silverstripe · GuySartorelli · Apr 22, 2022 · Apr 14, 2022
diff --git a/src/Control/CLIRequestBuilder.php b/src/Control/CLIRequestBuilder.php
@@ -46,13 +46,13 @@ public static function cleanEnvironment(array $variables)
          *   fourth => val
          */
         if (isset($variables['_SERVER']['argv'][2])) {
-            $args = array_slice($variables['_SERVER']['argv'], 2);
+            $args = array_slice($variables['_SERVER']['argv'] ?? [], 2);
             foreach ($args as $arg) {
-                if (strpos($arg, '=') == false) {
+                if (strpos($arg ?? '', '=') == false) {
                     $variables['_GET']['args'][] = $arg;
                 } else {
                     $newItems = [];
-                    parse_str((substr($arg, 0, 2) == '--') ? substr($arg, 2) : $arg, $newItems);
+                    parse_str((substr($arg ?? '', 0, 2) == '--') ? substr($arg, 2) : $arg, $newItems);
                     $variables['_GET'] = array_merge($variables['_GET'], $newItems);
                 }
             }
@@ -79,7 +79,7 @@ public static function createFromVariables(array $variables, $input, $url = null
     {
         $request = parent::createFromVariables($variables, $input, $url);
         // unset scheme so that SS_BASE_URL can provide `is_https` information if required
-        $scheme = parse_url(Environment::getEnv('SS_BASE_URL'), PHP_URL_SCHEME);
+        $scheme = parse_url(Environment::getEnv('SS_BASE_URL') ?? '', PHP_URL_SCHEME);
         if ($scheme) {
             $request->setScheme($scheme);
         }

diff --git a/src/Control/ContentNegotiator.php b/src/Control/ContentNegotiator.php
@@ -79,16 +79,16 @@ public static function enabled_for($response)
 
         // Disable content negotiation for other content types
         if ($contentType
-            && substr($contentType, 0, 9) != 'text/html'
-            && substr($contentType, 0, 21) != 'application/xhtml+xml'
+            && substr($contentType ?? '', 0, 9) != 'text/html'
+            && substr($contentType ?? '', 0, 21) != 'application/xhtml+xml'
         ) {
             return false;
         }
 
         if (ContentNegotiator::getEnabled()) {
             return true;
         } else {
-            return (substr($response->getBody(), 0, 5) == '<' . '?xml');
+            return (substr($response->getBody() ?? '', 0, 5) == '<' . '?xml');
         }
     }
 
@@ -136,12 +136,12 @@ public static function process(HTTPResponse $response)
         } else {
             // The W3C validator doesn't send an HTTP_ACCEPT header, but it can support xhtml. We put this
             // special case in here so that designers don't get worried that their templates are HTML4.
-            if (isset($_SERVER['HTTP_USER_AGENT']) && substr($_SERVER['HTTP_USER_AGENT'], 0, 14) == 'W3C_Validator/') {
+            if (isset($_SERVER['HTTP_USER_AGENT']) && substr($_SERVER['HTTP_USER_AGENT'] ?? '', 0, 14) == 'W3C_Validator/') {
                 $chosenFormat = "xhtml";
             } else {
                 foreach ($mimes as $format => $mime) {
-                    $regExp = '/' . str_replace(['+', '/'], ['\+', '\/'], $mime) . '(;q=(\d+\.\d+))?/i';
-                    if (isset($_SERVER['HTTP_ACCEPT']) && preg_match($regExp, $_SERVER['HTTP_ACCEPT'], $matches)) {
+                    $regExp = '/' . str_replace(['+', '/'], ['\+', '\/'], $mime ?? '') . '(;q=(\d+\.\d+))?/i';
+                    if (isset($_SERVER['HTTP_ACCEPT']) && preg_match($regExp ?? '', $_SERVER['HTTP_ACCEPT'] ?? '', $matches)) {
                         $preference = isset($matches[2]) ? $matches[2] : 1;
                         if (!isset($q[$preference])) {
                             $q[$preference] = $format;
@@ -189,17 +189,17 @@ public function xhtml(HTTPResponse $response)
         $content = preg_replace(
             '/<base href="([^"]*)"><!--\[if[[^\]*]\] \/><!\[endif\]-->/',
             '<base href="$1" />',
-            $content
+            $content ?? ''
         );
 
