filter_xss incorrectly called on array?
sethcohn - July 18, 2008 - 20:25
| Project: | Webform |
| Version: | 5.x-2.1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
In
function _webform_filter_values($string, $node = NULL, $submission = NULL, $strict = TRUE) {
...
if ($strict) {
return filter_xss($string);
}
else {
return $string;
}
}I'm getting an error, when the form is submitted, with a select (checkboxes) option.
warning: preg_match() expects parameter 2 to be string, array given in /includes/bootstrap.inc on line 670.
I inserted
if (is_array($string)){
die("not string! " . print_r($string, true));
}into the above, And Yes, it's an array being passed, not a string. filter_xss calls drupal_validate_utf8 (in bootstrap.inc) which requires a string, not an array.
Will a simple change to ($strict AND !is_array($string)) work here, or is more needed, just in case of xss?