I had a hack bot on my site that tried to post an array instead of a string.
I am using for example: $inemailhandle = qa_post_text('emailhandle');
Having an array, the base function qa_post_text() throws an error with trim():
Error : trim() expects parameter 1 to be string,
Code line:
return isset($_POST[$field]) ? preg_replace('/\r\n?/', "\n", trim(qa_gpc_to_string($_POST[$field]))) : null;
See
|
function qa_post_text($field) |
I assume we should always cast the $_POST[$field] to string?!
Proposed Solution:
return isset($_POST[$field]) ? preg_replace('/\r\n?/', "\n", trim( (string)($_POST[$field]) )) : null;
I see that the $array POST will then become the string "Array" and does not throw an error anymore.
Can someone confirm this as a solution? Or is there a better way of handling this?
Thank you.
I had a hack bot on my site that tried to post an array instead of a string.
I am using for example:
$inemailhandle = qa_post_text('emailhandle');Having an array, the base function
qa_post_text()throws an error withtrim():Code line:
See
question2answer/qa-include/qa-base.php
Line 1212 in 4344721
I assume we should always cast the
$_POST[$field]to string?!Proposed Solution:
I see that the $array POST will then become the string
"Array"and does not throw an error anymore.Can someone confirm this as a solution? Or is there a better way of handling this?
Thank you.