Session and CSRF Token: PHP warning

On each server-manager page request, log reports:

PHP Warning: array_unshift() expects parameter 1 to be array, null given in /usr/share/nethesis/Nethgui/Utility/Session.php on line 246
PHP Warning: array_splice() expects parameter 1 to be array, null given in /usr/share/nethesis/Nethgui/Utility/Session.php on line 247

nethserver-httpd-3.2.0-1.ns7.noarch || nethserver-httpd-3.2.0-1.6.g9917897.ns7.noarch


You’re right, it’s the kind of mistake that origins from mixing Perl and PHP array programming :unamused:

Workaround: downgrade nethserver-httpd-admin ?

1 Like

The warning message is a symptom of a security regression that makes Server Manager sensible to CSRF attacks. Even if the vulnerability is hard to exploit the best thing to do is to log out from Server Manager and revert the last nethserver-httpd-admin update with the following command

yum --noplugins downgrade nethserver-httpd-admin-2.1.1

The regression is present in version 2.2.0 of nethserver-httpd-admin only. Previous releases are not affected.

For more information see


The fix is available from nethserver-testing repo /cc @quality_team

yum install

The fix has been released in nethserver-updates and sent to mirrors for synchronization:

yum clean all && yum update -y nethserver-httpd-admin-2.2.1
1 Like

Ehm 2 days fix? People be aware that 30 apr and 1 May are kind of vacation here in Italy :slight_smile:
:clap: :clap: for @davidep

Open Source does not wait

1 Like