Page 1 of 8 123 ... LastLast
Results 1 to 10 of 77
  1. #1
    Join Date
    May 2008
    Posts
    364
    Plugin Contributions
    0

    Default AdminRequestSanitizer Error Log

    When using edit orders Zen Cart v1.5.4
    I'm getting the following error, edit orders does not save properly so not sure is this something edit orders needs to address or is this an issue with the AdminRequestSanitizer.php file?

    [18-Mar-2016 09:23:18 America/New_York] PHP Warning: htmlspecialchars() expects parameter 1 to be string, array given in /var/admin/includes/classes/AdminRequestSanitizer.php on line 319

  2. #2
    Join Date
    Jan 2004
    Posts
    65,291
    Blog Entries
    7
    Plugin Contributions
    227

    Default Re: AdminRequestSanitizer Error Log

    For capacity reasons the sanitizer could not be tested with all plugins. So, this needs investigation, and probably an update to Edit Orders to address it.
    Which feature of Edit Orders were you using to trigger this? It appears to be a problem with something that would have multiple level depths, such as checkboxes or multiple levels of languages within groups.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jan 2004
    Posts
    65,291
    Blog Entries
    7
    Plugin Contributions
    227

    Default Re: AdminRequestSanitizer Error Log

    In addition to describing which feature of EO you were using, you could also obtain more info about what data needs parsing differently by making a small TEMPORARY code change:

    In that Admin Sanitizer class file, insert a new line around line 330, as shown here:
    Code:
            foreach ($_GET as $key => $value) {
                if (!in_array($key, $getToIgnore)) {
                    if (is_array($value)) {
                        foreach($value as $key2 => $val2){
    if (is_array($val2)) die('Value of ['.$key2.'] found to be array: <pre>' . print_r($value, true));
                            $_GET[$key][$key2] = htmlspecialchars($val2);
                        }
                    } else {
    And then it should dump out to your admin screen the values it's trying to process.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    May 2008
    Posts
    364
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    Hello DrByte,

    I tried to edit an order using edit orders and the onetime discount mod to show a a refund that I issued to a customer. Once I saved it, the product on the order for whatever reason was deleted and the refund that was entered was not saved. I then tried to add the product that was deleted back and save it and it would not save it just kept generating that error. I had to remove the AdminRequestSanitizer.php and revert back to the original init_sanitize.php file for edit orders to start working again.

  5. #5
    Join Date
    May 2008
    Posts
    364
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    Ok will do it now and report back.

  6. #6
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,879
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: AdminRequestSanitizer Error Log

    Hi

    As a temporary fix

    see https://docs.zen-cart.com/Developer_...t-sanitization

    I'll take a look at the plugin to see if there is a better fix.

  7. #7
    Join Date
    May 2008
    Posts
    364
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    Ok DrByte,

    I applied your code change, but it did not display anything to me. Something happens when I edited the the order and tried to give a discount using edit orders/onetime discount it says "Success: Order has been successfully updated" however the discount does not save and it removes the product that was purchased on the order leaving only the shipping.

    Same error log is generated:

    [18-Mar-2016 15:42:36 America/New_York] PHP Warning: htmlspecialchars() expects parameter 1 to be string, array given in /var/admin/includes/classes/AdminRequestSanitizer.php on line 319

  8. #8
    Join Date
    May 2008
    Posts
    364
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    wilt just tried your temp solution and it does work.

  9. #9
    Join Date
    Jan 2004
    Posts
    65,291
    Blog Entries
    7
    Plugin Contributions
    227

    Default Re: AdminRequestSanitizer Error Log

    Quote Originally Posted by marcopolo View Post
    Ok DrByte,

    I applied your code change, but it did not display anything to me.
    Argh, cuz I gave you the wrong lines

    At line 319 insert the new line shown:
    Code:
            foreach ($_POST as $key => $value) {
                if (!in_array($key, $postToIgnore)) {
                    if (is_array($value)) {
                        foreach($value as $key2 => $val2){
    if (is_array($val2)) die('Value of ['.$key2.'] found to be array: <pre>' . print_r($value, true));
                            $_POST[$key][$key2] = htmlspecialchars($val2);
                        }
                    } else {
                        $_POST[$key] = htmlspecialchars($value);
                    }
                }
            }
            foreach ($_GET as $key => $value) {
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  10. #10
    Join Date
    May 2008
    Posts
    364
    Plugin Contributions
    0

    Default Re: AdminRequestSanitizer Error Log

    Below is the output however I do not think it's executing all the way as nothing is saving.

    Value of [127213] found to be array:
    Code:
    Array
    (
        [127213] => Array
            (
                [qty] => 1
                [name] => Test Item
                [model] => G10
                [tax] => 2
                [final_price] => 12.00
            )
    
    )

 

 
Page 1 of 8 123 ... LastLast

Similar Threads

  1. v155 [Done v155a and v155b] AdminRequestSanitizer Problem
    By JRGoold in forum Bug Reports
    Replies: 15
    Last Post: 12 Dec 2016, 01:16 PM
  2. v151 Filename cannot be empty error in error log
    By woodlandsprite in forum General Questions
    Replies: 2
    Last Post: 29 Nov 2012, 06:03 AM
  3. Site down, getting error in debug error log
    By rcrosier in forum General Questions
    Replies: 3
    Last Post: 25 Mar 2009, 03:01 PM
  4. Replies: 6
    Last Post: 7 Dec 2007, 03:42 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR