AdminRequestSanitizer Error Log
When using edit orders Zen Cart v1.5.4
I'm getting the following error, edit orders does not save properly so not sure is this something edit orders needs to address or is this an issue with the AdminRequestSanitizer.php file?
[18-Mar-2016 09:23:18 America/New_York] PHP Warning: htmlspecialchars() expects parameter 1 to be string, array given in /var/admin/includes/classes/AdminRequestSanitizer.php on line 319
Re: AdminRequestSanitizer Error Log
For capacity reasons the sanitizer could not be tested with all plugins. So, this needs investigation, and probably an update to Edit Orders to address it.
Which feature of Edit Orders were you using to trigger this? It appears to be a problem with something that would have multiple level depths, such as checkboxes or multiple levels of languages within groups.
Re: AdminRequestSanitizer Error Log
In addition to describing which feature of EO you were using, you could also obtain more info about what data needs parsing differently by making a small TEMPORARY code change:
In that Admin Sanitizer class file, insert a new line around line 330, as shown here:
Code:
foreach ($_GET as $key => $value) {
if (!in_array($key, $getToIgnore)) {
if (is_array($value)) {
foreach($value as $key2 => $val2){
if (is_array($val2)) die('Value of ['.$key2.'] found to be array: <pre>' . print_r($value, true));
$_GET[$key][$key2] = htmlspecialchars($val2);
}
} else {
And then it should dump out to your admin screen the values it's trying to process.
Re: AdminRequestSanitizer Error Log
Hello DrByte,
I tried to edit an order using edit orders and the onetime discount mod to show a a refund that I issued to a customer. Once I saved it, the product on the order for whatever reason was deleted and the refund that was entered was not saved. I then tried to add the product that was deleted back and save it and it would not save it just kept generating that error. I had to remove the AdminRequestSanitizer.php and revert back to the original init_sanitize.php file for edit orders to start working again.
Re: AdminRequestSanitizer Error Log
Ok will do it now and report back.
Re: AdminRequestSanitizer Error Log
Hi
As a temporary fix
see https://docs.zen-cart.com/Developer_...t-sanitization
I'll take a look at the plugin to see if there is a better fix.
Re: AdminRequestSanitizer Error Log
Ok DrByte,
I applied your code change, but it did not display anything to me. Something happens when I edited the the order and tried to give a discount using edit orders/onetime discount it says "Success: Order has been successfully updated" however the discount does not save and it removes the product that was purchased on the order leaving only the shipping.
Same error log is generated:
[18-Mar-2016 15:42:36 America/New_York] PHP Warning: htmlspecialchars() expects parameter 1 to be string, array given in /var/admin/includes/classes/AdminRequestSanitizer.php on line 319
Re: AdminRequestSanitizer Error Log
wilt just tried your temp solution and it does work.
Re: AdminRequestSanitizer Error Log
Quote:
Originally Posted by
marcopolo
Ok DrByte,
I applied your code change, but it did not display anything to me.
Argh, cuz I gave you the wrong lines :(
At line 319 insert the new line shown:
Code:
foreach ($_POST as $key => $value) {
if (!in_array($key, $postToIgnore)) {
if (is_array($value)) {
foreach($value as $key2 => $val2){
if (is_array($val2)) die('Value of ['.$key2.'] found to be array: <pre>' . print_r($value, true));
$_POST[$key][$key2] = htmlspecialchars($val2);
}
} else {
$_POST[$key] = htmlspecialchars($value);
}
}
}
foreach ($_GET as $key => $value) {
Re: AdminRequestSanitizer Error Log
Below is the output however I do not think it's executing all the way as nothing is saving.
Value of [127213] found to be array:
Code:
Array
(
[127213] => Array
(
[qty] => 1
[name] => Test Item
[model] => G10
[tax] => 2
[final_price] => 12.00
)
)