Topic-icon JFBConnect Fatal Error when Facebook App is Disabled (Data Use Checkup Pending)

Environment
  • Joomla 4.5.6
  • JFBConnect 9.3.77
  • PHP 8.x
  • Facebook Login enabled
Issue Description

After updating to JFBConnect 9.3.77 and Joomla 4.5.6, our live site started throwing a fatal error:
unserialize(): Argument #1 ($data) must be of type string, array given
administrator/components/com_jfbconnect/models/config.php
The error occurs in
config.php
at:
if (strpos($setting, "autotune_") !== false)
$value = @unserialize($value);

Root Cause Investigation

We discovered that our Facebook App had been disabled by Meta because the annual Data Use Checkup had not been completed. When running JFBConnect Autotune, the process stops with:
Facebook API Error: API access disrupted. Go to the App Dashboard and complete Data Use Checkup.

Facebook Application configuration could not be loaded. Please check your App ID and Secret Key and ensure the 'JFBConnect Provider - Facebook' plugin is enabled.
 At that point, JFBConnect appears to store an unexpected value in one of the
autotune_*
configuration entries. Later, when JFBConnect reads the configuration,
$value
is already an array instead of a serialized string. The code then executes:
$value = @unserialize($value);
Under PHP 8+, this produces a fatal TypeError:
unserialize(): Argument #1 ($data) must be of type string, array given

As a result, the entire page returns HTTP 500 instead of showing a Facebook/API-related error.

Suggested Fix

Before calling
unserialize()
, verify that the value is actually a string:
if (strpos($setting, "autotune_") !== false && is_string($value))
{
$value = @unserialize($value);
}

This prevents the fatal error and allows JFBConnect to continue handling the Facebook/API failure gracefully.

Expected Behavior

If the Facebook App is disabled, inaccessible, or returns an unexpected API response, JFBConnect should display an appropriate Facebook/API error message and should not generate a PHP fatal error that takes down the page.

Additional Notes

Rolling back to the previous JFBConnect version did not resolve the issue because the problematic configuration value remained stored in the database. The fatal error persisted until the code was patched.
Last edit: 2 weeks 3 days ago by ranpre.
Support Specialist
Thank you for the thorough investigation. The following is the fix that I've checked in for the next JFBConnect release
// Autotune values are usually stored serialized, but bad/corrupt cached data
// may already be an array/object by the time it is read. PHP 8+ throws a
// TypeError if unserialize() receives a non-string, so only unserialize strings.
if (strpos($setting, "autotune_") !== false && is_string($value))
{
    $unserialized = @unserialize($value);

    // unserialize() returns false both for invalid serialized strings and for
    // the valid serialized boolean false value ("b:0;"). Only replace the
    // original value when unserialization clearly succeeded.
    if ($unserialized !== false || $value === 'b:0;')
        $value = $unserialized;
}