|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
drgl Smarty Rookie
Joined: 06 Oct 2017 Posts: 26
|
Posted: Thu Apr 16, 2020 3:51 pm Post subject: PCI scan causing ERRNO: 2 TEXT: htmlspecialchars() |
|
|
Hi, Not sure how to debug this. I have the following error that is ONLY happening when our site has a PCI scan running : -
Quote: | ERRNO: 2
TEXT: htmlspecialchars() expects parameter 1 to be string, array given
LOCATION: /home/bttorj45/public_html/smarty_templates_c/dbbe565f1731d4158472b66b75c85442498e81b9_0.file.top_menu_bar.tpl.php, line 42, at April 11, 2020, 5:05 pm
Showing backtrace:
htmlspecialchars(Array[1], "3", "UTF-8", true) # line 42, file: /home/siteaddress/public_html/smarty_templates_c/dbbe565f1731d4158472b66b75c85442498e81b9_0.file.top_menu_bar.tpl.php
content_5e83087341d089_14126332(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php
Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php
Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template.render() # line 385, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template._subTemplateRender("file:page_elements/top_menu_bar.tpl", null, null, "0", "120", Array[0], "0", false) # line 56, file: /home/siteaddress/public_html/smarty_templates_c/0e4c1495f7a25cef1d85553f951690964f702a5a_0.file.error404.tpl.php
content_5e4ffba4a49c66_36622821(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php
Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php
Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template.render(false, "1") # line 232, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, null, null, "1") # line 134, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase.display("pages/error404.tpl") # line 65, file: /home/siteaddress/public_html/errors/404.php
include("/home/siteaddress/public_html/errors/404.php") # line 34, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php
Product.init("api") # line 5, file: /home/siteaddress/public_html/smarty_plugins/function.load_product.php
smarty_function_load_product(Array[2], Object:Smarty_Internal_Template) # line 39, file: /home/siteaddress/public_html/smarty_templates_c/53725e8a2fc4b6c7c0c42e801dab2741a0994a8e_0.file.product.tpl.php
content_5e579e9761f086_59385269(Object:Smarty_Internal_Template) # line 123, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_resource_base.php
Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) # line 114, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_template_compiled.php
Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) # line 216, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_template.php
Smarty_Internal_Template.render(false, "1") # line 232, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, null, null, "1") # line 134, file: /home/siteaddress/public_html/include/smarty/sysplugins/smarty_internal_templatebase.php
Smarty_Internal_TemplateBase.display("pages/product.tpl") # line 85, file: /home/siteaddress/public_html/dirs.php |
I ***think*** the scan must be inputting something in the search box to cause this (I'm awaiting any info from Security Metrics with regard to this).
Code: | {load_chat assign="chat"}
{if $chat->mChat}
<script type="text/javascript" id="763333b0f312f025d780a8f4451bf6f3" src="https://www.siteaddress.com/online-support/script.php?id=763333b0f312f025d780a8f4451bf6f3"></script>
{/if}
{if !$chat->mChat && $settings->mSettings[13]}
<script type="text/javascript" id="aaa07817d7cd2a7dce9e0ffac6286dbb" src="https://www.siteaddress.com/online-support/script.php?id=aaa07817d7cd2a7dce9e0ffac6286dbb"></script>
{/if}
<div id="menu_switch"><i class="fa fa-bars fa toggler"></i></div>
<form id="product_search" method="get" action="{$smarty.const.SITE_ROOT}/searchresults/">
<input type="text" name="search" placeholder=" Product Search" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" {if isset($smarty.request.search) && $settings->mSettings[107]}value="{$smarty.request.search|escape:'htmlall'}"{/if} /><button type="submit" class="button"><i class="fa fa-search" aria-hidden="true"></i> <i class="fa fa-caret-right" aria-hidden="true"></i></button>
</form>
<form id="code_search" method="post" action="{$smarty.const.SITE_ROOT}/cart/quickadd.php">
<input type="text" name="code" maxlength="14" placeholder=" Product Code" style="font-family: FontAwesome, Arial; font-style: normal; font-size:18px;" /><button type="submit" name="submit" class="orange"><i class="fa fa-shopping-cart" aria-hidden="true"></i> Quick Add <i class="fa fa-caret-right" aria-hidden="true"></i></button>
</form>
{if !isset($hidecart) && isset($cartsmall) && $cartsmall->mCart.sub > 0}
<p id="view_cart"><a class="button orange" href="{$smarty.const.SITE_ROOT}/cart/"><span class="hidden-xs hidden-sm"><i class="fa fa-shopping-cart" aria-hidden="true"></i> View Cart </span>£{$cartsmall->mCart.sub} <i class="fa fa-caret-right" aria-hidden="true"></i></a></p>
{/if}
<script>
$('.toggler').click(function() {
$(this).toggleClass("fa-bars fa-times");
});
</script> |
Any idea's on how I can debug this? If more info is required (as the error references a few files) please reply! |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Fri Apr 17, 2020 6:58 pm Post subject: |
|
|
Quote: | Code: | $smarty.request.search |
|
Don't do that without any validation whatsoever.
