Not a bug Non-filtered $_GET is passed directly in XF\Pub:Report controller

[TickTackk]

Affected version

2.0.x

^ title

$params = $_GET;

should be

$params = $this->request()->getInputForLogs();

I think?

 

[NicolasZN]

Would this be why I see this error on my beta test install:

An exception occurred: [ErrorException] [E_NOTICE] Undefined index: node_id in src/XF/Report/Post.php on line 12

1. XF::handlePhpError() in src/XF/Report/Post.php at line 12
2. XF\Report\Post->canViewContent() in src/XF/Report/AbstractHandler.php at line 19
3. XF\Report\AbstractHandler->canView() in src/XF/Repository/Report.php at line 110
4. XF\Repository\Report->XF\Repository\{closure}()
5. array_filter() in src/XF/Mvc/Entity/AbstractCollection.php at line 181
6. XF\Mvc\Entity\AbstractCollection->filter() in src/XF/Repository/Report.php at line 111
7. XF\Repository\Report->filterViewableReports() in src/XF/Pub/App.php at line 293
8. XF\Pub\App->updateModeratorCaches() in src/XF/Pub/App.php at line 190
9. XF\Pub\App->start() in src/XF/App.php at line 2151
10. XF\App->run() in src/XF.php at line 389
11. XF::runApp() in index.php at line 20

(No add-ons enabled on this board, error seems to appear and disappear periodically, one report is in the report CP)

 

[Mike]

No, that's not related. See: https://xenforo.com/community/threa...w-1-released-unsupported.156519/#post-1298745

In terms of this report, this is not a logging context. It's for maintaining any input parameters (should we support additional/alternative filtering). The only parameters would be things explicitly passed in by the user. The same approach is used elsewhere when validating the page that we're on.