PITS /

00835: AuthForm doesn't handle arrays in _POST properly

Summary: AuthForm doesn't handle arrays in _POST properly

Created: 2006-11-22 08:04

Status: Closed - duplicate of 01110 (fixed for 2.2.76).

Category: Bug

From: bbrazil

Assigned:

Priority:

Version: 2.1.11

OS:

Description: See http://bugs.gnewsense.org/Bugs/00043 for original report. Issue is that WikiForms sends dates as <input name="dataopened[]"> which turns the POST into 'dateopened'=>array('2006','11','22')

I am closing this entry as duplicate of 01110 -- the future fix should handle associative arrays with multiple dimensions, so the code will be slightly different. --Petko February 25, 2010, at 09:31 AM

The fix is a change in pmwiki.php:

RCS file: pmwiki.php,v
retrieving revision 1.1
diff -u -r1.1 pmwiki.php
--- pmwiki.php  2006/11/22 13:40:11     1.1
+++ pmwiki.php  2006/11/22 13:55:10
@@ -1509,6 +1509,14 @@
   $postvars = '';
   foreach($_POST as $k=>$v) {
     if ($k == 'authpw' || $k == 'authid') continue;
+    if (is_array($v)) {
+      foreach($v as $dummy => $value){
+        $value = str_replace('$', '&#036;',
+                      htmlspecialchars(stripmagic($value), ENT_COMPAT));
+        $postvars .= "<input type='hidden' name='${k}[]' value=\"$value\" />\n";
+      }
+      continue;
+    }
     $v = str_replace('$', '&#036;',
              htmlspecialchars(stripmagic($v), ENT_COMPAT));
     $postvars .= "<input type='hidden' name='$k' value=\"$v\" />\n";

Array ( [post_max_size] => 64M [$_POST keys] => [$_REQUEST keys] => n [$_SERVER] => Array ( [CONTEXT_DOCUMENT_ROOT] => /home/pmwiki/public_html [CONTEXT_PREFIX] => [DOCUMENT_ROOT] => /home/pmwiki/public_html [GATEWAY_INTERFACE] => CGI/1.1 [HTTPS] => on [HTTP_ACCEPT] => */* [HTTP_ACCEPT_ENCODING] => gzip, br, zstd, deflate [HTTP_HOST] => www.pmwiki.org [HTTP_REFERER] => http://www.pmwiki.org/wiki/PITS/00835 [HTTP_USER_AGENT] => Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) [HTTP_X_HTTPS] => 1 [PATH] => /bin:/usr/bin [PHP_INI_SCAN_DIR] => /opt/cpanel/ea-php70/root/etc:/opt/cpanel/ea-php70/root/etc/php.d:. [QUERY_STRING] => n=PITS%2f00835 [REDIRECT_HTTPS] => on [REDIRECT_QUERY_STRING] => n=PITS%2f00835 [REDIRECT_SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/00835 [REDIRECT_SCRIPT_URL] => /wiki/PITS/00835 [REDIRECT_SSL_TLS_SNI] => www.pmwiki.org [REDIRECT_STATUS] => 200 [REDIRECT_UNIQUE_ID] => afLo33mCt-SoKqhxpN3GsQAAABE [REDIRECT_URL] => /wiki/PITS/00835 [REMOTE_ADDR] => 216.73.216.25 [REMOTE_PORT] => 31748 [REQUEST_METHOD] => GET [REQUEST_SCHEME] => https [REQUEST_URI] => /wiki/PITS/00835 [SCRIPT_FILENAME] => /home/pmwiki/public_html/index.php [SCRIPT_NAME] => /index.php [SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/00835 [SCRIPT_URL] => /wiki/PITS/00835 [SERVER_ADDR] => 23.254.203.248 [SERVER_ADMIN] => webmaster@pmwiki.org [SERVER_NAME] => www.pmwiki.org [SERVER_PORT] => 443 [SERVER_PROTOCOL] => HTTP/1.1 [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache [SSL_TLS_SNI] => www.pmwiki.org [TZ] => America/Los_Angeles [UNIQUE_ID] => afLo33mCt-SoKqhxpN3GsQAAABE [PHP_SELF] => /index.php [REQUEST_TIME_FLOAT] => 1777527007.6285 [REQUEST_TIME] => 1777527007 [argv] => Array ( [0] => n=PITS%2f00835 ) [argc] => 1 ) )