray)) &&
+            (array_key_exists('allow', $this->bypassarray))
+        ) {
             $retarr = $this->bypassarray['allow'];
         }
 
@@ -170,7 +173,10 @@ public function getBypassIdPArray()
 
         if (defined('BYPASS_IDP_ARRAY')) {
             $retarr = BYPASS_IDP_ARRAY;
-        } elseif (!empty($this->bypassarray)) {
+        } elseif (
+            (!empty($this->bypassarray)) &&
+            (array_key_exists('idp', $this->bypassarray))
+        ) {
             $retarr = $this->bypassarray['idp'];
         }
 
@@ -196,7 +202,10 @@ public function getForceSkinArray()
 
         if (defined('FORCE_SKIN_ARRAY')) {
             $retarr = FORCE_SKIN_ARRAY;
-        } elseif (!empty($this->bypassarray)) {
+        } elseif (
+            (!empty($this->bypassarray)) &&
+            (array_key_exists('skin', $this->bypassarray))
+        ) {
             $retarr = $this->bypassarray['skin'];
         }
 
@@ -224,7 +233,10 @@ public function getSSOAdminArray()
 
         if (defined('SSO_ADMIN_ARRAY')) {
             $retarr = SSO_ADMIN_ARRAY;
-        } elseif (!empty($this->bypassarray)) {
+        } elseif (
+            (!empty($this->bypassarray)) &&
+            (array_key_exists('sso', $this->bypassarray))
+        ) {
             $retarr = $this->bypassarray['sso'];
         }
 

diff --git a/src/Service/Content.php b/src/Service/Content.php
@@ -2311,19 +2311,22 @@ public static function handleNoSubmitButtonClicked()
             // we should automatically redirect to a specific IdP. Used
             // mainly by campus gateways.
             $bypassidp = '';
-            foreach (Util::getBypass()->getBypassIdPArray() as $key => $value) {
-                if (
-                    ($key === $redirect_uri) ||
-                    ($key === $client_id) ||
-                    ($key === @(Util::getAdminForClient($client_id))['admin_id']) ||
-                    (@preg_match($key, $redirect_uri)) ||
-                    (@preg_match($key, $client_id)) ||
-                    (@preg_match($key, @(Util::getAdminForClient($client_id))['admin_id']))
-                ) {
-                    $bypassidp = $value;
-                    // CIL-837 Reset the 'skin' to unset green/red-lit IdPs
-                    $skin->init(true);
-                    break;
+            $bypassidparray = Util::getBypass()->getBypassIdPArray();
+            if ((!is_null($bypassidparray)) && (!empty($bypassidparray))) {
+                foreach ($bypassidparray as $key => $value) {
+                    if (
+                        ($key === $redirect_uri) ||
+                        ($key === $client_id) ||
+                        ($key === @(Util::getAdminForClient($client_id))['admin_id']) ||
+                        (@preg_match($key, $redirect_uri)) ||
+                        (@preg_match($key, $client_id)) ||
+                        (@preg_match($key, @(Util::getAdminForClient($client_id))['admin_id']))
+                    ) {
+                        $bypassidp = $value;
+                        // CIL-837 Reset the 'skin' to unset green/red-lit IdPs
+                        $skin->init(true);
+                        break;
+                    }
                 }
             }
 

diff --git a/src/Service/Skin.php b/src/Service/Skin.php
@@ -742,17 +742,19 @@ protected function getForceSkin($uri, $checkadmin = false)
     {
         $retval = '';  // Assume uri is not in $forcearray
 
-        foreach ($this->forcearray as $key => $value) {
-            if (
-                ($key === $uri) ||
-                (@preg_match($key, $uri)) ||
-                ($checkadmin &&
-                    (($key === @(Util::getAdminForClient($uri))['admin_id']) ||
-                    (@preg_match($key, @(Util::getAdminForClient($uri))['admin_id'])))
-                )
-            ) {
-                $retval = $value;
-                break;
+        if ((!is_null($this->forcearray)) && (!empty($this->forcearray))) {
+            foreach ($this->forcearray as $key => $value) {
+                if (
+                    ($key === $uri) ||
+                    (@preg_match($key, $uri)) ||
+                    ($checkadmin &&
+                        (($key === @(Util::getAdminForClient($uri))['admin_id']) ||
+                        (@preg_match($key, @(Util::getAdminForClient($uri))['admin_id'])))
+                    )
+                ) {
+                    $retval = $value;
+                    break;
+                }
             }
         }
         return $retval;

diff --git a/src/Service/Util.php b/src/Service/Util.php
@@ -2162,7 +2162,10 @@ public static function getLastSSOIdP($saveidp = false)
             $co_name = '';
             if (strlen($admin_id) > 0) {
                 $sso_admin_array = static::getBypass()->getSSOAdminArray();
-                if (array_key_exists($admin_id, $sso_admin_array)) {
+                if (
+                    (!is_null($sso_admin_array)) &&
+                    (array_key_exists($admin_id, $sso_admin_array))
+                ) {
                     $co_name = $sso_admin_array[$admin_id];
                 }
             }