PHP error in Forminator_Select::validate
-
Noticed in my server log the following fatal PHP error:
Uncaught TypeError: strlen(): Argument #1 ($string) must be of type string, array given in /home/sites/1a/4/44afcb079c/public_html/wp-content/plugins/forminator/library/fields/select.php:586\nStack trace:\n#0 /home/sites/1a/4/44afcb079c/public_html/wp-content/plugins/forminator/library/abstracts/abstract-class-field.php(893): Forminator_Select->validate(Array, Array)\n#1 /home/sites/1a/4/44afcb079c/public_html/wp-content/plugins/forminator/library/modules/custom-forms/front/front-action.php(622): Forminator_Field->validate_entry(Array, Array)\n#2 /home/sites/1a/4/44afcb079c/public_html/wp-content/plugins/forminator/library/modules/custom-forms/front/front-action.php(570): Forminator_CForm_Front_Action::set_field_data('select-1', Array, 4)\n#3 /home/sites/1a/4/44afcb079c/public_html/wp-content/plugins/forminator/library/modules/custom-forms/front/front-action.php(501): Forminator_CForm_Front_Action::set_field_data_array(4, Object(Forminator_Form_Field_Model))\n#4 /home/site...'“select-1” is a select field from which I would normally expect to get back a string. I think someone has tried to inject an array into this field causing this PHP error in function Forminator_Select::validate.
I don’t think the “is required” checking can assume that just because it is processing a “single” that a string has actually been supplied. Initially, I thought “empty” could be used to cover both “single” and “multiselect” cases, but that wouldn’t work if one of the select options was “0”. So perhaps something like the following would be a bit more bulletproof:
if ( $this->is_required( $field ) ) {
if ( ! isset( $data ) ||
( 'single' === $select_type && ! ( is_string( $data ) && strlen( $data ) > 0 ) ) ||
( 'multiselect' === $select_type && empty( $data ) )
Viewing 6 replies - 1 through 6 (of 6 total)
Viewing 6 replies - 1 through 6 (of 6 total)
- You must be logged in to reply to this topic.
