diff --git a/src/User.php b/src/User.php index 6dbbc30bf0d..26589729f54 100644 --- a/src/User.php +++ b/src/User.php @@ -627,6 +627,14 @@ public function isEmail($email) */ public function getFromDBbyToken($token, $field = 'personal_token') { + if (!is_string($token)) { + trigger_error( + sprintf('Unexpected token value received: "string" expected, received "%s".', gettype($token)), + E_USER_WARNING + ); + return false; + } + $fields = ['personal_token', 'api_token']; if (!in_array($field, $fields)) { trigger_error( diff --git a/tests/functionnal/User.php b/tests/functionnal/User.php index 8a4070217cd..4f21ce674c5 100644 --- a/tests/functionnal/User.php +++ b/tests/functionnal/User.php @@ -173,13 +173,22 @@ public function testGetFromDBbyToken() $this->array($user2->fields)->isIdenticalTo($user->fields); $this->when( - function () use ($uid) { - $this->testedInstance->getFromDBbyToken($uid, 'my_field'); + function () { + $this->testedInstance->getFromDBbyToken('1485dd60301311eda2610242ac12000249aef69a', 'my_field'); } )->error - ->withType(E_USER_WARNING) - ->withMessage('User::getFromDBbyToken() can only be called with $field parameter with theses values: \'personal_token\', \'api_token\'') - ->exists(); + ->withType(E_USER_WARNING) + ->withMessage('User::getFromDBbyToken() can only be called with $field parameter with theses values: \'personal_token\', \'api_token\'') + ->exists(); + + $this->when( + function () { + $this->testedInstance->getFromDBbyToken(['REGEX', '.*'], 'api_token'); + } + )->error() + ->withType(E_USER_WARNING) + ->withMessage('Unexpected token value received: "string" expected, received "array".') + ->exists(); } public function testPrepareInputForAdd()