mahara-contributors team mailing list archive

Thread
Date

[Bug 1480764] Re: Transient login form can't handle array variables

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1480764@xxxxxxxxxxxxxxxxxx>
Date: Mon, 03 Aug 2015 05:03:30 -0000
Reply-to: Bug 1480764 <1480764@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

To test:

1. Create a Portfolio page
2. Copy the URL for the page, e.g. https://vegas.wgtn.cat-it.co.nz/mahara/htdocs/view/view.php?id=8
3. Manually add "&foo[]=bar&foo[]=baz" to the end of the URL, e.g. https://vegas.wgtn.cat-it.co.nz/mahara/htdocs/view/view.php?id=8&foo[]=bar&foo[]=baz
4. Log out
5. Go to the manually altered URL you created in step 3
6. You should see the transient login screen.
7. Log in at the transient login screen.

Expected result: You should see your array variables at the end of the
URL (possibly with explicity numeric keys; that's okay), e.g.
https://vegas.wgtn.cat-
it.co.nz/mahara/htdocs/view/view.php?id=8&foo[1]=bar&foo[2]=baz

Actual result: You Do not see the array variables at the end of the URL.
And, you will see a warning in the logs: "[WAR] ec (lib/web.php:3205)
htmlspecialchars() expects parameter 1 to be string, array given"

** Bug watch added: vegas.wgtn.cat-it.co.nz/mahara/htdocs/view/ #8
   http://vegas.wgtn.cat-it.co.nz/mahara/htdocs/view/view.php?id=8

** Tags added: behatnotneeded

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1480764

Title:
  Transient login form can't handle array variables

Status in Mahara:
  In Progress

Bug description:
  You know how, when you're logged out of Mahara and you try to go to a
  page that isn't shared with the public, and you see a login form? We
  call that the "transient login page".

  It tries to be smart and remember the URL that you were trying to
  reach, and then forward you on there again after you log in. But the
  code that does just iterates over $_GET and runs htmlspecialchars() on
  each key & value. And this causes problems if the URL contains array
  values, i.e. http://www.example.com?foo[]=value1&foo[]=value2

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1480764/+subscriptions

References

[Bug 1480764] [NEW] Transient login form can't handle array variables
From: Aaron Wells, 2015-08-03