From 832406d1e91f147a9e2bd9e64848057d5fa3d8d0 Mon Sep 17 00:00:00 2001 From: Utkarsh Patel Date: Thu, 18 Jun 2026 17:51:44 +0530 Subject: [PATCH] Fix PHP 8.4 null deprecation warnings in class-delivery.php When a parsed tag has no src attribute, get_tag_element() accessed $attributes['src'] directly, emitting 'Undefined array key "src"' and passing null downstream into sanitize_url(), which then triggered 'strlen(): Passing null' and 'strtok(): Passing null' deprecations on PHP 8.4. - Default missing src to an empty string and bail when no usable URL. - Guard sanitize_url() against non-string/empty input. --- php/class-delivery.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/php/class-delivery.php b/php/class-delivery.php index ec0c577d6..93fd3b91e 100644 --- a/php/class-delivery.php +++ b/php/class-delivery.php @@ -1566,7 +1566,10 @@ public function parse_element( $element, $content = '' ) { return null; } - $raw_url = 'source' === $tag_element['tag'] && ! empty( $attributes['srcset'] ) ? $attributes['srcset'] : $attributes['src']; + $raw_url = 'source' === $tag_element['tag'] && ! empty( $attributes['srcset'] ) ? $attributes['srcset'] : ( $attributes['src'] ?? '' ); + if ( '' === $raw_url ) { + return null; + } $url = $this->maybe_unsize_url( Utils::clean_url( $this->sanitize_url( $raw_url ) ) ); $tag_element['base_url'] = $url; // Track back the found URL. @@ -1943,6 +1946,11 @@ protected function set_usability( $item, $auto_sync = null ) { */ protected function sanitize_url( $url ) { + // Bail early on empty or non-string URLs. + if ( ! is_string( $url ) || '' === $url ) { + return null; + } + // Catch mixed URLs. if ( 5 < strlen( $url ) && false !== strpos( $url, 'https://', 5 ) ) { $url = substr( $url, strpos( $url, 'https://', 5 ) );