getSessionId to return null on empty session id, avoiding strtr() warnings

spaze · spaze · commit f9fa7f4fffd1 · 2026-04-10T21:23:35.000+02:00
diff --git a/src/SensitiveValueSanitizer.php b/src/SensitiveValueSanitizer.php
@@ -49,7 +49,7 @@ private function getSessionId(): ?string
 		} else {
 			$sessionId = $_COOKIE[$sessionName] ?? null;
 		}
-		return is_string($sessionId) ? $sessionId : null;
+		return is_string($sessionId) && $sessionId !== '' ? $sessionId : null;
 	}
 
 
diff --git a/tests/PhpInfoTest.phpt b/tests/PhpInfoTest.phpt
@@ -23,11 +23,7 @@ class PhpInfoTest extends TestCase
 	protected function setUp(): void
 	{
 		$_SERVER['HTTP_WALDO_FRED'] = self::WALDO_1337;
-		$_SERVER['HTTP_COOKIE'] = 'PHPSESSID=' . urlencode(self::SESSION_ID);
-		$_COOKIE['PHPSESSID'] = self::SESSION_ID;
-
-		session_set_save_handler(new TestSessionHandler(self::SESSION_ID));
-		session_start();
+		$this->sessionStart(self::SESSION_ID);
 	}
 
 
@@ -135,6 +131,25 @@ class PhpInfoTest extends TestCase
 		Assert::contains('🍕', $html);
 	}
 
+
+	public function testGetHtmlEmptySessionCookie(): void
+	{
+		session_destroy();
+		$this->sessionStart('');
+		Assert::noError(function (): void {
+			(new PhpInfo())->getHtml();
+		});
+	}
+
+
+	private function sessionStart(string $sessionId): void
+	{
+		$_SERVER['HTTP_COOKIE'] = 'PHPSESSID=' . urlencode($sessionId);
+		$_COOKIE['PHPSESSID'] = $sessionId;
+		session_set_save_handler(new TestSessionHandler($sessionId));
+		session_start();
+	}
+
 }
 
 (new PhpInfoTest())->run();

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ private function getSessionId(): ?string`
`49`	`49`	`} else {`
`50`	`50`	`$sessionId = $_COOKIE[$sessionName] ?? null;`
`51`	`51`	`}`
`52`		`- return is_string($sessionId) ? $sessionId : null;`
	`52`	`+ return is_string($sessionId) && $sessionId !== '' ? $sessionId : null;`
`53`	`53`	`}`
`54`	`54`
`55`	`55`