Deprecation Warning in PhpWord AbstractPart.php – htmlspecialchars() called with null instead of string #2829
Description
Describe the bug and add attachments
Description
During runtime, the application logs deprecation warnings originating from the PhpOffice/PhpWord library. The issue occurs in vendor/phpoffice/phpword/src/PhpWord/Reader/Word2007/AbstractPart.php at line 300, where htmlspecialchars() is invoked with a null value passed to its first parameter.
In PHP 8.1+, passing null to a parameter that requires string is deprecated. This leads to deprecation messages in the logs:
DEPRECATE: vendor/phpoffice/phpword/src/PhpWord/Reader/Word2007/AbstractPart.php line 300 user unknown -- htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated
Impact:
- No immediate runtime failure, but logs are polluted with warnings.
- Potential risk of stricter type enforcement in future PHP versions (e.g., PHP 9.0), which could escalate from a deprecation to a fatal error.
- Makes debugging and monitoring more difficult due to excessive warning noise.
Root Cause:
htmlspecialchars() is being called without verifying that the provided value is a string. When null is passed instead of an empty string, PHP raises a deprecation notice.
Environment:
- Library: phpoffice/phpword
- File: vendor/phpoffice/phpword/src/PhpWord/Reader/Word2007/AbstractPart.php
- PHP Version: 8.1+
- Affected Function: htmlspecialchars()
Expected behavior
- PhpWord should never pass null to htmlspecialchars().
- When a value is missing, it should gracefully fallback to an empty string ("") instead of producing deprecation warnings.
- Application logs should remain clean, free of unnecessary deprecation messages.
Proposed Solution:
- Ensure that a string value is always passed to htmlspecialchars(). If the input is null, default to an empty string:
$value = $value ?? '';
htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
Steps to reproduce
- Use PhpWord to read or parse a Word 2007 (.docx) file. (Look at attached)
- Trigger parsing of elements that result in null values being passed to htmlspecialchars() (empty table cell or paragraph).
- Check application logs – a deprecation warning will appear.
PHPWord version(s) where the bug happened
1.4.0
PHP version(s) where the bug happened
8.3
Priority
- I want to crowdfund the bug fix (with @algora-io) and fund a community developer.
- I want to pay the bug fix and fund a maintainer for that. (Contact @Progi1984)