Invalid argument supplied for foreach()

  • Resolved kluver

    (@kluver)


    7 years, 2 months ago

    Hi,

    The function get_images_url() In lightbox.php doesn’t check if $_POST[‘urls’] is empty or not.

    Could you please add the following to the top of the function:

    if ( empty( $_POST[‘urls’] ) ) { return; }

    The DB query in this function also poses a possible security risk. People can get the post content of urls that they are unable to view via the frontend of the site, simply by posting that URL to your ajax action (which doesn’t do any nonce checks either). It would be best if you at least check for the post type, making sure only images are queried.

    Thanks in advance!

    Michael

Viewing 6 replies - 1 through 6 (of 6 total)
  • Ewout

    (@pomegranate)

    I posted this on Github too:
    https://github.com/Huge-IT/lightbox/issues/22
    https://github.com/Huge-IT/lightbox/issues/23

    Dear Michael and Ewout,

    Thank you very much for your observations. We really appreciate your attention.

    Please go to lightbox.php file and add the

    global $wpdb;
    $all_urls = array();
    if ( empty( $_POST[‘urls’] ) ) { return; }
    foreach ($_POST[‘urls’] as $value) {
    $image_urls[] = esc_url($value);
    }

    ….
    die();
    }

    to the

    hugeit_lightbox_get_images_url() function.

    Please let us know if that worked for you.

    We will wait for your results.

    Thanks

    Its time to release an update or at least post an accurate solution with clear instructions.

    The function hugeit_lightbox_get_images_url() does not exist in v2.1.0.

    The post from @kluver clearly states the function is get_images_url(). I’m puzzled as to how you can be confused about your own plugin.

    Please keep in mind that you have WordPress users who require a clearly stated solution rather than a paraphrased code reference.

    Dear awtx,

    Thank you very much for your post and feedback.
    The solution we have provided is absolutely efficient. We have checked the codes in the version you have mentioned(2.1.0) and they exist in there.
    Please check out the screenshots here: https://prnt.sc/gpw7ry , https://prnt.sc/gpw7ex

    Please be kindly informed that we will fix this issue in our upcoming update but this temporary solution can be applied until we release a new update.

    If you need our help, please contact us directly and we will be glad to help you to resolve the issue

    Thanks

    cbcjock

    (@cbcjock)

    The corrected code in lightbox.php is:

    function get_images_url(){

	global $wpdb;
	//$image_urls = $_POST['urls'];
	$all_urls = array();
	if ( empty( $_POST['urls'] ) ) { return; }
	foreach ($_POST['urls'] as $value) {
		$image_urls[] = esc_url($value);
	}

	foreach ($image_urls as $image_url) {
		$query = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE guid='%s'", $image_url);
		$id = $wpdb->get_var($query);
		$attachment = get_post( $id );
		$description = $attachment->post_content;
		array_push($all_urls,$description);
	}
	echo json_encode($all_urls);
	die();
}

    I’m using Version 2.1.0. hugeit_lightbox_get_images_url() does not exist. You must edit get_images_url() as I have above.

    The fix is to simply copy and paste my function, replacing the one that exists.

    As regards support, its incredible to see instances of this from April 2017 and its still not fixed in November 2017.

    • This reply was modified 7 years ago by cbcjock.
    huge-it-support-1

    (@huge-it-support-1)

    Dear cbcjock,

    Thank you very much for sharing your experience with us.
    Let me kindly not that we have posted this solution in one of our topic threads and we will include this fix in our upcoming update.

    We are begging your pardon for the inconveniences you have faced
    Is there anything else we can help you with, feel free to ask ??

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Invalid argument supplied for foreach()’ is closed to new replies.