PHP 8 issues

Author: lbuchs

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright © 2021 Lukas Buchs
+Copyright © 2022 Lukas Buchs
 Copyright © 2018 Thomas Bleeker (CBOR & ByteBuffer part)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

_test/client.html

@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <!--
-Copyright (C) 2018 Lukas Buchs
+Copyright (C) 2022 Lukas Buchs
 license https://github.com/lbuchs/WebAuthn/blob/master/LICENSE MIT
 -->
 <html>
@@ -513,7 +513,7 @@ <h1 style="margin: 40px 10px 2px 0;">lbuchs/WebAuthn</h1>
                         the browser may not warn about providing informations about your device.
                    </div>
                     <div style="margin-top:20px;font-size: 0.7em;font-style: italic">
-                        Copyright &copy; 2021 Lukas Buchs - <a href="https://raw.githubusercontent.com/lbuchs/WebAuthn/master/LICENSE">license therms</a>
+                        Copyright &copy; 2022 Lukas Buchs - <a href="https://raw.githubusercontent.com/lbuchs/WebAuthn/master/LICENSE">license therms</a>
                     </div>
 
                 </div>

_test/server.php

@@ -1,7 +1,7 @@
 <?php
 
 /*
- * Copyright (C) 2018 Lukas Buchs
+ * Copyright (C) 2022 Lukas Buchs
  * license https://github.com/lbuchs/WebAuthn/blob/master/LICENSE MIT
  *
  * Server test script for WebAuthn library. Saves new registrations in session.
@@ -312,7 +312,7 @@
                     } else if (is_object($value)) {
                         $value = chunk_split(strval($value), 64);
 
-                    } else if (is_string($value) && strlen($value) > 0 && htmlspecialchars($value) === '') {
+                    } else if (is_string($value) && strlen($value) > 0 && htmlspecialchars($value, ENT_QUOTES) === '') {
                         $value = chunk_split(bin2hex($value), 64);
                     }
                     $html .= '<tr><td>' . htmlspecialchars($key) . '</td><td style="font-family:monospace;">' . nl2br(htmlspecialchars($value)) . '</td>';

src/Attestation/Format/AndroidSafetyNet.php

@@ -52,7 +52,7 @@ public function __construct($AttestionObject, AuthenticatorData $authenticatorDa
             throw new WebAuthnException('invalid JWS payload', WebAuthnException::INVALID_DATA);
         }
 
-        if (!$header->x5c || !is_array($header->x5c) || count($header->x5c) === 0) {
+        if (!isset($header->x5c) || !is_array($header->x5c) || count($header->x5c) === 0) {
             throw new WebAuthnException('No X.509 signature in JWS Header', WebAuthnException::INVALID_DATA);
         }
 
@@ -89,7 +89,7 @@ public function validateAttestation($clientDataHash) {
 
         // Verify that the nonce in the response is identical to the Base64 encoding
         // of the SHA-256 hash of the concatenation of authenticatorData and clientDataHash.
-        if (!$this->_payload->nonce || $this->_payload->nonce !== \base64_encode(\hash('SHA256', $this->_authenticatorData->getBinary() . $clientDataHash, true))) {
+        if (empty($this->_payload->nonce) || $this->_payload->nonce !== \base64_encode(\hash('SHA256', $this->_authenticatorData->getBinary() . $clientDataHash, true))) {
             throw new WebAuthnException('invalid nonce in JWS payload', WebAuthnException::INVALID_DATA);
         }
 
@@ -100,7 +100,7 @@ public function validateAttestation($clientDataHash) {
         }
 
         // Verify that the ctsProfileMatch attribute in the payload of response is true.
-        if (!$this->_payload->ctsProfileMatch) {
+        if (empty($this->_payload->ctsProfileMatch)) {
             throw new WebAuthnException('invalid ctsProfileMatch in payload', WebAuthnException::INVALID_DATA);
         }
 

src/Attestation/Format/Apple.php

@@ -105,7 +105,7 @@ protected function _validateOverX5c($clientDataHash) {
 
         // Verify that nonce equals the value of the extension with OID ( 1.2.840.113635.100.8.2 ) in credCert.
         $parsedCredCert = openssl_x509_parse($credCert);
-        $nonceExtension = isset($parsedCredCert['extensions']['1.2.840.113635.100.8.2']) ? $parsedCredCert['extensions']['1.2.840.113635.100.8.2'] : '';
+        $nonceExtension = $parsedCredCert['extensions']['1.2.840.113635.100.8.2'] ?? '';
 
         // nonce padded by ASN.1 string: 30 24 A1 22 04 20
         // 30     — type tag indicating sequence