SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001715SiT!dashboardpublic2011-09-11 14:482012-07-07 18:10
Reporternicdev 
Assigned ToTomse 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.65 LTS 
Target Version3.66 LTSFixed in Version3.66 LTS 
Summary0001715: Adding Dashboard components creates an error
DescriptionError:
Warning [2]
strip_tags() expects parameter 1 to be string, array given in base.inc.php @ line 326 strip_tags() clean_dbstring()
Steps To Reproduce1. SiT! - > Manage Dashboard Components -> Install
2. Select 2 or more Dashlets (hold CTRL when selecting) and click install
Additional InformationThe function strip_tags(), called inside the function clean_dbstring() requires a string and we are passing it an array.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
User avatar (0004297)
Tomse (developer)
2011-09-12 18:08

I've seen this
User avatar (0004307)
paulh (administrator)
2011-09-21 19:45

We don't call strip_tags on the array we loop around the elements and only call it on a string.

I've tried to reproduce this with svn and failed
User avatar (0004315)
nicdev (developer)
2011-09-28 16:59

Paul,

I am running 3.65 (svn7375), and i still get this:

Backtracking it I get the following:
1. In line 113 of manage_dashboard.php:
"$dashboardcomponents = clean_dbstring($_REQUEST['comp']);"
>> $_REQUEST['comp'] is an array <<

2. clean_dbstring() is located in base.inc.php. In the first lines of this function we call:
"$string = strip_tags($string);"

Thus we are passing an array to clean_dbstring() who in turn is passing an array to strip_tags()
User avatar (0004316)
paulh (administrator)
2011-10-01 13:15

Nico,

Your not running the released version of 3.65, the released version was svn7413 and clean_dbstring checks if its an array and loops around each element:



function clean_dbstring($vars)
{
    if (is_array($vars))
    {
        foreach ($vars as $key => $singlevar)
        {
            $string[$key] = clean_dbstring($singlevar);
        }
    }
    else
    {
        $string = strip_tags($vars);

        if (get_magic_quotes_gpc() == 1)
        {
            stripslashes($string);
        }

        $string = mysql_real_escape_string($string);
    }
    return $string;
}
User avatar (0004325)
Tomse (developer)
2011-10-08 16:51

According to Paul this was already fixed in svn7413

I've tried reproducing this in the current SVN and couldn't reproduce it.
Marking as fixed

- Issue History
Date Modified Username Field Change
2011-09-11 14:48 nicdev New Issue
2011-09-12 18:06 nicdev Steps to Reproduce Updated View Revisions
2011-09-12 18:08 Tomse Note Added: 0004297
2011-09-12 18:08 Tomse Status new => confirmed
2011-09-12 18:09 nicdev Product Version 3.65 LTS => 3.66 LTS
2011-09-12 18:10 nicdev Product Version 3.66 LTS => 3.65 LTS
2011-09-12 18:10 nicdev Target Version => 3.66 LTS
2011-09-20 20:43 paulh Assigned To => paulh
2011-09-20 20:43 paulh Status confirmed => assigned
2011-09-21 19:45 paulh Note Added: 0004307
2011-09-21 19:45 paulh Assigned To paulh =>
2011-09-21 19:45 paulh Status assigned => feedback
2011-09-28 16:59 nicdev Note Added: 0004315
2011-09-28 16:59 nicdev Status feedback => new
2011-10-01 13:15 paulh Note Added: 0004316
2011-10-01 13:15 paulh Status new => feedback
2011-10-08 16:51 Tomse Note Added: 0004325
2011-10-08 16:51 Tomse Status feedback => resolved
2011-10-08 16:51 Tomse Fixed in Version => Current SVN
2011-10-08 16:51 Tomse Resolution open => fixed
2011-10-08 16:51 Tomse Assigned To => Tomse
2012-07-06 14:13 Tomse Fixed in Version Current SVN => 3.66 LTS
2012-07-07 18:10 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker