Undefined $_POST['icon'] in Sources/Post.php

nend · October 16, 2015, 09:17:16 PM

When a template doesn't include a value for the post icon a undefined error pops up in the error log. Since the template system is different from the mod system in order to not use the post icon value, a template would either have to send a hidden response or edit Post.php.

Since all post information should be verified if it is actually being sent I would say this is a very minor bug.

Code

Code Select

	// Creating a new topic?
	$newTopic = empty($_REQUEST['msg']) && empty($topic);

	$_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon'];

Simple Fix

Code Select

	// Creating a new topic?
	$newTopic = empty($_REQUEST['msg']) && empty($topic);

	$_POST['icon'] = empty($_POST['icon']) ? 'xx' : $_POST['icon'];
	$_POST['icon'] = !empty($attachIDs) && $_POST['icon'] == 'xx' ? 'clip' : $_POST['icon'];

Kindred · October 16, 2015, 10:29:25 PM

Why is that necessary? Unless someone breaks the system, posts should never be missing the icon. If a post is created, it should be created with the default icon... In what case would it not be?

nend · October 17, 2015, 01:37:31 AM

If the post template is edited to not include the message icon field. It is trivial, though I figured it was something that should be done since there are already checks in post.php to check the title and message field which is expected to be there. There is no check for the message icon.

Kindred · October 17, 2015, 09:25:46 AM

so... in other words...

if someone purposefully breaks the design....

margarett · October 17, 2015, 05:39:25 PM

What Kindred means is (methinks) that SMF was designed with the message icon in place. That's why it expects the icon to be defined and, as such, I agree that this isn't really a bug.

If the template doesn't want to include the icon selection, then just add a hidden "icon" field to the form post and set its value to "xx". All is good for everyone

live627 · October 17, 2015, 07:28:45 PM

Quote from: Kindred on October 17, 2015, 09:25:46 AM
so... in other words...

if someone purposefully breaks the design....

Really, Kindred, really? This is just so cringe-worthy.

nend · October 17, 2015, 10:48:05 PM

Quote from: Kindred on October 17, 2015, 09:25:46 AM
so... in other words...

if someone purposefully breaks the design....

I guess or accidentally. $:-\$

IMHO all post data should be checked, even if they are always expected to be there, when the data is being passed from a external source.

nend · October 17, 2015, 11:09:25 PM

Lol it worked, Don't know how far I can go, looks like there is a check in there that would prevent me from going beyond that folder but should there be more checks.

I can also make the message icon undefined, which is not by editing the template or source files on this site.

nend · October 17, 2015, 11:14:48 PM

undefined

nend · November 05, 2015, 07:40:58 AM

So what is the status on this report? Anybody going to fix those 404 not found post icons in the replies above?

Not a bug, huh?

Suki · November 05, 2015, 12:47:40 PM

Added a commit for this, will be available when the main PR gets merged. Thank you for your report.

News:

Undefined $_POST['icon'] in Sources/Post.php