SiT! Bugs - SiT!
View Issue Details
0001715SiT!dashboardpublic2011-09-11 14:482012-07-07 18:10
nicdev 
Tomse 
normalmajoralways
closedfixed 
3.65 LTS 
3.66 LTS3.66 LTS 
0001715: Adding Dashboard components creates an error
Error:
Warning [2]
strip_tags() expects parameter 1 to be string, array given in base.inc.php @ line 326 strip_tags() clean_dbstring()
1. SiT! - > Manage Dashboard Components -> Install
2. Select 2 or more Dashlets (hold CTRL when selecting) and click install
The function strip_tags(), called inside the function clean_dbstring() requires a string and we are passing it an array.
No tags attached.
Issue History
2011-09-11 14:48nicdevNew Issue
2011-09-12 18:06nicdevSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=245#r245
2011-09-12 18:08TomseNote Added: 0004297
2011-09-12 18:08TomseStatusnew => confirmed
2011-09-12 18:09nicdevProduct Version3.65 LTS => 3.66 LTS
2011-09-12 18:10nicdevProduct Version3.66 LTS => 3.65 LTS
2011-09-12 18:10nicdevTarget Version => 3.66 LTS
2011-09-20 20:43paulhAssigned To => paulh
2011-09-20 20:43paulhStatusconfirmed => assigned
2011-09-21 19:45paulhNote Added: 0004307
2011-09-21 19:45paulhAssigned Topaulh =>
2011-09-21 19:45paulhStatusassigned => feedback
2011-09-28 16:59nicdevNote Added: 0004315
2011-09-28 16:59nicdevStatusfeedback => new
2011-10-01 13:15paulhNote Added: 0004316
2011-10-01 13:15paulhStatusnew => feedback
2011-10-08 16:51TomseNote Added: 0004325
2011-10-08 16:51TomseStatusfeedback => resolved
2011-10-08 16:51TomseFixed in Version => Current SVN
2011-10-08 16:51TomseResolutionopen => fixed
2011-10-08 16:51TomseAssigned To => Tomse
2012-07-06 14:13TomseFixed in VersionCurrent SVN => 3.66 LTS
2012-07-07 18:10ivanStatusresolved => closed

Notes
(0004297)
Tomse   
2011-09-12 18:08   
I've seen this
(0004307)
paulh   
2011-09-21 19:45   
We don't call strip_tags on the array we loop around the elements and only call it on a string.

I've tried to reproduce this with svn and failed
(0004315)
nicdev   
2011-09-28 16:59   
Paul,

I am running 3.65 (svn7375), and i still get this:

Backtracking it I get the following:
1. In line 113 of manage_dashboard.php:
"$dashboardcomponents = clean_dbstring($_REQUEST['comp']);"
>> $_REQUEST['comp'] is an array <<

2. clean_dbstring() is located in base.inc.php. In the first lines of this function we call:
"$string = strip_tags($string);"

Thus we are passing an array to clean_dbstring() who in turn is passing an array to strip_tags()
(0004316)
paulh   
2011-10-01 13:15   
Nico,

Your not running the released version of 3.65, the released version was svn7413 and clean_dbstring checks if its an array and loops around each element:



function clean_dbstring($vars)
{
    if (is_array($vars))
    {
        foreach ($vars as $key => $singlevar)
        {
            $string[$key] = clean_dbstring($singlevar);
        }
    }
    else
    {
        $string = strip_tags($vars);

        if (get_magic_quotes_gpc() == 1)
        {
            stripslashes($string);
        }

        $string = mysql_real_escape_string($string);
    }
    return $string;
}
(0004325)
Tomse   
2011-10-08 16:51   
According to Paul this was already fixed in svn7413

I've tried reproducing this in the current SVN and couldn't reproduce it.
Marking as fixed