-        $content = str_replace('&nbsp;', '&#160;', $content);
-        $content = str_replace('<br>', '<br />', $content);
-        $content = str_replace('<hr>', '<hr />', $content);
-        $content = preg_replace('#(<img[^>]*[^/>])>#i', '\\1/>', $content);
-        $content = preg_replace('#(<input[^>]*[^/>])>#i', '\\1/>', $content);
-        $content = preg_replace('#(<param[^>]*[^/>])>#i', '\\1/>', $content);
-        $content = preg_replace("#(\<option[^>]*[\s]+selected)(?!\s*\=)#si", "$1=\"selected\"$2", $content);
-        $content = preg_replace("#(\<input[^>]*[\s]+checked)(?!\s*\=)#si", "$1=\"checked\"$2", $content);
+        $content = str_replace('&nbsp;', '&#160;', $content ?? '');
+        $content = str_replace('<br>', '<br />', $content ?? '');
+        $content = str_replace('<hr>', '<hr />', $content ?? '');
+        $content = preg_replace('#(<img[^>]*[^/>])>#i', '\\1/>', $content ?? '');
+        $content = preg_replace('#(<input[^>]*[^/>])>#i', '\\1/>', $content ?? '');
+        $content = preg_replace('#(<param[^>]*[^/>])>#i', '\\1/>', $content ?? '');
+        $content = preg_replace("#(\<option[^>]*[\s]+selected)(?!\s*\=)#si", "$1=\"selected\"$2", $content ?? '');
+        $content = preg_replace("#(\<input[^>]*[\s]+checked)(?!\s*\=)#si", "$1=\"checked\"$2", $content ?? '');
 
         $response->setBody($content);
     }
@@ -226,31 +226,31 @@ public function html(HTTPResponse $response)
         $response->addHeader("Vary", "Accept");
 
         $content = $response->getBody();
-        $hasXMLHeader = (substr($content, 0, 5) == '<' . '?xml');
+        $hasXMLHeader = (substr($content ?? '', 0, 5) == '<' . '?xml');
 
         // Fix base tag
         $content = preg_replace(
             '/<base href="([^"]*)" \/>/',
             '<base href="$1"><!--[if lte IE 6]></base><![endif]-->',
-            $content
+            $content ?? ''
         );
 
-        $content = preg_replace("#<\\?xml[^>]+\\?>\n?#", '', $content);
+        $content = preg_replace("#<\\?xml[^>]+\\?>\n?#", '', $content ?? '');
         $content = str_replace(
             ['/>', 'xml:lang', 'application/xhtml+xml'],
             ['>', 'lang', 'text/html'],
-            $content
+            $content ?? ''
         );
 
         // Only replace the doctype in templates with the xml header
         if ($hasXMLHeader) {
             $content = preg_replace(
                 '/<!DOCTYPE[^>]+>/',
                 '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">',
-                $content
+                $content ?? ''
             );
         }
-        $content = preg_replace('/<html xmlns="[^"]+"/', '<html ', $content);
+        $content = preg_replace('/<html xmlns="[^"]+"/', '<html ', $content ?? '');
 
         $response->setBody($content);
     }

diff --git a/src/Control/Controller.php b/src/Control/Controller.php
@@ -407,11 +407,11 @@ public function getViewer($action)
             while ($parentClass !== parent::class) {
                 // _action templates have higher priority
                 if ($action && $action != 'index') {
-                    $actionTemplates[] = strtok($parentClass, '_') . '_' . $action;
+                    $actionTemplates[] = strtok($parentClass ?? '', '_') . '_' . $action;
                 }
                 // class templates have lower priority
-                $classTemplates[] = strtok($parentClass, '_');
-                $parentClass = get_parent_class($parentClass);
+                $classTemplates[] = strtok($parentClass ?? '', '_');
+                $parentClass = get_parent_class($parentClass ?? '');
             }
 
             // Add controller templates for inheritance chain
@@ -447,8 +447,8 @@ public function removeAction($fullURL, $action = null)
         }
         $returnURL = $fullURL;
 