It is NEVER guaranteed that all request parameters are strings.
Overall, don't use Smarty as your programming language. You programming language is PHP, Smarty should control presentation logic ONLY. |
|
Back to top |
|
drgl Smarty Rookie
Joined: 06 Oct 2017 Posts: 26
|
Posted: Mon Apr 20, 2020 8:50 am Post subject: |
|
|
I thought the PHP was dealing with the programming? ie, this is function.load_search.php :-
Code: | <?php
function smarty_function_load_search($params, $smarty) {
$search = new Search();
$search->init();
$smarty->assign($params['assign'], $search);
}
class Search {
// public fields
public $mSearchString;
public $mSearchArray;
public $mProducts;
public $mProductCount;
// private fields
private $mDoSettings;
private $mDoCatalogue;
function __construct() {
require_once FILE_ROOT . '/data_objects/do_settings.php';
$this->mDoSettings = new DoSettings();
require_once FILE_ROOT . '/data_objects/do_catalogue.php';
$this->mDoCatalogue = new DoCatalogue();
if (isset($_REQUEST['search']) && strlen(trim($_REQUEST['search']))>0 ) {
$this->mSearchString = trim(stripslashes($_REQUEST['search']));
$this->mSearchArray = explode(" ", $this->mSearchString);
} else {
header ("Location: /emptysearch/");
die ();
}
}
public function init() {
$this->mProducts = $this->mDoCatalogue->SearchProducts($this->mSearchArray);
$this->mProductCount = count($this->mProducts);
for ($i = 0; $i < count($this->mProducts); $i++) {
$this->mProducts[$i]['price_inc'] = number_format($this->mProducts[$i]['price'] * (($this->mDoSettings->GetSetting(1) / 100) + 1), 2, ".", ",");
}
}
}
?> |
do_catalogue.php :-
Code: | public function SearchProducts($search) {
$fields = array("code", "title", "keywords");
$query_string = "SELECT p.code, p.title, p.cattext, p.price, p.img, p.url, p.available, p.due, p.special, p.newproduct, p.discontinued, c.name, c.menulinktext FROM " . $this->mProductTable . " p " .
"JOIN categories c ON p.category = c.id " .
"WHERE ((";
for ($f = 0; $f < count($fields); $f++) {
if ($f != 0) { $query_string .= ") OR ("; }
for ($s = 0; $s < count($search); $s++) {
if ($s != 0) { $query_string .= " AND "; }
$query_string .= "p." . $fields[$f] . " LIKE '%" . $this->mDoQuery->dbManager->DbEscape($search[$s]) . "%'";
}
}
$query_string .= ")) AND active=1 AND live=1 " .
"ORDER BY p.rating ASC";
return $this->mDoQuery->dbManager->DbGetAll($query_string);
} |
|
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Mon Apr 20, 2020 2:54 pm Post subject: |
|
|
And how these are related to your original question? They AREN'T EVEN USED where the error happens. |
|
Back to top |
|
drgl Smarty Rookie
Joined: 06 Oct 2017 Posts: 26
|
Posted: Tue Apr 21, 2020 8:10 am Post subject: |
|
|
The problem appears to be from {$smarty.request.search|escape:'htmlall'} which function.load_search.php is used for. If you aren't gong to help just say it, I'll ask elsewhere. |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Mon Apr 27, 2020 3:12 pm Post subject: |
|
|
I'm not going to write code for you for free. I already outlined your issue. If you did not understand my answer, I suggest you go back to reading documentation. |
|
Back to top |
|
drgl Smarty Rookie
Joined: 06 Oct 2017 Posts: 26
|
Posted: Mon Apr 27, 2020 3:39 pm Post subject: |
|
|
Thankfully other people are a LOT more helpful than you! Fixed and won't be coming back here ever again. Kindly delete my account and ALL associated data. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|