LinChang
12-12-2010, 05:56 AM
Ok I have made my own custom vbulletin page using built in vbulletin classes and functions. I am wondering why their is an error showing up when i submit a form with variables containing arrays using POST method.
the error message is
Warning: trim() expects parameter 1 to be string, array given in [path]\includes\class_core.php on line 2525
I basically took the these three POST variable arrays
$chapter = $vbulletin->GPC['chapter']; <-- this is an array containing integers
$part = $vbulletin->GPC['part']; <-- this is an array containing integers
$url = $vbulletin->GPC['url']; <-- this is an array containing url strings
then I sort them in order in stored the $chapter, $part, $url in the array
$vid_array = array(); <-- this is array
so once i sort those $chapter $part $url in order then in $vid_array it should look something like this
$vid_array[$chapter[$i]][$part[$i]] = $url[$i];
then i do $vid_array = serialize($vid_array);
then i store into database using
$db->query_write(
"INSERT
INTO
vid_to_verify (vid_url)
VALUES
('".$vid_array."')"
);
it will insert to database because i checked in the serialize array is in the database but it gives me this error
Warning: trim() expects parameter 1 to be string, array given in [path]\includes\class_core.php on line 2525
but if I do not insert any arrays to database instead only insert strings, or integers then it wont give me that error. Is their any special things I need to do before saving arrays to mysql database? is that the reason it keeps giving me this error?
--------------- Added 1292143625 at 1292143625 ---------------
OK everytime i sent a POST variable that is an array to server it gives that error, why is that??
Does anyone have the answer to this??
--------------- Added 1292145243 at 1292145243 ---------------
ok I went inside includes/class_core.php and in the function xss_clean which is the function on line 2525 that gave me the error, as you can see I basically suppress the error message by attaching a @ at the beginning of the trim in the line that says return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var))); changed to return preg_replace($preg_find, $preg_replace, htmlspecialchars(@trim($var)));
well that fixed it, but my question now becomes is their any security problem?
function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');
return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var)));
}
changed to
function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');
return preg_replace($preg_find, $preg_replace, htmlspecialchars(@trim($var)));
}
the error message is
Warning: trim() expects parameter 1 to be string, array given in [path]\includes\class_core.php on line 2525
I basically took the these three POST variable arrays
$chapter = $vbulletin->GPC['chapter']; <-- this is an array containing integers
$part = $vbulletin->GPC['part']; <-- this is an array containing integers
$url = $vbulletin->GPC['url']; <-- this is an array containing url strings
then I sort them in order in stored the $chapter, $part, $url in the array
$vid_array = array(); <-- this is array
so once i sort those $chapter $part $url in order then in $vid_array it should look something like this
$vid_array[$chapter[$i]][$part[$i]] = $url[$i];
then i do $vid_array = serialize($vid_array);
then i store into database using
$db->query_write(
"INSERT
INTO
vid_to_verify (vid_url)
VALUES
('".$vid_array."')"
);
it will insert to database because i checked in the serialize array is in the database but it gives me this error
Warning: trim() expects parameter 1 to be string, array given in [path]\includes\class_core.php on line 2525
but if I do not insert any arrays to database instead only insert strings, or integers then it wont give me that error. Is their any special things I need to do before saving arrays to mysql database? is that the reason it keeps giving me this error?
--------------- Added 1292143625 at 1292143625 ---------------
OK everytime i sent a POST variable that is an array to server it gives that error, why is that??
Does anyone have the answer to this??
--------------- Added 1292145243 at 1292145243 ---------------
ok I went inside includes/class_core.php and in the function xss_clean which is the function on line 2525 that gave me the error, as you can see I basically suppress the error message by attaching a @ at the beginning of the trim in the line that says return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var))); changed to return preg_replace($preg_find, $preg_replace, htmlspecialchars(@trim($var)));
well that fixed it, but my question now becomes is their any security problem?
function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');
return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var)));
}
changed to
function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');
return preg_replace($preg_find, $preg_replace, htmlspecialchars(@trim($var)));
}