error [path]\includes\class_core.php on line 2525

[LinChang]

Ok I have made my own custom vbulletin page using built in vbulletin classes and functions. I am wondering why their is an error showing up when i submit a form with variables containing arrays using POST method.

the error message is

Warning: trim() expects parameter 1 to be string, array given in [path]\includes\class_core.php on line 2525

I basically took the these three POST variable arrays

$chapter = $vbulletin->GPC['chapter']; <-- this is an array containing integers
$part = $vbulletin->GPC['part']; <-- this is an array containing integers
$url = $vbulletin->GPC['url']; <-- this is an array containing url strings

then I sort them in order in stored the $chapter, $part, $url in the array

$vid_array = array(); <-- this is array

so once i sort those $chapter $part $url in order then in $vid_array it should look something like this

$vid_array[$chapter[$i]][$part[$i]] = $url[$i];

then i do $vid_array = serialize($vid_array);

then i store into database using

$db->query_write(
"INSERT
INTO
vid_to_verify (vid_url)
VALUES
('".$vid_array."')"
);

it will insert to database because i checked in the serialize array is in the database but it gives me this error

Warning: trim() expects parameter 1 to be string, array given in [path]\includes\class_core.php on line 2525

but if I do not insert any arrays to database instead only insert strings, or integers then it wont give me that error. Is their any special things I need to do before saving arrays to mysql database? is that the reason it keeps giving me this error?

--------------- Added [DATE]1292143625[/DATE] at [TIME]1292143625[/TIME] ---------------

OK everytime i sent a POST variable that is an array to server it gives that error, why is that??

Does anyone have the answer to this??

--------------- Added [DATE]1292145243[/DATE] at [TIME]1292145243[/TIME] ---------------

ok I went inside includes/class_core.php and in the function xss_clean which is the function on line 2525 that gave me the error, as you can see I basically suppress the error message by attaching a @ at the beginning of the trim in the line that says return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var))); changed to return preg_replace($preg_find, $preg_replace, htmlspecialchars(@trim($var)));

well that fixed it, but my question now becomes is their any security problem?

function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');

return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var)));
}

changed to

function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');

return preg_replace($preg_find, $preg_replace, htmlspecialchars(@trim($var)));
}