So, I'm working away at getting rest_server 6.x-2.0-beta3 to work with services 6.x-2.2, when I run into this error:

Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in db_escape_string() (line 323 of /var/aegir/hpdb/includes/database.mysqli.inc).

After doing a fair bit of tracking and debugging I found the problem: Although most of the services.module doesn't mind if the $method_name passed into services_method_call() is an array containing the method data - indeed, at line 382 it detects for it - in services_keyauth.inc it assumes this is a string. At line 222/223 there's the code:

    if (!db_result(db_query("SELECT COUNT(*) FROM {services_key_permissions}
        WHERE kid = '%s' AND method = '%s'", $api_key, $method_name))) {
      watchdog('debug', 'Access denied');
      return services_error(t('Access denied.'), 401);
    }

And as you can see that's assuming that $method_name is not an array. I suggest changing the code to use $method['method'] there, as the values seem to be the same.

Comments

marcingy’s picture

Project: Services » REST Server
Version: 6.x-2.2 » 6.x-2.0-beta3

This fix feels wrong as nothing has changed in this code. I may apply this fix once I find out more info.

Move this to the rest server queue as nothing has changed in keyauth recently so I'm assuming something has changed in the rest server.