@wilt, I just found the following warning in my /logs folder; it's issued when the edit_orders script is initially entered (i.e. no $_POST parameters).
Here's the current code, with line 511 highlighted:Code:PHP Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\testsite\testadmin\includes\classes\AdminRequestSanitizer.php on line 511
It looks like you'd want to change that toCode:private function filterMultiDimensional($parameterName, $parameterDefinition) { $requestPost = $_POST; foreach ($requestPost[$parameterName] as $key => $value) { $hacked = $requestPost[$parameterName][$key]; if (isset($parameterDefinition['params'][$parameterName])) { unset($requestPost[$parameterName][$key]); unset($_POST); $_POST[$parameterName] = $key; $type = $parameterDefinition['params'][$parameterName]['sanitizerType']; $params = isset($parameterDefinition['params'][$parameterName]['params']) ? $parameterDefinition['params'][$parameterName]['params'] : null; $newParameterDefinition = array('sanitizerType' => $type, 'params' => $params); $this->runSpecificSanitizer($parameterName, $newParameterDefinition); $newKey = $_POST[$parameterName]; $requestPost[$parameterName][$newKey] = $hacked; } foreach ($hacked as $pkey => $pvalue) { if (isset($parameterDefinition['params'][$pkey])) { unset($requestPost[$parameterName][$newKey][$pkey]); unset($_POST); $_POST[$pkey] = $pvalue; $type = $parameterDefinition['params'][$pkey]['sanitizerType']; $params = isset($parameterDefinition['params'][$pkey]['params']) ? $parameterDefinition['params'][$pkey]['params'] : null; $newParameterDefinition = array('sanitizerType' => $type, 'params' => $params); $this->runSpecificSanitizer($pkey, $newParameterDefinition); $requestPost[$parameterName][$newKey][$pkey] = $_POST[$pkey]; } } } $_POST = $requestPost; }
Code:private function filterMultiDimensional($parameterName, $parameterDefinition) { $requestPost = $_POST; if (isset ($requestPost[$parameterName])) { foreach ($requestPost[$parameterName] as $key => $value) { $hacked = $requestPost[$parameterName][$key]; if (isset($parameterDefinition['params'][$parameterName])) { unset($requestPost[$parameterName][$key]); unset($_POST); $_POST[$parameterName] = $key; $type = $parameterDefinition['params'][$parameterName]['sanitizerType']; $params = isset($parameterDefinition['params'][$parameterName]['params']) ? $parameterDefinition['params'][$parameterName]['params'] : null; $newParameterDefinition = array('sanitizerType' => $type, 'params' => $params); $this->runSpecificSanitizer($parameterName, $newParameterDefinition); $newKey = $_POST[$parameterName]; $requestPost[$parameterName][$newKey] = $hacked; } foreach ($hacked as $pkey => $pvalue) { if (isset($parameterDefinition['params'][$pkey])) { unset($requestPost[$parameterName][$newKey][$pkey]); unset($_POST); $_POST[$pkey] = $pvalue; $type = $parameterDefinition['params'][$pkey]['sanitizerType']; $params = isset($parameterDefinition['params'][$pkey]['params']) ? $parameterDefinition['params'][$pkey]['params'] : null; $newParameterDefinition = array('sanitizerType' => $type, 'params' => $params); $this->runSpecificSanitizer($pkey, $newParameterDefinition); $requestPost[$parameterName][$newKey][$pkey] = $_POST[$pkey]; } } } } $_POST = $requestPost; }


Reply With Quote
), I consider that change a work-around rather than a proper correction.

