#1 April 14, 2015 1:34pm

jmason03
Member
Registered: January 9, 2014
Posts: 123

SQL Escape Error when View uses array as sort field

I'm running BigTree 4.1.5 (although really excited to upgrade to 4.2 soon, love the new Matrix field type) and I found an error when submitting an embeddable form that results from the sqlescape function trying to handle an array and throwing an exception because it is not a string. I've figured out that the problem is the result of using a field type (in this case Text, with a Name sub-type) that saves its information in an array. The sqlescape function is incorrectly called in /inc/bigtree/auto-modules.php line 194 in the cacheRecord function. It passes the entry value which is an array since I'm using the Name sub-type.

Just as an FYI, I've only tried this on an embeddable form with submissions defaulting to pending, although I would assume that it happens in both instances. I wasn't sure whether to modify the cacheRecord function or sqlescape to guard/validate data in arrays. I'm assuming it's the sqlescape function because you still need to sanitize the text in those fields but I'm just not really sure.

Thanks

Offline

#2 April 14, 2015 2:39pm

timbuckingham
Administrator
From: Baltimore, MD
Registered: April 2, 2012
Posts: 970

Re: SQL Escape Error when View uses array as sort field

Thanks for the bug report -- it was indeed an array value which came through when a record was pending. I've fixed it so that pending entries' arrays are json encoded again before showing up in a view. 4.1.7 should be released today with this bug fix and some others. 4.2.1 should be out sometime this week as well.

Offline

Board footer

Powered by FluxBB

The Discussion Forum is not available on displays of this size.