Hello,

I am having problems using tokens for the path of an (image-) field on a D7.7 install.
Even on a fresh install I am getting the following notice, whenever I edit a node that contains the field in question:

Notice: Array to string conversion in token_replace() (line 97 of ... \includes\token.inc).

Almost every token used for the path will result in the folder being named "array".
So if I set the path of an image field to i.e. "images/user/[current-user:uid]" the result is going to be "images/user/array". The only tokens that I got to work so far are the page number and the random ones (the above notice will remain though).

I have found only one similar issue (#1090596: Two modules with same token names cause notice and replace failure). I do not think though that this applies in my case.

Thanks a lot in advance!

Comments

dave reid’s picture

Category: bug » support
Status: Active » Postponed (maintainer needs more info)

The only reason that the [current-user:uid] would be returning an array would be if another module is providing a token for it as well. Do you have any other modules enabled that provide tokens? Can you duplicate this with just a fresh core install + Token module installed?

Golem07’s picture

Hi Dave,

thanks a lot for the quick reply.

You are absolutely right. The module Realname Registration module (http://drupal.org/project/realname_registration) seems to be causing the problem. As soon as I remove it the problem goes away.

Do you reckon this problems is solvable at all? In this case i'd like to ask you to move the issue over there if it is possible- If not then I guess I'll have to live without realname registration.

dave reid’s picture

Title: Notice: Array to string conversion in token_replace » Token handling is messed up
Project: Token » Realname registration
Version: 7.x-1.0-beta4 » 7.x-2.x-dev
Category: support » bug
Priority: Normal » Major
Status: Postponed (maintainer needs more info) » Active

That was very helpful and led me to the real problem - realname_registration.tokens.inc is re-calling the current user tokens when it absolutely should not be doing that:

 140   if ($type == 'current-user') {
 141     $account = user_load($GLOBALS['user']->uid);
 142     $replacements += token_generate('user', $tokens, array('user' => $account), $options);
 143   }

That chunk of code needs to be removed or any current user tokens will *never* work for anyone with Realname registration enabled.

dave reid’s picture

There also seems to be no kind of sanitization of values (the $sanitize variable is unused during token replacement)

dave reid’s picture

Status: Active » Needs review
StatusFileSize
new1.12 KB
dave reid’s picture

Issue tags: +token

.

dave reid’s picture

Title: Token handling is messed up » Current user tokens are duplicated
Component: Miscellaneous » Code
sgerbino’s picture

Status: Needs review » Closed (fixed)

Thank you, the patch has been applied, value sanitization will be tracked here: #1266820: Token values are unsanitized

Golem07’s picture

Thank you very much. The patch works perfectly!