Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 10-07-2014, 02:25 PM
SkyStryder SkyStryder is offline
 
Join Date: Dec 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default clean_array_gpc question

I have a URL that looks like this:
Quote:
beta.test.com/vb/runlib.php?do=cars&model=cobalt&fsec=6,13,19,30&fo r=federal%20express
I am concerned with checking the fsec variable. If I use TYPE_INT, it truncates
all but the first number. If I use TYPE_STR, that doesn't really help. Could someone
point me in the right direction?

Thank you!
Reply With Quote
  #2  
Old 10-07-2014, 02:27 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How do you want to check it? You can use TYPE_STR then do your own checking. I assume you want to check to avoid vulnerabilities? Then it depends on how you intend to use the value.
Reply With Quote
  #3  
Old 10-07-2014, 02:27 PM
mokujin's Avatar
mokujin mokujin is offline
 
Join Date: Oct 2005
Location: Czech
Posts: 345
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What about TYPE_UNIT ?
Reply With Quote
  #4  
Old 10-07-2014, 02:44 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Set as string and you could do something like this:

PHP Code:
$fsec '56,56,56';
$num explode(","$fsec);
foreach(
$num as $key=>$val){
  if(!
ctype_digit($val)){
    unset(
$num[$key]);
  }
}
$fsec implode(","$num); 
Reply With Quote
  #5  
Old 10-07-2014, 02:55 PM
SkyStryder SkyStryder is offline
 
Join Date: Dec 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you, This looks doable.
In answer to the others, this is pretty much what I would need to do if I used
TYPE_NOHTML (TYPE_STR). TYPE_UINT also returns just the first number.

Thank you all!
Reply With Quote
  #6  
Old 10-07-2014, 03:02 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You indeed want to use TYPE_NOHTML unless you actually make use of HTML in certain strings.
Reply With Quote
  #7  
Old 10-07-2014, 03:40 PM
TheAdminMarket's Avatar
TheAdminMarket TheAdminMarket is offline
 
Join Date: Jun 2013
Location: Thessaloniki, Greece
Posts: 511
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try TYPE_ARRAY_INT (for numbers) or TYPE_ARRAY_STR (for strings)

EDIT: Try the article below. Is superior and it helped me a lot to start coding for vB
https://vborg.vbsupport.ru/showthrea...ight=Variables
Reply With Quote
  #8  
Old 10-07-2014, 04:11 PM
SkyStryder SkyStryder is offline
 
Join Date: Dec 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I tried TYPE_ARRAY_INT and it would appear that I got an empty array as a result...
I used fsec=51,71,68,88,93,90 from the URL. I tried print_r and var_dump and they
seem to confirm the results. It definitely wasn't a string anymore. explode croaked... 8-)

--------------- Added [DATE]1412704140[/DATE] at [TIME]1412704140[/TIME] ---------------

I thing that I have noticed is that isset() is not working as expected with $vbulletin->GPC['xx']
It seems to resolve to always true which is not what it says in class_core.php.
Reply With Quote
  #9  
Old 10-07-2014, 05:23 PM
TheAdminMarket's Avatar
TheAdminMarket TheAdminMarket is offline
 
Join Date: Jun 2013
Location: Thessaloniki, Greece
Posts: 511
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by SkyStryder View Post
I tried TYPE_ARRAY_INT and it would appear that I got an empty array as a result...
I've used this code so many times and works fine, but I'm currently out of my base to post a real example. Even if TYPE_ARRAY_... is more secure as it add one more level of security on what type of data to receive, you can also use TYPE_ARRAY without setting if it's number or text string.

--------------- Added 07 Oct 2014 at 21:44 ---------------

Also, because as I seen you're collecting the values from URL, you must use the syntax:
PHP Code:
$vbulletin->input->clean_array_gpc('r', array(
   
'fsec' => TYPE_ARRAY_INT
)); 
r = Request
p = Post
g = Get
Reply With Quote
  #10  
Old 10-07-2014, 06:24 PM
SkyStryder SkyStryder is offline
 
Join Date: Dec 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[QUOTE=NickTheGreek;2518036]
Also, because as I seen you're collecting the values from URL, you must use the syntax:
PHP Code:
$vbulletin->input->clean_array_gpc('r', array(
   
'fsec' => TYPE_ARRAY_INT
)); 
That is exactly what I have and I get an empty array. Not to be too obvious
but fsec looks like a string.. "1,2,4" I was getting the impression that
TYPE_ARRAY_INT would do the conversion? It definitely sets the type.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:03 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04937 seconds
  • Memory Usage 2,256KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete