Fixed Bug with array via GET request

[guiltar]

Dear Kier and Mike, I am developing an addon for XenForo and found the bug:
I created new content type ( 'newtype' ) and one of its search constraints array ( 'states' ).
In order to search result with certain 'states' I should try request

http://site.com/search/search?users=guiltar&type[newtype][states][0]=open

but when nothing is found controller calls updateSessionActivity method which has code

$logParams[] = "$paramKey=" . urlencode($paramValue);

This becomes error when $paramValue is an array:

urlencode() expects parameter 1 to be string, array given
XenForo_Application::handlePhpError()
urlencode() in XenForo/Model/User.php at line 868

I suggest to check if $paramValue is an array before calling urlencode().
Because the cannonical way to handle type specific constraints (via _handleInputType in search controller) leads to error.
Thanks.

 

[Lawrence]

You are showing up as not being associated with a license. Please log-in to the customer area and add your self to the Associated Forum Users: http://xenforo.com/customers/forum-users If you are creating an add-on for another licensed member, have them add you to their associated forum users list.

 

[guiltar]

Sorry, I'm doing addon for customer and don't have his registration data, but I will ask. I thought the bug area is for users like me since I can post here.

 

[Jeremy]

It's plausible to find bugs in software without owning it. However, when you show up as unlicensed to staff and claim to be developing add-ons for XenForo, you get into the realm of piracy. They see you with a copy of the software without being licensed. That is the issue here, not that you found a bug.

 

[guiltar]

I don't have own forum. I'm just programming addons for others. It is not a piracy. But anyway I will ask owner to associate me.
So let's stop flooding because bugs found by not licensed users are still bugs.

Update: the forum owner said they will buy licence after 1.1 final release and will associate me.
Now they are running vb3 and preparing to move on xf.

 

[Paul B]

Update: the forum owner said they will buy licence after 1.1 final release and will associate me.
Now they are running vb3 and preparing to move on xf.

How do you have access to the source code if neither you nor your customer own a license?

 

[guiltar]

How do you have access to the source code if neither you nor your customer own a license?

Downloaded for my localhost. Is it illegal to run forum soft on localhost?
I just wanted to contribute reporting a bug. I shouldn't do it next time?

 

[Paul B]

Is it illegal to run forum soft on localhost?

Of course it is.
You are using the software without a license.

 

[guiltar]

But it is only on local computer. So each developer should buy licence for all the scripts for which he writes addons?
If so I will wait untill the customer will buy the licence and associate me to the list.

 

[ragtek]

The bug is IMO in your code...


type can't be an array

        $searchType = $this->_input->filterSingle('type', XenForo_Input::STRING);

you should use other variables for this and handle them in your search data handler

 

[guiltar]

type can't be an array

Look at the XenForo_ControllerPublic_Search->actionSearch():

    public function actionSearch()
    {
        // note: intentionally not post-only
 
        if (!XenForo_Visitor::getInstance()->canSearch())
        {
            throw $this->getNoPermissionResponseException();
        }
 
        $input = $this->_input->filter(array(
            'keywords' => XenForo_Input::STRING,
            'title_only' => XenForo_Input::UINT,
            'date' => XenForo_Input::DATE_TIME,
            'users' => XenForo_Input::STRING,
            'nodes' => array(XenForo_Input::UINT, 'array' => true),
            'child_nodes' => XenForo_Input::UINT,
            'user_content' => XenForo_Input::STRING,
 
            'order' => XenForo_Input::STRING,
            'group_discussion' => XenForo_Input::UINT
        ));
        $input['type'] = $this->_handleInputType($input);
.......

Now look at the XenForo_ControllerPublic_Search->_handleInputType($input):

    protected function _handleInputType(array &$input = array())
    {
        if ($this->_input->inRequest('type'))
        {
            $typeParam = $this->_request->get('type');
 
            if (is_array($typeParam))
            {
                list($type, $typeExtra) = each($typeParam);
 
                foreach ($typeExtra AS $paramName => $paramValue)
                {
                    if (!empty($paramName) && !empty($paramValue))
                    {
                        $paramNameClean = XenForo_Input::rawFilter($paramName, XenForo_Input::STRING);
 
                        $this->_request->setParam($paramNameClean, $paramValue);
 
                        if (isset($input[$paramNameClean]))
                        {
                            $input[$paramNameClean] = $paramValue;
                        }
                    }
                }
....

As you can see this method sets array to the request. And this array is the reason of error when it becomes processed by method updateSessionActivity

 

[Mike]

Fixed.

 

[erich37]

no licence, but he finds a bug..... that`s funny
Anyway, I guess he will be a future customer..... so don`t shoot him

Seems to be a very talented guy. If I would have more money, I would donate him a licence.

Thanks for finding a bug!

 

[guiltar]

Certainly will! Sorry for that!
After 1.1 release my customer will move his forum.
And after finishing advanced multiblog addon I will move my site from livestreet (free multiblog engine).