Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.While trying to debug an error like the ones described at http://drupal.org/node/119557, I came across $filter['value'] = array();. This gets passed up to theme layer which core runs check_plain on, causing errors; warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/www/includes/bootstrap.inc on line 588.
Setting $filter['value'] to an string solves the issue (patch attached). I'm not sure if any other code depends on $filter['value'] being an array(). I have not found any cases yet. Everything else works fine (from my limited testing). I have set up a notification for any cases where this code is called in some sites to test better.
More to the point, I couldn't find a better place to fix this. All the other functions in the call stack at these points are core modules. It seems that views.module sets this as the and then just lets on bubble up to theme with no checks. I'm not sure where checks for it would go. Maybe forms.inc theme_textfield $output .= '<input type="text" maxlength="'. $element['#maxlength'] .'" name="'. $element['#name'] .'" id="'. $element['#id'] .'" '. $size .' value="'. check_plain($element['#value']) .'"'. drupal_attributes($element['#attributes']) .' />';?
| Comment | File | Size | Author |
|---|---|---|---|
| views-novalue.patch | 484 bytes | Bevan |
Comments
Comment #1
esmerel commentedAt this time, only security fixes will be made to the 5.x version of Views.