In AbuseFilterParser we have several functions which only take one argument, and for which we're using the "notenoughargs" exception. However, since we have the "noparams" exception, which is more specifical, I decided to go and use the latter where possible (adding another parameter to the message for specifying the amount of needed parameters). I thought it would have been a straightforward patch, but with huge surprise I found out the following:
- Go to whatever page lets you test filter syntax (e.g. /tools)
- Write down something like lcase()
- Check syntax...
No error is displayed! It took me no time to find out the reason: $args is never empty, instead it always has a null element (where "null" is the AFPData's null). This means that functions get called with "supplied parameters + 1" arguments, thus never triggering such exception. They still work, since they do their work on NULL, but this shouldn't happen: if the user wants to execute a function on NULL, he'd just call it with an explicit null, otherwise leaving parameters empty must be treated as 0 parameters provided.