-        if (($pos = strpos($fullURL, $action)) !== false) {
-            $returnURL = substr($fullURL, 0, $pos);
+        if (($pos = strpos($fullURL ?? '', $action ?? '')) !== false) {
+            $returnURL = substr($fullURL ?? '', 0, $pos);
         }
 
         return $returnURL;
@@ -471,12 +471,12 @@ protected function definingClassForAction($action)
 
         $class = static::class;
         while ($class != 'SilverStripe\\Control\\RequestHandler') {
-            $templateName = strtok($class, '_') . '_' . $action;
+            $templateName = strtok($class ?? '', '_') . '_' . $action;
             if (SSViewer::hasTemplate($templateName)) {
                 return $class;
             }
 
-            $class = get_parent_class($class);
+            $class = get_parent_class($class ?? '');
         }
 
         return null;
@@ -500,8 +500,8 @@ public function hasActionTemplate($action)
         $templates   = [];
 
         while ($parentClass != __CLASS__) {
-            $templates[] = strtok($parentClass, '_') . '_' . $action;
-            $parentClass = get_parent_class($parentClass);
+            $templates[] = strtok($parentClass ?? '', '_') . '_' . $action;
+            $parentClass = get_parent_class($parentClass ?? '');
         }
 
         return SSViewer::hasTemplate($templates);
@@ -585,7 +585,7 @@ public function can($perm, $member = null)
             $member = Security::getCurrentUser();
         }
         if (is_array($perm)) {
-            $perm = array_map([$this, 'can'], $perm, array_fill(0, count($perm), $member));
+            $perm = array_map([$this, 'can'], $perm ?? [], array_fill(0, count($perm ?? []), $member));
             return min($perm);
         }
         if ($this->hasMethod($methodName = 'can' . $perm)) {
@@ -679,27 +679,27 @@ public static function join_links($arg = null)
 
         foreach ($args as $arg) {
             // Find fragment identifier - keep the last one
-            if (strpos($arg, '#') !== false) {
-                list($arg, $fragmentIdentifier) = explode('#', $arg, 2);
+            if (strpos($arg ?? '', '#') !== false) {
+                list($arg, $fragmentIdentifier) = explode('#', $arg ?? '', 2);
             }
             // Find querystrings
-            if (strpos($arg, '?') !== false) {
-                list($arg, $suffix) = explode('?', $arg, 2);
-                parse_str($suffix, $localargs);
+            if (strpos($arg ?? '', '?') !== false) {
+                list($arg, $suffix) = explode('?', $arg ?? '', 2);
+                parse_str($suffix ?? '', $localargs);
                 $queryargs = array_merge($queryargs, $localargs);
             }
             if ((is_string($arg) && $arg) || is_numeric($arg)) {
                 $arg = (string) $arg;
-                if ($result && substr($result, -1) != '/' && $arg[0] != '/') {
+                if ($result && substr($result ?? '', -1) != '/' && $arg[0] != '/') {
                     $result .= "/$arg";
                 } else {
-                    $result .= (substr($result, -1) == '/' && $arg[0] == '/') ? ltrim($arg, '/') : $arg;
+                    $result .= (substr($result ?? '', -1) == '/' && $arg[0] == '/') ? ltrim($arg, '/') : $arg;
                 }
             }
         }
 
         if ($queryargs) {
-            $result .= '?' . http_build_query($queryargs);
+            $result .= '?' . http_build_query($queryargs ?? []);
         }
 
         if ($fragmentIdentifier) {

diff --git a/src/Control/CookieJar.php b/src/Control/CookieJar.php
@@ -113,7 +113,7 @@ public function get($name, $includeUnsent = true)
         }
 
         //Normalise cookie names by replacing '.' with '_'
-        $safeName = str_replace('.', '_', $name);
+        $safeName = str_replace('.', '_', $name ?? '');
         if (isset($cookies[$safeName])) {
             return $cookies[$safeName];
         }
@@ -170,7 +170,7 @@ protected function outputCookie(
     ) {
         // if headers aren't sent, we can set the cookie
         if (!headers_sent($file, $line)) {
-            return setcookie($name, $value, $expiry, $path, $domain, $secure, $httpOnly);
+            return setcookie($name ?? '', $value ?? '', $expiry ?? 0, $path ?? '', $domain ?? '', $secure ?? false, $httpOnly ?? false);
         }
 
         if (Cookie::config()->uninherited('report_errors')) {