Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion src/Utopia/Messaging/Adapter/SMS/Msg91.php
Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,18 @@ protected function process(SMSMessage $message): array
$response->addResult($to);
}
} else {
$errorMessage = 'Unknown error';
if (isset($result['response']['message'])) {
$errorMessage = \is_string($result['response']['message'])
? $result['response']['message']
: \json_encode($result['response']['message']);
} elseif (isset($result['response']['error'])) {
$errorMessage = \is_string($result['response']['error'])
? $result['response']['error']
: \json_encode($result['response']['error']);
}
Comment on lines +104 to +112

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Response array type not guarded before key access

request() declares its response field as array<string, mixed>|string|null. When Msg91 returns a non-JSON body (e.g. a plain-text "Unauthorized" or an HTML error page), $result['response'] stays as a raw string. Accessing $result['response']['message'] on a string in PHP coerces the key 'message' to integer 0 and returns the first character of the string — so isset($result['response']['message']) evaluates to true for any non-empty error body, and $errorMessage silently becomes a single character (e.g. "U" for "Unauthorized"). Add an is_array($result['response']) guard before the nested key checks to prevent this.

Prompt To Fix With AI
This is a comment left during a code review.
Path: src/Utopia/Messaging/Adapter/SMS/Msg91.php
Line: 104-112

Comment:
**Response array type not guarded before key access**

`request()` declares its `response` field as `array<string, mixed>|string|null`. When Msg91 returns a non-JSON body (e.g. a plain-text "Unauthorized" or an HTML error page), `$result['response']` stays as a raw string. Accessing `$result['response']['message']` on a string in PHP coerces the key `'message'` to integer `0` and returns the first character of the string — so `isset($result['response']['message'])` evaluates to `true` for any non-empty error body, and `$errorMessage` silently becomes a single character (e.g. `"U"` for `"Unauthorized"`). Add an `is_array($result['response'])` guard before the nested key checks to prevent this.

How can I resolve this? If you propose a fix, please make it concise.

Fix in Claude Code Fix in Codex

foreach ($message->getTo() as $to) {
$response->addResult($to, 'Unknown error');
$response->addResult($to, $errorMessage);
}
Comment thread
greptile-apps[bot] marked this conversation as resolved.
}

Expand Down